Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server infected with Virtumonde


  • This topic is locked This topic is locked
34 replies to this topic

#1 pkscoach

pkscoach

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 13 December 2008 - 09:23 PM

My school is rebuilding its e-mail and file server after a hardware crash. We had to reformat the hard drives and reinstall Windows Server 2003. While our consultant was helping us to rebuild and reinstall, he was using the web before we had reinstalled our antivirus software. Unfortunately, the server became infected with Virtumonde. I have tried using Spybot S&D and Malwarebytes Anti-Malware, but the infection is persistent.

I have tried running the RSIT, but it crashes, perhaps because every file on the server was created or restored from a backup during the last week or so.

I am including the Hijackthis log. I would appreciate any help I can receive in eliminating this infection. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:26 PM, on 12/13/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\Program Files\RealVNC\VNC4\WinVNC4.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
D:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Exchsrvr\bin\store.exe
D:\Program Files\Exchsrvr\bin\emsmta.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {0250FEC4-B19E-438A-A99A-7BEEBA1EC703} - C:\WINDOWS\system32\opnMDSjg.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccyvSLB.dll
O2 - BHO: (no name) - {BFC34026-8F5E-48F0-83A0-88540153DE1F} - C:\WINDOWS\system32\urqQjjhf.dll (file missing)
O2 - BHO: (no name) - {F0EC42A8-DFAF-4FA7-BD3A-8ED8AF9EC64C} - (no file)
O2 - BHO: (no name) - {F60C77EF-8B13-4BC3-828D-1592DCF0DD61} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: MozyPro Status.lnk = C:\Program Files\MozyPro\mozyprostat.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - ESC Trusted Zone: http://h20000.www2.hp.com
O15 - ESC Trusted Zone: http://h20180.www2.hp.com
O15 - ESC Trusted Zone: http://www.hp.com
O15 - ESC Trusted Zone: http://www.lavasoft.com
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://*.mozy.com
O15 - ESC Trusted Zone: http://www.mozypro.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.ntfsundelete.com
O15 - ESC Trusted Zone: http://hjt-data.trendmicro.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://follettsoftware.webex.com/client/T2...ort/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MASON-PREP.local
O17 - HKLM\Software\..\Telephony: DomainName = MASON-PREP.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{51776A4C-154C-4D54-BEAA-454246FDC0AF}: NameServer = 172.18.1.12,172.18.1.30
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MASON-PREP.local
O20 - Winlogon Notify: fccyvSLB - C:\WINDOWS\SYSTEM32\fccyvSLB.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: MozyPro Backup Service (mozyprobackup) - Unknown owner - C:\Program Files\MozyPro\mozyprobackup.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - d:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 5758 bytes

Edited by pkscoach, 13 December 2008 - 09:24 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 20 December 2008 - 09:40 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 pkscoach

pkscoach
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 21 December 2008 - 06:48 AM

Thanks in advance for your help. I have attached the three text files.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 21 December 2008 - 12:35 PM

Hello pkscoach.

I can see the Kaspersky scan fairly well, but the OTViewIT and Extra.txt is very difficult to see when you attach it. Please instead post it back in this topic. I will analyze it once it comes back.

Post back with:
-OTViewIT.txt log
-Extra.txt log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 pkscoach

pkscoach
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 21 December 2008 - 01:35 PM

Here's the OTViewIt log (Extras log will be in another reply)

OTViewIt logfile created on: 12/20/2008 11:00:14 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrator.MASON-PREP\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.28 Gb Available Physical Memory | 14.09% Memory free
3.86 Gb Paging File | 2.26 Gb Available in Paging File | 58.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.99 Gb Total Space | 11.72 Gb Free Space | 58.60% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 13.44 Gb Free Space | 53.77% Space Free | Partition Type: NTFS
Drive E: | 56.74 Gb Total Space | 7.62 Gb Free Space | 13.44% Space Free | Partition Type: NTFS
Drive F: | 565.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 20.00 Gb Total Space | 11.75 Gb Free Space | 58.76% Space Free | Partition Type: NTFS
Drive Z: | 34.46 Gb Total Space | 6.19 Gb Free Space | 17.95% Space Free | Partition Type: NTFS

