Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i think i am infected with some type of rootkit


  • This topic is locked This topic is locked
42 replies to this topic

#1 ashzoomerintrack

ashzoomerintrack

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 10 December 2008 - 09:44 AM

i am experiencing a severe computer slowdown since 2 to 3 days.i have tried to use all types of online scanners but none of them seems to complete the scanning job.i have currently installed AVG 8 FREE VERSION and malwarebyte antimalware.But the problem still persists.i am also getting a memory dump(BLUE SCREEN) many times and pc restarts.I am posting my hijack this log as below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:59 PM, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Gdi++\gditray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gdi font] C:\Gdi++\gditray.exe
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CA2A1AE-1B48-4100-A3F7-147593685E03}: NameServer = 85.255.115.236;85.255.112.186
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.236;85.255.112.186
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.236;85.255.112.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.236;85.255.112.186
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

--
End of file - 6008 bytes

PLEASE HELP ME
I AM EXTREMELY HELPLESS.
THANKS IN ADVANCE

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:14 AM

Posted 16 December 2008 - 05:14 PM

Hi ashzoomerintrack,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

      Note 2: The tool takes not more than one minute to scan the system.
  • Tell me if you have done anything since previous post. Or you have run any other tools, if yes please post the logs if available. Also tell me how is the current condition of your computer.

You might want to save this page on your favorites, so you can find it again when you return.

#3 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 17 December 2008 - 05:27 AM

THANKS FOR GIVING ME SUPPORT........
HERE ARE THE LOGS YOU NEEDED!!!!!!!!


Logfile of random's system information tool 1.04 (written by random/random)
Run by TEJAS at 2008-12-17 15:47:50
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (65%) free of 19 GB
Total RAM: 511 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:14 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Gdi++\gditray.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TEJAS\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\TEJAS.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FONT] C:\Gdi++\Gdi++\gditray.exe
O4 - HKCU\..\Run: [New Application] C:\Gdi++\gditray.exe
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CA2A1AE-1B48-4100-A3F7-147593685E03}: NameServer = 85.255.115.236;85.255.112.186
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.236;85.255.112.186
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.236;85.255.112.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.236;85.255.112.186
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

--
End of file - 5646 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-16 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-16 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-16 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-17 2899968]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-01-17 46080]
"SoundMan"=C:\WINDOWS\soundman.exe [2001-05-29 124416]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-02 36352]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-03-22 91432]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-16 1261336]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"FONT"=C:\Gdi++\Gdi++\gditray.exe []
"New Application"=C:\Gdi++\gditray.exe [2007-10-05 74752]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
eBoostr Control Panel.lnk - C:\Program Files\eBoostr\eBoostrCP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"E:\Program Files\Counter Strike - Condition Zero (Ultimate Edition)\czero.exe"="E:\Program Files\Counter Strike - Condition Zero (Ultimate Edition)\czero.exe:*:Enabled:Condition Zero Launcher"
"E:\Program Files\Valve\hl.exe"="E:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

======List of files/folders created in the last 1 months======

2008-12-17 15:47:50 ----D---- C:\rsit
2008-12-16 21:59:04 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-16 21:58:57 ----D---- C:\Documents and Settings\TEJAS\Application Data\AVGTOOLBAR
2008-12-16 20:03:20 ----D---- C:\Gdi++
2008-12-16 17:59:05 ----A---- C:\WINDOWS\Uninstall.exe
2008-12-16 12:29:00 ----SHD---- C:\FOUND.010
2008-12-16 11:09:02 ----D---- C:\Program Files\PC MightyMax
2008-12-15 20:38:02 ----D---- C:\Program Files\Softwin
2008-12-15 19:42:56 ----D---- C:\RootkitNO
2008-12-15 19:42:08 ----A---- C:\WINDOWS\rootkitno.ini
2008-12-15 19:36:50 ----A---- C:\WINDOWS\Partizan.txt
2008-12-15 19:36:35 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2008-12-15 19:35:04 ----RASH---- C:\WINDOWS\winstart.bat
2008-12-15 19:34:40 ----D---- C:\Program Files\UnHackMe
2008-12-15 19:19:56 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-14 20:49:32 ----D---- C:\Program Files\Sophos
2008-12-14 12:28:32 ----D---- C:\Program Files\CCleaner
2008-12-14 11:39:12 ----SHD---- C:\FOUND.009
2008-12-13 21:11:58 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-12-13 12:18:56 ----SHD---- C:\FOUND.008
2008-12-13 12:05:14 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-13 09:48:00 ----SHD---- C:\FOUND.007
2008-12-11 20:29:40 ----SHD---- C:\FOUND.006
2008-12-10 20:02:26 ----D---- C:\Program Files\Trend Micro
2008-12-10 19:45:26 ----D---- C:\Documents and Settings\TEJAS\Application Data\Malwarebytes
2008-12-10 19:45:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-10 19:41:36 ----SHD---- C:\FOUND.005
2008-12-10 16:01:01 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-12-10 15:23:33 ----A---- C:\WINDOWS\UNBOC.EXE
2008-12-10 15:23:32 ----A---- C:\WINDOWS\CMDLIC.DLL
2008-12-10 15:23:17 ----D---- C:\Program Files\Comodo
2008-12-09 16:09:26 ----SHD---- C:\FOUND.004
2008-12-08 21:13:36 ----SHD---- C:\FOUND.003
2008-12-08 20:26:41 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-08 20:04:57 ----D---- C:\Documents and Settings\TEJAS\Application Data\GlarySoft
2008-12-08 18:51:55 ----D---- C:\Documents and Settings\TEJAS\Application Data\Media Player Classic
2008-12-08 18:38:05 ----D---- C:\Program Files\Valve
2008-12-08 11:44:41 ----D---- C:\WINDOWS\BDOSCAN8
2008-12-07 22:14:38 ----D---- C:\WINDOWS\Sun
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-07 22:13:48 ----D---- C:\Program Files\Java
2008-12-07 22:09:56 ----D---- C:\Documents and Settings\TEJAS\Application Data\Sun
2008-12-07 20:10:19 ----D---- C:\Program Files\Panda Security
2008-12-07 18:54:26 ----D---- C:\WINDOWS\Prefetch
2008-12-07 18:49:30 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-07 18:46:08 ----RA---- C:\WINDOWS\system32\nvinstnt.dll
2008-12-07 18:42:32 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-07 18:42:32 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-07 18:42:20 ----RA---- C:\WINDOWS\SET54.tmp
2008-12-07 18:42:17 ----RA---- C:\WINDOWS\SET48.tmp
2008-12-07 18:42:15 ----RA---- C:\WINDOWS\SET45.tmp
2008-12-07 18:30:08 ----SHD---- C:\FOUND.002
2008-12-07 15:31:55 ----D---- C:\Documents and Settings\All Users\Application Data\sentinel
2008-12-07 15:29:56 ----D---- C:\Program Files\Common Files\Panda Software
2008-12-07 15:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-07 14:42:52 ----D---- C:\Program Files\eBoostr
2008-12-07 13:13:55 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-07 11:28:42 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-07 10:38:50 ----SHD---- C:\FOUND.001
2008-12-06 21:02:05 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-06 21:02:04 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-06 21:02:02 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-06 20:25:58 ----D---- C:\Documents and Settings\All Users\Application Data\eboostr
2008-12-06 20:14:15 ----D---- C:\Documents and Settings\TEJAS\Application Data\CyberLink
2008-12-06 20:13:27 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-12-06 20:13:10 ----D---- C:\Program Files\Common Files\CyberLink
2008-12-06 20:12:31 ----D---- C:\Program Files\CyberLink
2008-12-06 20:12:20 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-12-06 20:10:14 ----SHD---- C:\FOUND.000
2008-12-06 20:00:01 ----SHD---- C:\Recycled
2008-12-06 19:48:17 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-06 19:48:17 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-06 19:48:16 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-06 19:48:15 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-06 19:48:15 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-06 19:48:15 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-06 19:48:14 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-06 19:48:13 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-06 19:48:13 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-06 19:48:12 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-06 19:48:11 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-06 19:48:10 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-06 19:46:38 ----D---- C:\Program Files\Growler Guncam
2008-12-06 19:46:28 ----D---- C:\Program Files\Common Files\GC Install
2008-12-06 19:44:12 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-06 19:42:32 ----D---- C:\WINDOWS\Minidump
2008-12-06 19:35:19 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-06 19:35:13 ----D---- C:\Program Files\Avance Sound Manager
2008-12-06 19:35:10 ----N---- C:\WINDOWS\avrack.ini
2008-12-06 19:35:10 ----D---- C:\Program Files\AvRack
2008-12-06 19:35:09 ----N---- C:\WINDOWS\soundman.exe
2008-12-06 19:35:09 ----N---- C:\WINDOWS\alcupd.exe
2008-12-06 19:35:09 ----N---- C:\WINDOWS\alcrmv.exe
2008-12-06 19:35:08 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-06 19:31:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-06 19:30:13 ----D---- C:\WINDOWS\nview
2008-12-06 19:30:13 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-12-06 19:27:47 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-06 19:22:52 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-06 19:22:26 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-06 19:22:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-06 19:16:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 19:15:06 ----D---- C:\Documents and Settings\TEJAS\Application Data\Adobe
2008-12-06 19:14:52 ----D---- C:\Program Files\MediaCoder Audio Edition
2008-12-06 19:13:43 ----D---- C:\Program Files\Lonely Cat Games
2008-12-06 19:13:35 ----D---- C:\Documents and Settings\TEJAS\Application Data\WinRAR
2008-12-06 19:13:12 ----D---- C:\Documents and Settings\TEJAS\Application Data\Macromedia
2008-12-06 19:13:08 ----D---- C:\Program Files\Google
2008-12-06 19:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-12-06 19:12:19 ----D---- C:\Documents and Settings\TEJAS\Application Data\GRETECH
2008-12-06 19:12:11 ----D---- C:\Program Files\GRETECH
2008-12-06 19:11:43 ----A---- C:\Program Files\FLV PlayerRCSetup.exe
2008-12-06 19:11:24 ----D---- C:\WINDOWS\FLV Player
2008-12-06 19:11:24 ----D---- C:\Program Files\FLV Player
2008-12-06 19:06:20 ----D---- C:\Program Files\AVG
2008-12-06 19:06:17 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-06 19:03:57 ----D---- C:\Program Files\AskSearch
2008-12-06 19:03:57 ----D---- C:\Program Files\AskBarDis
2008-12-06 19:03:49 ----D---- C:\Program Files\Glary Utilities
2008-12-06 19:02:53 ----D---- C:\Program Files\uTorrent
2008-12-06 19:02:53 ----D---- C:\Documents and Settings\TEJAS\Application Data\uTorrent
2008-12-06 19:02:43 ----D---- C:\Documents and Settings\TEJAS\Application Data\Mozilla
2008-12-06 19:02:37 ----A---- C:\WINDOWS\system32\unrar.dll
2008-12-06 19:02:37 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-06 19:02:35 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-12-06 19:02:35 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\divx.dll
2008-12-06 19:02:33 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-12-06 19:02:33 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-12-06 19:02:32 ----D---- C:\Program Files\K-Lite Codec Pack
2008-12-06 19:02:32 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-06 19:01:07 ----D---- C:\Program Files\Total Video Converter
2008-12-06 19:00:49 ----D---- C:\Program Files\WinRAR
2008-12-06 18:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-06 18:59:20 ----D---- C:\Program Files\Common Files\Adobe
2008-12-06 18:59:20 ----D---- C:\Program Files\Adobe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\px.dll
2008-12-06 18:58:26 ----D---- C:\Program Files\Winamp
2008-12-06 18:58:26 ----D---- C:\Documents and Settings\TEJAS\Application Data\Winamp
2008-12-06 18:58:05 ----D---- C:\Program Files\Mozilla Firefox
2008-12-06 15:54:12 ----D---- C:\Documents and Settings\TEJAS\Application Data\Identities
2008-12-06 15:54:10 ----HD---- C:\Program Files\Uninstall Information
2008-12-06 15:54:05 ----ASH---- C:\Documents and Settings\TEJAS\Application Data\desktop.ini
2008-12-06 15:54:04 ----SD---- C:\Documents and Settings\TEJAS\Application Data\Microsoft
2008-12-06 15:53:12 ----SHD---- C:\System Volume Information
2008-12-06 15:53:12 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-06 15:53:11 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-06 15:53:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 15:47:38 ----D---- C:\WINDOWS\system32\xircom
2008-12-06 15:47:38 ----D---- C:\Program Files\xerox
2008-12-06 15:47:38 ----D---- C:\Program Files\microsoft frontpage
2008-12-06 15:47:18 ----A---- C:\WINDOWS\control.ini
2008-12-06 15:47:18 ----A---- C:\AUTOEXEC.BAT
2008-12-06 15:47:00 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-06 15:46:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-06 15:46:11 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-06 15:46:05 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-06 15:46:00 ----HD---- C:\Program Files\WindowsUpdate
2008-12-06 15:45:39 ----D---- C:\WINDOWS\system32\DirectX
2008-12-06 15:45:15 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-06 15:45:12 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-06 15:45:12 ----A---- C:\WINDOWS\desktop.ini
2008-12-06 15:45:04 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-06 15:45:03 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-06 15:45:02 ----D---- C:\Program Files\Common Files\Services
2008-12-06 15:44:59 ----SD---- C:\WINDOWS\Tasks
2008-12-06 15:44:59 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-06 15:44:58 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-06 15:44:53 ----D---- C:\WINDOWS\srchasst
2008-12-06 15:44:52 ----D---- C:\WINDOWS\system32\Macromed
2008-12-06 15:44:49 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-06 15:44:42 ----D---- C:\Program Files\Movie Maker
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-06 15:44:33 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-12-06 15:44:33 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-06 15:44:32 ----D---- C:\WINDOWS\system32\Restore
2008-12-06 15:44:32 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-06 15:44:32 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-06 15:44:32 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-06 15:44:31 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-06 15:44:31 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-06 15:44:31 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-06 15:44:30 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-06 15:44:30 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-06 15:44:30 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-06 15:44:27 ----D---- C:\Program Files\NetMeeting
2008-12-06 15:44:27 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-06 15:44:27 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-06 15:44:25 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-06 15:44:25 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-06 15:44:23 ----D---- C:\Program Files\Outlook Express
2008-12-06 15:44:23 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-06 15:44:23 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-06 15:44:21 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-06 15:44:14 ----D---- C:\Program Files\Common Files\System
2008-12-06 15:44:13 ----D---- C:\Program Files\Internet Explorer
2008-12-06 15:43:33 ----D---- C:\Program Files\ComPlus Applications
2008-12-06 15:43:32 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-06 15:43:32 ----A---- C:\WINDOWS\vb.ini
2008-12-06 15:43:29 ----D---- C:\WINDOWS\Registration
2008-12-06 15:43:24 ----D---- C:\Program Files\Online Services
2008-12-06 15:43:23 ----D---- C:\Program Files\Windows Media Player
2008-12-06 15:43:17 ----D---- C:\Program Files\Messenger
2008-12-06 15:43:12 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-06 15:43:12 ----A---- C:\WINDOWS\system32\write.exe
2008-12-06 15:43:01 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-06 15:42:52 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-06 15:42:51 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-06 15:42:51 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-06 15:42:51 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-06 15:42:48 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-06 15:42:48 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-06 15:42:48 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-06 15:42:41 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-06 15:42:29 ----D---- C:\Program Files\MSN
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-06 15:42:26 ----D---- C:\Program Files\Windows NT
2008-12-06 15:42:26 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-06 15:42:26 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-06 15:42:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-06 15:42:25 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-06 15:42:25 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-06 15:42:23 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-06 15:42:21 ----D---- C:\WINDOWS\system32\Com
2008-12-06 15:42:21 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-06 15:42:21 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-06 15:42:21 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-06 15:42:19 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-06 15:42:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-06 15:42:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-06 15:42:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-06 15:42:12 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-06 15:37:03 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-06 15:35:02 ----RA---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-06 15:33:38 ----SHD---- C:\WINDOWS\Installer
2008-12-06 15:33:38 ----D---- C:\Program Files\Common Files\ODBC
2008-12-06 15:33:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 15:33:38 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-06 15:33:34 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-06 15:33:33 ----RD---- C:\Program Files
2008-12-06 15:33:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-06 15:33:33 ----D---- C:\Program Files\Common Files
2008-12-06 15:33:17 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-06 15:33:17 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-06 15:33:12 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-06 15:33:05 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-06 15:33:00 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-06 15:32:58 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-06 15:32:56 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-06 15:32:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 15:32:50 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-06 15:32:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-06 15:32:23 ----D---- C:\Documents and Settings
2008-12-06 15:31:34 ----SH---- C:\boot.ini
2008-12-06 15:26:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-06 15:26:51 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 15:26:51 ----RD---- C:\WINDOWS\Web
2008-12-06 15:26:51 ----HD---- C:\WINDOWS\inf
2008-12-06 15:26:51 ----D---- C:\WINDOWS\WinSxS
2008-12-06 15:26:51 ----D---- C:\WINDOWS\twain_32
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Temp
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\wins
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\wbem
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\usmt
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\spool
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\Setup
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\ras
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\oobe
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\npp
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\mui
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\IME
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\icsxml
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\ias
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\export
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\drivers
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\dhcp
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\config
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\3076
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\2052
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1054
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1042
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1041
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1037
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1033
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1031
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1028
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1025
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system
2008-12-06 15:26:51 ----D---- C:\WINDOWS\security
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Resources
2008-12-06 15:26:51 ----D---- C:\WINDOWS\repair
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Provisioning
2008-12-06 15:26:51 ----D---- C:\WINDOWS\PeerNet
2008-12-06 15:26:51 ----D---- C:\WINDOWS\pchealth
2008-12-06 15:26:51 ----D---- C:\WINDOWS\mui
2008-12-06 15:26:51 ----D---- C:\WINDOWS\msapps
2008-12-06 15:26:51 ----D---- C:\WINDOWS\msagent
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Media
2008-12-06 15:26:51 ----D---- C:\WINDOWS\java
2008-12-06 15:26:51 ----D---- C:\WINDOWS\ime
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Help
2008-12-06 15:26:51 ----D---- C:\WINDOWS\ehome
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Driver Cache
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Debug
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Cursors
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Connection Wizard
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Config
2008-12-06 15:26:51 ----D---- C:\WINDOWS\AppPatch
2008-12-06 15:26:51 ----D---- C:\WINDOWS\addins
2008-12-06 15:26:51 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-16 17:59:26 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-12-13 20:02:18 ----A---- C:\WINDOWS\win.ini
2008-12-07 18:42:38 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-16 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-16 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-16 90632]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R3 ALCXWDM;Service for Avance AC'97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2001-07-18 256360]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-17 1880320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 Ndisprot.sys;Ndisprot.sys; C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-12-07 27904]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-16 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-16 231704]
R2 EBOOSTRSVC;eBoostr Service; C:\Program Files\eBoostr\EBstrSvc.exe [2008-08-08 843384]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-17 77824]
S2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------






info.txt logfile of random's system information tool 1.04 2008-12-17 15:48:16

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Avance AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
eBoostr 2-->C:\Program Files\eBoostr\uninstall.exe
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Glary Utilities 2.6.1-->"C:\Program Files\Glary Utilities\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
MediaCoder Audio Edition 0.6.2-->C:\Program Files\MediaCoder Audio Edition\uninst.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Need for Speed™ Carbon-->E:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
NVIDIA Display Driver-->C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
SmartMovie Converter-->"C:\Program Files\Lonely Cat Games\SmartMovie Converter\IIUninst.exe" C:\Program Files\Lonely Cat Games\SmartMovie Converter\install.log
Sophos Anti-Rootkit 1.3.1-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Total Video Converter 3.10-->"C:\Program Files\Total Video Converter\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


ALSO I WOULD LIKE TO INFORM YOU THAT I HAD USED SPYBOT S&D,MALWAREBYTE ANTIMALWARE,DARKSPY ROOTKIT SCANNER,KASPERSKEY 2009,PC MIGHTY MAX,ROOTKIT VIEWER.I REGULARLY USE GLARY UTILITIES AND CC CLEANER.ALSO AS TOLD BY YOU I HAVE STOPPED ALL MY FURTHER INSTALLATION ACTIVITIES.

