Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 andrew087

andrew087

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 07 December 2008 - 03:39 AM

I am having problems with the internet. At first as the computer is on as long as the internet is not activated nothing happens. As soon as the internet is activated there is a advertisement pop up every 2-3 mins every time. The advertisement varies sometimes, but usually it has something to do with which website im on. I have run norton and fix some viruses but stll active. I then ran ad-ware lavasoft and it detected 5 virtumonde and delete 3. I run windows xp. I also ran vundofix after using the ad ware and found nothing, i have tired running virtumundobegone in safe mode and still active. please i would really appreciate you guys help as soon as you can, big project coming up.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Andrew Chiang at 2002-01-01 00:27:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (8%) free of 114 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:33 AM, on 1/1/2002
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Function Key Controller\FKC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew Chiang\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrew Chiang.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SEENUS030000TBR/FRWCompl...iteFinalDEFAULT
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {707CA7F8-F872-4678-BBEC-2202D8324E7B} - C:\WINDOWS\system32\ssqRIywv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {75f6e3a2-6ed9-8f6b-0694-248ffbcd7788} - {8877dcbf-f842-4960-b6f8-9de62a3e6f57} - C:\WINDOWS\system32\uginhk.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Gqututibof] rundll32.exe "C:\WINDOWS\Byikoluracanari.dll",e
O4 - HKLM\..\Run: [Spoxedigojeruqaz] rundll32.exe "C:\WINDOWS\ofijegoz.dll",e
O4 - HKLM\..\Run: [b85d76f6] rundll32.exe "C:\WINDOWS\system32\sopdhrls.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [GetModule31] C:\Program Files\GetModule\GetModule31.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: OSCust.lnk = C:\WINDOWS\system32\oem\OSCust.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: uginhk.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15858 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-18 97960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-21 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-06 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{707CA7F8-F872-4678-BBEC-2202D8324E7B}]
C:\WINDOWS\system32\ssqRIywv.dll [2008-12-06 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8877dcbf-f842-4960-b6f8-9de62a3e6f57}]
C:\WINDOWS\system32\uginhk.dll [2008-12-06 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-02-18 609424]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-08-11 794714]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-29 89541]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-30 8515584]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-08-30 81920]
"FunctionKeyCtrl"=C:\Program Files\Function Key Controller\FKC.exe [2006-05-25 49152]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-21 185896]
"Gqututibof"=C:\WINDOWS\Byikoluracanari.dll [2008-12-06 41472]
"Spoxedigojeruqaz"=C:\WINDOWS\ofijegoz.dll [2008-12-06 133120]
"b85d76f6"=C:\WINDOWS\system32\sopdhrls.dll [2008-12-06 72704]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-06 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]
"GetModule31"=C:\Program Files\GetModule\GetModule31.exe [2008-12-05 367616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-06 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-11-09 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-21 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-12-11 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew Chiang^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
OSCust.lnk - C:\WINDOWS\system32\oem\OSCust.exe

C:\Documents and Settings\Andrew Chiang\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="uginhk.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ssqRIywv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Autodesk\Maya2008\bin\maya.exe"="C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e189f0-fdac-11db-a39b-aee61cdc95c2}]
shell\AutoRun\command - E:\pstart.exe