Computer Name: ES1
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2007/02/17 02:23:46 | 00,316,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certsrv.exe
[2008/06/20 08:38:27 | 00,447,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
[2001/12/03 10:47:34 | 01,105,920 | ---- | M] () -- e:\Faircom\Ctsrvr.exe
[2007/02/17 03:19:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
[2008/11/16 23:27:44 | 00,087,352 | ---- | M] () -- C:\Program Files\MozyPro\mozyprobackup.exe
[2007/02/10 05:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[2008/12/10 21:25:13 | 00,554,312 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
[2007/02/17 04:00:02 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
[2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
[2006/05/12 15:04:08 | 00,439,248 | ---- | M] (RealVNC Ltd.) -- d:\Program Files\RealVNC\VNC4\winvnc4.exe
[2005/08/25 19:10:02 | 03,217,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Exchsrvr\bin\exmgmt.exe
[2005/08/25 19:10:14 | 08,920,064 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Exchsrvr\bin\mad.exe
[2005/08/17 17:41:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
[2007/02/17 04:09:46 | 00,207,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/02/17 04:09:46 | 00,207,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2005/10/04 21:17:18 | 05,227,520 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Exchsrvr\bin\store.exe
[2005/08/25 18:34:34 | 03,592,704 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Exchsrvr\bin\emsmta.exe
[2007/02/17 04:08:14 | 00,007,168 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\inetsrv\w3wp.exe
[2007/02/17 03:31:48 | 00,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
[2007/02/17 03:57:48 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/02/17 03:57:48 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/02/17 04:08:14 | 00,007,168 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\inetsrv\w3wp.exe
[2007/02/17 03:55:16 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
[2008/11/16 23:27:48 | 02,954,552 | ---- | M] () -- C:\Program Files\MozyPro\mozyprostat.exe
[2007/02/17 03:41:36 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/12/20 22:49:38 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/02/17 02:23:46 | 00,316,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certsrv.exe -- (CertSvc [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/02/17 02:50:02 | 00,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs [On_Demand | Stopped])
[2008/06/20 08:38:27 | 00,447,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe -- (DNS [Auto | Running])
[2001/12/03 10:47:34 | 01,105,920 | ---- | M] () -- e:\Faircom\Ctsrvr.exe -- (FairCom Server [Auto | Running])
[2007/02/17 03:19:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
[2007/02/17 03:19:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc [Disabled | Stopped])
[2007/02/17 03:20:52 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ [Disabled | Stopped])
[2007/02/18 00:30:26 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService [Disabled | Stopped])
[2008/11/16 23:27:44 | 00,087,352 | ---- | M] () -- C:\Program Files\MozyPro\mozyprobackup.exe -- (mozyprobackup [Auto | Running])
[2003/06/24 02:00:00 | 00,094,720 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES [On_Demand | Stopped])
[2005/10/04 21:17:18 | 05,227,520 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS [Auto | Running])
[2005/08/25 19:10:02 | 03,217,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT [Auto | Running])
[2005/08/25 18:34:34 | 03,592,704 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA [Auto | Running])
[2005/08/25 19:10:14 | 08,920,064 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA [Auto | Running])
[2005/08/25 18:29:52 | 00,339,456 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS [Disabled | Stopped])
[2005/08/17 17:41:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH [Auto | Running])
[2007/02/10 05:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$FE_EXPRESS [Auto | Running])
[2005/10/14 02:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2007/02/17 03:19:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc [Auto | Running])
[2008/12/10 21:25:13 | 00,554,312 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe -- (NOD32krn [Auto | Running])
[2007/02/17 03:41:50 | 00,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs [On_Demand | Stopped])
[2007/02/17 03:19:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc [Disabled | Stopped])
[2007/02/17 03:19:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc [Auto | Running])
[2007/02/17 03:55:56 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv [On_Demand | Stopped])
[2007/02/17 03:19:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
[2007/02/17 04:00:02 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])
[2005/03/25 07:00:00 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2007/02/17 04:07:00 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis [Disabled | Stopped])
[2007/02/17 04:08:32 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2007/02/18 00:36:40 | 00,352,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vds.exe -- (vds [On_Demand | Stopped])
[2006/05/12 15:04:08 | 00,439,248 | ---- | M] (RealVNC Ltd.) -- d:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4 [Auto | Running])

========== Driver Services ==========

[2007/02/17 02:17:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdide.sys -- (AmdIde [Disabled | Stopped])
[2008/12/10 21:25:13 | 00,511,832 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
[2007/02/17 02:17:16 | 00,043,520 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2005/03/24 12:55:32 | 00,343,424 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad [On_Demand | Running])
[2007/02/17 02:31:14 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk [Disabled | Stopped])
[2005/03/25 07:00:00 | 00,018,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\cpqcissm.sys -- (cpqcissm [Boot | Running])
[2007/02/17 02:34:58 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2007/02/17 02:49:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver [Boot | Running])
[2005/08/25 17:29:06 | 00,196,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS [Auto | Running])
[2007/02/17 03:14:30 | 00,023,552 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\drivers\hpcisss.sys -- (hpcisss [Disabled | Stopped])
[2008/11/16 23:26:48 | 00,053,752 | ---- | M] (Mozy, Inc.) -- C:\WINDOWS\system32\drivers\mozypro.sys -- (mozyproFilter [System | Running])
[2008/12/10 21:25:13 | 00,015,160 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
[2007/02/17 03:54:52 | 00,020,480 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/10/14 06:16:02 | 00,187,392 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\q57xp32.sys -- (q57w2k [On_Demand | Running])
[2007/11/13 04:32:23 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/06/14 09:28:46 | 00,047,616 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi [Boot | Running])
[2007/02/17 04:09:26 | 00,169,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=res://shdoclc.dll/hardAdmin.htm
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=res://shdoclc.dll/hardAdmin.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-527092320-2894702886-4000598744-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=res://shdoclc.dll/hardAdmin.htm
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=res://shdoclc.dll/hardAdmin.htm

[HKEY_USERS\S-1-5-21-527092320-2894702886-4000598744-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-527092320-2894702886-4000598744-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (289917 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
9986 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06C9F210-EF4E-471C-B9EE-14CF9575DBCF} (HKLM) -- C:\WINDOWS\system32\opnMDSjg.dll File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (HKLM) -- C:\WINDOWS\system32\fccyvSLB.dll ()
{BFC34026-8F5E-48F0-83A0-88540153DE1F} (HKLM) -- C:\WINDOWS\system32\urqQjjhf.dll File not found
{F0EC42A8-DFAF-4FA7-BD3A-8ED8AF9EC64C} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{F60C77EF-8B13-4BC3-828D-1592DCF0DD61} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-527092320-2894702886-4000598744-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008/11/16 23:27:48 | 02,954,552 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro\mozyprostat.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"ShowSuperHidden"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-527092320-2894702886-4000598744-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-527092320-2894702886-4000598744-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: https://follettsoftware.webex.com/client/T2...ort/ieatgpc.cab -- GpcContainer Class