MY PC HANGS IN BETWEEN.IT ALWAYS RESTARTS AFTER CERTAIN INTERVAL.A BLUE SCREEN APPEARS ON QUITTING NFS CARBON.

THANKS FOR YOUR SUPPORT
THANK YOU

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:14 AM

Posted 17 December 2008 - 02:22 PM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • I see on the log Ask Toolbar is installed on your computer:

    This program is known to be bundled with adware/spyware. You may read more about Ask Toolbars here:
    http://www.benedelman.org/spyware/ask-toolbars/

    To uninstall Ask Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Ask Toolbar

    Also remove the folder in bold: C:\Program Files\AskBarDis

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8CA2A1AE-1B48-4100-A3F7-147593685E03}: NameServer = 85.255.115.236;85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.236;85.255.112.186
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.236;85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.236;85.255.112.186


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Reboot your computer now.

  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

Please copy/paste in your next reply:
  • The log of MBAM.
  • The Combofix log.
  • A fresh RSIT log.
  • Any comment or feedback about how it went.


#5 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 18 December 2008 - 12:45 AM

Malwarebytes' Anti-Malware 1.31
Database version: 1512
Windows 5.1.2600 Service Pack 2

12/18/2008 10:57:14 AM
mbam-log-2008-12-18 (10-57-08).txt

Scan type: Quick Scan
Objects scanned: 41621
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\Components\iamfamous.dll (Spyware.Passwords) -> No action taken.





ComboFix 08-12-17.01 - TEJAS 2008-12-18 11:01:54.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.248 [GMT 5.5:30]
Running from: c:\documents and settings\TEJAS\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\resycled
d:\resycled\boot.com
E:\resycled
e:\resycled\boot.com
F:\resycled
f:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.

2008-12-18 10:48 . 2008-12-18 10:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 10:48 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 10:48 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-17 21:43 . 2008-12-17 21:43 <DIR> d--hs---- C:\FOUND.012
2008-12-17 21:33 . 2008-12-17 21:33 <DIR> d--hs---- C:\FOUND.011
2008-12-17 15:47 . 2008-12-17 15:47 <DIR> d-------- C:\rsit
2008-12-16 21:59 . 2008-12-16 21:59 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-16 21:59 . 2008-12-16 21:59 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-12-16 21:59 . 2008-12-16 21:59 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-16 21:58 . 2008-12-16 21:58 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-16 21:58 . 2008-12-16 21:58 <DIR> d-------- c:\documents and settings\TEJAS\Application Data\AVGTOOLBAR
2008-12-16 21:58 . 2008-12-16 21:59 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-16 20:03 . 2008-12-16 20:03 <DIR> d-------- C:\Gdi++
2008-12-16 17:59 . 2008-12-16 17:59 155,418 --a------ c:\windows\Uninstall.exe
2008-12-16 17:58 . 2004-08-03 22:56 218,624 --a------ c:\windows\system32\uxtheme.backup
2008-12-16 12:29 . 2008-12-16 12:29 <DIR> d--hs---- C:\FOUND.010
2008-12-16 12:29 . 2008-12-18 10:01 536,231,936 --a------ c:\windows\MEMORY.DMP
2008-12-16 11:09 . 2008-12-16 11:09 <DIR> d-------- c:\program files\PC MightyMax
2008-12-15 20:38 . 2008-12-15 20:38 <DIR> d-------- c:\program files\Softwin
2008-12-15 19:42 . 2008-12-15 19:42 <DIR> d-------- C:\RootkitNO
2008-12-15 19:42 . 2008-12-15 19:42 123 --a------ c:\windows\rootkitno.ini
2008-12-15 19:35 . 2008-12-15 19:35 2 -rahs---- c:\windows\winstart.bat
2008-12-15 19:34 . 2008-12-15 19:34 <DIR> d-------- c:\program files\UnHackMe
2008-12-15 19:19 . 2008-12-15 19:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-15 17:39 . 2008-12-15 17:39 <DIR> d-------- c:\documents and settings\TEJAS\Pavark
2008-12-14 20:49 . 2008-12-14 20:49 <DIR> d-------- c:\program files\Sophos
2008-12-14 12:28 . 2008-12-14 12:28 <DIR> d-------- c:\program files\CCleaner
2008-12-14 11:39 . 2008-12-14 11:39 <DIR> d--hs---- C:\FOUND.009
2008-12-13 21:11 . 2008-12-13 21:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-13 12:18 . 2008-12-13 12:18 <DIR> d--hs---- C:\FOUND.008
2008-12-13 12:05 . 2008-12-13 12:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-13 09:48 . 2008-12-13 09:48 <DIR> d--hs---- C:\FOUND.007
2008-12-11 20:29 . 2008-12-11 20:29 <DIR> d--hs---- C:\FOUND.006
2008-12-10 20:02 . 2008-12-10 20:02 <DIR> d-------- c:\program files\Trend Micro
2008-12-10 19:45 . 2008-12-10 19:45 <DIR> d-------- c:\documents and settings\TEJAS\Application Data\Malwarebytes
2008-12-10 19:45 . 2008-12-10 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 19:41 . 2008-12-10 19:41 <DIR> d--hs---- C:\FOUND.005
2008-12-10 16:01 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-12-10 16:01 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\dllcache\kbdjpn.dll
2008-12-10 16:01 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-12-10 16:01 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\dllcache\kbdkor.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd106.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101c.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101b.dll
2008-12-10 16:01 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-12-10 16:01 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\dllcache\kbd103.dll
2008-12-10 15:23 . 2008-12-10 15:23 <DIR> d-------- c:\program files\Comodo
2008-12-10 15:23 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2008-12-10 15:23 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2008-12-10 15:23 . 2004-08-03 22:56 22,528 --a------ c:\windows\system32\wsock32.dlb
2008-12-09 16:09 . 2008-12-09 16:09 <DIR> d--hs---- C:\FOUND.004
2008-12-08 21:13 . 2008-12-08 21:13 <DIR> d--hs---- C:\FOUND.003
2008-12-08 20:26 . 2008-12-08 20:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-12-08 20:04 . 2008-12-08 20:04 <DIR> d-------- c:\documents and settings\TEJAS\Application Data\GlarySoft
2008-12-08 18:51 . 2008-12-08 18:51 <DIR> d-------- c:\documents and settings\TEJAS\Application Data\Media Player Classic
2008-12-08 18:38 . 2008-12-08 18:38 <DIR> d-------- c:\program files\Valve
2008-12-08 17:54 . 2008-12-08 17:54 9 --a------ c:\windows\system\LP.ppp
2008-12-08 17:54 . 2008-12-16 18:21 9 --a------ c:\windows\system\LP.alp
2008-12-08 17:54 . 2008-12-08 17:54 8 --a------ c:\windows\system\LP.lpp
2008-12-08 17:54 . 2008-12-16 18:21 0 --a------ c:\windows\system\lpter.lpa
2008-12-08 17:54 . 2008-12-08 17:54 0 --a------ c:\windows\system\lpren.lpa
2008-12-08 17:54 . 2008-12-08 17:54 0 --a------ c:\windows\system\lpdelf.lpa
2008-12-08 17:54 . 2008-12-08 17:54 0 --a------ c:\windows\system\lpdel.lpa
2008-12-08 11:44 . 2008-12-08 11:44 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-08 11:43 . 2008-12-08 11:43 <DIR> d---s---- c:\documents and settings\TEJAS\UserData
2008-12-07 22:14 . 2008-12-07 22:14 <DIR> d-------- c:\windows\Sun
2008-12-07 22:13 . 2008-12-07 22:13 <DIR> d-------- c:\program files\Java
2008-12-07 22:13 . 2008-12-07 22:13 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-07 22:13 . 2008-12-07 22:13 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-07 20:10 . 2008-12-07 20:10 <DIR> d-------- c:\program files\Panda Security
2008-12-07 18:51 . 2001-08-23 17:30 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll
2008-12-07 18:50 . 2004-08-04 04:26 2,134,528 --a------ c:\windows\system32\dllcache\smtpsnap.dll
2008-12-07 18:49 . 2008-12-07 18:49 749 -rah----- c:\windows\WindowsShell.Manifest
2008-12-07 18:49 . 2008-12-07 18:49 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-07 18:49 . 2008-12-07 18:49 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-12-07 18:49 . 2008-12-07 18:49 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-12-07 18:49 . 2008-12-07 18:49 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-12-07 18:49 . 2008-12-07 18:49 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-12-07 18:46 . 2006-01-17 07:53 131,072 -ra------ c:\windows\system32\nvinstnt.dll
2008-12-07 18:44 . 2001-08-17 12:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2008-12-07 18:30 . 2008-12-07 18:30 <DIR> d--hs---- C:\FOUND.002
2008-12-07 15:31 . 2008-12-07 15:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\sentinel
2008-12-07 15:29 . 2008-12-07 15:29 <DIR> d-------- c:\program files\Common Files\Panda Software
2008-12-07 15:29 . 2008-12-07 15:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-07 14:42 . 2008-12-07 14:42 <DIR> d-------- c:\program files\eBoostr
2008-12-07 12:00 . 2008-12-07 15:54 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys
2008-12-07 11:28 . 2008-12-07 11:28 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-07 10:38 . 2008-12-07 10:38 <DIR> d--hs---- C:\FOUND.001
2008-12-06 21:02 . 2008-12-06 21:02 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-06 20:25 . 2008-12-06 20:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\eboostr
2008-12-06 20:14 . 2008-12-06 20:14 <DIR> d-------- c:\documents and settings\TEJAS\Application Data\CyberLink
2008-12-06 20:13 . 2008-12-06 20:13 <DIR> d-------- c:\program files\Common Files\CyberLink
2008-12-06 20:13 . 2008-12-06 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-06 20:12 . 2008-12-06 20:12 <DIR> d-------- c:\program files\CyberLink
2008-12-06 20:12 . 2008-12-06 20:12 505,128 --a------ c:\windows\system32\msvcp71.dll
2008-12-06 20:10 . 2008-12-06 20:10 <DIR> d--hs---- C:\FOUND.000
2008-12-06 20:00 . 2008-12-06 20:00 <DIR> d--hs---- C:\Recycled
2008-12-06 19:46 . 2008-12-06 19:46 <DIR> d-------- c:\program files\Growler Guncam
2008-12-06 19:46 . 2008-12-06 19:46 <DIR> d-------- c:\program files\Common Files\GC Install
2008-12-06 19:44 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-12-06 19:35 . 2008-12-06 19:35 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-12-06 19:35 . 2008-12-06 19:35 <DIR> d-------- c:\program files\AvRack
2008-12-06 19:35 . 2008-12-06 19:35 <DIR> d-------- c:\program files\Avance Sound Manager
2008-12-06 19:35 . 2001-07-18 15:33 256,360 --a------ c:\windows\system32\drivers\ALCXWDM.SYS
2008-12-06 19:35 . 2001-06-28 07:21 217,088 --------- c:\windows\alcupd.exe
2008-12-06 19:35 . 2001-06-13 09:49 151,552 --------- c:\windows\alcrmv.exe
2008-12-06 19:35 . 2004-08-04 00:56 130,048 --a------ c:\windows\system32\ksproxy.ax
2008-12-06 19:35 . 2001-05-29 15:02 124,416 --------- c:\windows\soundman.exe
2008-12-06 19:35 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2008-12-06 19:35 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys
2008-12-06 19:35 . 2004-08-04 00:56 4,096 --a------ c:\windows\system32\ksuser.dll
2008-12-06 19:35 . 2001-07-05 22:19 164 --------- c:\windows\avrack.ini
2008-12-06 19:30 . 2008-12-06 19:30 <DIR> d-------- c:\windows\nview
2008-12-06 19:30 . 2006-01-17 07:54 180,224 --a------ c:\windows\system32\nvudisp.exe
2008-12-06 19:30 . 2006-01-17 07:53 11,914 --a------ c:\windows\system32\nvdisp.nvu
2008-12-06 19:30 . 2006-01-17 07:53 3,862 -ra------ c:\windows\system32\nvapps.xml
2008-12-06 19:27 . 2008-12-06 19:27 <DIR> d-------- c:\program files\Common Files\InstallShield
2008-12-06 19:22 . 2008-12-06 19:22 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-06 19:22 . 2008-12-06 19:22 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-06 19:22 . 2006-05-09 20:00 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-12-06 19:16 . 2008-12-06 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 19:14 . 2008-12-06 19:14 <DIR> d-------- c:\program files\MediaCoder Audio Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 12:29 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-12-16 12:29 218,624 ----a-w c:\windows\system32\dllcache\uxtheme.dll
2008-12-06 14:42 353,576 ----a-w c:\windows\system32\msvcr71.dll
2008-12-06 10:17 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 08:39 43,544 ----a-w c:\windows\system32\wups2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"New Application"="c:\gdi++\gditray.exe" [2007-10-05 74752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-17 2899968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-17 46080]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-02 36352]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-22 91432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-16 1261336]
"nwiz"="nwiz.exe" [2006-01-17 c:\windows\system32\nwiz.exe]
"SoundMan"="soundman.exe" [2001-05-29 c:\windows\soundman.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-08-08 1011320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"e:\\Program Files\\Counter Strike - Condition Zero (Ultimate Edition)\\czero.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-16 12936]
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2008-08-08 96376]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-16 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-16 90632]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-16 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-16 231704]
R2 EBOOSTRSVC;eBoostr Service;"c:\program files\eBoostr\EBstrSvc.exe" [2008-08-08 843384]
S3 rkhdrv40;Rootkit Unhooker Driver; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a48ac596-c3a4-11dd-8324-0016ec708f83}]
\Shell\AutoRun\command - I:\sxs.exe
\Shell\explore\Command - I:\sxs.exe
\Shell\open\Command - I:\sxs.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-FONT - c:\gdi++\Gdi++\gditray.exe


.
------- Supplementary Scan -------
.
TCP: {8CA2A1AE-1B48-4100-A3F7-147593685E03} = 218.248.255.145,61.1.96.71
FF - ProfilePath - c:\documents and settings\TEJAS\Application Data\Mozilla\Firefox\Profiles\8usfriba.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 11:03:00
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-18 11:03:38
ComboFix-quarantined-files.txt 2008-12-18 05:33:38

Pre-Run: 12,825,296,896 bytes free
Post-Run: 12,823,756,800 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

247 --- E O F --- 2008-12-07 07:59:34







Logfile of random's system information tool 1.04 (written by random/random)
Run by TEJAS at 2008-12-18 11:08:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (64%) free of 19 GB
Total RAM: 511 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:59 AM, on 12/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Gdi++\gditray.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TEJAS\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\TEJAS.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [New Application] C:\Gdi++\gditray.exe
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CA2A1AE-1B48-4100-A3F7-147593685E03}: NameServer = 218.248.255.145,61.1.96.71
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

--
End of file - 4627 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-16 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-16 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-16 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-17 2899968]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-01-17 46080]
"SoundMan"=C:\WINDOWS\soundman.exe [2001-05-29 124416]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-02 36352]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-03-22 91432]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-16 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"New Application"=C:\Gdi++\gditray.exe [2007-10-05 74752]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
eBoostr Control Panel.lnk - C:\Program Files\eBoostr\eBoostrCP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"E:\Program Files\Counter Strike - Condition Zero (Ultimate Edition)\czero.exe"="E:\Program Files\Counter Strike - Condition Zero (Ultimate Edition)\czero.exe:*:Enabled:Condition Zero Launcher"
"E:\Program Files\Valve\hl.exe"="E:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a48ac596-c3a4-11dd-8324-0016ec708f83}]
shell\AutoRun\command - I:\sxs.exe
shell\explore\command - I:\sxs.exe
shell\open\command - I:\sxs.exe