======List of files/folders created in the last 1 months======

2008-12-06 23:17:21 ----SHD---- C:\WINDOWS\CSC
2008-12-06 23:17:01 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-06 22:47:20 ----D---- C:\VundoFix Backups
2008-12-06 22:47:20 ----A---- C:\VundoFix.txt
2008-12-06 21:07:38 ----A---- C:\WINDOWS\system32\a.exe
2008-12-06 18:53:11 ----D---- C:\Program Files\Lavasoft
2008-12-06 18:53:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-06 18:52:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-06 18:45:58 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Mozilla
2008-12-06 18:38:27 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-06 18:36:16 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2008-12-06 18:36:14 ----D---- C:\Program Files\AVG
2008-12-06 18:36:11 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-06 13:55:33 ----SH---- C:\WINDOWS\system32\slrhdpos.ini
2008-12-06 13:55:29 ----A---- C:\WINDOWS\system32\sopdhrls.dll
2008-12-06 13:53:39 ----A---- C:\WINDOWS\system32\uginhk.dll
2008-12-06 13:53:37 ----A---- C:\WINDOWS\system32\fihlqxpk.dll
2008-12-06 13:53:08 ----A---- C:\WINDOWS\system32\b37eb288-.txt
2008-12-06 13:52:28 ----ASH---- C:\WINDOWS\system32\vwyIRqss.ini2
2008-12-06 13:52:28 ----ASH---- C:\WINDOWS\system32\vwyIRqss.ini
2008-12-06 13:52:22 ----A---- C:\WINDOWS\system32\ssqRIywv.dll
2008-12-06 13:47:25 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\GetModule
2008-12-06 13:47:18 ----A---- C:\WINDOWS\system32\nnnmmlMC.dll
2008-12-06 13:47:15 ----D---- C:\Program Files\GetModule
2008-12-06 13:47:13 ----D---- C:\Program Files\iCheck
2008-12-06 13:47:01 ----A---- C:\WINDOWS\system32\geBtQihi.dll.vir
2008-12-06 13:46:50 ----A---- C:\WINDOWS\system32\~.exe
2008-12-06 04:06:43 ----A---- C:\WINDOWS\ofijegoz.dll
2008-12-06 03:54:35 ----A---- C:\WINDOWS\Byikoluracanari.dll
2008-11-29 01:20:58 ----D---- C:\Program Files\World of Warcraft
2008-11-28 13:57:21 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-28 04:10:47 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-19 10:59:33 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\headus
2008-11-19 10:59:15 ----D---- C:\Program Files\headus UVLayout
2008-11-13 23:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 23:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 23:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 22:16:53 ----D---- C:\Program Files\Steam
2008-11-05 01:11:17 ----D---- C:\WINDOWS\Sun
2008-11-01 23:07:44 ----A---- C:\WINDOWS\War3Unin.exe
2008-11-01 22:56:36 ----A---- C:\WINDOWS\iplayer.INI
2008-11-01 20:31:45 ----D---- C:\Program Files\InterActual
2008-10-24 02:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 20:50:52 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-19 12:05:53 ----D---- C:\Program Files\iPod
2008-10-19 12:05:51 ----D---- C:\Program Files\iTunes
2008-10-19 12:05:51 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-16 02:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-26 11:15:07 ----D---- C:\WINDOWS\pss
2008-09-25 15:51:57 ----D---- C:\Program Files\Common Files\Control Panels
2008-09-25 15:49:28 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-09-25 15:27:51 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-09-25 15:27:51 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-09-25 15:14:22 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-09-24 23:00:22 ----D---- C:\Program Files\MSXML 4.0
2008-09-24 16:23:01 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-09-24 16:22:57 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-09-24 16:22:46 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-24 16:21:51 ----A---- C:\WINDOWS\system32\msxml4r.dll
2008-09-24 16:00:43 ----D---- C:\Program Files\uTorrent
2008-09-24 16:00:42 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\uTorrent
2008-09-22 19:39:57 ----D---- C:\Program Files\Pixologic
2008-09-22 19:39:40 ----D---- C:\WINDOWS\Downloaded Installations
2008-09-22 19:27:57 ----AC---- C:\WINDOWS\system32\javaws.exe
2008-09-22 19:27:57 ----AC---- C:\WINDOWS\system32\javaw.exe
2008-09-22 19:27:57 ----AC---- C:\WINDOWS\system32\java.exe
2008-09-22 19:05:45 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\U3
2008-09-21 11:44:47 ----D---- C:\Program Files\PowerISO
2008-09-21 10:58:26 ----D---- C:\Program Files\Warcraft III
2008-09-20 21:48:51 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-19 10:14:41 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\SPORE
2008-09-19 10:04:03 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-19 09:57:35 ----D---- C:\Program Files\Electronic Arts
2008-09-19 09:54:57 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-19 00:01:15 ----D---- C:\Program Files\Stardock
2008-09-19 00:01:15 ----D---- C:\Program Files\Common Files\Stardock
2008-09-18 06:54:32 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\CyberLink
2008-09-18 00:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-17 09:44:35 ----AC---- C:\WINDOWS\system32\wmpns.dll
2008-09-17 09:43:51 ----D---- C:\WINDOWS\Prefetch
2008-09-17 08:50:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-17 08:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-17 08:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-17 08:50:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-17 08:50:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-17 08:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-17 08:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-17 08:49:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-17 08:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-17 08:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-17 08:45:16 ----D---- C:\WINDOWS\system32\scripting
2008-09-17 08:45:16 ----D---- C:\WINDOWS\l2schemas
2008-09-17 08:45:15 ----D---- C:\WINDOWS\system32\en
2008-09-17 08:45:14 ----D---- C:\WINDOWS\system32\bits
2008-09-17 08:41:06 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-17 08:34:28 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-17 08:27:53 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-17 08:27:53 ----C---- C:\WINDOWS\system32\wmphoto.dll
2008-09-17 08:27:52 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-17 08:27:52 ----C---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-17 08:27:49 ----C---- C:\WINDOWS\system32\tspkg.dll
2008-09-17 08:27:49 ----C---- C:\WINDOWS\system32\tsgqec.dll
2008-09-17 08:27:46 ----C---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-17 08:27:46 ----C---- C:\WINDOWS\system32\slserv.exe
2008-09-17 08:27:46 ----C---- C:\WINDOWS\system32\slrundll.exe
2008-09-17 08:27:46 ----C---- C:\WINDOWS\slrundll.exe
2008-09-17 08:27:46 ----AC---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-17 08:27:45 ----C---- C:\WINDOWS\system32\slgen.dll
2008-09-17 08:27:45 ----C---- C:\WINDOWS\system32\slextspk.dll
2008-09-17 08:27:45 ----C---- C:\WINDOWS\system32\slcoinst.dll
2008-09-17 08:27:45 ----C---- C:\WINDOWS\system32\setupn.exe
2008-09-17 08:27:44 ----C---- C:\WINDOWS\system32\s3gnb.dll
2008-09-17 08:27:43 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-17 08:27:43 ----C---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-17 08:27:42 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-17 08:27:42 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-17 08:27:42 ----C---- C:\WINDOWS\system32\qcliprov.dll
2008-09-17 08:27:42 ----C---- C:\WINDOWS\system32\qagent.dll
2008-09-17 08:27:42 ----C---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-17 08:27:40 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-17 08:27:37 ----C---- C:\WINDOWS\system32\napstat.exe
2008-09-17 08:27:37 ----C---- C:\WINDOWS\system32\napmontr.dll
2008-09-17 08:27:37 ----C---- C:\WINDOWS\system32\napipsec.dll
2008-09-17 08:27:37 ----C---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-17 08:27:37 ----C---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-17 08:27:37 ----C---- C:\WINDOWS\system32\mssha.dll
2008-09-17 08:27:32 ----C---- C:\WINDOWS\system32\mmcperf.exe
2008-09-17 08:27:32 ----C---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-17 08:27:32 ----C---- C:\WINDOWS\system32\mmcex.dll
2008-09-17 08:27:32 ----C---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-17 08:27:31 ----C---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-17 08:27:27 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-17 08:27:26 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-17 08:27:26 ----C---- C:\WINDOWS\system32\kbdpash.dll
2008-09-17 08:27:26 ----C---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-17 08:27:26 ----C---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-17 08:27:26 ----C---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-17 08:27:23 ----C---- C:\WINDOWS\system32\smtpapi.dll
2008-09-17 08:27:23 ----C---- C:\WINDOWS\system32\rwnh.dll
2008-09-17 08:27:22 ----C---- C:\WINDOWS\system32\comsdupd.exe
2008-09-17 08:27:21 ----C---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-17 08:27:19 ----C---- C:\WINDOWS\system32\faxpatch.exe
2008-09-17 08:27:19 ----AC---- C:\WINDOWS\003053_.tmp
2008-09-17 08:27:18 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-17 08:27:18 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-17 08:27:18 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-17 08:27:18 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-17 08:27:18 ----C---- C:\WINDOWS\system32\eapqec.dll
2008-09-17 08:27:18 ----C---- C:\WINDOWS\system32\eapphost.dll
2008-09-17 08:27:18 ----C---- C:\WINDOWS\system32\eappgnui.dll
2008-09-17 08:27:18 ----C---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-17 08:27:17 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-17 08:27:17 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-17 08:27:17 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-17 08:27:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-17 08:27:17 ----C---- C:\WINDOWS\system32\dot3ui.dll
2008-09-17 08:27:17 ----C---- C:\WINDOWS\system32\dot3msm.dll
2008-09-17 08:27:17 ----C---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-17 08:27:17 ----C---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-17 08:27:17 ----C---- C:\WINDOWS\system32\dimsroam.dll
2008-09-17 08:27:17 ----C---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-17 08:27:16 ----C---- C:\WINDOWS\system32\credssp.dll
2008-09-17 08:27:14 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-17 08:27:14 ----C---- C:\WINDOWS\system32\azroles.dll
2008-09-17 08:27:13 ----C---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-17 08:27:13 ----C---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-17 08:27:13 ----C---- C:\WINDOWS\system32\ati3duag.dll
2008-09-17 08:27:13 ----C---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-17 08:27:13 ----C---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-17 08:27:13 ----C---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-17 08:27:13 ----C---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-17 08:27:11 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-17 07:20:11 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\OpenOffice.org2
2008-09-17 06:55:46 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-09-17 06:55:00 ----D---- C:\Program Files\Java
2008-09-17 06:54:58 ----D---- C:\Program Files\Common Files\Java
2008-09-17 06:54:42 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Sun
2008-09-17 06:02:40 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-14 06:19:08 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-14 00:01:55 ----AC---- C:\WINDOWS\system32\msonpmon.dll
2008-09-13 23:59:29 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-13 23:06:54 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Apple Computer
2008-09-13 23:06:07 ----D---- C:\Program Files\Bonjour
2008-09-13 23:05:36 ----D---- C:\Program Files\QuickTime
2008-09-13 23:05:35 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-13 23:05:21 ----D---- C:\Program Files\Apple Software Update
2008-09-13 23:04:59 ----D---- C:\Program Files\Common Files\Apple
2008-09-13 23:04:59 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-10 23:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-09 14:43:19 ----D---- C:\Program Files\Mozilla Firefox
2008-09-05 22:30:42 ----N---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 22:30:06 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-05 22:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-08-29 06:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 05:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-27 17:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-08-26 08:12:51 ----D---- C:\WINDOWS\ie7updates
2008-08-26 08:12:29 ----D---- C:\WINDOWS\WBEM
2008-08-26 08:12:28 ----D---- C:\WINDOWS\system32\en-US
2008-08-26 08:11:19 ----HDC---- C:\WINDOWS\ie7
2008-08-26 08:11:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-08-26 08:10:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-08-26 08:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-08-26 08:10:23 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-08-26 08:09:09 ----D---- C:\WINDOWS\network diagnostic
2008-08-26 08:09:07 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-08-26 08:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-08-21 19:31:57 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Yahoo!
2008-08-21 19:31:57 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-21 14:18:27 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-21 14:17:46 ----A---- C:\YServer.txt
2008-08-21 14:17:39 ----D---- C:\Program Files\Yahoo!
2008-08-21 11:02:29 ----A---- C:\WINDOWS\cdplayer.ini
2008-08-21 10:59:51 ----D---- C:\Program Files\Common Files\xing shared
2008-08-21 10:59:48 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-08-21 10:59:43 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-08-21 10:59:43 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-08-21 10:59:42 ----D---- C:\Program Files\Real
2008-08-21 10:59:42 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-08-21 10:59:41 ----D---- C:\Program Files\Common Files\Real
2008-08-21 10:59:38 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Real
2008-08-20 19:42:16 ----D---- C:\WINDOWS\system32\Adobe
2008-08-19 09:58:46 ----D---- C:\Program Files\City of Heroes
2008-08-19 09:58:04 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Symantec
2008-08-18 20:04:55 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-18 19:34:41 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\acccore
2008-08-18 19:32:56 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-08-18 19:32:55 ----AC---- C:\WINDOWS\atid.ini
2008-08-18 19:32:40 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-18 19:32:39 ----D---- C:\Program Files\Viewpoint
2008-08-18 19:32:39 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-18 19:32:32 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-08-18 19:32:32 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-18 19:32:16 ----D---- C:\Program Files\Common Files\AOL
2008-08-18 19:31:27 ----D---- C:\Program Files\AIM6
2008-08-18 14:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-18 14:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-18 14:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-18 14:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-18 14:48:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-18 14:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-18 14:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-18 14:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-18 08:22:10 ----D---- C:\Program Files\Adobe
2008-08-18 08:21:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-08-07 08:34:02 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Macromedia
2008-07-13 18:23:16 ----A---- C:\WINDOWS\system32\MRT.exe
2008-07-13 00:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-07-13 00:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-07-13 00:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-07-13 00:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-07-13 00:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-07-13 00:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-07-13 00:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-07-13 00:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-07-13 00:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2008-07-13 00:00:10 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-07-13 00:00:04 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2008-07-12 23:59:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-07-12 23:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-07-12 23:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-07-12 23:59:39 ----D---- C:\Program Files\MSXML 6.0
2008-07-12 23:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2008-07-12 23:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-07-12 23:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-07-12 23:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-07-12 23:58:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-07-12 23:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-07-12 23:58:09 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2008-07-12 23:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-07-12 23:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-07-12 23:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-07-12 23:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB944338$
2008-07-12 23:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-07-12 23:57:35 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-07-12 23:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-07-12 23:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-07-12 23:57:00 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-07-12 23:56:54 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-07-12 23:56:39 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-07-12 23:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-07-12 22:22:50 ----D---- C:\Program Files\Norton 360
2008-07-12 22:22:09 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-12 22:21:55 ----AC---- C:\WINDOWS\system32\capicom.dll
2008-07-12 22:21:41 ----D---- C:\Program Files\Symantec
2008-07-12 22:21:37 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-12 22:20:04 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-07-12 21:43:48 ----D---- C:\FLEXLM
2008-07-12 21:41:02 ----AC---- C:\WINDOWS\system32\haspvdd.dll
2008-07-12 21:41:00 ----AC---- C:\WINDOWS\system32\SNTI386.DLL
2008-07-12 21:41:00 ----AC---- C:\WINDOWS\system32\RNBOVDD.DLL
2008-07-12 21:40:56 ----D---- C:\WINDOWS\system32\RNBOSENT
2008-07-12 21:40:53 ----D---- C:\Program Files\GLOBEtrotter Software Inc
2008-07-12 21:40:51 ----A---- C:\WINDOWS\IsUninst.exe
2008-07-12 21:39:38 ----D---- C:\Program Files\Autodesk
2008-07-12 21:37:14 ----D---- C:\Program Files\Common Files\Autodesk Shared
2008-07-12 21:37:14 ----D---- C:\Program Files\Common Files\Alias Shared
2008-07-12 21:36:05 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-07-12 21:36:04 ----AC---- C:\WINDOWS\system32\d3dx9_32.dll
2008-07-12 21:28:21 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\WinRAR
2008-07-12 21:21:53 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-07-12 21:14:58 ----D---- C:\Program Files\WinRAR
2008-07-12 20:44:19 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\DAEMON Tools
2008-07-12 20:38:58 ----D---- C:\WINDOWS\system32\LogFiles
2008-06-27 13:43:22 ----ASH---- C:\Documents and Settings\Andrew Chiang\Application Data\desktop.ini
2008-06-27 13:43:21 ----SD---- C:\Documents and Settings\Andrew Chiang\Application Data\Microsoft
2008-06-27 13:43:21 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Intel
2008-06-27 13:43:21 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\InstallShield
2008-06-27 13:43:21 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Identities
2008-06-27 13:43:21 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Ahead
2008-06-27 13:43:21 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Adobe
2008-06-25 04:52:00 ----AC---- C:\WINDOWS\setuplog.txt
2008-06-25 04:50:59 ----AC---- C:\WINDOWS\smscfg.ini
2008-06-25 04:46:10 ----D---- C:\WINDOWS\system32\Alienware
2008-06-25 04:19:05 ----D---- C:\Program Files\Common Files\LightScribe
2008-06-25 04:18:55 ----AC---- C:\WINDOWS\POWERCFG.EXE
2008-06-25 04:16:50 ----D---- C:\Program Files\Nero
2008-06-25 04:16:50 ----D---- C:\Program Files\Common Files\Ahead
2008-06-25 04:16:50 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-25 04:16:29 ----D---- C:\WINDOWS\RegisteredPackages
2008-06-25 04:16:22 ----AC---- C:\WINDOWS\system32\d3dx9_30.dll
2008-06-25 04:15:30 ----AC---- C:\WINDOWS\system32\results.txt
2008-06-25 04:15:10 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2008-06-25 04:14:51 ----A---- C:\WINDOWS\system32\NETw4r32.dll
2008-06-25 04:14:51 ----A---- C:\WINDOWS\system32\NETw4c32.dll
2008-06-25 04:14:22 ----D---- C:\WINDOWS\BisonCam
2008-06-25 04:14:22 ----A---- C:\WINDOWS\system32\BisonRem.dll
2008-06-25 04:14:22 ----A---- C:\WINDOWS\M2000Twn.ini
2008-06-25 04:12:38 ----C---- C:\WINDOWS\system32\msxml3a.dll
2008-06-25 04:12:28 ----D---- C:\Program Files\CyberLink
2008-06-25 04:12:28 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-06-25 04:12:28 ----A---- C:\WINDOWS\system32\MSVCP71.DLL
2008-06-25 04:10:27 ----AD---- C:\WINDOWS\system32\oem
2008-06-25 04:10:01 ----D---- C:\Program Files\Windows Live Favorites
2008-06-25 04:09:21 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-06-25 04:09:06 ----D---- C:\Program Files\Windows Live Toolbar
2008-06-25 04:04:34 ----D---- C:\Program Files\Function Key Controller
2008-06-25 04:02:27 ----D---- C:\WINDOWS\nview
2008-06-25 04:02:27 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-06-25 04:01:47 ----AC---- C:\WINDOWS\system32\NVUNINST.EXE
2008-06-25 03:58:32 ----D---- C:\WINDOWS\Grids
2008-05-16 10:58:04 ----A---- C:\WINDOWS\system32\lsdelete.exe
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrszht.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrszhc.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrstr.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrssv.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrssl.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrssk.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrsru.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrsptb.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrspt.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrspl.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrsno.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrsnl.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrsko.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrsja.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrsit.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrshu.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrshe.dll
2008-02-25 07:13:31 ----AC---- C:\WINDOWS\system32\nvwrsfr.dll
2008-02-25 07:13:31 ----A---- C:\WINDOWS\system32\oemdspif.dll
2008-02-25 07:13:31 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-02-25 07:13:31 ----A---- C:\WINDOWS\system32\nvwssr.dll
2008-02-25 07:13:31 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-02-25 07:13:30 ----AC---- C:\WINDOWS\system32\nvwrsfi.dll
2008-02-25 07:13:30 ----AC---- C:\WINDOWS\system32\nvwrsesm.dll
2008-02-25 07:13:30 ----AC---- C:\WINDOWS\system32\nvwrses.dll
2008-02-25 07:13:30 ----AC---- C:\WINDOWS\system32\nvwrseng.dll
2008-02-25 07:13:30 ----AC---- C:\WINDOWS\system32\nvwrsel.dll
2008-02-25 07:13:30 ----AC---- C:\WINDOWS\system32\nvwrsde.dll
2008-02-25 07:13:30 ----AC---- C:\WINDOWS\system32\nvwrsda.dll
2008-02-25 07:13:30 ----AC---- C:\WINDOWS\system32\nvwrscs.dll
2008-02-25 07:13:30 ----AC---- C:\WINDOWS\system32\nvwrsar.dll
2008-02-25 07:13:30 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-02-25 07:13:30 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-02-25 07:13:30 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrszht.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrszhc.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrstr.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsth.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrssv.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrssl.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrssk.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsru.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsptb.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrspt.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrspl.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsno.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsnl.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsko.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsja.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsit.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrshu.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrshe.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsfr.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsfi.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsesm.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrses.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrseng.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsel.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsde.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsda.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrscs.dll
2008-02-25 07:13:29 ----AC---- C:\WINDOWS\system32\nvrsar.dll
2008-02-25 07:13:29 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2008-02-25 07:13:29 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-02-25 07:13:29 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-02-25 07:13:29 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-02-25 07:13:28 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-02-25 07:13:28 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2008-02-25 07:13:28 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-02-25 07:13:28 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-02-25 07:13:28 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2008-02-25 07:13:27 ----AC---- C:\WINDOWS\system32\nvmccsrs.dll
2008-02-25 07:13:27 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-02-25 07:13:27 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-02-25 07:13:27 ----A---- C:\WINDOWS\system32\nview.dll
2008-02-25 07:13:27 ----A---- C:\WINDOWS\system32\nvgfx.dll
2008-02-25 07:13:27 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2008-02-25 07:13:27 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-02-25 07:13:27 ----A---- C:\WINDOWS\system32\nvexpbar.dll
2008-02-25 07:13:27 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-02-25 07:13:26 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2008-02-25 07:13:25 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-02-25 07:13:25 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2008-02-25 07:13:25 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-02-25 07:13:24 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-02-25 07:13:23 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-02-25 07:13:23 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-02-25 07:13:23 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-02-25 07:13:23 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-02-25 07:13:23 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-02-25 07:13:23 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-02-25 07:13:22 ----AC---- C:\WINDOWS\system32\keystone.exe