========== (O17) DNS Name Servers ==========

{51776A4C-154C-4D54-BEAA-454246FDC0AF} (Servers: 172.18.1.12,172.18.1.30 | Description: HP NC7781 Gigabit Server Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
fccyvSLB: "DllName" = fccyvSLB.dll -- C:\WINDOWS\system32\fccyvSLB.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" (HKLM) -- C:\WINDOWS\system32\fccyvSLB.dll ()

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\opnMDSjg,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/12/03 10:03:27 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[AutoRun] | open=setup.exe | icon=setup.exe,0 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |  | ]
[2005/03/25 07:00:00 | 00,000,110 | R--- | M] () -- F:\AUTORUN.INF -- [ CDFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{350be7a8-c150-11dd-a6be-ceab7a80ff1f}\Shell\AutoRun\command]
""=H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{350be7a8-c150-11dd-a6be-ceab7a80ff1f}\Shell\open\command]
""=H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d313624-c153-11dd-8db9-001321c9155b}\Shell\AutoRun\command]
""=G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d313624-c153-11dd-8db9-001321c9155b}\Shell\open\command]
""=G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c23f27e4-c156-11dd-ae4f-001321c9155b}\Shell\AutoRun\command]
""=G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c23f27e4-c156-11dd-ae4f-001321c9155b}\Shell\open\command]
""=G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2008/12/20 22:59:44 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\OTViewIt.exe
[2008/12/16 20:31:20 | 00,000,438 | -HS- | C] () -- C:\WINDOWS\System32\gjSDMnpo.ini
[2008/12/16 20:31:20 | 00,000,422 | -HS- | C] () -- C:\WINDOWS\System32\gjSDMnpo.ini2
[2008/12/15 09:14:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MASON-PREP\My Documents\Exchange Task Wizard Logs
[2008/12/14 22:15:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Follett Applications
[2008/12/14 22:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Follett
[2008/12/13 20:52:52 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/13 17:13:43 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\HijackThis.lnk
[2008/12/13 17:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/13 16:54:33 | 00,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081213-165433.backup
[2008/12/13 16:42:42 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\fllepo.dll
[2008/12/13 16:42:40 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\scsajeqi.dll
[2008/12/13 16:39:40 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\rjrjsesw.dll
[2008/12/13 12:14:20 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\zsrfiz.dll
[2008/12/13 12:14:18 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\jkwmsosj.dll
[2008/12/12 23:45:23 | 00,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/12 23:14:50 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/12 23:14:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/12 23:14:35 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\jabxll.dll
[2008/12/12 22:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MASON-PREP\Application Data\Malwarebytes
[2008/12/12 22:16:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/12 22:16:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/12 22:16:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/12 22:16:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/12 20:36:33 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\vxkaqp.dll
[2008/12/12 20:21:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/12/12 14:07:46 | 00,001,373 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\Active Directory Users and Computers.lnk
[2008/12/11 18:47:41 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\Services.lnk
[2008/12/11 14:06:26 | 00,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\BMC Manual backup (FE_MASON).job
[2008/12/11 14:01:58 | 00,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\BMC Scheduled backup (FE_MASON).job
[2008/12/11 11:57:20 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\ctsrmc.dll
[2008/12/11 10:19:24 | 00,000,000 | ---D | C] -- C:\Install
[2008/12/11 08:48:18 | 00,016,344 | ---- | C] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2008/12/10 22:49:49 | 00,000,310 | ---- | C] () -- C:\WINDOWS\tasks\pbowxkkl.job
[2008/12/10 22:49:48 | 00,067,072 | ---- | C] (ESET) -- C:\WINDOWS\System32\ljJYQKbY.dll
[2008/12/10 21:26:19 | 00,511,832 | ---- | C] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys
[2008/12/10 21:26:19 | 00,015,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008/12/10 21:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2008/12/10 19:53:42 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/10 19:53:41 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/12/10 19:53:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/10 19:53:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/10 16:39:27 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\NTFS Undelete.lnk
[2008/12/10 08:15:15 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\blkcoexl.dll
[2008/12/09 16:50:26 | 00,074,023 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\IMFAM-2.0.5.zip
[2008/12/09 15:53:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Application Data\Help
[2008/12/09 15:53:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MASON-PREP\Application Data\Help
[2008/12/09 15:32:49 | 00,000,000 | ---D | C] -- C:\Follett
[2008/12/09 10:18:45 | 00,032,137 | ---- | C] () -- C:\WINDOWS\System32\schmmgmt.msc
[2008/12/09 00:40:19 | 00,868,655 | -HS- | C] () -- C:\WINDOWS\System32\fhjjQqru.ini
[2008/12/08 13:02:10 | 00,001,435 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\certnew.cer
[2008/12/08 12:50:32 | 00,001,143 | ---- | C] () -- C:\es1.MASON-PREP.local_ES1CA.crt
[2008/12/08 12:50:27 | 00,506,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenria64.dll
[2008/12/08 12:50:27 | 00,174,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenrx86.dll
[2008/12/08 12:50:27 | 00,067,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdw2k.dll
[2008/12/08 12:50:27 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certenc.dll
[2008/12/08 12:50:27 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certenc.dll
[2008/12/08 12:50:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CertLog
[2008/12/08 12:12:33 | 00,000,310 | ---- | C] () -- C:\WINDOWS\tasks\mjpzqewc.job
[2008/12/08 11:54:27 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\lqbmbkxx.job
[2008/12/08 11:53:55 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\fccyvSLB.dll
[2008/12/07 22:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\NTFS Undelete
[2008/12/07 20:55:22 | 00,001,316 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Faculty Access for the Web.lnk
[2008/12/07 20:54:58 | 00,000,000 | ---D | C] -- C:\Program Files\Blackbaud
[2008/12/07 20:54:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/12/07 20:53:30 | 12,602,669 | ---- | C] () -- C:\faw777.exe
[2008/12/06 21:52:37 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EE Release Notes.lnk
[2008/12/06 21:52:37 | 00,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Education Edge.lnk
[2008/12/06 21:52:37 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blackbaud Management Console SQL.lnk
[2008/12/06 21:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blackbaud
[2008/12/06 21:40:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2008/12/06 21:40:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2008/12/06 21:39:48 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2008/12/06 21:36:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MASON-PREP\Application Data\InstallShield
[2008/12/06 21:36:10 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2008/12/06 21:36:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2008/12/06 21:35:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Business Objects