======List of files/folders created in the last 2 months======

2008-12-18 11:03:40 ----A---- C:\ComboFix.txt
2008-12-18 11:01:40 ----A---- C:\Boot.bak
2008-12-18 11:01:38 ----RASHD---- C:\cmdcons
2008-12-18 10:58:58 ----A---- C:\WINDOWS\zip.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\VFIND.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\SWSC.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\SWREG.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\sed.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\grep.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\fdsv.exe
2008-12-18 10:58:54 ----D---- C:\WINDOWS\ERDNT
2008-12-18 10:58:53 ----D---- C:\ComboFix
2008-12-18 10:58:53 ----AD---- C:\Qoobox
2008-12-18 10:48:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 21:43:16 ----SHD---- C:\FOUND.012
2008-12-17 21:33:52 ----SHD---- C:\FOUND.011
2008-12-17 15:47:50 ----D---- C:\rsit
2008-12-16 21:59:04 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-16 21:58:57 ----D---- C:\Documents and Settings\TEJAS\Application Data\AVGTOOLBAR
2008-12-16 20:03:20 ----D---- C:\Gdi++
2008-12-16 17:59:05 ----A---- C:\WINDOWS\Uninstall.exe
2008-12-16 12:29:00 ----SHD---- C:\FOUND.010
2008-12-16 11:09:02 ----D---- C:\Program Files\PC MightyMax
2008-12-15 20:38:02 ----D---- C:\Program Files\Softwin
2008-12-15 19:42:56 ----D---- C:\RootkitNO
2008-12-15 19:42:08 ----A---- C:\WINDOWS\rootkitno.ini
2008-12-15 19:36:50 ----A---- C:\WINDOWS\Partizan.txt
2008-12-15 19:36:35 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2008-12-15 19:35:04 ----RASH---- C:\WINDOWS\winstart.bat
2008-12-15 19:34:40 ----D---- C:\Program Files\UnHackMe
2008-12-15 19:19:56 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-14 20:49:32 ----D---- C:\Program Files\Sophos
2008-12-14 12:28:32 ----D---- C:\Program Files\CCleaner
2008-12-14 11:39:12 ----SHD---- C:\FOUND.009
2008-12-13 21:11:58 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-12-13 12:18:56 ----SHD---- C:\FOUND.008
2008-12-13 12:05:14 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-13 09:48:00 ----SHD---- C:\FOUND.007
2008-12-11 20:29:40 ----SHD---- C:\FOUND.006
2008-12-10 20:02:26 ----D---- C:\Program Files\Trend Micro
2008-12-10 19:45:26 ----D---- C:\Documents and Settings\TEJAS\Application Data\Malwarebytes
2008-12-10 19:45:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-10 19:41:36 ----SHD---- C:\FOUND.005
2008-12-10 16:01:01 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-12-10 15:23:33 ----A---- C:\WINDOWS\UNBOC.EXE
2008-12-10 15:23:32 ----A---- C:\WINDOWS\CMDLIC.DLL
2008-12-10 15:23:17 ----D---- C:\Program Files\Comodo
2008-12-09 16:09:26 ----SHD---- C:\FOUND.004
2008-12-08 21:13:36 ----SHD---- C:\FOUND.003
2008-12-08 20:26:41 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-08 20:04:57 ----D---- C:\Documents and Settings\TEJAS\Application Data\GlarySoft
2008-12-08 18:51:55 ----D---- C:\Documents and Settings\TEJAS\Application Data\Media Player Classic
2008-12-08 18:38:05 ----D---- C:\Program Files\Valve
2008-12-08 11:44:41 ----D---- C:\WINDOWS\BDOSCAN8
2008-12-07 22:14:38 ----D---- C:\WINDOWS\Sun
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-07 22:13:48 ----D---- C:\Program Files\Java
2008-12-07 22:09:56 ----D---- C:\Documents and Settings\TEJAS\Application Data\Sun
2008-12-07 20:10:19 ----D---- C:\Program Files\Panda Security
2008-12-07 18:54:26 ----D---- C:\WINDOWS\Prefetch
2008-12-07 18:49:30 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-07 18:46:08 ----RA---- C:\WINDOWS\system32\nvinstnt.dll
2008-12-07 18:42:32 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-07 18:42:32 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-07 18:42:20 ----RA---- C:\WINDOWS\SET54.tmp
2008-12-07 18:42:17 ----RA---- C:\WINDOWS\SET48.tmp
2008-12-07 18:42:15 ----RA---- C:\WINDOWS\SET45.tmp
2008-12-07 18:30:08 ----SHD---- C:\FOUND.002
2008-12-07 15:31:55 ----D---- C:\Documents and Settings\All Users\Application Data\sentinel
2008-12-07 15:29:56 ----D---- C:\Program Files\Common Files\Panda Software
2008-12-07 15:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-07 14:42:52 ----D---- C:\Program Files\eBoostr
2008-12-07 13:13:55 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-07 11:28:42 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-07 10:38:50 ----SHD---- C:\FOUND.001
2008-12-06 21:02:05 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-06 21:02:04 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-06 21:02:02 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-06 20:25:58 ----D---- C:\Documents and Settings\All Users\Application Data\eboostr
2008-12-06 20:14:15 ----D---- C:\Documents and Settings\TEJAS\Application Data\CyberLink
2008-12-06 20:13:27 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-12-06 20:13:10 ----D---- C:\Program Files\Common Files\CyberLink
2008-12-06 20:12:31 ----D---- C:\Program Files\CyberLink
2008-12-06 20:12:20 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-12-06 20:10:14 ----SHD---- C:\FOUND.000
2008-12-06 20:00:01 ----SHD---- C:\Recycled
2008-12-06 19:48:17 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-06 19:48:17 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-06 19:48:16 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-06 19:48:15 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-06 19:48:15 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-06 19:48:15 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-06 19:48:14 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-06 19:48:13 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-06 19:48:13 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-06 19:48:12 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-06 19:48:11 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-06 19:48:10 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-06 19:46:38 ----D---- C:\Program Files\Growler Guncam
2008-12-06 19:46:28 ----D---- C:\Program Files\Common Files\GC Install
2008-12-06 19:44:12 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-06 19:42:32 ----D---- C:\WINDOWS\Minidump
2008-12-06 19:35:19 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-06 19:35:13 ----D---- C:\Program Files\Avance Sound Manager
2008-12-06 19:35:10 ----N---- C:\WINDOWS\avrack.ini
2008-12-06 19:35:10 ----D---- C:\Program Files\AvRack
2008-12-06 19:35:09 ----N---- C:\WINDOWS\soundman.exe
2008-12-06 19:35:09 ----N---- C:\WINDOWS\alcupd.exe
2008-12-06 19:35:09 ----N---- C:\WINDOWS\alcrmv.exe
2008-12-06 19:35:08 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-06 19:31:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-06 19:30:13 ----D---- C:\WINDOWS\nview
2008-12-06 19:30:13 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-12-06 19:27:47 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-06 19:22:52 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-06 19:22:26 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-06 19:22:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-06 19:16:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 19:15:06 ----D---- C:\Documents and Settings\TEJAS\Application Data\Adobe
2008-12-06 19:14:52 ----D---- C:\Program Files\MediaCoder Audio Edition
2008-12-06 19:13:43 ----D---- C:\Program Files\Lonely Cat Games
2008-12-06 19:13:35 ----D---- C:\Documents and Settings\TEJAS\Application Data\WinRAR
2008-12-06 19:13:12 ----D---- C:\Documents and Settings\TEJAS\Application Data\Macromedia
2008-12-06 19:13:08 ----D---- C:\Program Files\Google
2008-12-06 19:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-12-06 19:12:19 ----D---- C:\Documents and Settings\TEJAS\Application Data\GRETECH
2008-12-06 19:12:11 ----D---- C:\Program Files\GRETECH
2008-12-06 19:11:43 ----A---- C:\Program Files\FLV PlayerRCSetup.exe
2008-12-06 19:11:24 ----D---- C:\WINDOWS\FLV Player
2008-12-06 19:11:24 ----D---- C:\Program Files\FLV Player
2008-12-06 19:06:20 ----D---- C:\Program Files\AVG
2008-12-06 19:06:17 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-06 19:03:49 ----D---- C:\Program Files\Glary Utilities
2008-12-06 19:02:53 ----D---- C:\Documents and Settings\TEJAS\Application Data\uTorrent
2008-12-06 19:02:43 ----D---- C:\Documents and Settings\TEJAS\Application Data\Mozilla
2008-12-06 19:02:37 ----A---- C:\WINDOWS\system32\unrar.dll
2008-12-06 19:02:37 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-06 19:02:35 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-12-06 19:02:35 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\divx.dll
2008-12-06 19:02:33 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-12-06 19:02:33 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-12-06 19:02:32 ----D---- C:\Program Files\K-Lite Codec Pack
2008-12-06 19:02:32 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-06 19:01:07 ----D---- C:\Program Files\Total Video Converter
2008-12-06 19:00:49 ----D---- C:\Program Files\WinRAR
2008-12-06 18:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-06 18:59:20 ----D---- C:\Program Files\Common Files\Adobe
2008-12-06 18:59:20 ----D---- C:\Program Files\Adobe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\px.dll
2008-12-06 18:58:26 ----D---- C:\Program Files\Winamp
2008-12-06 18:58:26 ----D---- C:\Documents and Settings\TEJAS\Application Data\Winamp
2008-12-06 18:58:05 ----D---- C:\Program Files\Mozilla Firefox
2008-12-06 15:54:12 ----D---- C:\Documents and Settings\TEJAS\Application Data\Identities
2008-12-06 15:54:10 ----HD---- C:\Program Files\Uninstall Information
2008-12-06 15:54:05 ----ASH---- C:\Documents and Settings\TEJAS\Application Data\desktop.ini
2008-12-06 15:54:04 ----SD---- C:\Documents and Settings\TEJAS\Application Data\Microsoft
2008-12-06 15:53:12 ----SHD---- C:\System Volume Information
2008-12-06 15:53:12 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-06 15:53:11 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-06 15:53:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 15:47:38 ----D---- C:\WINDOWS\system32\xircom
2008-12-06 15:47:38 ----D---- C:\Program Files\xerox
2008-12-06 15:47:38 ----D---- C:\Program Files\microsoft frontpage
2008-12-06 15:47:18 ----A---- C:\WINDOWS\control.ini
2008-12-06 15:47:18 ----A---- C:\AUTOEXEC.BAT
2008-12-06 15:47:00 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-06 15:46:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-06 15:46:11 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-06 15:46:05 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-06 15:46:00 ----HD---- C:\Program Files\WindowsUpdate
2008-12-06 15:45:39 ----D---- C:\WINDOWS\system32\DirectX
2008-12-06 15:45:15 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-06 15:45:12 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-06 15:45:12 ----A---- C:\WINDOWS\desktop.ini
2008-12-06 15:45:04 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-06 15:45:03 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-06 15:45:02 ----D---- C:\Program Files\Common Files\Services
2008-12-06 15:44:59 ----SD---- C:\WINDOWS\Tasks
2008-12-06 15:44:59 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-06 15:44:58 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-06 15:44:53 ----D---- C:\WINDOWS\srchasst
2008-12-06 15:44:52 ----D---- C:\WINDOWS\system32\Macromed
2008-12-06 15:44:49 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-06 15:44:42 ----D---- C:\Program Files\Movie Maker
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-06 15:44:33 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-12-06 15:44:33 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-06 15:44:32 ----D---- C:\WINDOWS\system32\Restore
2008-12-06 15:44:32 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-06 15:44:32 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-06 15:44:32 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-06 15:44:31 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-06 15:44:31 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-06 15:44:31 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-06 15:44:30 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-06 15:44:30 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-06 15:44:30 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-06 15:44:27 ----D---- C:\Program Files\NetMeeting
2008-12-06 15:44:27 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-06 15:44:27 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-06 15:44:25 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-06 15:44:25 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-06 15:44:23 ----D---- C:\Program Files\Outlook Express
2008-12-06 15:44:23 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-06 15:44:23 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-06 15:44:21 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-06 15:44:14 ----D---- C:\Program Files\Common Files\System
2008-12-06 15:44:13 ----D---- C:\Program Files\Internet Explorer
2008-12-06 15:43:33 ----D---- C:\Program Files\ComPlus Applications
2008-12-06 15:43:32 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-06 15:43:32 ----A---- C:\WINDOWS\vb.ini
2008-12-06 15:43:29 ----D---- C:\WINDOWS\Registration
2008-12-06 15:43:24 ----D---- C:\Program Files\Online Services
2008-12-06 15:43:23 ----D---- C:\Program Files\Windows Media Player
2008-12-06 15:43:17 ----D---- C:\Program Files\Messenger
2008-12-06 15:43:12 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-06 15:43:12 ----A---- C:\WINDOWS\system32\write.exe
2008-12-06 15:43:01 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-06 15:42:52 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-06 15:42:51 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-06 15:42:51 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-06 15:42:51 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-06 15:42:48 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-06 15:42:48 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-06 15:42:48 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-06 15:42:41 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-06 15:42:29 ----D---- C:\Program Files\MSN
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-06 15:42:26 ----D---- C:\Program Files\Windows NT
2008-12-06 15:42:26 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-06 15:42:26 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-06 15:42:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-06 15:42:25 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-06 15:42:25 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-06 15:42:23 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-06 15:42:21 ----D---- C:\WINDOWS\system32\Com
2008-12-06 15:42:21 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-06 15:42:21 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-06 15:42:21 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-06 15:42:19 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-06 15:42:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-06 15:42:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-06 15:42:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-06 15:42:12 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-06 15:37:03 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-06 15:35:02 ----RA---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-06 15:33:38 ----SHD---- C:\WINDOWS\Installer
2008-12-06 15:33:38 ----D---- C:\Program Files\Common Files\ODBC
2008-12-06 15:33:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 15:33:38 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-06 15:33:34 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-06 15:33:33 ----RD---- C:\Program Files
2008-12-06 15:33:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-06 15:33:33 ----D---- C:\Program Files\Common Files
2008-12-06 15:33:17 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-06 15:33:17 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-06 15:33:12 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-06 15:33:05 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-06 15:33:00 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-06 15:32:58 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-06 15:32:56 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-06 15:32:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 15:32:50 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-06 15:32:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-06 15:32:23 ----D---- C:\Documents and Settings
2008-12-06 15:31:34 ----RASH---- C:\boot.ini
2008-12-06 15:26:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-06 15:26:51 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 15:26:51 ----RD---- C:\WINDOWS\Web
2008-12-06 15:26:51 ----HD---- C:\WINDOWS\inf
2008-12-06 15:26:51 ----D---- C:\WINDOWS\WinSxS
2008-12-06 15:26:51 ----D---- C:\WINDOWS\twain_32
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Temp
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\wins
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\wbem
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\usmt
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\spool
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\Setup
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\ras
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\oobe
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\npp
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\mui
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\IME
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\icsxml
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\ias
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\export
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\drivers
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\dhcp
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\config
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\3076
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\2052
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1054
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1042
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1041
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1037
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1033
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1031
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1028
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1025
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system
2008-12-06 15:26:51 ----D---- C:\WINDOWS\security
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Resources
2008-12-06 15:26:51 ----D---- C:\WINDOWS\repair
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Provisioning
2008-12-06 15:26:51 ----D---- C:\WINDOWS\PeerNet
2008-12-06 15:26:51 ----D---- C:\WINDOWS\pchealth
2008-12-06 15:26:51 ----D---- C:\WINDOWS\mui
2008-12-06 15:26:51 ----D---- C:\WINDOWS\msapps
2008-12-06 15:26:51 ----D---- C:\WINDOWS\msagent
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Media
2008-12-06 15:26:51 ----D---- C:\WINDOWS\java
2008-12-06 15:26:51 ----D---- C:\WINDOWS\ime
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Help
2008-12-06 15:26:51 ----D---- C:\WINDOWS\ehome
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Driver Cache
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Debug
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Cursors
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Connection Wizard
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Config
2008-12-06 15:26:51 ----D---- C:\WINDOWS\AppPatch
2008-12-06 15:26:51 ----D---- C:\WINDOWS\addins
2008-12-06 15:26:51 ----D---- C:\WINDOWS

======List of files/folders modified in the last 2 months======

2008-12-18 11:03:04 ----A---- C:\WINDOWS\system.ini
2008-12-16 17:59:26 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-12-13 20:02:18 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-16 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-16 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-16 90632]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R3 ALCXWDM;Service for Avance AC'97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2001-07-18 256360]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-17 1880320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 Ndisprot.sys;Ndisprot.sys; C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-12-07 27904]
S3 catchme;catchme; \??\C:\DOCUME~1\TEJAS\LOCALS~1\Temp\catchme.sys []
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-16 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-16 231704]
R2 EBOOSTRSVC;eBoostr Service; C:\Program Files\eBoostr\EBstrSvc.exe [2008-08-08 843384]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-17 77824]
S2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------




THANKS FOR UR SUPPORT.
I REMOVED THE ASK TOOLBAR AS U HAD TOLD.
BUT AFTER RUNNING SYSTEM SCAN IN HIJACK THIS.
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
THE ABOVE GIVEN FILES WERE NOT PRESENT.DID THEY GOT DELETED WHEN I REMOVED ASK TOOLBAR???
THE LOGS YOU NEEDED ARE GIVEN ABOVE.
I PERFORMED ALL THE ACTIVITIES AS YOU TOLD.
THANK YOU VERY MUCH FOR YOUR HELP.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:14 AM

Posted 18 December 2008 - 07:46 AM

Well done. :thumbsup:
  • Beside the removed infection your computer is infected with a flash drive infection. This type of infection get usually carried over through removable storage devices (flash drive/ thump drive/ memory stick/ USB stick/ etc) and networks. Please tell me if you have these devices because if you have them we have to make sure they are disinfected too. Please just tell me and don't connect them if you have them.

  • From MBAM log:

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> No action taken.
    Files Infected:
    C:\Program Files\Mozilla Firefox\Components\iamfamous.dll (Spyware.Passwords) -> No action taken.


    The log shows No action taken, but MBAM should be configured to remove what it finds. Did you do it? De subsequent scan should show a clean log.


#7 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 18 December 2008 - 10:23 AM

YA I HAD CONFIGURED MALWAREBYT.I UPDATED AND PERFORMED THE SCAN.THEN WHY IS IT NOT PRODUCING CLEAN LOGS???
THE BLUE SCREEN WHICH WAS EARLIER COMING IS STILL COMING.
MY PC STILL HANGS AND ALSO RESTARTS.
I HAD PERFORMED ALL THE ACTIVITIES AS U HAD TOLD.

WHAT SHOULD I DO FURTHER ACCORDING TO YOU TO CLEAN MY SYSTEM.
IS IT A SERIOUS THREAT...???

THANK YOU VERY MUCH FOR YOUR SUPPORT.

#8 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 18 December 2008 - 10:28 AM

YES I USED MY PENDRIVE.BUT FROM LAST 2 TO 3 DAYS I HAVE NOT CONNECTED IT TO PC.
YOU CAN SUGGEST ME ANY ANTIVIRUS TO REMOVE THE IN FECTION.
I WILL USE IT FOR MY PENDRIVE ALSO TO REMOVE ANY INFECTION IF PRESENT.I WILL NOT CONNECT ANY EXTERNAL DEVICES AS YOU HAVE TOLD.

WHAT SHOULD BE THE FURTHER STEP TO REMOVE THE INFECTION...????



THANK YOU

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:14 AM

Posted 18 December 2008 - 01:36 PM

We will go on as long as it takes to get the computer clean.

May I ask any particular reason you use CAPS to write? Because it makes it more difficult to read and in Internet language it means shouting, I'm sure you don't mean that, just wanted to clear that.

++++++++++++++++++++++++++

Please have your pendrive or any other external storage device ready to disinfect. Connect it when it is asked. When you connect it leave it connected when you run Combofix.
  • To disable automatic startup:
  • Go to start right-click My computer and select Properties.
  • Under Advanced tab in the section Startup and Recovery press Settings.
  • Under System failure section:
  • Write an event to the system log option should be checked.
  • Send an administrative alert should be checked.
  • Uncheck Automatically restart.
  • Click OK twice.
  • The next time Windows encounter a problem will not restart automatically and gives you an error message. If it happens Note the exact message and post it to your reply.

[*]Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.


[*]Please read this carefully: http://www.zyxware.com/articles/2007/08/14...virus-infection

Note: It is important to have autoplay feature turned off and not to open the thump drives by double clicking. Instead rightclick the drive and select Explore

How do I turn off Autoplay in Windows XP for my external hard drive?
  • Open My Computer.
  • Right click on the drive letter assigned to your external drive.
  • Choose properties.
  • Click on the Autoplay tab.
  • Click the "Select an action to perform" option.
  • Choose "Take no action."
  • Click OK .

[*]Open notepad and copy/paste the text in the code box below into it:

http://www.bleepingcomputer.com/forums/index.php?showtopic=185552&st=0&gopid=1049279&#entry1049279

Collect::[4]
I:\sxs.exe
c:\windows\system32\drivers\Ndisprot.sys

Driver::
Ndisprot.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a48ac596-c3a4-11dd-8324-0016ec708f83}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8CA2A1AE-1B48-4100-A3F7-147593685E03}]
"NameServer"=-

Save this as CFScript.txt


Posted Image


Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Important Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

[*]Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead just click "Save Logfile".
Open MBAM, under Settings make sure all the options selected except "Terminate Internet Explorer during removal". Then update it, run a "quick scan", then click "Remove Selected" after the scan finished, let reboot if needed and copy/paste the log to your reply.


[*]Please attach the following file to your reply:

c:\windows\MEMORY.DMP

To attach the archive to your reply: when you press the reply, under the reply window press Browse... show the path to the file on your computer (select the file and click open) then press the green UPLOAD button.


[*]Delete your copy of RSIT from your desktop. Also remove this folder: C:\rsit.