2007-08-13 14:54:10 ----N---- C:\WINDOWS\system32\ieui.dll
2007-08-13 14:54:10 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2007-08-13 14:54:10 ----A---- C:\WINDOWS\system32\msfeeds.dll
2007-08-13 14:54:10 ----A---- C:\WINDOWS\system32\ieframe.dll
2007-08-13 14:45:16 ----C---- C:\WINDOWS\system32\WinFXDocObj.exe
2007-08-13 14:40:52 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2007-08-13 14:39:10 ----A---- C:\WINDOWS\system32\ieudinit.exe
2007-08-13 14:38:48 ----C---- C:\WINDOWS\system32\advpack.dll.mui
2007-08-13 14:36:40 ----C---- C:\WINDOWS\system32\msfeedssync.exe
2007-08-13 14:36:26 ----A---- C:\WINDOWS\system32\icardie.dll
2007-08-13 14:34:04 ----A---- C:\WINDOWS\system32\iertutil.dll
2007-07-11 08:27:48 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2007-05-15 11:43:10 ----A---- C:\WINDOWS\system32\msxml6.dll
2007-05-08 15:30:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2007-05-08 15:29:54 ----D---- C:\Program Files\Common Files\Adobe
2007-05-08 15:18:29 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2007-05-08 15:18:13 ----A---- C:\WINDOWS\AGRSMMSG.exe
2007-05-08 15:18:13 ----A---- C:\WINDOWS\agrsmdel.exe
2007-05-08 15:16:37 ----D---- C:\WINDOWS\system32\Lang
2007-05-08 15:15:14 ----AC---- C:\WINDOWS\system32\ChCfg.exe
2007-05-08 15:15:08 ----D---- C:\WINDOWS\system32\RTCOM
2007-05-08 15:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2007-05-08 15:14:39 ----A---- C:\WINDOWS\SoundMan.exe
2007-05-08 15:14:39 ----A---- C:\WINDOWS\SkyTel.exe
2007-05-08 15:14:39 ----A---- C:\WINDOWS\RtlUpd.exe
2007-05-08 15:14:38 ----A---- C:\WINDOWS\RTLCPL.exe
2007-05-08 15:14:37 ----A---- C:\WINDOWS\RTHDCPL.exe
2007-05-08 15:14:37 ----A---- C:\WINDOWS\MicCal.exe
2007-05-08 15:14:36 ----D---- C:\Program Files\Realtek
2007-05-08 15:14:36 ----A---- C:\WINDOWS\alcwzrd.exe
2007-05-08 15:14:36 ----A---- C:\WINDOWS\Alcmtr.exe
2007-05-08 15:14:29 ----RAC---- C:\WINDOWS\RtlExUpd.dll
2007-05-08 15:14:29 ----AC---- C:\WINDOWS\HideWin.exe
2007-05-08 15:13:45 ----D---- C:\Program Files\Synaptics
2007-05-08 15:13:45 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2007-05-08 15:13:45 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2007-05-08 15:13:45 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2007-05-08 15:13:45 ----A---- C:\WINDOWS\system32\SynCOM.dll
2007-05-08 15:10:31 ----A---- C:\WINDOWS\system32\agrsmdel.exe
2007-05-08 15:10:25 ----D---- C:\WINDOWS\Options
2007-05-08 15:09:52 ----HD---- C:\Program Files\InstallShield Installation Information
2007-05-08 15:09:52 ----A---- C:\WINDOWS\system32\snymsico.dll
2007-05-08 15:06:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2007-05-08 15:06:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2007-05-08 15:06:01 ----D---- C:\Program Files\Intel
2007-05-08 15:02:41 ----A---- C:\WINDOWS\system32\hidserv.dll
2007-05-08 15:02:09 ----A---- C:\WINDOWS\system32\ksuser.dll
2007-05-08 15:01:00 ----A---- C:\WINDOWS\system32\btw_ci.dll
2007-05-08 15:00:53 ----D---- C:\Program Files\WIDCOMM
2007-05-08 14:55:52 ----HDC---- C:\WINDOWS\$NtUninstallKB931768$
2007-05-08 14:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2007-05-08 14:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2007-05-08 14:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2007-05-08 14:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2007-05-08 14:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2007-05-08 14:53:50 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2007-05-08 14:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2007-05-08 14:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2007-05-08 14:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB931836$
2007-05-08 14:52:19 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2007-05-08 14:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2007-05-08 14:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2007-05-08 14:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2007-05-08 14:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2007-05-08 14:51:12 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2007-05-08 14:50:57 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2007-05-08 14:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB929969$
2007-05-08 14:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2007-05-08 14:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2007-05-08 14:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923694$
2007-05-08 14:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2007-05-08 14:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2007-05-08 14:49:14 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2007-05-08 14:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2007-05-08 14:48:48 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2007-05-08 14:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2007-05-08 14:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2007-05-08 14:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2007-05-08 14:47:59 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2007-05-08 14:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2007-05-08 14:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2007-05-08 14:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2007-05-08 14:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2007-05-08 14:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2007-05-08 14:46:48 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2007-05-08 14:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2007-05-08 14:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2007-05-08 14:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2007-05-08 14:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2007-05-08 14:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2007-05-08 14:45:43 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2007-05-08 14:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2007-05-08 14:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP9$
2007-05-08 14:45:06 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2007-05-08 14:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2007-05-08 14:44:45 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2007-05-08 14:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2007-05-08 14:44:20 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2007-05-08 14:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2007-05-08 14:43:59 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2007-05-08 14:43:46 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2007-05-08 14:43:36 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2007-05-08 14:43:27 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2007-05-08 14:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2007-05-08 14:43:03 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2007-05-08 14:42:52 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2007-05-08 14:42:44 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2007-05-08 14:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2007-05-08 14:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2007-05-08 14:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2007-05-08 14:42:10 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2007-05-08 14:41:59 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2007-05-08 14:41:52 ----D---- C:\WINDOWS\system32\PreInstall
2007-05-08 14:41:52 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2007-05-08 14:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2007-05-08 14:41:44 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2007-05-08 14:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2007-05-08 13:57:53 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2007-05-08 13:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2007-05-08 13:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2007-05-08 13:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2007-05-08 13:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2007-05-08 13:57:13 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2007-05-08 13:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2007-05-08 13:56:54 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2007-05-08 13:56:19 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2007-05-08 13:55:58 ----AC---- C:\WINDOWS\system32\tzchange.exe
2007-05-08 13:53:50 ----A---- C:\WINDOWS\system32\verclsid.exe
2007-05-08 13:51:16 ----HD---- C:\WINDOWS\$hf_mig$
2007-05-08 13:50:43 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2007-05-08 13:50:43 ----A---- C:\WINDOWS\system32\wups2.dll
2007-05-08 13:50:43 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2007-05-08 13:50:43 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2007-05-08 13:50:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2007-05-08 13:49:05 ----SHD---- C:\RECYCLER
2007-05-08 13:48:26 ----AC---- C:\WINDOWS\system32\oeminfo.bat
2007-05-08 13:48:26 ----A---- C:\WINDOWS\system32\oeminfo.ini
2007-05-08 13:43:42 ----D---- C:\Program Files\Marvell
2007-05-08 13:42:15 ----D---- C:\Program Files\Common Files\InstallShield
2007-05-08 13:22:34 ----HD---- C:\Program Files\Uninstall Information
2007-05-08 13:22:25 ----D---- C:\WINDOWS\SoftwareDistribution
2007-05-08 13:22:23 ----SD---- C:\WINDOWS\system32\Microsoft
2007-05-08 13:22:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2007-05-08 13:19:29 ----D---- C:\WINDOWS\system32\xircom
2007-05-08 13:19:29 ----D---- C:\Program Files\xerox
2007-05-08 13:19:28 ----D---- C:\Program Files\microsoft frontpage
2007-05-08 13:19:13 ----AC---- C:\WINDOWS\control.ini
2007-05-08 13:19:13 ----A---- C:\AUTOEXEC.BAT
2007-05-08 13:19:05 ----AC---- C:\WINDOWS\OEWABLog.txt
2007-05-08 13:19:02 ----A---- C:\WINDOWS\system32\mapi32.dll
2007-05-08 13:18:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2007-05-08 13:18:23 ----RD---- C:\WINDOWS\Offline Web Pages
2007-05-08 13:18:23 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2007-05-08 13:18:18 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2007-05-08 13:18:14 ----HD---- C:\Program Files\WindowsUpdate
2007-05-08 13:17:58 ----D---- C:\WINDOWS\system32\DirectX
2007-05-08 13:17:41 ----AC---- C:\WINDOWS\system32\atrace.dll
2007-05-08 13:17:39 ----AC---- C:\WINDOWS\system32\desktop.ini
2007-05-08 13:17:39 ----AC---- C:\WINDOWS\desktop.ini
2007-05-08 13:17:33 ----AC---- C:\WINDOWS\system32\nmevtmsg.dll
2007-05-08 13:17:32 ----D---- C:\Program Files\Common Files\Services
2007-05-08 13:17:32 ----A---- C:\WINDOWS\system32\acctres.dll
2007-05-08 13:17:29 ----SD---- C:\WINDOWS\Tasks
2007-05-08 13:17:29 ----AC---- C:\WINDOWS\system32\icfgnt5.dll
2007-05-08 13:17:28 ----D---- C:\Program Files\Common Files\MSSoap
2007-05-08 13:17:25 ----D---- C:\WINDOWS\system32\Macromed
2007-05-08 13:17:25 ----D---- C:\WINDOWS\srchasst
2007-05-08 13:17:22 ----AC---- C:\WINDOWS\system32\wuaueng1.dll
2007-05-08 13:17:22 ----AC---- C:\WINDOWS\system32\wuauclt1.exe
2007-05-08 13:17:22 ----A---- C:\WINDOWS\system32\wuweb.dll
2007-05-08 13:17:22 ----A---- C:\WINDOWS\system32\wups.dll
2007-05-08 13:17:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2007-05-08 13:17:22 ----A---- C:\WINDOWS\system32\wuauserv.dll
2007-05-08 13:17:22 ----A---- C:\WINDOWS\system32\wuaueng.dll
2007-05-08 13:17:22 ----A---- C:\WINDOWS\system32\wuauclt.exe
2007-05-08 13:17:22 ----A---- C:\WINDOWS\system32\wuapi.dll
2007-05-08 13:17:21 ----AC---- C:\WINDOWS\system32\bitsprx3.dll
2007-05-08 13:17:21 ----AC---- C:\WINDOWS\system32\bitsprx2.dll
2007-05-08 13:17:21 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2007-05-08 13:17:21 ----A---- C:\WINDOWS\system32\qmgr.dll
2007-05-08 13:17:18 ----D---- C:\Program Files\Movie Maker
2007-05-08 13:17:15 ----AC---- C:\WINDOWS\system32\safrslv.dll
2007-05-08 13:17:15 ----AC---- C:\WINDOWS\system32\safrdm.dll
2007-05-08 13:17:15 ----AC---- C:\WINDOWS\system32\safrcdlg.dll
2007-05-08 13:17:15 ----A---- C:\WINDOWS\system32\racpldlg.dll
2007-05-08 13:17:12 ----AC---- C:\WINDOWS\system32\fltmc.exe
2007-05-08 13:17:12 ----AC---- C:\WINDOWS\system32\fltlib.dll
2007-05-08 13:17:11 ----D---- C:\WINDOWS\system32\Restore
2007-05-08 13:17:11 ----A---- C:\WINDOWS\system32\srsvc.dll
2007-05-08 13:17:11 ----A---- C:\WINDOWS\system32\srrstr.dll
2007-05-08 13:17:11 ----A---- C:\WINDOWS\system32\srclient.dll
2007-05-08 13:17:10 ----AC---- C:\WINDOWS\system32\nmmkcert.dll
2007-05-08 13:17:10 ----AC---- C:\WINDOWS\system32\msconf.dll
2007-05-08 13:17:10 ----AC---- C:\WINDOWS\system32\mnmdd.dll
2007-05-08 13:17:10 ----AC---- C:\WINDOWS\system32\isrdbg32.dll
2007-05-08 13:17:10 ----AC---- C:\WINDOWS\system32\ils.dll
2007-05-08 13:17:10 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2007-05-08 13:17:08 ----D---- C:\Program Files\NetMeeting
2007-05-08 13:17:08 ----A---- C:\WINDOWS\system32\msoert2.dll
2007-05-08 13:17:08 ----A---- C:\WINDOWS\system32\msoeacct.dll
2007-05-08 13:17:07 ----A---- C:\WINDOWS\system32\inetres.dll
2007-05-08 13:17:07 ----A---- C:\WINDOWS\system32\inetcomm.dll
2007-05-08 13:17:05 ----D---- C:\Program Files\Outlook Express
2007-05-08 13:17:05 ----AC---- C:\WINDOWS\system32\mstinit.exe
2007-05-08 13:17:05 ----A---- C:\WINDOWS\system32\schedsvc.dll
2007-05-08 13:17:05 ----A---- C:\WINDOWS\system32\mstask.dll
2007-05-08 13:17:04 ----AC---- C:\WINDOWS\system32\isign32.dll
2007-05-08 13:17:04 ----AC---- C:\WINDOWS\system32\inetcfg.dll
2007-05-08 13:17:04 ----AC---- C:\WINDOWS\system32\icwdial.dll
2007-05-08 13:17:04 ----A---- C:\WINDOWS\system32\icwphbk.dll
2007-05-08 13:16:58 ----D---- C:\Program Files\Common Files\System
2007-05-08 13:16:55 ----D---- C:\Program Files\Internet Explorer
2007-05-08 13:16:33 ----D---- C:\Program Files\ComPlus Applications
2007-05-08 13:16:31 ----AC---- C:\WINDOWS\vbaddin.ini
2007-05-08 13:16:31 ----AC---- C:\WINDOWS\vb.ini
2007-05-08 13:16:28 ----D---- C:\WINDOWS\Registration
2007-05-08 13:16:22 ----D---- C:\Program Files\Windows Media Player
2007-05-08 13:16:22 ----D---- C:\Program Files\Online Services
2007-05-08 13:16:18 ----D---- C:\Program Files\Messenger
2007-05-08 13:16:15 ----D---- C:\Program Files\MSN Gaming Zone
2007-05-08 13:16:15 ----AC---- C:\WINDOWS\system32\write.exe
2007-05-08 13:16:07 ----AC---- C:\WINDOWS\system32\avwav.dll
2007-05-08 13:16:07 ----AC---- C:\WINDOWS\system32\avtapi.dll
2007-05-08 13:16:07 ----AC---- C:\WINDOWS\system32\avmeter.dll
2007-05-08 13:16:07 ----A---- C:\WINDOWS\system32\sndvol32.exe
2007-05-08 13:16:07 ----A---- C:\WINDOWS\system32\hticons.dll
2007-05-08 13:16:06 ----AC---- C:\WINDOWS\system32\winchat.exe
2007-05-08 13:16:01 ----AC---- C:\WINDOWS\system32\getuname.dll
2007-05-08 13:16:00 ----AC---- C:\WINDOWS\system32\winmine.exe
2007-05-08 13:16:00 ----AC---- C:\WINDOWS\system32\sol.exe
2007-05-08 13:16:00 ----AC---- C:\WINDOWS\system32\charmap.exe
2007-05-08 13:16:00 ----AC---- C:\WINDOWS\system32\calc.exe
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\usrlogon.cmd
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\tsshutdn.exe
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\tslabels.ini
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\tskill.exe
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\tsdiscon.exe
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\tscon.exe
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\shadow.exe
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\rwinsta.exe
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\reset.exe
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\regini.exe
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\rdpcfgex.dll
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\qwinsta.exe
2007-05-08 13:15:59 ----AC---- C:\WINDOWS\system32\freecell.exe
2007-05-08 13:15:59 ----A---- C:\WINDOWS\system32\mshearts.exe
2007-05-08 13:15:58 ----AC---- C:\WINDOWS\system32\qappsrv.exe
2007-05-08 13:15:58 ----AC---- C:\WINDOWS\system32\msg.exe
2007-05-08 13:15:58 ----AC---- C:\WINDOWS\system32\msdtcprf.ini
2007-05-08 13:15:58 ----AC---- C:\WINDOWS\system32\logoff.exe
2007-05-08 13:15:58 ----AC---- C:\WINDOWS\system32\cdmodem.dll
2007-05-08 13:15:57 ----AC---- C:\WINDOWS\system32\stclient.dll
2007-05-08 13:15:57 ----AC---- C:\WINDOWS\system32\mtxlegih.dll
2007-05-08 13:15:57 ----AC---- C:\WINDOWS\system32\mtxex.dll
2007-05-08 13:15:57 ----AC---- C:\WINDOWS\system32\mtxdm.dll
2007-05-08 13:15:57 ----AC---- C:\WINDOWS\system32\dcomcnfg.exe
2007-05-08 13:15:57 ----AC---- C:\WINDOWS\system32\comsnap.dll
2007-05-08 13:15:57 ----AC---- C:\WINDOWS\system32\comrepl.dll
2007-05-08 13:15:57 ----AC---- C:\WINDOWS\system32\comaddin.dll
2007-05-08 13:15:52 ----AC---- C:\WINDOWS\system32\wmimgmt.msc
2007-05-08 13:15:43 ----D---- C:\Program Files\MSN
2007-05-08 13:15:42 ----AC---- C:\WINDOWS\system32\sndrec32.exe
2007-05-08 13:15:42 ----AC---- C:\WINDOWS\system32\mplay32.exe
2007-05-08 13:15:42 ----A---- C:\WINDOWS\system32\accwiz.exe
2007-05-08 13:15:41 ----D---- C:\Program Files\Windows NT
2007-05-08 13:15:41 ----AC---- C:\WINDOWS\system32\clipbrd.exe
2007-05-08 13:15:41 ----A---- C:\WINDOWS\system32\spider.exe
2007-05-08 13:15:41 ----A---- C:\WINDOWS\system32\mspaint.exe
2007-05-08 13:15:41 ----A---- C:\WINDOWS\system32\hypertrm.dll
2007-05-08 13:15:40 ----AC---- C:\WINDOWS\system32\tscfgwmi.dll
2007-05-08 13:15:40 ----AC---- C:\WINDOWS\system32\rdsaddin.exe
2007-05-08 13:15:40 ----A---- C:\WINDOWS\system32\sessmgr.exe
2007-05-08 13:15:40 ----A---- C:\WINDOWS\system32\remotepg.dll
2007-05-08 13:15:40 ----A---- C:\WINDOWS\system32\rdshost.exe
2007-05-08 13:15:40 ----A---- C:\WINDOWS\system32\mstscax.dll
2007-05-08 13:15:40 ----A---- C:\WINDOWS\system32\mstsc.exe
2007-05-08 13:15:39 ----D---- C:\WINDOWS\system32\MsDtc
2007-05-08 13:15:39 ----AC---- C:\WINDOWS\system32\tscupgrd.exe
2007-05-08 13:15:39 ----AC---- C:\WINDOWS\system32\rdpwsx.dll
2007-05-08 13:15:39 ----AC---- C:\WINDOWS\system32\rdpsnd.dll
2007-05-08 13:15:39 ----AC---- C:\WINDOWS\system32\rdchost.dll
2007-05-08 13:15:39 ----AC---- C:\WINDOWS\system32\qprocess.exe
2007-05-08 13:15:39 ----AC---- C:\WINDOWS\system32\msdtcuiu.dll
2007-05-08 13:15:39 ----AC---- C:\WINDOWS\system32\cfgbkend.dll
2007-05-08 13:15:39 ----A---- C:\WINDOWS\system32\termsrv.dll
2007-05-08 13:15:39 ----A---- C:\WINDOWS\system32\rdpclip.exe
2007-05-08 13:15:39 ----A---- C:\WINDOWS\system32\icaapi.dll
2007-05-08 13:15:38 ----AC---- C:\WINDOWS\system32\xolehlp.dll
2007-05-08 13:15:38 ----AC---- C:\WINDOWS\system32\mtxoci.dll
2007-05-08 13:15:38 ----AC---- C:\WINDOWS\system32\msdtctm.dll
2007-05-08 13:15:38 ----AC---- C:\WINDOWS\system32\msdtcprx.dll
2007-05-08 13:15:38 ----AC---- C:\WINDOWS\system32\msdtclog.dll
2007-05-08 13:15:38 ----A---- C:\WINDOWS\system32\msdtc.exe
2007-05-08 13:15:37 ----D---- C:\WINDOWS\system32\Com
2007-05-08 13:15:37 ----AC---- C:\WINDOWS\system32\clbcatex.dll
2007-05-08 13:15:37 ----AC---- C:\WINDOWS\system32\catsrvps.dll
2007-05-08 13:15:37 ----A---- C:\WINDOWS\system32\colbact.dll
2007-05-08 13:15:37 ----A---- C:\WINDOWS\system32\catsrvut.dll
2007-05-08 13:15:37 ----A---- C:\WINDOWS\system32\catsrv.dll
2007-05-08 13:15:36 ----AC---- C:\WINDOWS\system32\comuid.dll
2007-05-08 13:15:36 ----A---- C:\WINDOWS\system32\comsvcs.dll
2007-05-08 13:15:36 ----A---- C:\WINDOWS\system32\clbcatq.dll
2007-05-08 13:15:30 ----AC---- C:\WINDOWS\system32\servdeps.dll
2007-05-08 13:15:29 ----AC---- C:\WINDOWS\system32\mmfutil.dll
2007-05-08 13:15:29 ----AC---- C:\WINDOWS\system32\cmprops.dll
2007-05-08 13:15:29 ----A---- C:\WINDOWS\system32\licwmi.dll
2007-05-08 06:14:57 ----A---- C:\WINDOWS\system32\h323log.txt
2007-05-08 06:10:50 ----A---- C:\WINDOWS\system32\usbui.dll
2007-05-08 06:08:31 ----A---- C:\WINDOWS\imsins.BAK
2007-05-08 06:08:29 ----SHD---- C:\WINDOWS\Installer
2007-05-08 06:08:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2007-05-08 06:08:28 ----D---- C:\Program Files\Common Files\ODBC
2007-05-08 06:08:28 ----AC---- C:\WINDOWS\ODBCINST.INI
2007-05-08 06:08:26 ----D---- C:\Program Files\Common Files\SpeechEngines
2007-05-08 06:08:25 ----RD---- C:\Program Files
2007-05-08 06:08:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2007-05-08 06:08:25 ----D---- C:\Program Files\Common Files
2007-05-08 06:08:23 ----RAC---- C:\WINDOWS\system32\kbdtuq.dll
2007-05-08 06:08:23 ----RAC---- C:\WINDOWS\system32\kbdtuf.dll
2007-05-08 06:08:23 ----RAC---- C:\WINDOWS\system32\kbdazel.dll
2007-05-08 06:08:22 ----RAC---- C:\WINDOWS\system32\kbduzb.dll
2007-05-08 06:08:22 ----RAC---- C:\WINDOWS\system32\kbdur.dll
2007-05-08 06:08:22 ----RAC---- C:\WINDOWS\system32\kbdtat.dll
2007-05-08 06:08:22 ----RAC---- C:\WINDOWS\system32\kbdmon.dll
2007-05-08 06:08:22 ----RAC---- C:\WINDOWS\system32\kbdkyr.dll
2007-05-08 06:08:22 ----RAC---- C:\WINDOWS\system32\kbdkaz.dll
2007-05-08 06:08:22 ----RAC---- C:\WINDOWS\system32\kbdaze.dll
2007-05-08 06:08:21 ----RAC---- C:\WINDOWS\system32\kbdycc.dll
2007-05-08 06:08:21 ----RAC---- C:\WINDOWS\system32\kbdru1.dll
2007-05-08 06:08:21 ----RAC---- C:\WINDOWS\system32\kbdru.dll
2007-05-08 06:08:21 ----RAC---- C:\WINDOWS\system32\kbdbu.dll
2007-05-08 06:08:21 ----RAC---- C:\WINDOWS\system32\kbdblr.dll
2007-05-08 06:08:20 ----RAC---- C:\WINDOWS\system32\kbdhept.dll
2007-05-08 06:08:20 ----RAC---- C:\WINDOWS\system32\kbdhela3.dll
2007-05-08 06:08:20 ----RAC---- C:\WINDOWS\system32\kbdhela2.dll
2007-05-08 06:08:20 ----RAC---- C:\WINDOWS\system32\kbdhe319.dll
2007-05-08 06:08:20 ----RAC---- C:\WINDOWS\system32\kbdhe220.dll
2007-05-08 06:08:20 ----RAC---- C:\WINDOWS\system32\kbdhe.dll
2007-05-08 06:08:20 ----RAC---- C:\WINDOWS\system32\kbdgkl.dll
2007-05-08 06:08:19 ----RAC---- C:\WINDOWS\system32\kbdlv1.dll
2007-05-08 06:08:19 ----RAC---- C:\WINDOWS\system32\kbdlv.dll
2007-05-08 06:08:19 ----RAC---- C:\WINDOWS\system32\kbdlt1.dll
2007-05-08 06:08:19 ----RAC---- C:\WINDOWS\system32\kbdlt.dll
2007-05-08 06:08:18 ----RAC---- C:\WINDOWS\system32\kbdest.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdycl.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdsl1.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdsl.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdro.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdpl1.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdpl.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdhu1.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdhu.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdcz2.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdcz1.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdcz.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\kbdcr.dll
2007-05-08 06:08:17 ----RAC---- C:\WINDOWS\system32\KBDAL.DLL
2007-05-08 06:08:15 ----AC---- C:\WINDOWS\system32\irclass.dll
2007-05-08 06:08:15 ----AC---- C:\WINDOWS\system32\dgsetup.dll
2007-05-08 06:08:15 ----AC---- C:\WINDOWS\system32\dgrpsetu.dll
2007-05-08 06:08:14 ----AC---- C:\WINDOWS\system32\spxcoins.dll
2007-05-08 06:08:14 ----AC---- C:\WINDOWS\system32\EqnClass.Dll
2007-05-08 06:08:13 ----C---- C:\WINDOWS\system32\CONFIG.TMP
2007-05-08 06:08:13 ----AC---- C:\WINDOWS\TASKMAN.EXE
2007-05-08 06:08:12 ----AC---- C:\WINDOWS\system32\batt.dll
2007-05-08 06:08:12 ----A---- C:\WINDOWS\notepad.exe
2007-05-08 06:08:11 ----AC---- C:\WINDOWS\system32\storprop.dll
2007-05-08 06:08:06 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2007-05-08 06:08:03 ----RAC---- C:\WINDOWS\SET8.tmp
2007-05-08 06:08:01 ----RAC---- C:\WINDOWS\SET4.tmp
2007-05-08 06:08:00 ----RAC---- C:\WINDOWS\SET3.tmp
2007-05-08 06:07:55 ----D---- C:\WINDOWS\system32\CatRoot2
2007-05-08 06:07:55 ----D---- C:\WINDOWS\system32\CatRoot
2007-05-08 06:07:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-05-08 06:07:29 ----SHD---- C:\System Volume Information
2007-05-08 06:07:29 ----D---- C:\Documents and Settings
2007-05-08 06:06:56 ----RASH---- C:\boot.ini
2007-05-08 06:01:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2007-05-08 06:01:30 ----RSD---- C:\WINDOWS\Fonts
2007-05-08 06:01:30 ----RD---- C:\WINDOWS\Web
2007-05-08 06:01:30 ----HD---- C:\WINDOWS\inf
2007-05-08 06:01:30 ----D---- C:\WINDOWS\WinSxS
2007-05-08 06:01:30 ----D---- C:\WINDOWS\twain_32
2007-05-08 06:01:30 ----D---- C:\WINDOWS\Temp
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\wins
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\wbem
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\usmt
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\spool
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\ShellExt
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\Setup
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\ras
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\npp
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\mui
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\inetsrv
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\IME
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\icsxml
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\ias
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\export
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\drivers
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\dhcp
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\config
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\3com_dmi
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\3076
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\2052
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\1054
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\1042
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\1041
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\1037
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\1033
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\1031
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\1028
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32\1025
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system32
2007-05-08 06:01:30 ----D---- C:\WINDOWS\system
2007-05-08 06:01:30 ----D---- C:\WINDOWS\security
2007-05-08 06:01:30 ----D---- C:\WINDOWS\Resources
2007-05-08 06:01:30 ----D---- C:\WINDOWS\repair
2007-05-08 06:01:30 ----D---- C:\WINDOWS\Provisioning
2007-05-08 06:01:30 ----D---- C:\WINDOWS\PeerNet
2007-05-08 06:01:30 ----D---- C:\WINDOWS\pchealth
2007-05-08 06:01:30 ----D---- C:\WINDOWS\mui
2007-05-08 06:01:30 ----D---- C:\WINDOWS\msapps
2007-05-08 06:01:30 ----D---- C:\WINDOWS\msagent
2007-05-08 06:01:30 ----D---- C:\WINDOWS\Media
2007-05-08 06:01:30 ----D---- C:\WINDOWS\java
2007-05-08 06:01:30 ----D---- C:\WINDOWS\ime
2007-05-08 06:01:30 ----D---- C:\WINDOWS\Help
2007-05-08 06:01:30 ----D---- C:\WINDOWS\ehome
2007-05-08 06:01:30 ----D---- C:\WINDOWS\Driver Cache
2007-05-08 06:01:30 ----D---- C:\WINDOWS\Debug
2007-05-08 06:01:30 ----D---- C:\WINDOWS\Cursors
2007-05-08 06:01:30 ----D---- C:\WINDOWS\Connection Wizard
2007-05-08 06:01:30 ----D---- C:\WINDOWS\Config
2007-05-08 06:01:30 ----D---- C:\WINDOWS\AppPatch
2007-05-08 06:01:30 ----D---- C:\WINDOWS\addins
2007-05-08 06:01:30 ----D---- C:\WINDOWS
2007-05-08 06:01:30 ----AD---- C:\WINDOWS\system32\oobe
2007-03-21 16:54:16 ----A---- C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-21 16:54:16 ----A---- C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-21 16:54:16 ----A---- C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-12 10:02:26 ----A---- C:\WINDOWS\system32\msjava.dll
2007-02-18 19:23:04 ----A---- C:\WINDOWS\system32\SymNPPWA.dll
2007-01-10 04:44:26 ----RA---- C:\WINDOWS\system32\SSCProt.dll
2007-01-09 18:47:37 ----A---- C:\WINDOWS\system32\SymRedir.dll
2007-01-09 18:47:37 ----A---- C:\WINDOWS\system32\SymNeti.dll
2006-12-11 15:41:30 ----A---- C:\WINDOWS\system32\BtMmHook.dll