[2008/12/06 21:35:39 | 00,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2008/12/06 21:35:34 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/12/06 21:33:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2008/12/06 20:31:48 | 00,001,592 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\Event Viewer.lnk
[2008/12/06 20:26:27 | 00,000,685 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\System Manager.lnk
[2008/12/06 11:15:35 | 00,001,200 | -H-- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\My Documents\Default.rdp
[2008/12/06 11:15:33 | 00,001,485 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\Remote Desktop Connection.lnk
[2008/12/05 14:02:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Easy Assist
[2008/12/05 14:02:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/12/05 14:02:06 | 02,874,184 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\EASetup.exe
[2008/12/05 12:05:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2008/12/05 09:46:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/12/05 09:45:23 | 00,016,344 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/05 09:15:56 | 00,000,000 | ---D | C] -- C:\Temp
[2008/12/04 15:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2008/12/04 14:17:41 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2008/12/04 13:37:06 | 00,447,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dns.exe
[2008/12/04 13:37:06 | 00,447,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dns.exe
[2008/12/04 13:37:06 | 00,256,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswsock.dll
[2008/12/04 13:37:06 | 00,256,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2008/12/04 13:05:19 | 00,000,363 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/04 13:04:54 | 17,318,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/04 13:03:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/04 13:03:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/12/04 13:03:24 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/04 13:03:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/04 13:03:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/03 13:44:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MASON-PREP\Application Data\U3
[2008/12/03 13:02:42 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk
[2008/12/03 13:02:41 | 00,053,752 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\mozypro.sys
[2008/12/03 13:02:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2008/12/03 13:02:41 | 00,000,000 | ---D | C] -- C:\Program Files\MozyPro
[2008/12/03 12:17:48 | 00,000,147 | ---- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Application Data\fusioncache.dat
[2008/12/03 12:17:27 | 00,002,624 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2008/12/03 12:16:23 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\exifsmsg.dll
[2008/12/03 12:12:24 | 00,196,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\exifs.sys
[2008/12/03 12:11:55 | 01,210,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmsui32.dll
[2008/12/03 12:11:55 | 00,527,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfs32.dll
[2008/12/03 12:11:55 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfmig32.dll
[2008/12/03 12:11:54 | 00,559,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\emsuix32.dll
[2008/12/03 12:11:54 | 00,126,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\emsui32.dll
[2008/12/03 12:11:54 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gapi32.dll
[2008/12/03 12:11:54 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\libxds.dll
[2008/12/03 12:11:53 | 00,980,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\emsmdb32.dll
[2008/12/03 12:11:53 | 00,354,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dapi.dll
[2008/12/03 12:11:53 | 00,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\emsabp32.dll
[2008/12/03 12:11:53 | 00,032,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\edbbcli.dll
[2008/12/03 12:11:52 | 00,491,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspst32.dll
[2008/12/03 12:11:52 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapisp32.exe
[2008/12/03 12:11:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Integration
[2008/12/03 12:01:48 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seos.dll
[2008/12/03 12:01:48 | 00,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/12/03 12:01:48 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpctrs.dll
[2008/12/03 12:01:48 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpctrs.dll
[2008/12/03 12:01:48 | 00,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2008/12/03 12:01:48 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snprfdll.dll
[2008/12/03 12:01:48 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snprfdll.dll
[2008/12/03 12:01:47 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqadmin.dll
[2008/12/03 12:01:47 | 00,026,417 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rfeed.vbs
[2008/12/03 12:01:47 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regtrace.exe
[2008/12/03 12:01:47 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regtrace.exe
[2008/12/03 12:01:47 | 00,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2008/12/03 12:01:47 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nntpctrs.dll
[2008/12/03 12:01:47 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpctrs.dll
[2008/12/03 12:01:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isrpc.dll
[2008/12/03 12:01:47 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiisex.dll
[2008/12/03 12:01:47 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiisex.dll
[2008/12/03 12:01:47 | 00,006,331 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rsess.vbs
[2008/12/03 12:01:47 | 00,005,523 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.h
[2008/12/03 12:01:47 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/12/03 12:01:47 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2008/12/03 12:01:46 | 00,011,781 | ---- | C] () -- C:\WINDOWS\System32\dllcache\regfilt.vbs
[2008/12/03 12:01:46 | 00,010,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rexpire.vbs
[2008/12/03 12:01:46 | 00,003,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rcancel.vbs
[2008/12/03 11:54:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2008/12/03 11:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2008/12/03 11:35:58 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2008/12/03 11:35:54 | 00,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2008/12/03 11:35:54 | 00,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/12/03 11:35:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2008/12/03 11:35:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2008/12/03 11:35:18 | 00,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/12/03 11:35:18 | 00,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/12/03 11:35:18 | 00,009,709 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_iis_switch.vbs
[2008/12/03 11:35:18 | 00,008,537 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2008/12/03 11:35:18 | 00,002,114 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2008/12/03 11:35:18 | 00,001,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusweb.vbs
[2008/12/03 11:35:17 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2008/12/03 11:35:17 | 00,060,121 | ---- | C] () -- C:\WINDOWS\System32\IIsFtp.vbs
[2008/12/03 11:35:17 | 00,060,121 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisftp.vbs
[2008/12/03 11:35:17 | 00,035,074 | ---- | C] () -- C:\WINDOWS\System32\iisback.vbs
[2008/12/03 11:35:17 | 00,035,074 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisback.vbs
[2008/12/03 11:35:17 | 00,034,604 | ---- | C] () -- C:\WINDOWS\System32\iisvdir.vbs
[2008/12/03 11:35:17 | 00,034,604 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisvdir.vbs