[*]Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Set the list of Files/Folders created to 3 Months.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Note:The logs will be created in this folder: C:\rsit
[/list]

#10 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 19 December 2008 - 12:58 AM

ComboFix 08-12-17.01 - TEJAS 2008-12-19 10:37:56.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.198 [GMT 5.5:30]
Running from: c:\documents and settings\TEJAS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\TEJAS\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\Ndisprot.sys
I:\autorun.inf
I:\sxs.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISPROT.SYS
-------\Service_Ndisprot.sys


((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-19 10:17 . 2008-12-19 10:19 1,393 --a------ c:\windows\imsins.BAK
2008-12-19 10:14 . 2008-12-19 10:14 <DIR> d--hs---- C:\FOUND.014
2008-12-18 22:11 . 2008-08-14 15:30 2,180,352 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-18 22:11 . 2008-08-14 15:28 2,136,064 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-18 22:11 . 2008-08-14 14:52 2,057,728 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-18 22:11 . 2008-08-14 14:52 2,015,744 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-18 22:11 . 2008-06-13 18:40 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2008-12-18 22:10 . 2008-10-24 16:40 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-18 13:13 . 2008-12-18 13:13 <DIR> d-------- C:\MyWorks
2008-12-18 13:13 . 2001-03-08 18:30 24,064 --------- c:\windows\system32\msxml3a.dll
2008-12-18 11:23 . 2008-12-18 11:23 <DIR> d--hs---- C:\FOUND.013
2008-12-18 10:48 . 2008-12-18 10:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 10:48 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 10:48 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-17 21:43 . 2008-12-17 21:43 <DIR> d--hs---- C:\FOUND.012
2008-12-17 21:33 . 2008-12-17 21:33 <DIR> d--hs---- C:\FOUND.011
2008-12-17 15:47 . 2008-12-17 15:47 <DIR> d-------- C:\rsit
2008-12-16 21:59 . 2008-12-16 21:59 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-16 21:59 . 2008-12-16 21:59 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-12-16 21:59 . 2008-12-16 21:59 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-16 21:58 . 2008-12-16 21:58 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-16 21:58 . 2008-12-16 21:58 <DIR> d-------- c:\documents and settings\TEJAS\Application Data\AVGTOOLBAR
2008-12-16 21:58 . 2008-12-16 21:59 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-16 20:03 . 2008-12-16 20:03 <DIR> d-------- C:\Gdi++
2008-12-16 17:59 . 2008-12-16 17:59 155,418 --a------ c:\windows\Uninstall.exe
2008-12-16 17:58 . 2004-08-03 22:56 218,624 --a------ c:\windows\system32\uxtheme.backup
2008-12-16 12:29 . 2008-12-16 12:29 <DIR> d--hs---- C:\FOUND.010
2008-12-16 12:29 . 2008-12-18 17:09 536,231,936 --a------ c:\windows\MEMORY.DMP
2008-12-16 11:09 . 2008-12-16 11:09 <DIR> d-------- c:\program files\PC MightyMax
2008-12-15 20:38 . 2008-12-15 20:38 <DIR> d-------- c:\program files\Softwin
2008-12-15 19:42 . 2008-12-15 19:42 <DIR> d-------- C:\RootkitNO
2008-12-15 19:42 . 2008-12-15 19:42 123 --a------ c:\windows\rootkitno.ini
2008-12-15 19:35 . 2008-12-15 19:35 2 -rahs---- c:\windows\winstart.bat
2008-12-15 19:34 . 2008-12-15 19:34 <DIR> d-------- c:\program files\UnHackMe
2008-12-15 19:19 . 2008-12-15 19:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-15 17:39 . 2008-12-15 17:39 <DIR> d-------- c:\documents and settings\TEJAS\Pavark
2008-12-14 20:49 . 2008-12-14 20:49 <DIR> d-------- c:\program files\Sophos
2008-12-14 12:28 . 2008-12-14 12:28 <DIR> d-------- c:\program files\CCleaner
2008-12-14 11:39 . 2008-12-14 11:39 <DIR> d--hs---- C:\FOUND.009
2008-12-13 21:11 . 2008-12-13 21:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-13 12:18 . 2008-12-13 12:18 <DIR> d--hs---- C:\FOUND.008
2008-12-13 12:05 . 2008-12-13 12:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-13 09:48 . 2008-12-13 09:48 <DIR> d--hs---- C:\FOUND.007
2008-12-11 20:29 . 2008-12-11 20:29 <DIR> d--hs---- C:\FOUND.006
2008-12-10 20:02 . 2008-12-10 20:02 <DIR> d-------- c:\program files\Trend Micro
2008-12-10 19:45 . 2008-12-10 19:45 <DIR> d-------- c:\documents and settings\TEJAS\Application Data\Malwarebytes
2008-12-10 19:45 . 2008-12-10 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 19:41 . 2008-12-10 19:41 <DIR> d--hs---- C:\FOUND.005
2008-12-10 16:01 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-12-10 16:01 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\dllcache\kbdjpn.dll
2008-12-10 16:01 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-12-10 16:01 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\dllcache\kbdkor.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd106.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101c.dll
2008-12-10 16:01 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101b.dll
2008-12-10 16:01 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-12-10 16:01 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\dllcache\kbd103.dll
2008-12-10 15:23 . 2008-12-10 15:23 <DIR> d-------- c:\program files\Comodo
2008-12-10 15:23 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2008-12-10 15:23 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2008-12-10 15:23 . 2004-08-03 22:56 22,528 --a------ c:\windows\system32\wsock32.dlb
2008-12-09 16:09 . 2008-12-09 16:09 <DIR> d--hs---- C:\FOUND.004
2008-12-08 21:13 . 2008-12-08 21:13 <DIR> d--hs---- C:\FOUND.003
2008-12-08 20:26 . 2008-12-08 20:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-12-08 20:04 . 2008-12-08 20:04 <DIR> d-------- c:\documents and settings\TEJAS\Application Data\GlarySoft
2008-12-08 18:51 . 2008-12-08 18:51 <DIR> d-------- c:\documents and settings\TEJAS\Application Data\Media Player Classic
2008-12-08 18:38 . 2008-12-08 18:38 <DIR> d-------- c:\program files\Valve
2008-12-08 17:54 . 2008-12-08 17:54 9 --a------ c:\windows\system\LP.ppp
2008-12-08 17:54 . 2008-12-16 18:21 9 --a------ c:\windows\system\LP.alp
2008-12-08 17:54 . 2008-12-08 17:54 8 --a------ c:\windows\system\LP.lpp
2008-12-08 17:54 . 2008-12-16 18:21 0 --a------ c:\windows\system\lpter.lpa
2008-12-08 17:54 . 2008-12-08 17:54 0 --a------ c:\windows\system\lpren.lpa
2008-12-08 17:54 . 2008-12-08 17:54 0 --a------ c:\windows\system\lpdelf.lpa
2008-12-08 17:54 . 2008-12-08 17:54 0 --a------ c:\windows\system\lpdel.lpa
2008-12-08 11:44 . 2008-12-08 11:44 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-07 22:14 . 2008-12-07 22:14 <DIR> d-------- c:\windows\Sun
2008-12-07 22:13 . 2008-12-07 22:13 <DIR> d-------- c:\program files\Java
2008-12-07 22:13 . 2008-12-07 22:13 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-07 22:13 . 2008-12-07 22:13 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-07 20:10 . 2008-12-07 20:10 <DIR> d-------- c:\program files\Panda Security
2008-12-07 18:51 . 2001-08-23 17:30 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll
2008-12-07 18:50 . 2004-08-04 04:26 2,134,528 --a------ c:\windows\system32\dllcache\smtpsnap.dll
2008-12-07 18:49 . 2008-12-07 18:49 749 -rah----- c:\windows\WindowsShell.Manifest
2008-12-07 18:49 . 2008-12-07 18:49 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-07 18:49 . 2008-12-07 18:49 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-12-07 18:49 . 2008-12-07 18:49 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-12-07 18:49 . 2008-12-07 18:49 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-12-07 18:49 . 2008-12-07 18:49 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-12-07 18:46 . 2006-01-17 07:53 131,072 -ra------ c:\windows\system32\nvinstnt.dll
2008-12-07 18:44 . 2001-08-17 12:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2008-12-07 18:30 . 2008-12-07 18:30 <DIR> d--hs---- C:\FOUND.002
2008-12-07 15:31 . 2008-12-07 15:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\sentinel
2008-12-07 15:29 . 2008-12-07 15:29 <DIR> d-------- c:\program files\Common Files\Panda Software
2008-12-07 15:29 . 2008-12-07 15:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-07 14:42 . 2008-12-07 14:42 <DIR> d-------- c:\program files\eBoostr
2008-12-07 11:28 . 2008-12-07 11:28 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-07 10:38 . 2008-12-07 10:38 <DIR> d--hs---- C:\FOUND.001
2008-12-06 21:02 . 2008-12-06 21:02 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-06 20:25 . 2008-12-06 20:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\eboostr
2008-12-06 20:14 . 2008-12-06 20:14 <DIR> d-------- c:\documents and settings\TEJAS\Application Data\CyberLink
2008-12-06 20:13 . 2008-12-06 20:13 <DIR> d-------- c:\program files\Common Files\CyberLink
2008-12-06 20:13 . 2008-12-06 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-06 20:12 . 2008-12-06 20:12 <DIR> d-------- c:\program files\CyberLink
2008-12-06 20:12 . 2008-12-06 20:12 505,128 --a------ c:\windows\system32\msvcp71.dll
2008-12-06 20:10 . 2008-12-06 20:10 <DIR> d--hs---- C:\FOUND.000
2008-12-06 20:00 . 2008-12-06 20:00 <DIR> d--hs---- C:\Recycled
2008-12-06 19:46 . 2008-12-06 19:46 <DIR> d-------- c:\program files\Growler Guncam
2008-12-06 19:46 . 2008-12-06 19:46 <DIR> d-------- c:\program files\Common Files\GC Install
2008-12-06 19:44 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-12-06 19:35 . 2008-12-06 19:35 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-12-06 19:35 . 2008-12-06 19:35 <DIR> d-------- c:\program files\AvRack
2008-12-06 19:35 . 2008-12-06 19:35 <DIR> d-------- c:\program files\Avance Sound Manager
2008-12-06 19:35 . 2001-07-18 15:33 256,360 --a------ c:\windows\system32\drivers\ALCXWDM.SYS
2008-12-06 19:35 . 2001-06-28 07:21 217,088 --------- c:\windows\alcupd.exe
2008-12-06 19:35 . 2001-06-13 09:49 151,552 --------- c:\windows\alcrmv.exe
2008-12-06 19:35 . 2004-08-04 00:56 130,048 --a------ c:\windows\system32\ksproxy.ax
2008-12-06 19:35 . 2001-05-29 15:02 124,416 --------- c:\windows\soundman.exe
2008-12-06 19:35 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2008-12-06 19:35 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys
2008-12-06 19:35 . 2004-08-04 00:56 4,096 --a------ c:\windows\system32\ksuser.dll
2008-12-06 19:35 . 2001-07-05 22:19 164 --------- c:\windows\avrack.ini
2008-12-06 19:30 . 2008-12-06 19:30 <DIR> d-------- c:\windows\nview

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 12:29 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-12-16 12:29 218,624 ----a-w c:\windows\system32\dllcache\uxtheme.dll
2008-12-12 17:33 3,060,224 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-06 14:42 353,576 ----a-w c:\windows\system32\msvcr71.dll
2008-12-06 10:17 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 08:43 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 08:43 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 08:43 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 08:43 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 08:42 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 08:42 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 08:42 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 08:42 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 08:39 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 08:39 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 08:39 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 08:39 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 08:39 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 08:38 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-18_11.03.10.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 09:58:28 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:22:14 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:00:46 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-10-20 14:32:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2004-08-03 15:44:16 138,496 ----a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:44 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
- 2004-08-03 17:26:44 243,200 ----a-w c:\windows\system32\dllcache\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\dllcache\es.dll
- 2004-08-03 22:56:44 678,400 ----a-w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:44 683,520 ----a-w c:\windows\system32\dllcache\inetcomm.dll
- 2004-08-03 17:26:44 450,560 ----a-w c:\windows\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w c:\windows\system32\dllcache\jscript.dll
- 2004-08-03 22:56:44 331,776 ----a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:34 331,776 ----a-w c:\windows\system32\dllcache\msadce.dll
- 2004-08-03 17:26:44 73,728 ----a-w c:\windows\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:06 74,240 ----a-w c:\windows\system32\dllcache\mscms.dll
- 2004-08-03 17:26:46 1,236,480 ----a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
- 2004-08-03 17:26:46 1,287,680 ----a-w c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\dllcache\quartz.dll
- 2001-08-23 06:30:00 200,064 ----a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:50 202,752 ----a-w c:\windows\system32\dllcache\rmcast.sys
- 2004-08-03 15:44:46 336,256 ----a-w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:18 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
- 2004-08-03 17:26:48 417,792 ----a-w c:\windows\system32\dllcache\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w c:\windows\system32\dllcache\vbscript.dll
- 2004-08-03 15:47:42 1,835,904 ----a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:42 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
- 2004-08-03 15:44:16 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:44 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2004-08-03 15:40:38 274,304 ----a-w c:\windows\system32\drivers\bthport.sys
+ 2008-06-13 13:10:50 272,128 ----a-w c:\windows\system32\drivers\bthport.sys
- 2001-08-23 06:30:00 200,064 ----a-w c:\windows\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:50 202,752 ----a-w c:\windows\system32\drivers\RMCast.sys
- 2004-08-03 15:44:46 336,256 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:18 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2004-08-03 17:26:44 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
- 2008-12-07 13:24:12 91,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-19 04:59:34 91,088 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-03 22:56:44 678,400 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:44 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2004-08-03 17:26:44 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w c:\windows\system32\jscript.dll
- 2004-08-03 17:26:44 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:06 74,240 ----a-w c:\windows\system32\mscms.dll
- 2004-08-03 17:26:44 3,003,392 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:33:24 3,060,224 ----a-w c:\windows\system32\mshtml.dll
- 2004-08-03 17:26:46 1,236,480 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2004-08-03 17:26:46 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:56 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2004-08-03 17:35:44 2,056,832 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 15:50:00 2,180,992 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:00:46 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
- 2004-08-03 17:26:46 1,287,680 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll
- 2004-08-03 17:26:48 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w c:\windows\system32\vbscript.dll
- 2004-08-03 15:47:42 1,835,904 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 11:57:42 1,846,016 ----a-w c:\windows\system32\win32k.sys
+ 2008-12-19 05:10:42 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_480.dat
+ 2008-04-15 17:54:20 1,724,416 ----a-w c:\windows\WinSxS\InstallTemp\322857\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"New Application"="c:\gdi++\gditray.exe" [2007-10-05 74752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-17 2899968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-17 46080]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-02 36352]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-22 91432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-16 1261336]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"nwiz"="nwiz.exe" [2006-01-17 c:\windows\system32\nwiz.exe]
"SoundMan"="soundman.exe" [2001-05-29 c:\windows\soundman.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-08-08 1011320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"e:\\Program Files\\Counter Strike - Condition Zero (Ultimate Edition)\\czero.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-16 12936]
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2008-08-08 96376]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-16 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-16 90632]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-16 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-16 231704]
R2 EBOOSTRSVC;eBoostr Service;"c:\program files\eBoostr\EBstrSvc.exe" [2008-08-08 843384]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-18 38496]
S3 rkhdrv40;Rootkit Unhooker Driver; []
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\TEJAS\Application Data\Mozilla\Firefox\Profiles\8usfriba.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 10:40:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\AVGWDSVC.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
c:\program files\AVG\AVG8\AVGAM.EXE
c:\program files\AVG\AVG8\AVGNSX.EXE
c:\program files\AVG\AVG8\AVGEMC.EXE
c:\windows\system32\wscntfy.exe
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\AVG\AVG8\AVGTRAY.EXE
c:\program files\AVG\AVG8\AVGRSX.EXE
c:\program files\AVG\AVG8\AVGRSX.EXE
c:\program files\AVG\AVG8\AVGRSX.EXE
.
**************************************************************************
.
Completion time: 2008-12-19 10:42:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-19 05:12:06
ComboFix2.txt 2008-12-18 05:33:42

Pre-Run: 11,994,939,392 bytes free
Post-Run: 11,958,222,848 bytes free

340 --- E O F --- 2008-12-19 04:49:57






Malwarebytes' Anti-Malware 1.31
Database version: 1512
Windows 5.1.2600 Service Pack 2

12/19/2008 10:58:21 AM
mbam-log-2008-12-19 (10-58-21).txt

Scan type: Quick Scan
Objects scanned: 41817
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






Logfile of random's system information tool 1.05 (written by random/random)
Run by TEJAS at 2008-12-19 11:25:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (60%) free of 19 GB
Total RAM: 511 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:38 AM, on 12/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Gdi++\gditray.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TEJAS\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\TEJAS.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [New Application] C:\Gdi++\gditray.exe
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CA2A1AE-1B48-4100-A3F7-147593685E03}: NameServer = 218.248.255.145,61.1.96.71
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5157 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-16 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-16 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-16 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-17 2899968]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-01-17 46080]
"SoundMan"=C:\WINDOWS\soundman.exe [2001-05-29 124416]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-02 36352]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-03-22 91432]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-16 1261336]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"New Application"=C:\Gdi++\gditray.exe [2007-10-05 74752]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
eBoostr Control Panel.lnk - C:\Program Files\eBoostr\eBoostrCP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"E:\Program Files\Counter Strike - Condition Zero (Ultimate Edition)\czero.exe"="E:\Program Files\Counter Strike - Condition Zero (Ultimate Edition)\czero.exe:*:Enabled:Condition Zero Launcher"
"E:\Program Files\Valve\hl.exe"="E:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