2006-12-11 15:40:20 ----AC---- C:\WINDOWS\system32\BtWiaExt.dll
2006-12-11 15:31:08 ----A---- C:\WINDOWS\system32\btwhidcs.dll
2006-12-11 15:30:04 ----AC---- C:\WINDOWS\system32\BtWizard.dll
2006-12-11 15:28:52 ----A---- C:\WINDOWS\system32\BTNeighborhood.dll
2006-12-11 15:26:48 ----AC---- C:\WINDOWS\system32\btsec.dll
2006-12-11 15:26:26 ----A---- C:\WINDOWS\system32\btcss.dll
2006-12-11 15:24:18 ----AC---- C:\WINDOWS\system32\btsendto_ie.dll
2006-12-11 15:23:46 ----AC---- C:\WINDOWS\system32\btsendto_office.dll
2006-12-11 15:22:58 ----AC---- C:\WINDOWS\system32\btsendto_wab.dll
2006-12-11 15:21:36 ----AC---- C:\WINDOWS\system32\btsendto_notes.dll
2006-12-11 15:21:04 ----AC---- C:\WINDOWS\system32\btosif_olx.dll
2006-12-11 15:20:32 ----AC---- C:\WINDOWS\system32\btosif_ol.dll
2006-12-11 15:20:00 ----AC---- C:\WINDOWS\system32\btosif_notes.dll
2006-12-11 15:19:08 ----AC---- C:\WINDOWS\system32\btprn2k.dll
2006-12-11 15:18:46 ----AC---- C:\WINDOWS\system32\bthcrpui.dll
2006-12-11 15:17:48 ----A---- C:\WINDOWS\system32\bthcrp.dll
2006-12-11 15:16:56 ----A---- C:\WINDOWS\system32\btwpimif.dll
2006-12-11 15:16:30 ----AC---- C:\WINDOWS\system32\BTChooser.dll
2006-12-11 15:16:06 ----AC---- C:\WINDOWS\system32\btsendto.dll
2006-12-11 15:15:28 ----A---- C:\WINDOWS\system32\btosif.dll
2006-12-11 15:14:30 ----AC---- C:\WINDOWS\system32\btbigbmp.dll
2006-12-11 15:14:12 ----A---- C:\WINDOWS\system32\BTXPPanel.dll
2006-12-11 15:13:46 ----AC---- C:\WINDOWS\system32\BtXpShell.dll
2006-12-11 15:13:26 ----AC---- C:\WINDOWS\system32\BtAudioHelper.dll
2006-12-11 15:08:24 ----A---- C:\WINDOWS\system32\bt2k_ins.dll
2006-12-11 15:08:04 ----AC---- C:\WINDOWS\system32\btdev.dll
2006-12-11 15:07:42 ----AC---- C:\WINDOWS\system32\btins.dll
2006-12-11 15:06:38 ----A---- C:\WINDOWS\system32\btrez.dll
2006-12-11 15:05:50 ----AC---- C:\WINDOWS\system32\btrezxp.dll
2006-12-11 15:05:04 ----A---- C:\WINDOWS\system32\BTNCopy.dll
2006-12-11 14:59:12 ----A---- C:\WINDOWS\system32\wbtapi.dll
2006-12-11 14:58:02 ----AC---- C:\WINDOWS\system32\btbip.dll
2006-12-11 14:57:48 ----A---- C:\WINDOWS\system32\WidcommSdk.dll
2006-10-26 10:10:08 ----AC---- C:\WINDOWS\system32\FM20.DLL
2006-10-26 10:10:06 ----AC---- C:\WINDOWS\system32\FM20ENU.DLL
2006-10-03 13:47:52 ----AC---- C:\WINDOWS\system32\GEARAspi.dll
2006-09-29 02:56:38 ----RA---- C:\WINDOWS\system32\AdobePDF.dll
2006-07-14 12:29:44 ----A---- C:\WINDOWS\UNRecode.exe
2006-07-14 12:29:44 ----A---- C:\WINDOWS\UNNeroVision.exe
2006-07-14 12:29:44 ----A---- C:\WINDOWS\UNNeroShowTime.exe
2006-07-14 12:29:44 ----A---- C:\WINDOWS\UNNeroMediaHome.exe
2006-07-14 12:29:44 ----A---- C:\WINDOWS\UNNeroBackItUp.exe
2006-06-29 04:05:44 ----N---- C:\WINDOWS\system32\normaliz.dll
2006-06-29 04:05:44 ----C---- C:\WINDOWS\system32\idndl.dll
2006-06-28 13:59:26 ----C---- C:\WINDOWS\system32\nlsdl.dll
2006-03-08 05:21:06 ----AC---- C:\WINDOWS\system32\SMSUnins.dll
2006-03-08 05:21:06 ----AC---- C:\WINDOWS\system32\s24NCfg.dll
2005-09-07 21:03:50 ----A---- C:\WINDOWS\system32\msxml6r.dll
2005-06-20 18:11:20 ----A---- C:\WINDOWS\system32\itiimg3.dll
2005-03-28 09:18:26 ----A---- C:\WINDOWS\system32\cfhd.dll
2005-02-17 10:41:32 ----AC---- C:\WINDOWS\system32\BTNeighborhood.dll.manifest
2005-02-17 10:41:30 ----AC---- C:\WINDOWS\system32\btcss.dll.manifest
2005-02-16 10:18:04 ----AC---- C:\WINDOWS\system32\NeroCo.dll
2005-01-07 16:07:16 ----AC---- C:\WINDOWS\system32\HdAShCut.exe
2005-01-07 16:07:16 ----AC---- C:\WINDOWS\system32\HdAProp.dll
2005-01-07 16:07:04 ----AC---- C:\WINDOWS\system32\HdAudRes.dll
2004-08-10 21:45:06 ----AC---- C:\WINDOWS\system32\wpdtrace.dll
2004-08-10 21:45:06 ----AC---- C:\WINDOWS\system32\wpdsp.dll
2004-08-10 21:45:06 ----AC---- C:\WINDOWS\system32\wpdmtpus.dll
2004-08-10 21:45:06 ----AC---- C:\WINDOWS\system32\wpdmtpdr.dll
2004-08-10 21:45:06 ----AC---- C:\WINDOWS\system32\wpdmtp.dll
2004-08-10 21:45:06 ----AC---- C:\WINDOWS\system32\wpdconns.dll
2004-08-10 21:45:06 ----AC---- C:\WINDOWS\system32\wpd_ci.dll
2004-08-10 21:45:06 ----AC---- C:\WINDOWS\system32\WMVADVE.DLL
2004-08-10 21:45:06 ----A---- C:\WINDOWS\system32\wmvadvd.dll
2004-08-10 21:45:04 ----AC---- C:\WINDOWS\system32\WMDRMNet.dll
2004-08-10 21:45:04 ----AC---- C:\WINDOWS\system32\WMDRMdev.dll
2004-08-10 21:45:04 ----AC---- C:\WINDOWS\system32\wdfapi.dll
2004-08-10 21:45:04 ----AC---- C:\WINDOWS\system32\uwdf.exe
2004-08-10 21:45:04 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2004-08-04 04:00:00 ----RC---- C:\WINDOWS\system32\rsop.msc
2004-08-04 04:00:00 ----RC---- C:\WINDOWS\system32\perfmon.msc
2004-08-04 04:00:00 ----RASH---- C:\NTDETECT.COM
2004-08-04 04:00:00 ----RA---- C:\WINDOWS\system32\ctl3dv2.dll
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\occache.dll
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\mstime.dll
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\msrating.dll
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\jsproxy.dll
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\iernonce.dll
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\ieakui.dll
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\ieaksie.dll
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\ieakeng.dll
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2004-08-04 04:00:00 ----N---- C:\WINDOWS\system32\extmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\winhelp.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\vmmreg32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\twunk_32.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\twunk_16.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\twain.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\xenroll.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\xcopy.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wupdmgr.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wsnmp32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wshrm.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wshnetbs.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wshisn.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wship6.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wshcon.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wshbth.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wshatm.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wsecedit.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wscntfy.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wpnpinst.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wpabaln.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wowexec.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmvdmoe2.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmstream.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmspdmoe.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmsdmoe2.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmsdmoe.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmpcore.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmpcd.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmiscmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmiprop.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmidx.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmerror.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmerrenu.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wmadmoe.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\winver.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\winstrm.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\winntbbu.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\winnls.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\winmsd.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\winhlp32.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\winfax.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\winbrand.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\win.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wifeman.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wiavideo.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wextract.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\webvw.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\webhits.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wavemsp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\w32topl.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\w32tm.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\vwipxspx.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\vwipxspx.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\vssadmin.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\vss_ps.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\vjoy.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\vga64k.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\vga256.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\vfpodbc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\verifier.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\verifier.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ver.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\vdmredir.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\vcdex.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\utilman.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ureg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\upnpcont.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\untfs.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\unlodctr.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\umdmxfrm.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\umandlg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ufat.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\typeperf.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\txflog.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tsddd.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tsappcmp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tree.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tracert6.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tracert.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tracerpt.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tlntsvrp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tlntsess.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tlntadmn.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tftp.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\termmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\telnet.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tcpsvcs.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tcpmonui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tcpmon.ini
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tcpmib.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tcmsetup.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\taskmgr.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\taskman.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tasklist.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\taskkill.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tapiui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tapiperf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tapi3.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\tapi.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\t2embed.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\systray.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\systeminfo.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sysocmgr.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\syskey.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sysinv.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sysedit.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\synceng.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\syncapp.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\swprv.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\svcpack.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\subst.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\strmdll.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\stimon.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sqlwoa.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sqlwid.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sqlunirl.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sqlsrv32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sprestrt.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\spnpinst.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\spiisupd.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sort.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\snmpsnap.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\smlogcfg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\smbinst.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sigtab.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\shutdown.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\shrpubw.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\shellstyle.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\share.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sfmapi.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sfc.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\setver.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\setupdll.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\setup.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sethc.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\serwvdrv.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\services.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\serialui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\senscfg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sendcmsg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\secpol.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\secedit.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sdpblb.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sdhcinst.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sdbinst.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\scriptpw.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\scredir.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\schtasks.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\scardssp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sc.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sbeio.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sbe.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\savedump.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\runonce.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\runas.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rtm.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rtipxmib.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rtcshare.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsvpperf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsvpmsg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsvp.ini
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsopprov.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsnotify.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsmui.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsmsink.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsmps.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsm.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsh.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rsfsaps.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rpcns4.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\routetab.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\routemon.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\route.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rnr20.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rexec.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\replace.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rend.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\relog.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\regwizc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\regwiz.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\regedt32.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\reg.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\recover.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rdpdd.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rcp.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rasser.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rassapi.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rasrad.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rasphone.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rasmxs.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rasmontr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rasdial.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rasctrs.ini
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\rasctrs.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\qosname.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\pubprn.vbs
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\psnppagn.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\pschdprf.ini
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\pschdprf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\prnqctl.vbs
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\prnport.vbs
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\prnmngr.vbs
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\prnjobs.vbs
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\prndrvr.vbs
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\prncnfg.vbs
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\print.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\prflbmsg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\powercfg.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\polstore.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\pnrpnsp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\plustab.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ping6.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ping.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\pifmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\perfwci.ini
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\perfts.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\perfos.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\perfnw.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\perfnet.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\perfmon.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\perffilt.ini
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\perfdisk.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\perfctrs.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\perfci.ini
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\pentnt.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\pautoenr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\pathping.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\panmap.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\pagefileconfig.vbs
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\packager.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\p2psvc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\p2pnetsh.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\p2pgraph.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\p2pgasvc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\p2p.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\osuninst.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\osk.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\openfiles.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\oleprn.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\offfilt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odtext32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odpdx32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odfox32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odexl32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\oddbse32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odbctrac.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odbcp32r.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odbccu32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odbccr32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odbcconf.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odbcconf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odbcbcp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odbcad32.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odbc32gt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\odbc16gt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\objsel.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nwwks.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nwscript.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nwevent.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nwcfg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nwapi32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nwapi16.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nw16.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ntvdmd.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ntsdexts.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ntmsoprq.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ntmsmgr.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ntmsmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ntmsevt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ntmsdba.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ntmsapi.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ntlanui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ntdsbcli.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nslookup.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\npptools.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nlsfunc.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\netstat.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\netsh.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\netsetup.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\neth.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\net1.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\net.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nddenb32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nddeapir.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ncxpnt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\nbtstat.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\narrhook.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\narrator.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msxmlr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msxml2r.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msxbde40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mswdat10.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msw3prt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msvcrt40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msvcrt20.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msvbvm50.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mstext40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msswchx.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msswch.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mssign32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mssap.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msrepl40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msrecr40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msrd3x40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msrd2x40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msrclr40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msratelc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msr2cenu.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msr2c.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mspbde40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msorcl32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msorc32r.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msobjs.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msnsspc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msnetobj.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msltus40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mslbui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msexcl40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msexch40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msencode.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msdxmlc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msdadiag.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msctfp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mscpxl32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mscpx32r.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msaudite.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msapsspc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msafd.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\msaatext.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mrinfo.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqupgrd.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqtrig.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqtgsvc.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqsvc.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqsnap.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqrtdep.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqrt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqqm.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqperf.ini
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqperf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqoa.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqlogmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqise.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqgentr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqdscli.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqcertui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqbkup.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mqad.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mprui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mprmsg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mprddm.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mpnotify.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mountvol.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\more.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\modex.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mode.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mobsync.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mobsync.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mmutilse.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mmdrv.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mmcndmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mll_qic.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mll_mtf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mll_hp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mimefilt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\migpwd.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\miglibnt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mgmtapi.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mfc40u.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mfc40.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mf3216.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mem.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mdhcp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mciwave.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mciseq.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mciole32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mciole16.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mciavi32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mchgrcoi.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mcdsrv32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mcastmib.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mapistub.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\makecab.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\magnify.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mag_hook.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lzexpand.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lusrmgr.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lprmonui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lprhelp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lpr.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lpq.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lpk.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\logman.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\login.cmd