[2008/12/03 11:35:17 | 00,034,518 | ---- | C] () -- C:\WINDOWS\System32\iisext.vbs
[2008/12/03 11:35:17 | 00,034,518 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisext.vbs
[2008/12/03 11:35:17 | 00,032,887 | ---- | C] () -- C:\WINDOWS\System32\IIsFtpdr.vbs
[2008/12/03 11:35:17 | 00,032,887 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisftpdr.vbs
[2008/12/03 11:35:17 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoadmn.dll
[2008/12/03 11:35:17 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2008/12/03 11:35:17 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/12/03 11:35:17 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoctrs.dll
[2008/12/03 11:35:17 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2008/12/03 11:35:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll
[2008/12/03 11:35:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2008/12/03 11:35:17 | 00,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2008/12/03 11:35:16 | 00,035,006 | ---- | C] () -- C:\WINDOWS\System32\dnsmgmt.msc
[2008/12/03 11:35:16 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2008/12/03 11:35:16 | 00,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2008/12/03 11:35:16 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmptrap.exe
[2008/12/03 11:35:16 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2008/12/03 11:35:16 | 00,006,642 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.h
[2008/12/03 11:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dns
[2008/12/03 11:35:15 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2008/12/03 11:35:15 | 00,004,411 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2008/12/03 11:35:14 | 00,022,462 | ---- | C] () -- C:\WINDOWS\System32\rfc2571.mib
[2008/12/03 11:35:13 | 00,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2008/12/03 11:35:13 | 00,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2008/12/03 11:35:13 | 00,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2008/12/03 11:35:13 | 00,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2008/12/03 11:35:13 | 00,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2008/12/03 11:35:13 | 00,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2008/12/03 11:35:12 | 00,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2008/12/03 11:35:12 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2008/12/03 11:35:12 | 00,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2008/12/03 11:35:12 | 00,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2008/12/03 11:35:12 | 00,021,271 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2008/12/03 11:35:12 | 00,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2008/12/03 11:35:12 | 00,015,032 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2008/12/03 11:35:12 | 00,014,032 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2008/12/03 11:35:12 | 00,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2008/12/03 11:35:12 | 00,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2008/12/03 11:35:12 | 00,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2008/12/03 11:35:11 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hostmib.dll
[2008/12/03 11:35:11 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2008/12/03 11:35:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpmib.dll
[2008/12/03 11:35:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2008/12/03 11:34:04 | 00,000,000 | ---D | C] -- C:\Inetpub
[2008/12/03 11:29:14 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2008/12/03 11:19:27 | 02,535,598 | -H-- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Application Data\IconCache.db
[2008/12/03 11:17:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Application Data\ApplicationHistory
[2008/12/03 11:17:31 | 00,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpcdll.dll
[2008/12/03 11:17:31 | 00,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2008/12/03 11:17:17 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\whsbrand.dll
[2008/12/03 11:17:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\adam
[2008/12/03 11:17:15 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipmidrv.sys
[2008/12/03 11:17:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ipmi
[2008/12/03 11:17:13 | 00,152,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/12/03 11:17:13 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nv_agp.sys
[2008/12/03 11:17:13 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/12/03 11:17:13 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/12/03 11:17:13 | 00,043,520 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\arc.sys
[2008/12/03 11:17:13 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/12/03 11:17:13 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdide.sys
[2008/12/03 11:17:12 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfscommonuifx.dll
[2008/12/03 11:17:12 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/12/03 11:17:12 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uliagpkx.sys
[2008/12/03 11:17:12 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys
[2008/12/03 11:17:12 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aelupsvc.dll
[2008/12/03 11:17:12 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wpdusb.sys
[2008/12/03 11:17:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/12/03 11:17:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azrlreg.exe
[2008/12/03 11:17:11 | 02,949,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dfsmgmt.dll
[2008/12/03 11:17:11 | 00,720,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dfsobjectmodel.dll
[2008/12/03 11:17:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/12/03 11:17:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsmsnap.dll
[2008/12/03 11:17:10 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsmmsg.dll
[2008/12/03 11:17:10 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icacls.exe
[2008/12/03 11:17:10 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
[2008/12/03 11:17:10 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
[2008/12/03 11:17:10 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
[2008/12/03 11:17:10 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
[2008/12/03 11:17:10 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
[2008/12/03 11:17:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/12/03 11:17:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/12/03 11:17:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
[2008/12/03 11:17:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
[2008/12/03 11:17:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/12/03 11:17:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/12/03 11:17:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
[2008/12/03 11:17:09 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.storage.vds.dll
[2008/12/03 11:17:09 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netset03.exe
[2008/12/03 11:17:09 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srmlib.dll
[2008/12/03 11:17:09 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/12/03 11:17:09 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2008/12/03 11:17:09 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/12/03 11:17:08 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdmtp.dll
[2008/12/03 11:17:08 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdconns.dll
[2008/12/03 11:17:07 | 00,812,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ws03res.dll
[2008/12/03 11:17:07 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdmtpdr.dll
[2008/12/03 11:17:07 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/12/03 11:17:07 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdmtpus.dll
[2008/12/03 11:17:07 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdtrace.dll
[2008/12/03 11:17:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2008/12/03 11:17:06 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2008/12/03 11:17:06 | 01,041,920 | ---- | C] () -- C:\WINDOWS\adfs.msp