======List of files/folders created in the last 3 months======

2008-12-19 11:06:26 ----D---- C:\rsit
2008-12-19 10:42:10 ----A---- C:\ComboFix.txt
2008-12-19 10:37:10 ----D---- C:\ComboFix
2008-12-19 10:27:49 ----RASHD---- C:\autorun.inf
2008-12-19 10:19:52 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-19 10:19:45 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-19 10:19:38 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-19 10:19:29 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-19 10:19:23 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-19 10:19:11 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-19 10:19:05 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-19 10:18:57 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-19 10:18:48 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-19 10:18:35 ----HD---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-19 10:18:20 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-19 10:18:12 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-19 10:18:03 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-19 10:17:56 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-19 10:17:49 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-19 10:17:42 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-19 10:17:33 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-19 10:17:11 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-19 10:17:04 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-19 10:17:00 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 10:16:54 ----HD---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-19 10:14:28 ----SHD---- C:\FOUND.014
2008-12-18 13:13:45 ----D---- C:\MyWorks
2008-12-18 13:13:27 ----N---- C:\WINDOWS\system32\msxml3a.dll
2008-12-18 11:23:34 ----SHD---- C:\FOUND.013
2008-12-18 11:01:40 ----A---- C:\Boot.bak
2008-12-18 11:01:38 ----RASHD---- C:\cmdcons
2008-12-18 10:58:58 ----A---- C:\WINDOWS\zip.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\VFIND.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\SWSC.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\SWREG.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\sed.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\grep.exe
2008-12-18 10:58:58 ----A---- C:\WINDOWS\fdsv.exe
2008-12-18 10:58:54 ----D---- C:\WINDOWS\ERDNT
2008-12-18 10:58:53 ----AD---- C:\Qoobox
2008-12-18 10:48:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 21:43:16 ----SHD---- C:\FOUND.012
2008-12-17 21:33:52 ----SHD---- C:\FOUND.011
2008-12-16 21:59:04 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-16 21:58:57 ----D---- C:\Documents and Settings\TEJAS\Application Data\AVGTOOLBAR
2008-12-16 20:03:20 ----D---- C:\Gdi++
2008-12-16 17:59:05 ----A---- C:\WINDOWS\Uninstall.exe
2008-12-16 12:29:00 ----SHD---- C:\FOUND.010
2008-12-16 11:09:02 ----D---- C:\Program Files\PC MightyMax
2008-12-15 20:38:02 ----D---- C:\Program Files\Softwin
2008-12-15 19:42:56 ----D---- C:\RootkitNO
2008-12-15 19:42:08 ----A---- C:\WINDOWS\rootkitno.ini
2008-12-15 19:36:50 ----A---- C:\WINDOWS\Partizan.txt
2008-12-15 19:36:35 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2008-12-15 19:35:04 ----RASH---- C:\WINDOWS\winstart.bat
2008-12-15 19:34:40 ----D---- C:\Program Files\UnHackMe
2008-12-15 19:19:56 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-14 20:49:32 ----D---- C:\Program Files\Sophos
2008-12-14 12:28:32 ----D---- C:\Program Files\CCleaner
2008-12-14 11:39:12 ----SHD---- C:\FOUND.009
2008-12-13 21:11:58 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-12-13 12:18:56 ----SHD---- C:\FOUND.008
2008-12-13 12:05:14 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-13 09:48:00 ----SHD---- C:\FOUND.007
2008-12-11 20:29:40 ----SHD---- C:\FOUND.006
2008-12-10 20:02:26 ----D---- C:\Program Files\Trend Micro
2008-12-10 19:45:26 ----D---- C:\Documents and Settings\TEJAS\Application Data\Malwarebytes
2008-12-10 19:45:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-10 19:41:36 ----SHD---- C:\FOUND.005
2008-12-10 16:01:01 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-12-10 16:01:00 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-12-10 15:23:33 ----A---- C:\WINDOWS\UNBOC.EXE
2008-12-10 15:23:32 ----A---- C:\WINDOWS\CMDLIC.DLL
2008-12-10 15:23:17 ----D---- C:\Program Files\Comodo
2008-12-09 16:09:26 ----SHD---- C:\FOUND.004
2008-12-08 21:13:36 ----SHD---- C:\FOUND.003
2008-12-08 20:26:41 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-08 20:04:57 ----D---- C:\Documents and Settings\TEJAS\Application Data\GlarySoft
2008-12-08 18:51:55 ----D---- C:\Documents and Settings\TEJAS\Application Data\Media Player Classic
2008-12-08 18:38:05 ----D---- C:\Program Files\Valve
2008-12-08 11:44:41 ----D---- C:\WINDOWS\BDOSCAN8
2008-12-07 22:14:38 ----D---- C:\WINDOWS\Sun
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-07 22:13:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-07 22:13:48 ----D---- C:\Program Files\Java
2008-12-07 22:09:56 ----D---- C:\Documents and Settings\TEJAS\Application Data\Sun
2008-12-07 20:10:19 ----D---- C:\Program Files\Panda Security
2008-12-07 18:54:26 ----D---- C:\WINDOWS\Prefetch
2008-12-07 18:49:30 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-07 18:46:08 ----RA---- C:\WINDOWS\system32\nvinstnt.dll
2008-12-07 18:42:32 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-07 18:42:32 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-07 18:42:20 ----RA---- C:\WINDOWS\SET54.tmp
2008-12-07 18:42:17 ----RA---- C:\WINDOWS\SET48.tmp
2008-12-07 18:42:15 ----RA---- C:\WINDOWS\SET45.tmp
2008-12-07 18:30:08 ----SHD---- C:\FOUND.002
2008-12-07 15:31:55 ----D---- C:\Documents and Settings\All Users\Application Data\sentinel
2008-12-07 15:29:56 ----D---- C:\Program Files\Common Files\Panda Software
2008-12-07 15:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-07 14:42:52 ----D---- C:\Program Files\eBoostr
2008-12-07 13:13:55 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-07 11:28:42 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-07 10:38:50 ----SHD---- C:\FOUND.001
2008-12-06 21:02:05 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-06 21:02:04 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-06 21:02:02 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-06 20:25:58 ----D---- C:\Documents and Settings\All Users\Application Data\eboostr
2008-12-06 20:14:15 ----D---- C:\Documents and Settings\TEJAS\Application Data\CyberLink
2008-12-06 20:13:27 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-12-06 20:13:10 ----D---- C:\Program Files\Common Files\CyberLink
2008-12-06 20:12:31 ----D---- C:\Program Files\CyberLink
2008-12-06 20:12:20 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-12-06 20:10:14 ----SHD---- C:\FOUND.000
2008-12-06 20:00:01 ----SHD---- C:\Recycled
2008-12-06 19:48:17 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-06 19:48:17 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-06 19:48:16 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-06 19:48:15 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-06 19:48:15 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-06 19:48:15 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-06 19:48:14 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-06 19:48:13 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-06 19:48:13 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-06 19:48:12 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-06 19:48:11 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-06 19:48:10 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-06 19:46:38 ----D---- C:\Program Files\Growler Guncam
2008-12-06 19:46:28 ----D---- C:\Program Files\Common Files\GC Install
2008-12-06 19:44:12 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-06 19:42:32 ----D---- C:\WINDOWS\Minidump
2008-12-06 19:35:19 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-06 19:35:13 ----D---- C:\Program Files\Avance Sound Manager
2008-12-06 19:35:10 ----N---- C:\WINDOWS\avrack.ini
2008-12-06 19:35:10 ----D---- C:\Program Files\AvRack
2008-12-06 19:35:09 ----N---- C:\WINDOWS\soundman.exe
2008-12-06 19:35:09 ----N---- C:\WINDOWS\alcupd.exe
2008-12-06 19:35:09 ----N---- C:\WINDOWS\alcrmv.exe
2008-12-06 19:35:08 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-06 19:31:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-06 19:30:13 ----D---- C:\WINDOWS\nview
2008-12-06 19:30:13 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-12-06 19:27:47 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-06 19:22:52 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-06 19:22:26 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-06 19:22:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-06 19:16:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 19:15:06 ----D---- C:\Documents and Settings\TEJAS\Application Data\Adobe
2008-12-06 19:14:52 ----D---- C:\Program Files\MediaCoder Audio Edition
2008-12-06 19:13:43 ----D---- C:\Program Files\Lonely Cat Games
2008-12-06 19:13:35 ----D---- C:\Documents and Settings\TEJAS\Application Data\WinRAR
2008-12-06 19:13:12 ----D---- C:\Documents and Settings\TEJAS\Application Data\Macromedia
2008-12-06 19:13:08 ----D---- C:\Program Files\Google
2008-12-06 19:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-12-06 19:12:19 ----D---- C:\Documents and Settings\TEJAS\Application Data\GRETECH
2008-12-06 19:12:11 ----D---- C:\Program Files\GRETECH
2008-12-06 19:11:43 ----A---- C:\Program Files\FLV PlayerRCSetup.exe
2008-12-06 19:11:24 ----D---- C:\WINDOWS\FLV Player
2008-12-06 19:11:24 ----D---- C:\Program Files\FLV Player
2008-12-06 19:06:20 ----D---- C:\Program Files\AVG
2008-12-06 19:06:17 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-06 19:03:49 ----D---- C:\Program Files\Glary Utilities
2008-12-06 19:02:53 ----D---- C:\Documents and Settings\TEJAS\Application Data\uTorrent
2008-12-06 19:02:43 ----D---- C:\Documents and Settings\TEJAS\Application Data\Mozilla
2008-12-06 19:02:37 ----A---- C:\WINDOWS\system32\unrar.dll
2008-12-06 19:02:37 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-06 19:02:35 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-12-06 19:02:35 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-06 19:02:34 ----A---- C:\WINDOWS\system32\divx.dll
2008-12-06 19:02:33 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-12-06 19:02:33 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-12-06 19:02:32 ----D---- C:\Program Files\K-Lite Codec Pack
2008-12-06 19:02:32 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-06 19:01:07 ----D---- C:\Program Files\Total Video Converter
2008-12-06 19:00:49 ----D---- C:\Program Files\WinRAR
2008-12-06 18:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-06 18:59:20 ----D---- C:\Program Files\Common Files\Adobe
2008-12-06 18:59:20 ----D---- C:\Program Files\Adobe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-06 18:58:28 ----N---- C:\WINDOWS\system32\px.dll
2008-12-06 18:58:26 ----D---- C:\Program Files\Winamp
2008-12-06 18:58:26 ----D---- C:\Documents and Settings\TEJAS\Application Data\Winamp
2008-12-06 18:58:05 ----D---- C:\Program Files\Mozilla Firefox
2008-12-06 15:54:12 ----D---- C:\Documents and Settings\TEJAS\Application Data\Identities
2008-12-06 15:54:10 ----HD---- C:\Program Files\Uninstall Information
2008-12-06 15:54:05 ----ASH---- C:\Documents and Settings\TEJAS\Application Data\desktop.ini
2008-12-06 15:54:04 ----SD---- C:\Documents and Settings\TEJAS\Application Data\Microsoft
2008-12-06 15:53:12 ----SHD---- C:\System Volume Information
2008-12-06 15:53:12 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-06 15:53:11 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-06 15:53:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 15:47:38 ----D---- C:\WINDOWS\system32\xircom
2008-12-06 15:47:38 ----D---- C:\Program Files\xerox
2008-12-06 15:47:38 ----D---- C:\Program Files\microsoft frontpage
2008-12-06 15:47:18 ----A---- C:\WINDOWS\control.ini
2008-12-06 15:47:18 ----A---- C:\AUTOEXEC.BAT
2008-12-06 15:47:00 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-06 15:46:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-06 15:46:11 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-06 15:46:05 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-06 15:46:00 ----HD---- C:\Program Files\WindowsUpdate
2008-12-06 15:45:39 ----D---- C:\WINDOWS\system32\DirectX
2008-12-06 15:45:15 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-06 15:45:12 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-06 15:45:12 ----A---- C:\WINDOWS\desktop.ini
2008-12-06 15:45:04 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-06 15:45:03 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-06 15:45:02 ----D---- C:\Program Files\Common Files\Services
2008-12-06 15:44:59 ----SD---- C:\WINDOWS\Tasks
2008-12-06 15:44:59 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-06 15:44:58 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-06 15:44:53 ----D---- C:\WINDOWS\srchasst
2008-12-06 15:44:52 ----D---- C:\WINDOWS\system32\Macromed
2008-12-06 15:44:49 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-06 15:44:48 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-06 15:44:47 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-06 15:44:42 ----D---- C:\Program Files\Movie Maker
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-06 15:44:37 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-06 15:44:33 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-12-06 15:44:33 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-06 15:44:32 ----D---- C:\WINDOWS\system32\Restore
2008-12-06 15:44:32 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-06 15:44:32 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-06 15:44:32 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-06 15:44:31 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-06 15:44:31 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-06 15:44:31 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-06 15:44:30 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-06 15:44:30 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-06 15:44:30 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-06 15:44:27 ----D---- C:\Program Files\NetMeeting
2008-12-06 15:44:27 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-06 15:44:27 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-06 15:44:25 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-06 15:44:25 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-06 15:44:23 ----D---- C:\Program Files\Outlook Express
2008-12-06 15:44:23 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-06 15:44:23 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-06 15:44:22 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-06 15:44:21 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-06 15:44:14 ----D---- C:\Program Files\Common Files\System
2008-12-06 15:44:13 ----D---- C:\Program Files\Internet Explorer
2008-12-06 15:43:33 ----D---- C:\Program Files\ComPlus Applications
2008-12-06 15:43:32 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-06 15:43:32 ----A---- C:\WINDOWS\vb.ini
2008-12-06 15:43:29 ----D---- C:\WINDOWS\Registration
2008-12-06 15:43:24 ----D---- C:\Program Files\Online Services
2008-12-06 15:43:23 ----D---- C:\Program Files\Windows Media Player
2008-12-06 15:43:17 ----D---- C:\Program Files\Messenger
2008-12-06 15:43:12 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-06 15:43:12 ----A---- C:\WINDOWS\system32\write.exe
2008-12-06 15:43:01 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-06 15:43:00 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-06 15:42:52 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-06 15:42:51 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-06 15:42:51 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-06 15:42:51 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-06 15:42:50 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-06 15:42:49 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-06 15:42:48 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-06 15:42:48 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-06 15:42:48 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-06 15:42:47 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-06 15:42:41 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-06 15:42:29 ----D---- C:\Program Files\MSN
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-06 15:42:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-06 15:42:26 ----D---- C:\Program Files\Windows NT
2008-12-06 15:42:26 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-06 15:42:26 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-06 15:42:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-06 15:42:25 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-06 15:42:25 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-06 15:42:24 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-06 15:42:23 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-06 15:42:23 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-06 15:42:22 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-06 15:42:21 ----D---- C:\WINDOWS\system32\Com
2008-12-06 15:42:21 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-06 15:42:21 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-06 15:42:21 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-06 15:42:20 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-06 15:42:19 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-06 15:42:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-06 15:42:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-06 15:42:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-06 15:42:12 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-06 15:37:03 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-06 15:35:02 ----RA---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-06 15:33:38 ----SHD---- C:\WINDOWS\Installer
2008-12-06 15:33:38 ----D---- C:\Program Files\Common Files\ODBC
2008-12-06 15:33:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 15:33:38 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-06 15:33:34 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-06 15:33:33 ----RD---- C:\Program Files
2008-12-06 15:33:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-06 15:33:33 ----D---- C:\Program Files\Common Files
2008-12-06 15:33:17 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-06 15:33:17 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-06 15:33:12 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-06 15:33:05 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-06 15:33:00 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-06 15:32:58 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-06 15:32:56 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-06 15:32:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 15:32:50 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-06 15:32:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-06 15:32:23 ----D---- C:\Documents and Settings
2008-12-06 15:31:34 ----RASH---- C:\boot.ini
2008-12-06 15:26:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-06 15:26:51 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 15:26:51 ----RD---- C:\WINDOWS\Web
2008-12-06 15:26:51 ----HD---- C:\WINDOWS\inf
2008-12-06 15:26:51 ----D---- C:\WINDOWS\WinSxS
2008-12-06 15:26:51 ----D---- C:\WINDOWS\twain_32
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Temp
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\wins
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\wbem
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\usmt
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\spool
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\Setup
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\ras
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\oobe
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\npp
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\mui
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\IME
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\icsxml
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\ias
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\export
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\drivers
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\dhcp
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\config
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\3076
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\2052
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1054
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1042
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1041
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1037
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1033
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1031
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1028
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32\1025
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system32
2008-12-06 15:26:51 ----D---- C:\WINDOWS\system
2008-12-06 15:26:51 ----D---- C:\WINDOWS\security
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Resources
2008-12-06 15:26:51 ----D---- C:\WINDOWS\repair
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Provisioning
2008-12-06 15:26:51 ----D---- C:\WINDOWS\PeerNet
2008-12-06 15:26:51 ----D---- C:\WINDOWS\pchealth
2008-12-06 15:26:51 ----D---- C:\WINDOWS\mui
2008-12-06 15:26:51 ----D---- C:\WINDOWS\msapps
2008-12-06 15:26:51 ----D---- C:\WINDOWS\msagent
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Media
2008-12-06 15:26:51 ----D---- C:\WINDOWS\java
2008-12-06 15:26:51 ----D---- C:\WINDOWS\ime
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Help
2008-12-06 15:26:51 ----D---- C:\WINDOWS\ehome
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Driver Cache
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Debug
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Cursors
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Connection Wizard
2008-12-06 15:26:51 ----D---- C:\WINDOWS\Config
2008-12-06 15:26:51 ----D---- C:\WINDOWS\AppPatch
2008-12-06 15:26:51 ----D---- C:\WINDOWS\addins
2008-12-06 15:26:51 ----D---- C:\WINDOWS
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

======List of files/folders modified in the last 3 months======

2008-12-19 10:40:48 ----A---- C:\WINDOWS\system.ini
2008-12-16 17:59:26 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-12-13 20:02:18 ----A---- C:\WINDOWS\win.ini
2008-12-12 23:03:24 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-10-23 18:31:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-15 22:27:56 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 15:45:48 ----A---- C:\WINDOWS\system32\strmdll.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-16 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-16 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-16 90632]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R3 ALCXWDM;Service for Avance AC'97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2001-07-18 256360]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-17 1880320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-16 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-16 231704]
R2 EBOOSTRSVC;eBoostr Service; C:\Program Files\eBoostr\EBstrSvc.exe [2008-08-08 843384]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-17 77824]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
S2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------







I am sorry to write the things in caps.Its really a bad habit of mine.
I have performed all the activities as u told.
I havent removed the malware shown by malwarebyt.I am sorry for that.It must have created a headache to you.
Sorry for that.
I cannot upload the file you need.
The file size is 511mb.S i can't upload it.
Please forgive me for that.
The logs and other things you needed are as above.


THANK YOU.......

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:14 AM

Posted 19 December 2008 - 12:23 PM

No need to apologize, you have done a good job. :thumbsup:


Please tell me if you know this servers:

218.248.255.145
netname: BSNLNET
descr: National Internet Backbone
descr: Bharat Sanchar Nigam Limited
descr: Sanchar Bhawan 20 Ashoka Road New Delhi-110001 India

61.1.96.71
netname: BSNLNET
descr: National Internet Backbone
descr: Bharat Sanchar Nigam Limited
descr: Sanchar Bhawan 20 Ashoka Road New Delhi-110001 India

Tell me also if you have a Dial up or Cable/LAN connection?
Is this the only computer you have? Are using a router?
Do you know if you have a static IP or a dynamic IP?

#12 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 25 December 2008 - 10:39 AM

farbar i am pretty sorry to give you a very late reply. I was out of station for 4 days. Sorry but i left in a pretty hurry. :thumbsup:

Well about you questions i know both these servers they are of my ISP.
Also i use a Cable LAN / Broadband connection with a router.
I have only one PC and no LAN.
I have a static IP and not a dynamic one.....
Guide me further...

Also the condition of PC has worsen since i have returned. There are very frequent crashes and the blue screen has become a part of my routine experience.....

Thanks for your help

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:14 AM

Posted 25 December 2008 - 07:35 PM

Thanks for the feedback.

Also the condition of PC has worsen since i have returned. There are very frequent crashes and the blue screen has become a part of my routine experience.....


As I asked you before I need more information. Every error message has a meaning and it might lead us to the problem. There are too many types of error messages. We can look into your problem if you could give me two types of the information. First is the exact error message itself when it happens. Second is the memory dumb called minidump that can be analyzed. Windows gives you the path to the mini memory dump file. Without those information it is just shooting in the dark.

Anyway we will take care of the malware part. We have to run an online scanner. You were not able to do that because you DNS was hijacked. It should now be taken care of but if not it leads us to the next step.
  • In beginning AVG 8 was not updated as the malware prevented it. Are you able now to update AVG.

  • There is still some left over from Panda we have to remove. Go to start > Run copy/paste the following line in the run box and click OK.

    sc delete PavPrSrv

  • Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked). Then click run cleaner.

  • Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
    Click on I Agree. An ActiveX warning box will appear, Click on Install. Under Select What You Want To Check For Viruses
    Please Check My Computer and Click Ok
    Now Click On Click Here To Scan Next,
    Click on Click here to export the scan report Save it to your Desktop. Please include the Bitdefender log In your next reply.

  • Please download http://OTListIt2 by OldTimer.
  • Save it to your desktop.
  • Double click on the OTListIt2 icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
[/list]

#14 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 December 2008 - 06:05 AM

I cannot update AVG antivirus.Whenever I connect to the net update failed error comes on.AVG does not get updated manually also.
I will give the logs to u in my next post.