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\loghours.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\logagent.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lodctr.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\localui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\localsec.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\loadfix.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lnkstub.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lmrt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\lights.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\licmgr10.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\laprxy.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\langwrbk.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\krnl386.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\keymgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kd1394.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdusx.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdusr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdusl.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdukx.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbduk.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdsw.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdsp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdsmsno.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdsmsfi.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdsg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdsf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdpo.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdno1.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdno.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdnec.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdne.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdmlt48.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdmlt47.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdmaori.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdmac.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdla.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdit142.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdit.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdir.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdinmal.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdinben.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdinbe1.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdic.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdgr1.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdgae.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdfr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdfo.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdfi1.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdfi.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdfc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdes.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbddv.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdda.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdcan.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdca.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdbr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdbene.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kbdbe.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\kb16.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\jobexec.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\jgsh400.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\jgsd400.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\jgpl400.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\jgmd400.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\jgdw400.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\jgaw400.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\jet500.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ixsso.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iuengine.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\itircl.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ir50_qcx.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ir50_qc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ir41_qcx.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ir41_qc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipxwan.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipxsap.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipxrtmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipxroute.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipxrip.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipxpromn.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipxmontr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipv6mon.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipv6.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipsmsnap.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipsecsnp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipsec6.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iprtrmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iprtprio.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ippromon.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipmontr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ipconfig.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iologmsg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\inseng.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\input.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\infosoft.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\inetppui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\inetmib1.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\inetcplc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\imeshare.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iissuba.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\igmpagnt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ifsutil.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ifmon.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iexpress.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iesetup.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ieencode.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iassvcs.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iassdo.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iassam.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iasrecst.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iasrad.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iaspolcy.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iasnap.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iashlpr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iasads.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\iasacct.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\htui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\hostname.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\hnetmon.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\help.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\h323msp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\grpconv.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\graphics.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\graftabl.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\gpupdate.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\gptext.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\gpresult.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\gpkrsrc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\gpedit.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\gpedit.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\glmf32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\getmac.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\gdi.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fwcfg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ftsrch.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ftp.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fsutil.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fsusd.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fsquirt.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fsmgmt.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\framebuf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\format.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\forcedos.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fontview.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fontsub.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fmifs.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fixmapi.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\finger.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\findstr.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\find.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\filemgmt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fdeploy.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fde.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fc.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\fastopen.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\exts.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\extrac32.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\expand.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\exe2bin.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\eventvwr.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\eventvwr.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\eventtriggers.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\eventquery.vbs
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\eventcreate.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\eventcls.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\eula.txt
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\eudcedit.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\esentutl.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\esentprf.ini
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\esentprf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\esent97.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\els.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\efsadu.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\edlin.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\edit.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dxmasf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dvdupgrd.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dsprpres.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dsprop.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dsauth.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ds32gt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ds16gt.dLL
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\drwatson.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\drmv2clt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\drmstor.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\driverquery.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dpwsock.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dpserial.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dplay.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dmremote.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dmocx.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dmintf.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dmdskres.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dmdskmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dmdlgs.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dmconfig.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dllhst3g.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\diskperf.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\diskpart.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\diskmgmt.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\diskcopy.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\diskcomp.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\digest.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\diantz.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dhcpsapi.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dhcpmon.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dgnet.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dfrgui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dfrgsnap.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dfrgfat.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dfrg.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\devmgmt.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\debug.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ddeshare.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dbnmpntw.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dbnetlib.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dbmsrpcn.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\datime.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\danim.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ctl3d32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\csseqchk.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\convert.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\console.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\conime.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\confmsp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\compstui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\compmgmt.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\compact.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\comp.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\command.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\comcat.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cnvfat.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cnetcfg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cmutil.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cmstp.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cmsetacl.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cmpbk32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cmmon32.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cliconfg.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cliconfg.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ckcnv.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cipher.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ciodm.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cidaemon.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cic.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ciadv.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ciadmin.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\chkntfs.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\chkdsk.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\chcp.com
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cewmdm.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\certmgr.msc
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\certmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cdosys.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cdfview.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ccfgnt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cards.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\capesnpn.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\camocx.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\cacls.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\btpanui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\bthserv.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\bthci.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\browsewm.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\bootvrfy.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\bootok.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\bootcfg.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\blastcln.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\blackbox.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\bidispl.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\avicap32.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\autolfn.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\autofmt.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\autodisc.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\autoconv.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\auditusr.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\attrib.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\atmpvcno.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\atmadm.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\atkctrs.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\at.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\asr_pfu.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\asr_ldm.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\asr_fmt.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\asferror.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\arp.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\appmgr.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\append.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\apcups.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\ahui.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\adsnw.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\adsnt.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\adsnds.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\adsmsext.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\adsldp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\adptif.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\admparse.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\actmovie.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\acledit.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\msdfmap.ini
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\hh.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\winhlp32.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\win.ini
2004-08-04 04:00:00 ----A---- C:\WINDOWS\twain_32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\zipfldr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\xpob2res.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\xmlprov.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\xactsrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wstdecod.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wsock32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wshext.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wscsvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wscript.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ws2help.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ws2_32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wowdeb.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wow32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmvcore.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmpui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmpshell.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmploc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmpasf.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\WMDMPS.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\WMDMLOG.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmasf.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wmadmod.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wlnotify.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wldap32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wkssvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wintrust.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winsta.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winsrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winspool.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winsock.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winshfhc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winscard.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winrnr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winmm.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winlogon.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winipsec.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wininet.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\winhttp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\win87em.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\win32spl.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wiavusd.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wiashext.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wiaservc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wiascr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wiadss.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wiadefui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\webclnt.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\webcheck.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\wdigest.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\w3ssl.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\w32time.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\vssvc.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\vssapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\vga.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\version.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\vbscript.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\vbajet32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\uxtheme.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\utildll.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\usp10.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\userinit.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\userenv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\user32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\user.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\usbmon.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\urlmon.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\url.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ups.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\upnpui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\upnphost.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\upnp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\uniplat.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\unimdmat.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ulib.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\udhisapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\typelib.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\twext.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\tsd32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\trkwks.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\traffic.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\tourstart.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\toolhelp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\themeui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\tcpmon.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\tapisrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\tapi32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\syssetup.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\syncui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sxs.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\svchost.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\strmfilt.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\storage.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\stobject.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sti_ci.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sti.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\srvsvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\spoolsv.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\spoolss.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\softpub.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\snmpapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\smss.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\slbiop.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\slbcsp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\slayerxp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\skeys.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\skdll.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sisbkup.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sigverif.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shsvcs.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shscrap.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shmgrate.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shmedia.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shlwapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shimgvw.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shimeng.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shgina.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shfolder.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shell32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shell.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shdocvw.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\shdoclc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sfc_os.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sfc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\setupapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\services.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sensapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sens.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sendmail.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\security.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\secur32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\seclogon.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\scrrun.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\scrobj.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\schannel.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\scesrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\scecli.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sccsccp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\sccbase.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\scardsvr.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\scarddlg.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\samsrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\samlib.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rundll32.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rtutils.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rsvp.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rshx32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rsaenh.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rpcss.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\riched32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\riched20.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\resutils.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\regsvr32.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\regsvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\regapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\redir.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rcimlby.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rastls.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rastapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rasppp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rasmans.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rasman.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rasdlg.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\raschap.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rasautou.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rasauto.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rasapi32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\query.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\quartz.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\qedwipes.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\qedit.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\qdvd.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\qdv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\qcap.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\qasf.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\pstorec.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\psbase.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\psapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\proxycfg.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\proquota.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\progman.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\profmap.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\prodspec.ini