[2008/12/03 11:17:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\adfs
[2008/12/03 11:17:05 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iispwchg.dll
[2008/12/03 11:17:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/03 11:16:57 | 00,000,000 | ---D | C] -- C:\Program Files\cmak
[2008/12/03 11:16:48 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certdb.dll
[2008/12/03 11:16:48 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certdb.dll
[2008/12/03 11:16:47 | 00,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdx86.dll
[2008/12/03 11:16:46 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certsrv.exe
[2008/12/03 11:16:46 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certsrv.exe
[2008/12/03 11:16:43 | 00,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scrdenrl.dll
[2008/12/03 11:16:43 | 00,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdenrl.dll
[2008/12/03 11:16:30 | 00,147,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdia64.dll
[2008/12/03 11:16:28 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mailmsg.dll
[2008/12/03 11:16:26 | 00,039,103 | ---- | C] () -- C:\WINDOWS\System32\IIsScHlp.wsc
[2008/12/03 11:16:26 | 00,039,103 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisschlp.wsc
[2008/12/03 11:16:25 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\staxmem.dll
[2008/12/03 11:16:25 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2008/12/03 11:16:24 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2008/12/03 11:16:24 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspperf.dll
[2008/12/03 11:16:21 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisutil.dll
[2008/12/03 11:16:20 | 00,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2008/12/03 11:16:18 | 00,228,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmasf.dll
[2008/12/03 11:16:18 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismap.dll
[2008/12/03 11:16:18 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2008/12/03 11:16:16 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc.dll
[2008/12/03 11:16:15 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2008/12/03 11:16:15 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nntpapi.dll
[2008/12/03 11:16:15 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpapi.dll
[2008/12/03 11:16:13 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2008/12/03 11:16:09 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2008/12/03 11:16:08 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/12/03 11:16:08 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2008/12/03 11:16:08 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dnsperf.dll
[2008/12/03 11:16:08 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsperf.dll
[2008/12/03 11:16:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3tp.dll
[2008/12/03 11:16:04 | 00,052,093 | ---- | C] () -- C:\WINDOWS\System32\IIsCnfg.vbs
[2008/12/03 11:16:04 | 00,052,093 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iiscnfg.vbs
[2008/12/03 11:16:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam.dll
[2008/12/03 11:16:03 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisw3adm.dll
[2008/12/03 11:16:02 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2008/12/03 11:15:59 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2008/12/03 11:15:59 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admwprox.dll
[2008/12/03 11:15:56 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmib.dll
[2008/12/03 11:15:56 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcprox.dll
[2008/12/03 11:15:55 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntagnt.dll
[2008/12/03 11:15:55 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2008/12/03 11:15:51 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg.dll
[2008/12/03 11:15:48 | 01,133,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscfg.dll
[2008/12/03 11:15:45 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fcachdll.dll
[2008/12/03 11:15:45 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fcachdll.dll
[2008/12/03 11:15:40 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2008/12/03 11:15:37 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs.dll
[2008/12/03 11:15:36 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3comlog.dll
[2008/12/03 11:15:34 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisuiobj.dll
[2008/12/03 11:15:34 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetinfo.exe
[2008/12/03 11:15:33 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll
[2008/12/03 11:15:33 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2008/12/03 11:15:30 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metadata.dll
[2008/12/03 11:15:29 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrop.dll
[2008/12/03 11:15:29 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps.dll
[2008/12/03 11:15:27 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfsdrv.dll
[2008/12/03 11:15:24 | 01,058,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2008/12/03 11:15:24 | 00,050,900 | ---- | C] () -- C:\WINDOWS\System32\iisweb.vbs
[2008/12/03 11:15:24 | 00,050,900 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisweb.vbs
[2008/12/03 11:15:23 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acwebsvc.dll
[2008/12/03 11:15:23 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2008/12/03 11:15:23 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certobj.dll
[2008/12/03 11:15:21 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmmib2.dll
[2008/12/03 11:15:21 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2008/12/03 11:15:20 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext.dll
[2008/12/03 11:15:19 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpodbc.dll
[2008/12/03 11:15:17 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2008/12/03 11:15:17 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2008/12/03 11:15:12 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntwin.exe
[2008/12/03 11:15:12 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2008/12/03 11:15:11 | 00,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpfs.dll
[2008/12/03 11:15:08 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3dt.dll
[2008/12/03 11:15:06 | 00,873,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dnsmgr.dll
[2008/12/03 11:15:06 | 00,873,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsmgr.dll
[2008/12/03 11:15:06 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisRtl.dll
[2008/12/03 11:15:06 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2008/12/03 11:15:05 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiswmi.dll
[2008/12/03 11:15:04 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog.dll
[2008/12/03 11:15:03 | 00,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2008/12/03 11:15:03 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2008/12/03 11:15:02 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2008/12/03 11:15:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exstrace.dll
[2008/12/03 11:15:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2008/12/03 11:14:58 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2008/12/03 11:14:57 | 00,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3core.dll
[2008/12/03 11:14:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll
[2008/12/03 11:14:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2008/12/03 11:14:54 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2008/12/03 11:14:51 | 00,013,877 | ---- | C] () -- C:\WINDOWS\System32\iisapp.vbs
[2008/12/03 11:14:51 | 00,013,877 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisapp.vbs
[2008/12/03 11:14:48 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2008/12/03 11:14:48 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convlog.exe