#15 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 December 2008 - 06:08 AM

OTListIt logfile created on: 12/26/2008 4:26:05 PM - Run
OTListIt2 by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\TEJAS\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 177.19 Mb Available Physical Memory | 34.66% Memory free
1.22 Gb Paging File | 0.86 Gb Available in Paging File | 70.25% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 10.87 Gb Free Space | 58.35% Space Free | Partition Type: FAT32
Drive D: | 18.62 Gb Total Space | 10.77 Gb Free Space | 57.83% Space Free | Partition Type: FAT32
Drive E: | 18.62 Gb Total Space | 2.04 Gb Free Space | 10.94% Space Free | Partition Type: FAT32
Drive F: | 18.66 Gb Total Space | 1.08 Gb Free Space | 5.81% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEJAS-E24B21BE1
Current User Name: TEJAS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2008/12/16 21:58:52 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
[2008/08/08 17:47:00 | 00,843,384 | ---- | M] (eBoostr.com) -- C:\Program Files\eBoostr\EBstrSvc.exe
[2007/01/02 02:52:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
[2006/01/17 07:53:20 | 00,077,824 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2004/08/03 22:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\RUNDLL32.EXE
[2005/08/07 18:24:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2008/04/02 00:19:42 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/03/20 20:23:22 | 00,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
[2008/03/22 00:21:10 | 00,091,432 | ---- | M] (cyberlink) -- C:\Program Files\Cyberlink\Shared Files\brs.exe
[2008/12/07 22:13:52 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/12/16 21:58:54 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgtray.exe
[2006/11/23 15:10:42 | 00,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/10/05 18:06:20 | 00,074,752 | ---- | M] (2ch) -- C:\Gdi++\gditray.exe
[2008/12/16 19:55:54 | 01,011,320 | ---- | M] (eBoostr.com) -- C:\Program Files\eBoostr\eBoostrCP.exe
[2008/12/16 21:58:54 | 00,638,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgam.exe
[2008/12/16 21:58:56 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[2008/12/16 21:58:56 | 00,408,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
[2008/12/16 21:58:54 | 00,874,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgemc.exe
[2004/08/03 22:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/03 22:56:56 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\NOTEPAD.EXE
[2008/12/08 11:25:12 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2004/08/04 04:26:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2008/12/16 21:58:58 | 00,540,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
[2008/12/26 16:25:20 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TEJAS\Desktop\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/12/16 21:58:54 | 00,874,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/12/16 21:58:52 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/08 17:47:00 | 00,843,384 | ---- | M] (eBoostr.com) -- C:\Program Files\eBoostr\EBstrSvc.exe -- (EBOOSTRSVC [Auto | Running])
[2006/01/17 07:53:20 | 00,077,824 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2005/08/07 18:24:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])

========== Driver Services (SafeList) ==========

[2001/07/18 15:33:50 | 00,256,360 | ---- | M] (Avance Logic, Inc.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/12/16 21:59:00 | 00,098,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/12/16 21:59:00 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/12/16 21:59:06 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
[2008/12/16 21:59:06 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2008/08/08 17:47:00 | 00,096,376 | ---- | M] (eBoostr.com) -- C:\WINDOWS\system32\drivers\eBoost.sys -- (eBoost [Boot | Running])
[2001/08/17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Running])
[2006/01/17 07:53:14 | 01,880,320 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 05:21:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/07/17 09:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 23:07:44 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\uagp35.sys -- (uagp35 [Boot | Running])
[2001/08/23 12:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2008/02/01 17:24:04 | 00,041,456 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1004336348-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-1004336348-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-21-1004336348-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKU\S-1-5-21-1004336348-1292428093-725345543-1003\S-1-5-21-1004336348-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (AVG, Technologies CZ, s.r.o )
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (AVG, Technologies CZ, s.r.o )
O3 - HKCU\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (AVG, Technologies CZ, s.r.o )
O3 - HKU\S-1-5-21-1004336348-1292428093-725345543-1003\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (AVG, Technologies CZ, s.r.o )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" ()
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] soundman.exe (Avance Logic, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [New Application] C:\Gdi++\gditray.exe (2ch)
O4 - HKU\S-1-5-21-1004336348-1292428093-725345543-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1004336348-1292428093-725345543-1003..\Run: [New Application] C:\Gdi++\gditray.exe (2ch)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe (eBoostr.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-1292428093-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1004336348-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1004336348-1292428093-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1004336348-1292428093-725345543-1003\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 218.248.255.145,61.1.96.71
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = avgrsstx.dll
>[2008/12/16 21:59:06 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/12/06 15:47:20 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]

autorun.inf []
[2008/12/19 10:27:50 00,000,000 | RHSD | M] -- C:\autorun.inf -- [ FAT32 ]

autorun.inf []
[2008/12/19 10:27:52 00,000,000 | RHSD | M] -- D:\autorun.inf -- [ FAT32 ]

autorun.inf []
[2008/12/19 10:27:52 00,000,000 | RHSD | M] -- E:\autorun.inf -- [ FAT32 ]