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\printui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\powrprof.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\pngfilt.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\pmspl.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\pidgen.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\photowiz.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\perfproc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\pdh.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\osuninst.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\opengl32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\olethk32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\olesvr32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\olesvr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\olepro32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\oledlg.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\olecnv32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\olecli32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\olecli.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\oleaut32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\oleacc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ole32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ole2nls.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ole2disp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ole2.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\odbcji32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\odbcint.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\odbccp32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\odbc32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ocmanage.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\oakley.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\nwprovau.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntvdm.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntshrui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntsd.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntprint.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntmarta.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntlanman.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntdll.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ntbackup.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\notepad.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\nlhtml.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\newdev.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netui2.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netui1.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netui0.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netshell.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netrap.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netplwiz.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netmsg.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netman.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netlogon.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netid.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netevent.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netdde.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netcfgx.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netapi32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\netapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\nddeapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mydocs.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mycomput.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mtxclu.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msxml3r.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msxml3.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msxml2.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msxml.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mswstr10.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mswsock.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\MSWMDM.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msvideo.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msvidctl.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msvidc32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msvfw32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msvcrt.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msvcp60.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msvcp50.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msvcirt.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msv1_0.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msutb.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mssip32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\MSSCP.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msrle32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msprivs.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msports.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\MsPMSP.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\MsPMSNSv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mspatcha.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msls31.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msjtes40.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msjter40.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msjint40.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msjet40.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msisip.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msimtf.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msimsg.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msimg32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msihnd.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msiexec.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msieftp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msidntld.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msidle.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msident.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mshtmler.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mshtmled.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mshta.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msgsvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msgina.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msftedit.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msdmo.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msdart.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msctf.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mscms.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mscat32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msasn1.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msacm32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\msacm.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mqutil.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mqsec.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mprdim.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mprapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mpr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\moricons.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\modemui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mmsystem.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mmcshext.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mmcbase.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mmc.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mlang.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\midimap.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mfc42u.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mfc42.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mdminst.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mcicda.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\mcd32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\lz32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\lsass.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\lsasrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\logonui.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\locator.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\localspl.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\loadperf.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\linkinfo.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\licdll.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\label.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\kernel32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\kerberos.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\kdcom.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\kbdus.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\jscript.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\itss.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ir50_32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ir32_32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\iprop.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\initpki.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\inetpp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\imm32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\imgutil.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\imapi.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\imagehlp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\iepeers.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\idq.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\icmui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\icmp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\icm32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\iccvid.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\httpapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\hotplug.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\hlink.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\hhsetup.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\hccoin.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\HAL.DLL
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\glu32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\gdi32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\gcdef.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\fontext.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\feclient.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\faultrep.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\expsrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\eventlog.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\esent.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\es.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ersvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\encdec.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\encapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dxtrans.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dxdiag.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dx8vb.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dx7vb.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dwwin.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\duser.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dumprep.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dswave.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dsuiext.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dssenh.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dssec.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dsquery.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dsound3d.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dsound.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dskquoui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dskquota.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dsdmo.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\drprov.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\drmclien.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpvvox.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpvoice.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpvacm.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpnet.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dplayx.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dpcdll.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dosx.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\doskey.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\docprop2.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\docprop.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dnsapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dmusic.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dmsynth.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dmstyle.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dmserver.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dmscript.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dmloader.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dmime.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dmcompos.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dmband.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dmadmin.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dllhost.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dispex.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\diskcopy.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dinput8.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dinput.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dimap.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\diactfrm.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dfrgres.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\devmgr.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\devenum.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\deskperf.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\deskmon.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\deskadp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\defrag.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ddrawex.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ddraw.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ddeml.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dciman32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dbghelp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dbgeng.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\davclnt.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\dataclen.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\d3dxof.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\d3drm.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\d3dramp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\d3dim700.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\d3dim.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\d3d9.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\d3d8.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\ctfmon.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\csrss.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\csrsrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cscui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cscript.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cscdll.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cryptui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cryptnet.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cryptext.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cryptdll.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\crypt32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\crtdll.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\credui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\corpol.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\control.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\comres.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\compobj.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\compatui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\commdlg.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\comdlg32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\comctl32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cmdl32.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cmdial32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cmd.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\clusapi.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\clipsrv.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\clb.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cisvc.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\certcli.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cdm.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cabview.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\cabinet.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\browseui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\browser.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\browselc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\bootvid.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\batmeter.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\basesrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\avifile.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\avifil32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\avicap.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\autochk.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\authz.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\audiosrv.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\atmlib.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\atmfd.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\atl.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\asycfilt.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\appmgmts.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\apphelp.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\amstream.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\alrsvc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\alg.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\advpack.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\advapi32.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\adsldpc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\actxprxy.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\activeds.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\aclui.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\aaaamon.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\6to4svc.dll
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system.ini
2004-08-04 04:00:00 ----A---- C:\WINDOWS\regedit.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\explorer.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\pjlmon.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\pid.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\msyuv.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dmutil.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\hid.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2004-08-03 14:59:02 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2004-07-26 12:16:10 ----AC---- C:\WINDOWS\system32\imagXRA7.dll
2004-07-26 12:16:10 ----AC---- C:\WINDOWS\system32\imagXR7.dll
2004-07-26 12:16:10 ----AC---- C:\WINDOWS\system32\imagXpr7.dll
2004-07-26 12:16:10 ----AC---- C:\WINDOWS\system32\imagX7.dll
2004-07-09 04:43:56 ----AC---- C:\WINDOWS\system32\TwnLib4.dll
2004-02-20 12:15:42 ----RA---- C:\WINDOWS\system32\MFC71KOR.DLL
2004-02-20 12:15:42 ----RA---- C:\WINDOWS\system32\MFC71JPN.DLL
2004-02-20 12:15:42 ----RA---- C:\WINDOWS\system32\MFC71ITA.DLL
2004-02-20 12:15:42 ----RA---- C:\WINDOWS\system32\MFC71FRA.DLL
2004-02-20 12:15:42 ----RA---- C:\WINDOWS\system32\MFC71ESP.DLL
2004-02-20 12:15:42 ----RA---- C:\WINDOWS\system32\MFC71DEU.DLL
2004-02-20 12:15:42 ----RA---- C:\WINDOWS\system32\MFC71CHT.DLL
2004-02-20 12:15:42 ----RA---- C:\WINDOWS\system32\MFC71CHS.DLL
2003-10-17 08:44:08 ----RA---- C:\WINDOWS\system32\MFC71ENU.DLL
2003-05-29 16:26:36 ----AC---- C:\WINDOWS\system32\vnchelp.dll
2003-05-29 16:26:24 ----AC---- C:\WINDOWS\system32\vncdrv.dll
2003-03-18 21:20:00 ----A---- C:\WINDOWS\system32\MFC71.DLL
2003-03-18 21:12:12 ----A---- C:\WINDOWS\system32\mfc71u.dll
2003-03-18 19:05:50 ----A---- C:\WINDOWS\system32\atl71.dll
2002-01-01 00:27:06 ----D---- C:\Program Files\trend micro
2002-01-01 00:27:04 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wowfaxui.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\wowfax.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrvoica.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrv80a.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrv42a.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrsvpia.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrshuta.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrsdpia.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrrtosa.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrprbda.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrmlnka.exe
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrlbva.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrfaxa.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrdtea.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrdpa.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrcoina.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\usrcntra.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\streamci.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sprio800.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\sprio600.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\spnike.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\paqsp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\mdwmdmsp.dll
2004-08-04 04:00:00 ----AC---- C:\WINDOWS\system32\dvdplay.exe
2004-08-04 04:00:00 ----A---- C:\WINDOWS\system32\usrvpa.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-06 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-06 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-06 90632]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-06 56108]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-25 21425]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-06 29208]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-10-15 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-28 863402]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081206.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081206.003\NAVEX15.SYS []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-25 2203520]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-30 6150048]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20081205.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-01-09 35256]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-08-11 197152]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-06-20 244864]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
S3 agzcsf94;agzcsf94; C:\WINDOWS\system32\drivers\agzcsf94.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-06 29208]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-09 30459]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-11-28 47907]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-10-15 67672]
S3 Cam5603D;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonCam.sys [2007-01-23 808752]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2002-11-20 2218]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-06 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-12-06 1212184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-12-11 266295]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-30 155720]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-20 167936]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-25 654848]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-07-13 1251720]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-24 72704]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 andrew087