[2008/12/03 11:14:47 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2008/12/03 11:14:44 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2008/12/03 11:14:40 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2008/12/03 11:14:39 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2008/12/03 11:14:39 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3cache.dll
[2008/12/03 11:14:38 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext.dll
[2008/12/03 11:14:33 | 00,600,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpsvc.dll
[2008/12/03 11:14:33 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2008/12/03 11:14:32 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2008/12/03 11:14:31 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe
[2008/12/03 11:14:31 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2008/12/03 11:14:29 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis.dll
[2008/12/03 11:14:29 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
[2008/12/03 11:14:29 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2008/12/03 11:14:27 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisres.dll
[2008/12/03 11:14:25 | 00,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2008/12/03 11:14:24 | 02,086,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2008/12/03 11:14:24 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2008/12/03 11:14:23 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3wp.exe
[2008/12/03 11:14:22 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3isapi.dll
[2008/12/03 11:14:22 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2008/12/03 11:14:21 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp.dll
[2008/12/03 11:14:19 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntcmd.exe
[2008/12/03 11:14:19 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2008/12/03 11:14:18 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2008/12/03 11:14:18 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlauth.dll
[2008/12/03 11:14:17 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2008/12/03 11:14:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2008/12/03 11:14:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrlps.dll
[2008/12/03 11:14:12 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsprov.dll
[2008/12/03 11:14:12 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2008/12/03 11:14:11 | 02,663,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpsnap.dll
[2008/12/03 11:14:11 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2008/12/03 11:14:09 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/12/03 11:14:09 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2008/12/03 11:14:08 | 00,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpadm.dll
[2008/12/03 11:14:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/03 11:14:05 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sainstall.dll
[2008/12/03 11:14:05 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rassfm.dll
[2008/12/03 11:13:39 | 01,053,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2008/12/03 11:13:38 | 00,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\activeds.dll
[2008/12/03 11:13:38 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\actxprxy.dll
[2008/12/03 11:13:36 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsldpc.dll
[2008/12/03 11:13:35 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\apphelp.dll
[2008/12/03 11:13:34 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\authz.dll
[2008/12/03 11:13:34 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\audiosrv.dll
[2008/12/03 11:13:33 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browser.dll
[2008/12/03 11:13:33 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\basesrv.dll
[2008/12/03 11:13:33 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batmeter.dll
[2008/12/03 11:13:32 | 00,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certcli.dll
[2008/12/03 11:13:31 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2008/12/03 11:13:30 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clusapi.dll
[2008/12/03 11:13:30 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cnbjmon.dll
[2008/12/03 11:13:29 | 01,295,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2008/12/03 11:13:29 | 00,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comres.dll
[2008/12/03 11:13:29 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credui.dll
[2008/12/03 11:13:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
[2008/12/03 11:13:28 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32.dll
[2008/12/03 11:13:28 | 00,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptui.dll
[2008/12/03 11:13:28 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cscui.dll
[2008/12/03 11:13:28 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cscdll.dll
[2008/12/03 11:13:28 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptnet.dll
[2008/12/03 11:13:28 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptsvc.dll
[2008/12/03 11:13:28 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2008/12/03 11:13:28 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptdll.dll
[2008/12/03 11:13:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\davclnt.dll
[2008/12/03 11:13:26 | 00,276,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddraw.dll
[2008/12/03 11:13:26 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddrawex.dll
[2008/12/03 11:13:24 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmconfig.dll
[2008/12/03 11:13:24 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmadmin.exe
[2008/12/03 11:13:24 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmutil.dll
[2008/12/03 11:13:24 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmserver.dll
[2008/12/03 11:13:22 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drprov.dll
[2008/12/03 11:13:21 | 00,147,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dssenh.dll
[2008/12/03 11:13:20 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ersvc.dll
[2008/12/03 11:13:19 | 01,044,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\esent.dll
[2008/12/03 11:13:19 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
[2008/12/03 11:13:18 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faultrep.dll
[2008/12/03 11:13:18 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\feclient.dll
[2008/12/03 11:13:16 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hnetcfg.dll
[2008/12/03 11:13:16 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2008/12/03 11:13:14 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imm32.dll
[2008/12/03 11:13:14 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iphlpapi.dll
[2008/12/03 11:13:14 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetpp.dll
[2008/12/03 11:13:13 | 00,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsecsvc.dll
[2008/12/03 11:13:12 | 00,350,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kerberos.dll
[2008/12/03 11:13:12 | 00,219,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kdcsvc.dll
[2008/12/03 11:13:11 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licdll.dll
[2008/12/03 11:13:11 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\linkinfo.dll
[2008/12/03 11:13:10 | 00,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdminst.dll
[2008/12/03 11:13:09 | 00,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mlang.dll
[2008/12/03 11:13:08 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\modemui.dll
[2008/12/03 11:13:07 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mprapi.dll
[2008/12/03 11:13:07 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpr.dll
[2008/12/03 11:13:05 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msctf.dll
[2008/12/03 11:13:05 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msasn1.dll