autorun.inf []
[2008/12/19 10:27:52 00,000,000 | RHSD | M] -- F:\autorun.inf -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2008/12/26 16:25:15 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TEJAS\Desktop\OTListIt2.exe
[2008/12/26 15:55:02 | 00,000,000 | -HSD | C] -- C:\FOUND.016
[2008/12/24 18:34:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/12/23 18:41:44 | 00,000,000 | -HSD | C] -- C:\FOUND.015
[2008/12/19 11:06:26 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/19 11:04:10 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\TEJAS\Desktop\RSIT.exe
[2008/12/19 10:37:10 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/12/19 10:27:49 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2008/12/19 10:26:39 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\TEJAS\Desktop\Flash_Disinfector.exe
[2008/12/19 10:14:28 | 00,000,000 | -HSD | C] -- C:\FOUND.014
[2008/12/18 22:11:44 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2008/12/18 22:11:08 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/12/18 22:11:07 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/12/18 22:11:05 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/12/18 22:11:04 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/12/18 22:10:48 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/12/18 13:13:45 | 00,000,000 | ---D | C] -- C:\MyWorks
[2008/12/18 13:13:27 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2008/12/18 11:35:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Desktop\LOGS
[2008/12/18 11:23:34 | 00,000,000 | -HSD | C] -- C:\FOUND.013
[2008/12/18 11:01:40 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/18 11:01:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/12/18 11:01:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/18 10:58:58 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/18 10:58:58 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/18 10:58:58 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/18 10:58:58 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/18 10:58:58 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/18 10:58:58 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/18 10:58:58 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/18 10:58:58 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/18 10:58:58 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/12/18 10:58:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/18 10:58:53 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/12/18 10:48:30 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/18 10:48:30 | 00,000,605 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/18 10:48:28 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/18 10:48:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/18 10:20:31 | 02,884,875 | R--- | C] () -- C:\Documents and Settings\TEJAS\Desktop\ComboFix.exe
[2008/12/17 21:43:16 | 00,000,000 | -HSD | C] -- C:\FOUND.012
[2008/12/17 21:33:52 | 00,000,000 | -HSD | C] -- C:\FOUND.011
[2008/12/16 21:59:04 | 00,090,632 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/12/16 21:59:04 | 00,012,936 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2008/12/16 21:59:04 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/12/16 21:59:04 | 00,001,416 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2008/12/16 21:58:58 | 00,098,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/12/16 21:58:58 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/12/16 21:58:57 | 30,320,250 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/16 21:58:57 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/12/16 21:58:57 | 00,334,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/16 21:58:57 | 00,086,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/16 21:58:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/12/16 21:58:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\AVGTOOLBAR
[2008/12/16 20:03:20 | 00,000,000 | ---D | C] -- C:\Gdi++
[2008/12/16 19:55:31 | 00,000,599 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eBoostr Control Panel.lnk
[2008/12/16 17:59:05 | 00,155,418 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
[2008/12/16 17:58:04 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.backup
[2008/12/16 12:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Desktop\SmartMovie converted files
[2008/12/16 12:29:00 | 00,000,000 | -HSD | C] -- C:\FOUND.010
[2008/12/16 11:09:02 | 00,000,000 | ---D | C] -- C:\Program Files\PC MightyMax
[2008/12/15 20:38:02 | 00,000,000 | ---D | C] -- C:\Program Files\Softwin
[2008/12/15 19:42:56 | 00,000,000 | ---D | C] -- C:\RootkitNO
[2008/12/15 19:42:08 | 00,000,123 | ---- | C] () -- C:\WINDOWS\rootkitno.ini
[2008/12/15 19:35:04 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2008/12/15 19:34:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\My Documents\RegRun2
[2008/12/15 19:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2008/12/15 19:19:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/12/14 20:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2008/12/14 12:28:32 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/14 11:39:12 | 00,000,000 | -HSD | C] -- C:\FOUND.009
[2008/12/13 21:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2008/12/13 20:28:11 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\TEJAS\Desktop\HijackThis.lnk
[2008/12/13 12:18:56 | 00,000,000 | -HSD | C] -- C:\FOUND.008
[2008/12/13 12:05:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/12/13 09:48:00 | 00,000,000 | -HSD | C] -- C:\FOUND.007
[2008/12/11 20:29:40 | 00,000,000 | -HSD | C] -- C:\FOUND.006
[2008/12/10 20:02:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/10 19:45:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\Malwarebytes
[2008/12/10 19:45:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/10 19:41:36 | 00,000,000 | -HSD | C] -- C:\FOUND.005
[2008/12/10 16:01:01 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2008/12/10 16:01:01 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2008/12/10 16:01:00 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2008/12/10 16:01:00 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2008/12/10 16:01:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2008/12/10 16:01:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2008/12/10 16:01:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2008/12/10 16:01:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2008/12/10 16:01:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2008/12/10 16:01:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2008/12/10 16:01:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2008/12/10 16:01:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2008/12/10 15:23:42 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsock32.dlb
[2008/12/10 15:23:33 | 00,205,560 | ---- | C] (COMODO) -- C:\WINDOWS\UNBOC.EXE
[2008/12/10 15:23:32 | 00,212,728 | ---- | C] (COMODO) -- C:\WINDOWS\CMDLIC.DLL
[2008/12/10 15:23:17 | 00,000,000 | ---D | C] -- C:\Program Files\Comodo
[2008/12/09 16:09:26 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2008/12/08 21:13:36 | 00,000,000 | -HSD | C] -- C:\FOUND.003
[2008/12/08 20:26:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/08 20:04:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\GlarySoft
[2008/12/08 18:53:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\My Documents\NFS Most Wanted
[2008/12/08 18:51:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\Media Player Classic
[2008/12/08 18:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\Valve
[2008/12/08 17:54:37 | 00,011,264 | ---- | C] () -- C:\Documents and Settings\TEJAS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/08 17:54:13 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System\LP.ppp
[2008/12/08 17:54:13 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System\LP.alp
[2008/12/08 17:54:13 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System\LP.lpp
[2008/12/08 17:54:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System\lpter.lpa
[2008/12/08 17:54:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System\lpren.lpa
[2008/12/08 17:54:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System\lpdelf.lpa
[2008/12/08 17:54:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System\lpdel.lpa
[2008/12/08 11:44:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/12/07 22:14:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/12/07 22:13:48 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/07 22:09:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\Sun
[2008/12/07 20:10:19 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/12/07 18:54:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/07 18:52:39 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2008/12/07 18:52:35 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2008/12/07 18:52:34 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2008/12/07 18:52:34 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2008/12/07 18:52:34 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2008/12/07 18:52:33 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2008/12/07 18:52:33 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2008/12/07 18:52:33 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2008/12/07 18:52:32 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2008/12/07 18:52:32 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2008/12/07 18:52:32 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2008/12/07 18:52:31 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2008/12/07 18:52:31 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2008/12/07 18:52:31 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2008/12/07 18:52:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2008/12/07 18:52:31 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2008/12/07 18:52:30 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2008/12/07 18:52:30 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2008/12/07 18:52:30 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2008/12/07 18:52:28 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2008/12/07 18:52:28 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2008/12/07 18:52:28 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2008/12/07 18:52:27 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2008/12/07 18:52:27 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2008/12/07 18:52:26 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2008/12/07 18:52:26 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2008/12/07 18:52:26 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2008/12/07 18:52:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2008/12/07 18:52:25 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2008/12/07 18:52:25 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2008/12/07 18:52:25 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2008/12/07 18:52:25 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2008/12/07 18:52:24 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2008/12/07 18:52:23 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2008/12/07 18:52:23 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2008/12/07 18:52:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2008/12/07 18:52:22 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2008/12/07 18:52:21 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2008/12/07 18:52:20 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2008/12/07 18:52:20 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2008/12/07 18:52:20 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2008/12/07 18:52:20 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2008/12/07 18:52:20 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/12/07 18:52:20 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2008/12/07 18:52:20 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/12/07 18:52:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2008/12/07 18:52:19 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2008/12/07 18:52:19 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2008/12/07 18:52:19 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/12/07 18:52:19 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2008/12/07 18:52:18 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2008/12/07 18:52:18 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2008/12/07 18:52:18 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2008/12/07 18:52:18 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/12/07 18:52:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/12/07 18:52:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/12/07 18:52:17 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2008/12/07 18:52:17 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2008/12/07 18:52:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2008/12/07 18:52:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2008/12/07 18:52:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2008/12/07 18:52:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2008/12/07 18:52:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2008/12/07 18:52:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2008/12/07 18:52:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2008/12/07 18:52:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2008/12/07 18:52:16 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2008/12/07 18:52:16 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/12/07 18:52:13 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2008/12/07 18:52:13 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/12/07 18:52:13 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/12/07 18:52:12 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/12/07 18:52:12 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/12/07 18:52:12 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2008/12/07 18:52:12 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2008/12/07 18:52:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2008/12/07 18:52:11 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2008/12/07 18:52:10 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2008/12/07 18:52:10 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/12/07 18:52:10 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/12/07 18:52:09 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2008/12/07 18:52:09 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2008/12/07 18:52:08 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2008/12/07 18:52:08 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2008/12/07 18:52:07 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2008/12/07 18:52:07 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2008/12/07 18:52:07 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2008/12/07 18:52:06 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2008/12/07 18:52:06 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2008/12/07 18:52:06 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2008/12/07 18:52:06 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2008/12/07 18:52:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2008/12/07 18:52:05 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2008/12/07 18:52:05 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2008/12/07 18:52:05 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2008/12/07 18:52:05 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2008/12/07 18:52:05 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2008/12/07 18:52:04 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2008/12/07 18:52:04 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2008/12/07 18:52:04 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2008/12/07 18:52:04 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2008/12/07 18:52:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2008/12/07 18:52:02 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2008/12/07 18:52:01 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2008/12/07 18:52:00 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2008/12/07 18:51:59 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2008/12/07 18:51:59 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2008/12/07 18:51:56 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2008/12/07 18:51:55 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2008/12/07 18:51:51 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2008/12/07 18:51:50 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2008/12/07 18:51:50 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2008/12/07 18:51:50 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2008/12/07 18:51:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2008/12/07 18:51:49 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2008/12/07 18:51:49 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2008/12/07 18:51:48 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2008/12/07 18:51:48 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2008/12/07 18:51:48 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2008/12/07 18:51:48 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2008/12/07 18:51:47 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2008/12/07 18:51:47 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2008/12/07 18:51:46 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2008/12/07 18:51:46 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2008/12/07 18:51:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2008/12/07 18:51:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2008/12/07 18:51:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2008/12/07 18:51:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2008/12/07 18:51:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2008/12/07 18:51:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2008/12/07 18:51:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2008/12/07 18:51:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2008/12/07 18:51:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2008/12/07 18:51:44 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2008/12/07 18:51:44 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2008/12/07 18:51:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2008/12/07 18:51:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2008/12/07 18:51:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2008/12/07 18:51:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2008/12/07 18:51:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2008/12/07 18:51:43 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2008/12/07 18:51:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2008/12/07 18:51:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2008/12/07 18:51:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2008/12/07 18:51:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2008/12/07 18:51:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2008/12/07 18:51:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2008/12/07 18:51:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2008/12/07 18:51:42 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2008/12/07 18:51:42 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2008/12/07 18:51:42 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2008/12/07 18:51:42 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2008/12/07 18:51:42 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2008/12/07 18:51:42 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2008/12/07 18:51:42 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2008/12/07 18:51:41 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2008/12/07 18:51:41 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2008/12/07 18:51:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2008/12/07 18:51:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2008/12/07 18:51:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2008/12/07 18:51:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2008/12/07 18:51:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2008/12/07 18:51:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2008/12/07 18:51:40 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2008/12/07 18:51:40 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2008/12/07 18:51:40 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2008/12/07 18:51:39 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2008/12/07 18:51:39 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2008/12/07 18:51:39 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2008/12/07 18:51:38 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2008/12/07 18:51:38 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2008/12/07 18:51:38 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2008/12/07 18:51:38 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2008/12/07 18:51:38 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2008/12/07 18:51:38 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/12/07 18:51:37 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2008/12/07 18:51:37 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2008/12/07 18:51:37 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2008/12/07 18:51:37 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2008/12/07 18:51:37 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2008/12/07 18:51:37 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2008/12/07 18:51:36 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2008/12/07 18:51:36 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2008/12/07 18:51:36 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2008/12/07 18:51:36 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2008/12/07 18:51:36 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2008/12/07 18:51:35 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2008/12/07 18:51:35 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2008/12/07 18:51:35 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2008/12/07 18:51:35 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2008/12/07 18:51:35 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2008/12/07 18:51:35 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2008/12/07 18:51:35 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2008/12/07 18:51:34 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2008/12/07 18:51:34 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2008/12/07 18:51:34 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2008/12/07 18:51:34 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2008/12/07 18:51:34 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2008/12/07 18:51:33 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2008/12/07 18:51:33 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2008/12/07 18:51:33 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2008/12/07 18:51:33 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2008/12/07 18:51:33 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2008/12/07 18:51:29 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2008/12/07 18:51:25 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2008/12/07 18:51:22 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2008/12/07 18:51:22 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2008/12/07 18:51:22 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2008/12/07 18:51:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2008/12/07 18:51:21 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2008/12/07 18:51:20 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2008/12/07 18:51:20 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2008/12/07 18:51:20 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2008/12/07 18:51:19 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2008/12/07 18:51:19 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2008/12/07 18:51:19 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2008/12/07 18:51:19 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2008/12/07 18:51:19 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2008/12/07 18:51:18 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2008/12/07 18:51:18 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2008/12/07 18:51:18 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2008/12/07 18:51:18 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2008/12/07 18:51:18 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2008/12/07 18:51:18 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2008/12/07 18:51:18 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2008/12/07 18:51:18 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2008/12/07 18:51:17 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2008/12/07 18:51:17 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2008/12/07 18:51:17 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2008/12/07 18:51:17 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2008/12/07 18:51:17 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2008/12/07 18:51:17 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2008/12/07 18:51:17 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2008/12/07 18:51:17 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2008/12/07 18:51:16 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2008/12/07 18:51:16 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2008/12/07 18:51:16 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2008/12/07 18:51:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2008/12/07 18:51:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2008/12/07 18:51:15 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2008/12/07 18:51:15 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2008/12/07 18:51:15 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2008/12/07 18:51:15 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2008/12/07 18:51:14 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2008/12/07 18:51:14 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2008/12/07 18:51:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2008/12/07 18:51:13 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2008/12/07 18:51:13 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2008/12/07 18:51:13 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2008/12/07 18:51:13 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2008/12/07 18:51:13 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2008/12/07 18:51:13 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2008/12/07 18:51:13 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2008/12/07 18:51:09 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2008/12/07 18:51:09 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2008/12/07 18:51:08 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/12/07 18:51:07 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2008/12/07 18:51:07 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2008/12/07 18:51:07 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2008/12/07 18:51:07 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2008/12/07 18:51:06 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2008/12/07 18:51:05 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2008/12/07 18:51:05 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2008/12/07 18:51:05 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2008/12/07 18:51:04 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2008/12/07 18:51:04 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/12/07 18:51:04 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2008/12/07 18:51:04 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2008/12/07 18:51:03 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2008/12/07 18:51:03 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2008/12/07 18:51:03 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2008/12/07 18:51:02 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2008/12/07 18:51:02 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2008/12/07 18:51:02 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2008/12/07 18:51:01 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2008/12/07 18:51:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2008/12/07 18:51:01 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/12/07 18:51:01 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2008/12/07 18:51:01 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2008/12/07 18:51:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2008/12/07 18:51:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2008/12/07 18:51:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2008/12/07 18:51:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2008/12/07 18:51:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2008/12/07 18:51:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2008/12/07 18:50:59 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2008/12/07 18:50:59 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2008/12/07 18:50:59 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2008/12/07 18:50:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2008/12/07 18:50:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2008/12/07 18:50:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2008/12/07 18:50:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2008/12/07 18:50:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2008/12/07 18:50:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2008/12/07 18:50:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2008/12/07 18:50:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2008/12/07 18:50:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2008/12/07 18:50:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2008/12/07 18:50:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2008/12/07 18:50:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2008/12/07 18:50:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2008/12/07 18:50:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2008/12/07 18:50:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2008/12/07 18:50:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2008/12/07 18:50:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2008/12/07 18:50:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2008/12/07 18:50:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2008/12/07 18:50:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2008/12/07 18:50:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2008/12/07 18:50:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2008/12/07 18:50:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2008/12/07 18:50:56 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2008/12/07 18:50:56 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2008/12/07 18:50:56 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2008/12/07 18:50:56 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2008/12/07 18:50:56 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2008/12/07 18:50:56 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2008/12/07 18:50:56 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2008/12/07 18:50:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2008/12/07 18:50:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2008/12/07 18:50:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2008/12/07 18:50:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2008/12/07 18:50:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2008/12/07 18:50:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2008/12/07 18:50:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2008/12/07 18:50:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2008/12/07 18:50:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2008/12/07 18:50:54 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2008/12/07 18:50:54 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2008/12/07 18:50:54 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2008/12/07 18:50:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2008/12/07 18:50:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2008/12/07 18:50:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2008/12/07 18:50:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2008/12/07 18:50:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2008/12/07 18:50:53 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2008/12/07 18:50:53 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2008/12/07 18:50:53 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2008/12/07 18:50:53 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2008/12/07 18:50:52 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2008/12/07 18:50:51 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2008/12/07 18:50:51 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2008/12/07 18:50:51 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2008/12/07 18:50:51 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2008/12/07 18:50:50 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2008/12/07 18:50:50 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/12/07 18:50:50 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2008/12/07 18:50:50 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2008/12/07 18:50:50 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2008/12/07 18:50:50 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2008/12/07 18:50:49 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2008/12/07 18:50:49 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2008/12/07 18:50:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/12/07 18:50:48 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2008/12/07 18:50:48 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2008/12/07 18:50:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2008/12/07 18:50:45 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2008/12/07 18:50:45 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2008/12/07 18:50:45 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2008/12/07 18:50:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2008/12/07 18:50:44 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2008/12/07 18:50:44 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2008/12/07 18:50:44 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2008/12/07 18:50:43 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2008/12/07 18:50:41 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2008/12/07 18:50:41 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2008/12/07 18:50:40 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2008/12/07 18:50:40 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2008/12/07 18:50:40 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2008/12/07 18:50:40 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2008/12/07 18:50:40 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2008/12/07 18:50:39 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2008/12/07 18:50:39 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2008/12/07 18:50:39 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2008/12/07 18:50:39 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2008/12/07 18:50:39 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2008/12/07 18:50:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2008/12/07 18:50:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2008/12/07 18:50:38 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2008/12/07 18:50:38 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2008/12/07 18:50:38 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2008/12/07 18:50:38 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2008/12/07 18:50:37 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2008/12/07 18:50:37 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2008/12/07 18:50:37 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2008/12/07 18:50:37 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2008/12/07 18:50:37 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2008/12/07 18:50:36 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2008/12/07 18:50:36 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2008/12/07 18:50:36 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2008/12/07 18:50:36 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2008/12/07 18:50:36 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2008/12/07 18:50:36 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2008/12/07 18:50:35 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2008/12/07 18:50:35 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2008/12/07 18:50:35 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2008/12/07 18:50:35 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2008/12/07 18:50:34 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2008/12/07 18:50:34 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2008/12/07 18:50:34 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2008/12/07 18:50:34 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2008/12/07 18:50:34 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2008/12/07 18:50:33 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2008/12/07 18:50:33 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2008/12/07 18:50:32 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2008/12/07 18:49:30 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2008/12/07 18:49:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2008/12/07 18:49:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2008/12/07 18:49:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2008/12/07 18:49:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2008/12/07 18:49:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2008/12/07 18:42:32 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/12/07 18:42:32 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2008/12/07 18:42:32 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/12/07 18:42:32 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2008/12/07 18:42:24 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/12/07 18:42:24 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/12/07 18:42:24 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2008/12/07 18:42:24 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2008/12/07 18:42:24 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/12/07 18:42:24 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2008/12/07 18:42:24 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2008/12/07 18:42:24 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2008/12/07 18:42:24 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2008/12/07 18:42:24 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2008/12/07 18:42:24 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2008/12/07 18:42:24 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2008/12/07 18:42:24 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/12/07 18:42:24 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/12/07 18:42:24 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2008/12/07 18:42:24 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2008/12/07 18:42:23 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2008/12/07 18:42:23 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2008/12/07 18:42:23 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2008/12/07 18:42:23 | 00,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2008/12/07 18:30:08 | 00,000,000 | -HSD | C] -- C:\FOUND.002
[2008/12/07 15:31:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2008/12/07 15:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Local Settings\Application Data\Panda Software
[2008/12/07 15:29:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Software
[2008/12/07 15:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2008/12/07 14:42:52 | 00,000,000 | ---D | C] -- C:\Program Files\eBoostr
[2008/12/07 13:13:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2008/12/07 12:50:20 | 00,000,429 | ---- | C] () -- C:\Documents and Settings\TEJAS\Desktop\Google Talk Received Files.lnk
[2008/12/07 12:50:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\My Documents\Google Talk Received Files
[2008/12/07 12:39:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Local Settings\Application Data\Identities
[2008/12/07 12:09:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\My Documents\NFS Carbon
[2008/12/07 11:28:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2008/12/07 10:38:50 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2008/12/06 21:02:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2008/12/06 21:02:04 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/12/06 21:02:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2008/12/06 20:25:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eboostr
[2008/12/06 20:14:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\CyberLink
[2008/12/06 20:13:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/12/06 20:13:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\My Documents\CyberLink
[2008/12/06 20:13:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2008/12/06 20:12:31 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2008/12/06 20:12:20 | 00,505,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2008/12/06 20:10:14 | 00,000,000 | -HSD | C] -- C:\FOUND.000
[2008/12/06 20:00:01 | 00,000,000 | -HSD | C] -- C:\Recycled
[2008/12/06 19:48:17 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2008/12/06 19:48:17 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2008/12/06 19:48:16 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2008/12/06 19:48:15 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/12/06 19:48:15 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2008/12/06 19:48:15 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2008/12/06 19:48:14 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2008/12/06 19:48:13 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/12/06 19:48:13 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2008/12/06 19:48:12 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2008/12/06 19:48:11 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2008/12/06 19:48:10 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2008/12/06 19:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\GC Install
[2008/12/06 19:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Desktop\GAMES
[2008/12/06 19:44:12 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2008/12/06 19:42:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/12/06 19:35:39 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/12/06 19:35:36 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys
[2008/12/06 19:35:19 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2008/12/06 19:35:18 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2008/12/06 19:35:13 | 00,000,000 | ---D | C] -- C:\Program Files\Avance Sound Manager
[2008/12/06 19:35:10 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/12/06 19:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\AvRack
[2008/12/06 19:35:09 | 00,256,360 | ---- | C] (Avance Logic, Inc.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS
[2008/12/06 19:35:09 | 00,217,088 | ---- | C] (Avance Logic, Inc.) -- C:\WINDOWS\alcupd.exe
[2008/12/06 19:35:09 | 00,151,552 | ---- | C] (Avance Logic, Inc.) -- C:\WINDOWS\alcrmv.exe
[2008/12/06 19:35:09 | 00,124,416 | ---- | C] (Avance Logic, Inc.) -- C:\WINDOWS\soundman.exe
[2008/12/06 19:35:08 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2008/12/06 19:33:26 | 53,620,3264 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/06 19:31:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2008/12/06 19:30:35 | 00,003,862 | R--- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2008/12/06 19:30:13 | 00,011,914 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2008/12/06 19:30:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2008/12/06 19:27:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2008/12/06 19:23:13 | 05,895,224 | -H-- | C] () -- C:\Documents and Settings\TEJAS\Local Settings\Application Data\IconCache.db
[2008/12/06 19:22:36 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/12/06 19:22:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/12/06 19:22:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/12/06 19:22:22 | 00,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2008/12/06 19:20:38 | 00,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081206-192038.backup
[2008/12/06 19:16:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/06 19:15:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\Adobe
[2008/12/06 19:14:52 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder Audio Edition
[2008/12/06 19:13:44 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\TEJAS\Desktop\SmartMovie Converter.lnk
[2008/12/06 19:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\Lonely Cat Games
[2008/12/06 19:13:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\WinRAR
[2008/12/06 19:13:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\Macromedia
[2008/12/06 19:13:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Local Settings\Application Data\Google
[2008/12/06 19:13:08 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2008/12/06 19:12:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GRETECH
[2008/12/06 19:12:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\My Documents\GomPlayer
[2008/12/06 19:12:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\GRETECH
[2008/12/06 19:12:11 | 00,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2008/12/06 19:11:43 | 00,524,288 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2008/12/06 19:11:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\FLV Player
[2008/12/06 19:11:24 | 00,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2008/12/06 19:06:20 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/12/06 19:06:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/12/06 19:03:49 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2008/12/06 19:03:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Desktop\ALL SOFTWARES
[2008/12/06 19:02:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\uTorrent
[2008/12/06 19:02:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/06 19:02:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Local Settings\Application Data\Mozilla
[2008/12/06 19:02:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\Mozilla
[2008/12/06 19:02:37 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/06 19:02:37 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/12/06 19:02:36 | 00,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2008/12/06 19:02:36 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2008/12/06 19:02:35 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/06 19:02:35 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2008/12/06 19:02:35 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2008/12/06 19:02:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/06 19:02:34 | 00,683,520 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2008/12/06 19:02:34 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/06 19:02:34 | 00,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2008/12/06 19:02:33 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/06 19:02:33 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/06 19:02:32 | 00,353,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/12/06 19:02:32 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2008/12/06 19:01:11 | 00,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2008/12/06 19:01:07 | 00,000,000 | ---D | C] -- C:\Program Files\Total Video Converter
[2008/12/06 19:00:49 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2008/12/06 19:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Local Settings\Application Data\Adobe
[2008/12/06 18:59:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/06 18:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008/12/06 18:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/12/06 18:58:36 | 00,000,573 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2008/12/06 18:58:26 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2008/12/06 18:58:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\Winamp
[2008/12/06 18:58:07 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/06 18:58:05 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/06 15:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Application Data\Identities
[2008/12/06 15:54:10 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2008/12/06 15:54:08 | 00,000,076 | -HS- | C] () -- C:\Documents and Settings\TEJAS\My Documents\desktop.ini
[2008/12/06 15:54:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\TEJAS\My Documents\My Pictures
[2008/12/06 15:54:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\TEJAS\My Documents\My Music
[2008/12/06 15:54:05 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\TEJAS\Start Menu\Programs\Startup\desktop.ini
[2008/12/06 15:54:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\TEJAS\Application Data\desktop.ini
[2008/12/06 15:54:04 | 00,000,000 | --SD | C] -- C:\Documents and Settings\TEJAS\Application Data\Microsoft
[2008/12/06 15:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TEJAS\Local Settings\Application Data\Microsoft
[2008/12/06 15:53:12 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/12/06 15:53:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2008/12/06 15:53:11 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/06 15:53:11 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2008/12/06 15:52:17 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/06 15:49:13 | 00,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2008/12/06 15:47:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2008/12/06 15:47:38 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2008/12/06 15:47:38 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2008/12/06 15:47:18 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/06 15:47:18 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/06 15:47:18 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/06 15:47:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/12/06 15:47:18 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2008/12/06 15:47:18 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2008/12/06 15:47:08 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/06 15:47:08 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/06 15:47:07 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/06 15:47:00 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2008/12/06 15:46:11 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2008/12/06 15:46:11 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2008/12/06 15:46:11 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2008/12/06 15:46:05 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2008/12/06 15:46:00 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2008/12/06 15:45:49 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2008/12/06 15:45:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2008/12/06 15:45:17 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2008/12/06 15:45:15 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2008/12/06 15:45:15 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2008/12/06 15:45:15 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2008/12/06 15:45:15 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2008/12/06 15:45:15 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2008/12/06 15:45:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2008/12/06 15:45:13 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2008/12/06 15:45:13 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2008/12/06 15:45:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/12/06 15:45:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/12/06 15:45:05 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2008/12/06 15:45:05 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2008/12/06 15:45:04 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2008/12/06 15:45:04 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2008/12/06 15:45:04 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2008/12/06 15:45:04 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2008/12/06 15:45:04 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2008/12/06 15:45:03 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2008/12/06 15:45:03 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2008/12/06 15:45:03 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2008/12/06 15:45:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2008/12/06 15:44:59 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2008/12/06 15:44:59 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2008/12/06 15:44:59 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2008/12/06 15:44:59 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2008/12/06 15:44:59 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2008/12/06 15:44:59 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2008/12/06 15:44:59 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2008/12/06 15:44:59 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2008/12/06 15:44:58 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2008/12/06 15:44:58 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2008/12/06 15:44:58 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2008/12/06 15:44:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2008/12/06 15:44:57 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2008/12/06 15:44:54 | 00,725,566 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2008/12/06 15:44:54 | 00,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2008/12/06 15:44:53 | 03,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2008/12/06 15:44:53 | 00,848,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2008/12/06 15:44:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2008/12/06 15:44:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2008/12/06 15:44:51 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2008/12/06 15:44:51 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2008/12/06 15:44:51 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2008/12/06 15:44:50 | 00,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2008/12/06 15:44:50 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2008/12/06 15:44:50 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2008/12/06 15:44:50 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2008/12/06 15:44:50 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2008/12/06 15:44:49 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2008/12/06 15:44:49 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/12/06 15:44:49 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2008/12/06 15:44:49 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2008/12/06 15:44:49 | 00,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2008/12/06 15:44:48 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/12/06 15:44:48 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2008/12/06 15:44:48 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/12/06 15:44:48 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2008/12/06 15:44:48 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/12/06 15:44:48 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2008/12/06 15:44:48 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2008/12/06 15:44:48 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2008/12/06 15:44:48 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2008/12/06 15:44:48 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2008/12/06 15:44:48 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/12/06 15:44:48 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2008/12/06 15:44:48 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2008/12/06 15:44:48 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/12/06 15:44:48 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2008/12/06 15:44:48 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2008/12/06 15:44:47 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/12/06 15:44:47 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2008/12/06 15:44:47 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/12/06 15:44:47 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2008/12/06 15:44:47 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2008/12/06 15:44:47 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2008/12/06 15:44:47 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2008/12/06 15:44:47 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2008/12/06 15:44:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2008/12/06 15:44:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2008/12/06 15:44:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2008/12/06 15:44:45 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2008/12/06 15:44:44 | 04,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2008/12/06 15:44:44 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2008/12/06 15:44:44 | 00,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2008/12/06 15:44:44 | 00,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2008/12/06 15:44:44 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2008/12/06 15:44:43 | 03,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2008/12/06 15:44:43 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2008/12/06 15:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2008/12/06 15:44:41 | 00,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2008/12/06 15:44:41 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2008/12/06 15:44:40 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2008/12/06 15:44:40 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2008/12/06 15:44:40 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2008/12/06 15:44:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2008/12/06 15:44:37 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2008/12/06 15:44:37 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2008/12/06 15:44:37 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2008/12/06 15:44:37 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2008/12/06 15:44:37 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2008/12/06 15:44:37 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2008/12/06 15:44:37 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2008/12/06 15:44:37 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2008/12/06 15:44:37 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2008/12/06 15:44:36 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2008/12/06 15:44:36 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2008/12/06 15:44:34 | 00,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2008/12/06 15:44:34 | 00,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2008/12/06 15:44:34 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2008/12/06 15:44:34 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2008/12/06 15:44:33 | 00,768,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2008/12/06 15:44:33 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2008/12/06 15:44:33 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2008/12/06 15:44:33 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltlib.dll
[2008/12/06 15:44:33 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2008/12/06 15:44:32 | 00,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2008/12/06 15:44:32 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2008/12/06 15:44:32 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2008/12/06 15:44:32 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2008/12/06 15:44:32 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2008/12/06 15:44:32 | 00,124,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltMgr.sys
[2008/12/06 15:44:32 | 00,124,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2008/12/06 15:44:32 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/12/06 15:44:32 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2008/12/06 15:44:32 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2008/12/06 15:44:32 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2008/12/06 15:44:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2008/12/06 15:44:31 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2008/12/06 15:44:31 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2008/12/06 15:44:31 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2008/12/06 15:44:31 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2008/12/06 15:44:30 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2008/12/06 15:44:30 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2008/12/06 15:44:30 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2008/12/06 15:44:30 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2008/12/06 15:44:30 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2008/12/06 15:44:30 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2008/12/06 15:44:30 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2008/12/06 15:44:30 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2008/12/06 15:44:30 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2008/12/06 15:44:30 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2008/12/06 15:44:29 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2008/12/06 15:44:29 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2008/12/06 15:44:29 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2008/12/06 15:44:29 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2008/12/06 15:44:29 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2008/12/06 15:44:28 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2008/12/06 15:44:28 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2008/12/06 15:44:28 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2008/12/06 15:44:28 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2008/12/06 15:44:28 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2008/12/06 15:44:28 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2008/12/06 15:44:28 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2008/12/06 15:44:27 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2008/12/06 15:44:27 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2008/12/06 15:44:27 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2008/12/06 15:44:27 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2008/12/06 15:44:27 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2008/12/06 15:44:27 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2008/12/06 15:44:26 | 00,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2008/12/06 15:44:26 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2008/12/06 15:44:26 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2008/12/06 15:44:26 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2008/12/06 15:44:26 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2008/12/06 15:44:26 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2008/12/06 15:44:26 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2008/12/06 15:44:25 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2008/12/06 15:44:25 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/12/06 15:44:25 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2008/12/06 15:44:25 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2008/12/06 15:44:25 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2008/12/06 15:44:25 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2008/12/06 15:44:24 | 02,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2008/12/06 15:44:24 | 01,311,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2008/12/06 15:44:23 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2008/12/06 15:44:23 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2008/12/06 15:44:23 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2008/12/06 15:44:23 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2008/12/06 15:44:23 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2008/12/06 15:44:23 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2008/12/06 15:44:23 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2008/12/06 15:44:23 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2008/12/06 15:44:22 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2008/12/06 15:44:22 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2008/12/06 15:44:22 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2008/12/06 15:44:22 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2008/12/06 15:44:22 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2008/12/06 15:44:22 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2008/12/06 15:44:22 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2008/12/06 15:44:22 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2008/12/06 15:44:21 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2008/12/06 15:44:21 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2008/12/06 15:44:20 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2008/12/06 15:44:20 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2008/12/06 15:44:20 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2008/12/06 15:44:20 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2008/12/06 15:44:20 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2008/12/06 15:44:20 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2008/12/06 15:44:20 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2008/12/06 15:44:20 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2008/12/06 15:44:19 | 00,561,179 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2008/12/06 15:44:19 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2008/12/06 15:44:19 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2008/12/06 15:44:18 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2008/12/06 15:44:18 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2008/12/06 15:44:18 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2008/12/06 15:44:18 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2008/12/06 15:44:18 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2008/12/06 15:44:18 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2008/12/06 15:44:18 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2008/12/06 15:44:18 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2008/12/06 15:44:17 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2008/12/06 15:44:17 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2008/12/06 15:44:17 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2008/12/06 15:44:17 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2008/12/06 15:44:17 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2008/12/06 15:44:17 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2008/12/06 15:44:17 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2008/12/06 15:44:17 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2008/12/06 15:44:17 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2008/12/06 15:44:17 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2008/12/06 15:44:17 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2008/12/06 15:44:17 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2008/12/06 15:44:17 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2008/12/06 15:44:17 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2008/12/06 15:44:17 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2008/12/06 15:44:17 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2008/12/06 15:44:17 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2008/12/06 15:44:16 | 00,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2008/12/06 15:44:16 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2008/12/06 15:44:16 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2008/12/06 15:44:16 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2008/12/06 15:44:16 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2008/12/06 15:44:15 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2008/12/06 15:44:15 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2008/12/06 15:44:15 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2008/12/06 15:44:15 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2008/12/06 15:44:15 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2008/12/06 15:44:15 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2008/12/06 15:44:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2008/12/06 15:44:15 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2008/12/06 15:44:15 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2008/12/06 15:44:15 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2008/12/06 15:44:15 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2008/12/06 15:44:14 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2008/12/06 15:44:14 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2008/12/06 15:44:14 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2008/12/06 15:44:14 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2008/12/06 15:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2008/12/06 15:44:13 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2008/12/06 15:44:13 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2008/12/06 15:44:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2008/12/06 15:43:44 | 00,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/06 15:43:33 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2008/12/06 15:43:32 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/12/06 15:43:32 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/12/06 15:43:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2008/12/06 15:43:24 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2008/12/06 15:43:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/12/06 15:43:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2008/12/06 15:43:17 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2008/12/06 15:43:16 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2008/12/06 15:43:16 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2008/12/06 15:43:16 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2008/12/06 15:43:15 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2008/12/06 15:43:15 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2008/12/06 15:43:15 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2008/12/06 15:43:14 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2008/12/06 15:43:14 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2008/12/06 15:43:14 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2008/12/06 15:43:14 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2008/12/06 15:43:14 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2008/12/06 15:43:14 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2008/12/06 15:43:13 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2008/12/06 15:43:13 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2008/12/06 15:43:13 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2008/12/06 15:43:13 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2008/12/06 15:43:13 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2008/12/06 15:43:13 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2008/12/06 15:43:13 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2008/12/06 15:43:13 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2008/12/06 15:43:12 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2008/12/06 15:43:12 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2008/12/06 15:43:12 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2008/12/06 15:43:12 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2008/12/06 15:43:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2008/12/06 15:43:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2008/12/06 15:43:12 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2008/12/06 15:43:01 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2008/12/06 15:43:01 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2008/12/06 15:43:00 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2008/12/06 15:43:00 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2008/12/06 15:43:00 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2008/12/06 15:43:00 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2008/12/06 15:43:00 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2008/12/06 15:43:00 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2008/12/06 15:43:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2008/12/06 15:43:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2008/12/06 15:42:54 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/12/06 15:42:54 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/12/06 15:42:54 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/12/06 15:42:54 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/12/06 15:42:53 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/06 15:42:53 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/12/06 15:42:53 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/12/06 15:42:53 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/12/06 15:42:53 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/12/06 15:42:53 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/12/06 15:42:53 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/12/06 15:42:52 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2008/12/06 15:42:52 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2008/12/06 15:42:52 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2008/12/06 15:42:52 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2008/12/06 15:42:52 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2008/12/06 15:42:52 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2008/12/06 15:42:52 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2008/12/06 15:42:52 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2008/12/06 15:42:52 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2008/12/06 15:42:51 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2008/12/06 15:42:51 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2008/12/06 15:42:51 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2008/12/06 15:42:51 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2008/12/06 15:42:51 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2008/12/06 15:42:51 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2008/12/06 15:42:51 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2008/12/06 15:42:50 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2008/12/06 15:42:50 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2008/12/06 15:42:50 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2008/12/06 15:42:50 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2008/12/06 15:42:50 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2008/12/06 15:42:50 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2008/12/06 15:42:50 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2008/12/06 15:42:50 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2008/12/06 15:42:50 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2008/12/06 15:42:50 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2008/12/06 15:42:50 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2008/12/06 15:42:49 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2008/12/06 15:42:49 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2008/12/06 15:42:49 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2008/12/06 15:42:49 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2008/12/06 15:42:49 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2008/12/06 15:42:49 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2008/12/06 15:42:49 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2008/12/06 15:42:49 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2008/12/06 15:42:49 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2008/12/06 15:42:49 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2008/12/06 15:42:49 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2008/12/06 15:42:49 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2008/12/06 15:42:49 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2008/12/06 15:42:49 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2008/12/06 15:42:49 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2008/12/06 15:42:49 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2008/12/06 15:42:49 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2008/12/06 15:42:49 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2008/12/06 15:42:49 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/12/06 15:42:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2008/12/06 15:42:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2008/12/06 15:42:49 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2008/12/06 15:42:48 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2008/12/06 15:42:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2008/12/06 15:42:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2008/12/06 15:42:48 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2008/12/06 15:42:48 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2008/12/06 15:42:48 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2008/12/06 15:42:48 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/12/06 15:42:48 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2008/12/06 15:42:47 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2008/12/06 15:42:47 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2008/12/06 15:42:47 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2008/12/06 15:42:47 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2008/12/06 15:42:47 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2008/12/06 15:42:47 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2008/12/06 15:42:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2008/12/06 15:42:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2008/12/06 15:42:47 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2008/12/06 15:42:47 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2008/12/06 15:42:47 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2008/12/06 15:42:47 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2008/12/06 15:42:47 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2008/12/06 15:42:47 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2008/12/06 15:42:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2008/12/06 15:42:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2008/12/06 15:42:46 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2008/12/06 15:42:43 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2008/12/06 15:42:43 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2008/12/06 15:42:43 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2008/12/06 15:42:42 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2008/12/06 15:42:42 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2008/12/06 15:42:42 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2008/12/06 15:42:42 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2008/12/06 15:42:42 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2008/12/06 15:42:42 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2008/12/06 15:42:42 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2008/12/06 15:42:42 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2008/12/06 15:42:42 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2008/12/06 15:42:41 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2008/12/06 15:42:41 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2008/12/06 15:42:41 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/12/06 15:42:41 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2008/12/06 15:42:41 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2008/12/06 15:42:29 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2008/12/06 15:42:28 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2008/12/06 15:42:27 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2008/12/06 15:42:27 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2008/12/06 15:42:27 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2008/12/06 15:42:27 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2008/12/06 15:42:27 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2008/12/06 15:42:27 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2008/12/06 15:42:27 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2008/12/06 15:42:27 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2008/12/06 15:42:27 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2008/12/06 15:42:26 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2008/12/06 15:42:26 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2008/12/06 15:42:26 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2008/12/06 15:42:26 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2008/12/06 15:42:26 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2008/12/06 15:42:26 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2008/12/06 15:42:26 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2008/12/06 15:42:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2008/12/06 15:42:25 | 00,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2008/12/06 15:42:25 | 00,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2008/12/06 15:42:25 | 00,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/12/06 15:42:25 | 00,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2008/12/06 15:42:25 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2008/12/06 15:42:25 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2008/12/06 15:42:25 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/12/06 15:42:25 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2008/12/06 15:42:25 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/12/06 15:42:25 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2008/12/06 15:42:24 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2008/12/06 15:42:24 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2008/12/06 15:42:24 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2008/12/06 15:42:24 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2008/12/06 15:42:24 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2008/12/06 15:42:24 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2008/12/06 15:42:24 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/12/06 15:42:24 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2008/12/06 15:42:24 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2008/12/06 15:42:24 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2008/12/06 15:42:24 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2008/12/06 15:42:24 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2008/12/06 15:42:24 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2008/12/06 15:42:24 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2008/12/06 15:42:24 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2008/12/06 15:42:24 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2008/12/06 15:42:23 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2008/12/06 15:42:23 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2008/12/06 15:42:23 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2008/12/06 15:42:23 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2008/12/06 15:42:23 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2008/12/06 15:42:23 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2008/12/06 15:42:23 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2008/12/06 15:42:23 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2008/12/06 15:42:23 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2008/12/06 15:42:23 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2008/12/06 15:42:23 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2008/12/06 15:42:23 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2008/12/06 15:42:23 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2008/12/06 15:42:23 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2008/12/06 15:42:23 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2008/12/06 15:42:23 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2008/12/06 15:42:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2008/12/06 15:42:22 | 00,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2008/12/06 15:42:22 | 00,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2008/12/06 15:42:22 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2008/12/06 15:42:22 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2008/12/06 15:42:22 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2008/12/06 15:42:22 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2008/12/06 15:42:22 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2008/12/06 15:42:22 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2008/12/06 15:42:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2008/12/06 15:42:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2008/12/06 15:42:21 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2008/12/06 15:42:21 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2008/12/06 15:42:21 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2008/12/06 15:42:21 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2008/12/06 15:42:21 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2008/12/06 15:42:21 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2008/12/06 15:42:21 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2008/12/06 15:42:21 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2008/12/06 15:42:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2008/12/06 15:42:20 | 01,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2008/12/06 15:42:20 | 01,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2008/12/06 15:42:20 | 00,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2008/12/06 15:42:20 | 00,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2008/12/06 15:42:20 | 00,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2008/12/06 15:42:20 | 00,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2008/12/06 15:42:20 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2008/12/06 15:42:20 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2008/12/06 15:42:19 | 00,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2008/12/06 15:42:19 | 00,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2008/12/06 15:42:18 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2008/12/06 15:42:18 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2008/12/06 15:42:18 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2008/12/06 15:42:18 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2008/12/06 15:42:17 | 00,437,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2008/12/06 15:42:17 | 00,358,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmic.exe
[2008/12/06 15:42:17 | 00,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2008/12/06 15:42:17 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2008/12/06 15:42:17 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2008/12/06 15:42:17 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2008/12/06 15:42:17 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2008/12/06 15:42:17 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2008/12/06 15:42:17 | 00,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2008/12/06 15:42:17 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2008/12/06 15:42:17 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2008/12/06 15:42:17 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2008/12/06 15:42:17 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2008/12/06 15:42:17 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2008/12/06 15:42:16 | 00,530,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2008/12/06 15:42:16 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2008/12/06 15:42:16 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2008/12/06 15:42:16 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2008/12/06 15:42:16 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2008/12/06 15:42:16 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2008/12/06 15:42:16 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2008/12/06 15:42:16 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2008/12/06 15:42:16 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2008/12/06 15:42:16 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2008/12/06 15:42:15 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2008/12/06 15:42:15 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2008/12/06 15:42:15 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2008/12/06 15:42:15 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\policman.dll
[2008/12/06 15:42:15 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2008/12/06 15:42:15 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2008/12/06 15:42:15 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2008/12/06 15:42:14 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2008/12/06 15:42:14 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2008/12/06 15:42:14 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2008/12/06 15:42:14 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2008/12/06 15:42:14 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2008/12/06 15:42:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2008/12/06 15:42:13 | 01,352,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2008/12/06 15:42:13 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2008/12/06 15:42:13 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2008/12/06 15:42:13 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2008/12/06 15:42:13 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2008/12/06 15:42:13 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2008/12/06 15:42:13 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2008/12/06 15:42:12 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2008/12/06 15:42:12 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2008/12/06 15:42:07 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/12/06 15:42:06 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/12/06 15:42:05 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2008/12/06 15:35:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2008/12/06 15:35:23 | 00,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/12/06 15:34:37 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\UAGP35.SYS
[2008/12/06 15:33:38 | 00,356,120 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/06 15:33:38 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/06 15:33:38 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2008/12/06 15:33:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2008/12/06 15:33:37 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2008/12/06 15:33:36 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2008/12/06 15:33:36 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2008/12/06 15:33:35 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2008/12/06 15:33:35 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2008/12/06 15:33:35 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2008/12/06 15:33:34 | 00,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2008/12/06 15:33:34 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2008/12/06 15:33:34 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2008/12/06 15:33:34 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2008/12/06 15:33:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2008/12/06 15:33:33 | 00,000,000 | R--D | C] -- C:\Program Files
[2008/12/06 15:33:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2008/12/06 15:33:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2008/12/06 15:33:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2008/12/06 15:33:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2008/12/06 15:33:32 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2008/12/06 15:33:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2008/12/06 15:33:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2008/12/06 15:33:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2008/12/06 15:33:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2008/12/06 15:33:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2008/12/06 15:33:27 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2008/12/06 15:33:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2008/12/06 15:33:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2008/12/06 15:33:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2008/12/06 15:33:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2008/12/06 15:33:22 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2008/12/06 15:33:22 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2008/12/06 15:33:22 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2008/12/06 15:33:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2008/12/06 15:33:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2008/12/06 15:33:16 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2008/12/06 15:33:16 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2008/12/06 15:33:16 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2008/12/06 15:33:16 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2008/12/06 15:33:16 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2008/12/06 15:33:15 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2008/12/06 15:33:15 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2008/12/06 15:33:14 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2008/12/06 15:33:14 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/12/06 15:33:14 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2008/12/06 15:33:14 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/12/06 15:33:13 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2008/12/06 15:33:12 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2008/12/06 15:33:05 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/06 15:33:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/06 15:33:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/06 15:32:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2008/12/06 15:32:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2008/12/06 15:32:45 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/12/06 15:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2008/12/06 15:32:22 | 00,091,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/06 15:31:34 | 00,000,281 | RHS- | C] () -- C:\boot.ini
[2008/12/06 15:31:31 | 00,000,288 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/12/06 15:26:51 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2008/12/06 15:26:51 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2008/12/06 15:26:51 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2008/12/06 15:26:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2008/12/06 15:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2008/12/26 16:25:20 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TEJAS\Desktop\OTListIt2.exe
[2008/12/26 16:07:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/26 16:07:24 | 53,620,3264 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/26 16:07:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/24 21:09:02 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\TEJAS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/23 18:30:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/19 11:04:16 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\TEJAS\Desktop\RSIT.exe
[2008/12/19 10:40:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/19 10:40:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/19 10:29:34 | 00,091,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/19 10:26:44 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\TEJAS\Desktop\Flash_Disinfector.exe
[2008/12/18 12:48:54 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/18 11:01:42 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/12/18 10:48:32 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/18 10:20:50 | 02,884,875 | R--- | M] () -- C:\Documents and Settings\TEJAS\Desktop\ComboFix.exe
[2008/12/16 22:02:04 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/12/16 22:02:04 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/16 22:02:04 | 00,086,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/16 21:59:06 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/12/16 21:59:06 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2008/12/16 21:59:06 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/12/16 21:59:06 | 00,001,416 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2008/12/16 21:59:00 | 30,320,250 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/16 21:59:00 | 00,098,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/12/16 21:59:00 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/12/16 19:55:32 | 00,000,599 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eBoostr Control Panel.lnk
[2008/12/16 18:21:54 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System\LP.alp
[2008/12/16 18:21:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System\lpter.lpa
[2008/12/16 17:59:26 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll
[2008/12/16 17:59:26 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uxtheme.dll
[2008/12/16 17:59:18 | 00,155,418 | ---- | M] () -- C:\WINDOWS\Uninstall.exe
[2008/12/15 19:42:10 | 00,000,123 | ---- | M] () -- C:\WINDOWS\rootkitno.ini
[2008/12/15 19:39:30 | 05,895,224 | -H-- | M] () -- C:\Documents and Settings\TEJAS\Local Settings\Application Data\IconCache.db
[2008/12/15 19:35:06 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/15 19:35:06 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/12/15 19:35:06 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2008/12/13 20:28:12 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\TEJAS\Desktop\HijackThis.lnk
[2008/12/13 20:02:18 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/12 23:03:24 | 03,060,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 23:03:24 | 03,060,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 17:30:58 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/09 17:30:58 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/09 17:30:56 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/08 17:54:14 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System\LP.ppp
[2008/12/08 17:54:14 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System\LP.lpp
[2008/12/08 17:54:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System\lpren.lpa
[2008/12/08 17:54:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System\lpdelf.lpa
[2008/12/08 17:54:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System\lpdel.lpa
[2008/12/07 18:53:02 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/12/07 18:50:20 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/07 18:50:16 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/07 18:50:16 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/07 18:50:10 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/07 18:49:32 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2008/12/07 18:49:32 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2008/12/07 18:49:28 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2008/12/07 18:49:28 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2008/12/07 18:49:28 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2008/12/07 18:49:28 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2008/12/07 18:49:28 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2008/12/07 18:49:28 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2008/12/07 18:48:40 | 00,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/07 18:47:52 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2008/12/07 18:42:28 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/07 18:42:28 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/07 12:50:22 | 00,000,429 | ---- | M] () -- C:\Documents and Settings\TEJAS\Desktop\Google Talk Received Files.lnk
[2008/12/06 20:12:08 | 00,505,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2008/12/06 20:12:08 | 00,353,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/12/06 19:22:38 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/12/06 19:13:46 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\TEJAS\Desktop\SmartMovie Converter.lnk
[2008/12/06 19:02:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/12/06 18:58:38 | 00,000,573 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2008/12/06 18:58:08 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/06 15:54:20 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\TEJAS\My Documents\desktop.ini
[2008/12/06 15:47:24 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\TEJAS\Start Menu\Programs\Startup\desktop.ini
[2008/12/06 15:47:20 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/06 15:47:20 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/06 15:47:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2008/12/06 15:47:20 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/06 15:47:20 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/06 15:43:34 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/12/06 15:43:34 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2008/12/06 15:33:06 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\TEJAS\Application Data\desktop.ini
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >











OTListIt Extras logfile created on: 12/26/2008 4:26:05 PM - Run
OTListIt2 by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\TEJAS\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 177.19 Mb Available Physical Memory | 34.66% Memory free
1.22 Gb Paging File | 0.86 Gb Available in Paging File | 70.25% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 10.87 Gb Free Space | 58.35% Space Free | Partition Type: FAT32
Drive D: | 18.62 Gb Total Space | 10.77 Gb Free Space | 57.83% Space Free | Partition Type: FAT32
Drive E: | 18.62 Gb Total Space | 2.04 Gb Free Space | 10.94% Space Free | Partition Type: FAT32
Drive F: | 18.66 Gb Total Space | 1.08 Gb Free Space | 5.81% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEJAS-E24B21BE1
Current User Name: TEJAS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/03/31 12:14:10 | 02,102,568 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/01/02 02:52:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2008/03/31 12:14:10 | 02,102,568 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0
[2004/03/20 06:54:04 | 00,086,016 | ---- | M] (Valve) -- E:\Program Files\Counter Strike - Condition Zero (Ultimate Edition)\czero.exe:*:Enabled:Condition Zero Launcher
[2004/02/10 12:30:44 | 00,081,920 | ---- | M] (Valve) -- E:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher
[2008/12/16 21:58:54 | 00,638,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
[2008/12/16 21:58:54 | 00,874,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/12/16 21:58:54 | 00,652,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/12/16 21:58:56 | 00,408,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG8Uninstall" = AVG 8.0
"CCleaner" = CCleaner (remove only)
"eBoostr 1" = eBoostr 2
"FLV Player1.33" = FLV Player
"Glary Utilities_is1" = Glary Utilities 2.6.1
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder Audio Edition" = MediaCoder Audio Edition 0.6.2
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"SmartMovie Converter" = SmartMovie Converter
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"Total Video Converter 3.10_is1" = Total Video Converter 3.10
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sev7n Inspirat pack 2.0 by EuMAX" = Sev7n Inspirat pack 2.0 by EuMAX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1004336348-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sev7n Inspirat pack 2.0 by EuMAX" = Sev7n Inspirat pack 2.0 by EuMAX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2008 12:30:47 PM | Computer Name = TEJAS-E24B21BE1 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.

Error - 12/16/2008 12:36:09 PM | Computer Name = TEJAS-E24B21BE1 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.

Error - 12/18/2008 11:14:03 AM | Computer Name = TEJAS-E24B21BE1 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.

Error - 12/18/2008 11:14:41 AM | Computer Name = TEJAS-E24B21BE1 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.

Error - 12/18/2008 11:14:44 AM | Computer Name = TEJAS-E24B21BE1 | Source = Application Error | ID = 1001
Description = Fault bucket 999235320.

Error - 12/18/2008 11:15:01 AM | Computer Name = TEJAS-E24B21BE1 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.

Error - 12/19/2008 1:15:26 AM | Computer Name = TEJAS-E24B21BE1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2008 6:27:07 AM | Computer Name = TEJAS-E24B21BE1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2008 7:02:25 AM | Computer Name = TEJAS-E24B21BE1 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2008 7:02:29 AM | Computer Name = TEJAS-E24B21BE1 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/25/2008 10:27:20 AM | Computer Name = TEJAS-E24B21BE1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%3

Error - 12/25/2008 10:31:26 AM | Computer Name = TEJAS-E24B21BE1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%3

Error - 12/25/2008 10:37:36 AM | Computer Name = TEJAS-E24B21BE1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%3

Error - 12/26/2008 6:26:26 AM | Computer Name = TEJAS-E24B21BE1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%3

Error - 12/26/2008 6:29:15 AM | Computer Name = TEJAS-E24B21BE1 | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%3


< End of report >



These are the LOGS you needed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users