andrew087
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 07 December 2008 - 03:41 AM

Part 2 of 2


info.txt logfile of random's system information tool 1.04 2002-01-01 00:27:45

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\5ac697db6c6103f6f8b5198d25f73f7\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects 7.0-->msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Third Party Content-->C:\Program Files\Common Files\Adobe\Installers\3675c95c239b992d5d0ee8fce969b9e\Setup.exe
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{0CEC06EF-5052-4CE8-8256-74AE363A4238}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 1.0-->MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{004685F7-9FB6-4789-812F-59ABB34A55AF}
Adobe Setup-->MsiExec.exe /I{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Agere Systems HDA Modem-->agrsmdel
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Autodesk DirectConnect 2.0-->MsiExec.exe /I{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BisonCam-->C:\Program Files\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
City of Villains/City of Heroes (remove only)-->"C:\Program Files\City of Heroes\uninstall.exe"
Condition Zero Deleted Scenes-->"C:\Program Files\Steam\steam.exe" steam://uninstall/100
Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
Function Key Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C3CA595-C639-427A-AD69-0CFD56041762}\setup.exe" -l0x9 -removeonly
GearDrvs-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
GLOBEtrotter FLEXid Drivers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
headus UVLayout-->MsiExec.exe /I{CC261CBD-0D81-43F5-B913-7DB95E87C6C6}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{8A64032F-FF5E-4AC9-ADF7-84E548B7C2B4}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Speed Monitor-->C:\Program Files\iCheck\Uninstall.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{2BB34316-5C68-45C0-9656-64DF7F34F6BA}
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Maya 2008 Documentation (en_US)-->MsiExec.exe /I{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}
Maya 2008-->MsiExec.exe /I{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 Essentials-->MsiExec.exe /I{18039280-98B7-4C5E-AAC0-10EBC9731033}
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help-->MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component-->MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{7B59BE72-68EF-400B-B08A-2860283A4FE3}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SuppSoft-->MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls-->MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{EE614F8D-267D-49CC-805B-FC08D94EDFE5}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar-->MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZBrush3-->MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB}

======Security center information======

AV: AVG Internet Security
AV: Norton 360
FW: AVG Firewall (disabled)
FW: Norton 360

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Autodesk\Maya2008\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 09 December 2008 - 03:33 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 andrew087

andrew087
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 09 December 2008 - 07:02 AM

Thank you for your assistance, greatly appreciated you are saving me. I have run the program and here is the log, i dont know if the virus is gone yet.


ComboFix 08-12-07.04 - Andrew Chiang 2008-12-09 3:54:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1427 [GMT -8:00]
Running from: c:\documents and settings\Andrew Chiang\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Andrew Chiang\Application Data\GetModule
c:\documents and settings\Andrew Chiang\Application Data\GetModule\dicik.gz
c:\documents and settings\Andrew Chiang\Application Data\GetModule\kwdik.gz
c:\documents and settings\Andrew Chiang\Application Data\GetModule\ofadik.gz
c:\program files\GetModule
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\windows\system32\a.exe
c:\windows\system32\hsxffwwu.ini
c:\windows\system32\nnnmmlMC.dll
c:\windows\system32\slrhdpos.ini
c:\windows\system32\vwyIRqss.ini
c:\windows\system32\vwyIRqss.ini2
c:\windows\system32\wpv031228550018.cpx
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-08 18:53 . 2008-12-08 18:53 <DIR> d-------- C:\rsit
2008-12-07 22:50 . 2008-12-07 22:50 <DIR> d-------- c:\program files\DivX
2008-12-06 22:47 . 2008-12-06 22:47 <DIR> d-------- C:\VundoFix Backups
2008-12-06 18:53 . 2008-12-06 18:53 <DIR> d-------- c:\program files\Lavasoft
2008-12-06 18:53 . 2008-12-06 18:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-06 18:52 . 2008-12-06 18:52 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-06 18:38 . 2008-12-08 20:16 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-06 18:38 . 2008-12-06 18:38 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-06 18:38 . 2008-12-06 18:38 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-06 18:38 . 2008-12-06 18:38 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-12-06 18:38 . 2008-12-06 18:38 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-06 18:36 . 2008-12-06 18:36 <DIR> d-------- c:\program files\AVG
2008-12-06 18:36 . 2008-12-07 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-06 18:36 . 2008-12-06 18:36 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-12-06 18:36 . 2008-12-06 18:36 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-12-06 13:52 . 2008-12-06 13:52 302,592 --a------ c:\windows\system32\ssqRIywv.dll
2008-12-06 04:06 . 2008-12-06 04:06 133,120 --a------ c:\windows\ofijegoz.dll
2008-12-06 03:54 . 2008-12-06 03:54 41,472 --a------ c:\windows\Byikoluracanari.dll
2008-11-29 01:20 . 2008-12-01 19:48 <DIR> d-------- c:\program files\World of Warcraft
2008-11-28 13:57 . 2008-11-28 13:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-28 04:10 . 2008-11-29 05:47 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-11-21 13:47 . 2008-11-21 13:47 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-21 13:47 . 2008-11-21 13:47 524,288 --a------ c:\windows\system32\DivXsm.exe
2008-11-21 13:47 . 2008-11-21 13:47 4,816 --a------ c:\windows\system32\divxsm.tlb
2008-11-21 13:46 . 2008-11-21 13:46 1,044,480 --a------ c:\windows\system32\libdivx.dll
2008-11-21 13:46 . 2008-11-21 13:46 200,704 --a------ c:\windows\system32\ssldivx.dll
2008-11-21 13:44 . 2008-11-21 13:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 13:44 . 2008-11-21 13:44 12,288 --a------ c:\windows\system32\DivXWMPExtType.dll
2008-11-19 10:59 . 2008-11-22 00:52 <DIR> d-------- c:\program files\headus UVLayout
2008-11-19 10:59 . 2008-11-19 11:01 <DIR> d-------- c:\documents and settings\Andrew Chiang\Application Data\headus
2008-11-13 21:05 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 21:04 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-09 22:16 . 2008-12-06 02:51 <DIR> d-------- c:\program files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 02:53 --------- d-----w c:\program files\trend micro
2008-12-07 02:42 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-06 10:49 --------- d-----w c:\program files\Warcraft III
2008-12-01 00:25 --------- d-----w c:\documents and settings\Andrew Chiang\Application Data\OpenOffice.org2
2008-11-27 19:47 --------- d-----w c:\documents and settings\Andrew Chiang\Application Data\uTorrent
2008-11-21 21:47 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2008-11-21 21:47 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-02 07:07 2,829 ----a-w c:\windows\War3Unin.pif
2008-11-02 07:07 126,976 ----a-w c:\windows\War3Unin.exe
2008-11-02 04:32 --------- d-----w c:\program files\InterActual
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 20:06 --------- d-----w c:\program files\iTunes
2008-10-19 20:06 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-19 20:05 --------- d-----w c:\program files\iPod
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 00:21 82,432 ----a-w c:\windows\system32\msxml4r.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E887C22-E32F-43BE-879C-22741D438871}]
2008-12-06 13:52 302592 --a------ c:\windows\system32\ssqRIywv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 794714]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-30 8515584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-30 81920]
"FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-21 185896]
"Gqututibof"="c:\windows\Byikoluracanari.dll" [2008-12-06 41472]
"Spoxedigojeruqaz"="c:\windows\ofijegoz.dll" [2008-12-06 133120]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 c:\windows\AGRSMMSG.exe]
"nwiz"="nwiz.exe" [2007-08-30 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.exe]

c:\documents and settings\Andrew Chiang\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-09-19 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
OSCust.lnk - c:\windows\system32\oem\OSCust.exe [2007-08-17 67072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=,avgrsstx.dll ahpynz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Andrew Chiang^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Andrew Chiang\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 07:21 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 04:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-06 23:34 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 11:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-09 22:17 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-21 10:59 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 13:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-06 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-06 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-06 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-06 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-12-06 1212184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-08-18 24652]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-06 29208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-09 99376]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-06 29208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e189f0-fdac-11db-a39b-aee61cdc95c2}]
\Shell\AutoRun\command - E:\pstart.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:34]

2008-12-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 11:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FireFox -: Profile - c:\documents and settings\Andrew Chiang\Application Data\Mozilla\Firefox\Profiles\wumlpgj0.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 03:56:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1448)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(1560)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-09 3:57:30
ComboFix-quarantined-files.txt 2008-12-09 11:57:27

Pre-Run: 12,227,538,944 bytes free
Post-Run: 12,343,103,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

267 --- E O F --- 2008-11-14 07:03:52

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 09 December 2008 - 09:30 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\ssqRIywv.dll
c:\windows\ofijegoz.dll
c:\windows\Byikoluracanari.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E887C22-E32F-43BE-879C-22741D438871}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gqututibof"=-
"Spoxedigojeruqaz"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="avgrsstx.dll"
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e189f0-fdac-11db-a39b-aee61cdc95c2}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 andrew087

andrew087
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 10 December 2008 - 04:18 AM

Thank you for the response here is the Combofix log and the hijack dislog

ComboFix 08-12-09.02 - Andrew Chiang 2008-12-10 1:00:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1320 [GMT -8:00]
Running from: c:\documents and settings\Andrew Chiang\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew Chiang\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\Byikoluracanari.dll
c:\windows\ofijegoz.dll
c:\windows\system32\ssqRIywv.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Byikoluracanari.dll
c:\windows\ofijegoz.dll
c:\windows\system32\ssqRIywv.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-08 18:53 . 2008-12-08 18:53 <DIR> d-------- C:\rsit
2008-12-07 22:50 . 2008-12-07 22:50 <DIR> d-------- c:\program files\DivX
2008-12-06 22:47 . 2008-12-06 22:47 <DIR> d-------- C:\VundoFix Backups
2008-12-06 18:53 . 2008-12-06 18:53 <DIR> d-------- c:\program files\Lavasoft
2008-12-06 18:53 . 2008-12-06 18:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-06 18:52 . 2008-12-06 18:52 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-06 18:38 . 2008-12-09 04:16 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-06 18:38 . 2008-12-06 18:38 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-06 18:38 . 2008-12-06 18:38 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-06 18:38 . 2008-12-06 18:38 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-12-06 18:38 . 2008-12-06 18:38 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-06 18:36 . 2008-12-06 18:36 <DIR> d-------- c:\program files\AVG
2008-12-06 18:36 . 2008-12-07 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-06 18:36 . 2008-12-06 18:36 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-12-06 18:36 . 2008-12-06 18:36 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-11-29 01:20 . 2008-12-01 19:48 <DIR> d-------- c:\program files\World of Warcraft
2008-11-28 13:57 . 2008-11-28 13:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-28 04:10 . 2008-11-29 05:47 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-11-21 13:47 . 2008-11-21 13:47 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-21 13:47 . 2008-11-21 13:47 524,288 --a------ c:\windows\system32\DivXsm.exe
2008-11-21 13:47 . 2008-11-21 13:47 4,816 --a------ c:\windows\system32\divxsm.tlb
2008-11-21 13:46 . 2008-11-21 13:46 1,044,480 --a------ c:\windows\system32\libdivx.dll
2008-11-21 13:46 . 2008-11-21 13:46 200,704 --a------ c:\windows\system32\ssldivx.dll
2008-11-21 13:44 . 2008-11-21 13:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 13:44 . 2008-11-21 13:44 12,288 --a------ c:\windows\system32\DivXWMPExtType.dll
2008-11-19 10:59 . 2008-11-22 00:52 <DIR> d-------- c:\program files\headus UVLayout
2008-11-19 10:59 . 2008-11-19 11:01 <DIR> d-------- c:\documents and settings\Andrew Chiang\Application Data\headus
2008-11-13 21:05 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 21:04 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 02:53 --------- d-----w c:\program files\trend micro
2008-12-07 02:42 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-06 10:51 --------- d-----w c:\program files\Steam
2008-12-06 10:49 --------- d-----w c:\program files\Warcraft III
2008-12-01 00:25 --------- d-----w c:\documents and settings\Andrew Chiang\Application Data\OpenOffice.org2
2008-11-27 19:47 --------- d-----w c:\documents and settings\Andrew Chiang\Application Data\uTorrent
2008-11-21 21:47 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2008-11-21 21:47 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-02 07:07 2,829 ----a-w c:\windows\War3Unin.pif
2008-11-02 07:07 126,976 ----a-w c:\windows\War3Unin.exe
2008-11-02 04:32 --------- d-----w c:\program files\InterActual
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 20:06 --------- d-----w c:\program files\iTunes
2008-10-19 20:06 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-19 20:05 --------- d-----w c:\program files\iPod
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 00:21 82,432 ----a-w c:\windows\system32\msxml4r.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 794714]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-30 8515584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-30 81920]
"FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-21 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 c:\windows\AGRSMMSG.exe]
"nwiz"="nwiz.exe" [2007-08-30 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.exe]

c:\documents and settings\Andrew Chiang\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-09-19 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
OSCust.lnk - c:\windows\system32\oem\OSCust.exe [2007-08-17 67072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Andrew Chiang^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Andrew Chiang\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 07:21 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 04:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-06 23:34 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 11:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-09 22:17 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-21 10:59 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 13:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-06 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-06 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-06 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-06 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-12-06 1212184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-08-18 24652]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-06 29208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-09 99376]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-06 29208]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:34]

2008-12-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 11:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FireFox -: Profile - c:\documents and settings\Andrew Chiang\Application Data\Mozilla\Firefox\Profiles\wumlpgj0.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 01:06:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-10 1:13:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 09:13:47
ComboFix2.txt 2008-12-09 11:57:32

Pre-Run: 12,336,181,248 bytes free
Post-Run: 12,330,213,376 bytes free

265 --- E O F --- 2008-11-14 07:03:52




Logfile of random's system information tool 1.04 (written by random/random)
Run by Andrew Chiang at 2008-12-10 01:17:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (10%) free of 114 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:03 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Function Key Controller\FKC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew Chiang\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrew Chiang.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SEENUS030000TBR/FRWCompl...iteFinalDEFAULT
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: OSCust.lnk = C:\WINDOWS\system32\oem\OSCust.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14901 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-18 97960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-21 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-02-18 609424]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-08-11 794714]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-29 89541]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-30 8515584]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-08-30 81920]
"FunctionKeyCtrl"=C:\Program Files\Function Key Controller\FKC.exe [2006-05-25 49152]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-21 185896]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-06 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-06 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-11-09 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-21 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-12-11 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew Chiang^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
OSCust.lnk - C:\WINDOWS\system32\oem\OSCust.exe

C:\Documents and Settings\Andrew Chiang\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Autodesk\Maya2008\bin\maya.exe"="C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 01:13:56 ----A---- C:\ComboFix.txt
2008-12-10 00:53:03 ----SHD---- C:\RECYCLER
2008-12-09 03:53:44 ----A---- C:\Boot.bak
2008-12-09 03:53:29 ----RASHD---- C:\cmdcons
2008-12-09 03:49:57 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-09 03:49:56 ----A---- C:\WINDOWS\zip.exe
2008-12-09 03:49:56 ----A---- C:\WINDOWS\VFIND.exe
2008-12-09 03:49:56 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-09 03:49:56 ----A---- C:\WINDOWS\SWSC.exe
2008-12-09 03:49:56 ----A---- C:\WINDOWS\SWREG.exe
2008-12-09 03:49:56 ----A---- C:\WINDOWS\sed.exe
2008-12-09 03:49:56 ----A---- C:\WINDOWS\grep.exe
2008-12-09 03:49:56 ----A---- C:\WINDOWS\fdsv.exe
2008-12-09 03:49:49 ----D---- C:\WINDOWS\ERDNT
2008-12-09 03:49:49 ----D---- C:\Qoobox
2008-12-08 18:53:31 ----D---- C:\rsit
2008-12-07 22:50:37 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-12-07 22:50:37 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-12-07 22:50:37 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-07 22:50:36 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-07 22:50:36 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-07 22:50:36 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-07 22:50:36 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-07 22:50:36 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-07 22:50:36 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-07 22:50:36 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-07 22:50:36 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-07 22:50:36 ----N---- C:\WINDOWS\system32\px.dll
2008-12-07 22:50:21 ----D---- C:\Program Files\DivX
2008-12-06 23:17:21 ----SHD---- C:\WINDOWS\CSC
2008-12-06 23:17:01 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-06 22:47:20 ----D---- C:\VundoFix Backups
2008-12-06 22:47:20 ----A---- C:\VundoFix.txt
2008-12-06 18:53:11 ----D---- C:\Program Files\Lavasoft
2008-12-06 18:53:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-06 18:52:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-06 18:45:58 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Mozilla
2008-12-06 18:38:27 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-06 18:36:16 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2008-12-06 18:36:14 ----D---- C:\Program Files\AVG
2008-12-06 18:36:11 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-06 13:53:08 ----A---- C:\WINDOWS\system32\b37eb288-.txt
2008-11-29 01:20:58 ----D---- C:\Program Files\World of Warcraft
2008-11-28 13:57:21 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-28 04:10:47 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-21 13:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 13:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 13:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 13:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 13:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-11-19 10:59:33 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\headus
2008-11-19 10:59:15 ----D---- C:\Program Files\headus UVLayout
2008-11-13 23:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 23:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 23:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-10 01:17:55 ----D---- C:\Program Files\trend micro
2008-12-10 01:17:21 ----D---- C:\WINDOWS\Temp
2008-12-10 01:14:21 ----D---- C:\Program Files\Mozilla Firefox
2008-12-10 01:14:07 ----D---- C:\WINDOWS\system32\drivers
2008-12-10 01:14:07 ----D---- C:\WINDOWS\system32
2008-12-10 01:13:59 ----D---- C:\WINDOWS
2008-12-10 01:07:33 ----A---- C:\WINDOWS\system.ini
2008-12-10 01:02:56 ----D---- C:\WINDOWS\AppPatch
2008-12-10 01:02:56 ----D---- C:\Program Files\Common Files
2008-12-10 01:00:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 03:57:32 ----D---- C:\WINDOWS\Prefetch
2008-12-09 03:54:59 ----RD---- C:\Program Files
2008-12-09 03:53:44 ----RASH---- C:\boot.ini
2008-12-09 03:49:55 ----SHD---- C:\System Volume Information
2008-12-09 03:49:55 ----D---- C:\WINDOWS\system32\Restore
2008-12-07 18:34:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 18:54:03 ----SHD---- C:\WINDOWS\Installer
2008-12-06 18:42:42 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-06 18:36:40 ----HD---- C:\WINDOWS\inf
2008-12-06 18:35:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-06 18:35:58 ----D---- C:\WINDOWS\WinSxS
2008-12-06 18:34:59 ----SD---- C:\Documents and Settings\Andrew Chiang\Application Data\Microsoft
2008-12-06 16:03:57 ----AD---- C:\WINDOWS\system32\oem
2008-12-06 02:51:47 ----D---- C:\Program Files\Steam
2008-12-06 02:49:40 ----D---- C:\Program Files\Warcraft III
2008-12-04 00:40:04 ----D---- C:\WINDOWS\network diagnostic
2008-11-30 16:25:22 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\OpenOffice.org2
2008-11-27 11:47:59 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\uTorrent
2008-11-26 14:39:00 ----A---- C:\WINDOWS\win.ini
2008-11-15 22:55:29 ----D---- C:\Documents and Settings\Andrew Chiang\Application Data\Adobe
2008-11-13 23:06:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-13 23:02:40 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 23:02:38 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 21:02:17 ----D---- C:\WINDOWS\Help
2008-11-11 23:38:52 ----D---- C:\WINDOWS\pss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-06 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-06 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-06 90632]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-06 56108]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-25 21425]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-06 29208]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-10-15 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-28 863402]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081208.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081208.003\NAVEX15.SYS []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-25 2203520]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-30 6150048]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20081205.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-01-09 35256]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-08-11 197152]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-06-20 244864]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
S3 akptsf3r;akptsf3r; C:\WINDOWS\system32\drivers\akptsf3r.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-06 29208]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-09 30459]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-11-28 47907]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-10-15 67672]
S3 Cam5603D;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonCam.sys [2007-01-23 808752]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2002-11-20 2218]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-06 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-12-06 1212184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-12-11 266295]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-30 155720]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-20 167936]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-25 654848]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-07-13 1251720]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-24 72704]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

-----------------EOF-----------------

Edited by andrew087, 10 December 2008 - 04:19 AM.


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 10 December 2008 - 04:30 AM

Uninstall Viewpoint from your computer.. Then do below :thumbsup:


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply..

1. Malwarebytes'
2. ESET Online Scanner
3. Tell me, how is the computer now? :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 andrew087

andrew087
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 10 December 2008 - 05:38 PM

My computer seams to be working much better, i havent had a random pop up yet. There was this one problem i was having after the malwarebytes scan was finish and asked to remove threats my Norton found a trojan vundo and asked to remove, and my computer was really slow and wouldnt shut down even after i ask it to various times, at the end i had to manualy shut it down, besides that i think the computer is better, but i would like a resurance from you that there are no more threats on my computer please, thank you again i really appreciate your help.

Malwarebytes' Anti-Malware 1.31
Database version: 1482
Windows 5.1.2600 Service Pack 3

12/10/2008 7:04:49 AM
mbam-log-2008-12-10 (07-04-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 229601
Time elapsed: 1 hour(s), 37 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnmmlMC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqRIywv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP2\A0000013.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP3\A0000117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypylbjaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3682 (20081210)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=1789793189413041994c876328e70702
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-10 10:15:02
# local_time=2008-12-10 02:15:02 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=669637
# found=0
# scan_time=7919

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 10 December 2008 - 10:34 PM

All looks very good to me... Lets do this....


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 andrew087

andrew087
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 11 December 2008 - 05:10 AM

It looks like my computer is running fine, i havent seen any pop ups and the computer doesnt start slow anymore. I do have one last question, i have Norton 360 install, also i got the free AVG trial and got Ad-Aware free version as well, all install. So should i unistald AVG and Ad Aware since i bought Norton. Also i tried unistaling AVG and it says do i want to remove personal settings, and then under it say including objects in virus vault, should i check on those two obtions?

Thank you for the help again, hope to hear from you soon, and sorry if its a bit confusing.

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 11 December 2008 - 07:00 AM

Since you bought Norton, I'd say, just uninstall both AVG8 and Lavasoft Ad-Aware.. Keep the Malwarebytes' though.. Its useful for your computer..

Anymore question? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 andrew087

andrew087
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 11 December 2008 - 07:06 PM

When im uninstalling AVG it there are two check boxes and says

-Remove personal Settings
-Include AVG virus vault

so im affraid of unistalling the virus vault or leave it since i dont know hwat may happen, so should i check on both or should i leave it?

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 11 December 2008 - 11:27 PM

Just remove all of them..when you remove the vault, means that you remove the bad items in it :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 andrew087

andrew087
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 11 December 2008 - 11:34 PM

Ah okok, just making sure.

Thank You for all your help, i really appreciate it, and you have saved me i have a huge project coming up over the winter. Well, i am satisfy with the results, if anything else happens i will post on the website once again.

Thank you once again =)

Edited by andrew087, 11 December 2008 - 11:35 PM.


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 11 December 2008 - 11:45 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users