[2008/12/03 11:13:04 | 01,019,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2008/12/03 11:13:04 | 00,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2008/12/03 11:13:04 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2008/12/03 11:13:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2008/12/03 11:13:03 | 01,208,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgina.dll
[2008/12/03 11:13:01 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msihnd.dll
[2008/12/03 11:13:01 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe
[2008/12/03 11:13:01 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msidle.dll
[2008/12/03 11:13:00 | 00,884,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msimsg.dll
[2008/12/03 11:13:00 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msimtf.dll
[2008/12/03 11:13:00 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msisip.dll
[2008/12/03 11:12:57 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/12/03 11:12:57 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstlsapi.dll
[2008/12/03 11:12:56 | 00,402,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp60.dll
[2008/12/03 11:12:56 | 00,348,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrt.dll
[2008/12/03 11:12:54 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2008/12/03 11:12:54 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxclu.dll
[2008/12/03 11:12:54 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3r.dll
[2008/12/03 11:12:53 | 00,781,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netcfgx.dll
[2008/12/03 11:12:53 | 00,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll
[2008/12/03 11:12:53 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ncobjapi.dll
[2008/12/03 11:12:53 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapi.dll
[2008/12/03 11:12:52 | 01,809,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netshell.dll
[2008/12/03 11:12:52 | 00,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netman.dll
[2008/12/03 11:12:52 | 00,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\newdev.dll
[2008/12/03 11:12:51 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdsapi.dll
[2008/12/03 11:12:51 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdsatq.dll
[2008/12/03 11:12:50 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntshrui.dll
[2008/12/03 11:12:50 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmarta.dll
[2008/12/03 11:12:50 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlanman.dll
[2008/12/03 11:12:49 | 00,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oakley.dll
[2008/12/03 11:12:49 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbc32.dll
[2008/12/03 11:12:49 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcint.dll
[2008/12/03 11:12:48 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ole32.dll
[2008/12/03 11:12:48 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecli32.dll
[2008/12/03 11:12:47 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pjlmon.dll
[2008/12/03 11:12:46 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\psbase.dll
[2008/12/03 11:12:46 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\profmap.dll
[2008/12/03 11:12:46 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\psapi.dll
[2008/12/03 11:12:46 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powrprof.dll
[2008/12/03 11:12:45 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/12/03 11:12:45 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pstorsvc.dll
[2008/12/03 11:12:44 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\raschap.dll
[2008/12/03 11:12:44 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasadhlp.dll
[2008/12/03 11:12:43 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastls.dll
[2008/12/03 11:12:43 | 00,104,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2008/12/03 11:12:43 | 00,100,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpdd.dll
[2008/12/03 11:12:43 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regapi.dll
[2008/12/03 11:12:42 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvc.dll
[2008/12/03 11:12:42 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\resutils.dll
[2008/12/03 11:12:41 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss.dll
[2008/12/03 11:12:41 | 00,213,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsaenh.dll
[2008/12/03 11:12:41 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rtutils.dll
[2008/12/03 11:12:40 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scesrv.dll
[2008/12/03 11:12:40 | 00,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll
[2008/12/03 11:12:39 | 00,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2008/12/03 11:12:39 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secur32.dll
[2008/12/03 11:12:39 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sens.dll
[2008/12/03 11:12:39 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\seclogon.dll
[2008/12/03 11:12:39 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sensapi.dll
[2008/12/03 11:12:38 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc_os.dll
[2008/12/03 11:12:36 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shlwapi.dll
[2008/12/03 11:12:36 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shimeng.dll
[2008/12/03 11:12:36 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shfolder.dll
[2008/12/03 11:12:35 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll
[2008/12/03 11:12:35 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpapi.dll
[2008/12/03 11:12:34 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stobject.dll
[2008/12/03 11:12:34 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolss.dll
[2008/12/03 11:12:34 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe
[2008/12/03 11:12:34 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stdole2.tlb
[2008/12/03 11:12:34 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2008/12/03 11:12:33 | 00,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sxs.dll
[2008/12/03 11:12:33 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tapi32.dll
[2008/12/03 11:12:32 | 00,386,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\themeui.dll
[2008/12/03 11:12:32 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2008/12/03 11:12:32 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmon.dll
[2008/12/03 11:12:32 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmib.dll
[2008/12/03 11:12:31 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\umpnpmgr.dll
[2008/12/03 11:12:31 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\trkwks.dll
[2008/12/03 11:12:30 | 00,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unimdm.tsp
[2008/12/03 11:12:30 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unimdmat.dll
[2008/12/03 11:12:30 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbmon.dll
[2008/12/03 11:12:30 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniplat.dll
[2008/12/03 11:12:29 | 00,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vssapi.dll
[2008/12/03 11:12:29 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll
[2008/12/03 11:12:29 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\version.dll
[2008/12/03 11:12:28 | 00,227,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w32time.dll
[2008/12/03 11:12:28 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdigest.dll
[2008/12/03 11:12:27 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiarpc.dll
[2008/12/03 11:12:26 | 00,528,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe
[2008/12/03 11:12:26 | 00,174,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmm.dll
[2008/12/03 11:12:26 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winipsec.dll
[2008/12/03 11:12:26 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrnr.dll
[2008/12/03 11:12:25 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wldap32.dll
[2008/12/03 11:12:25 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wintrust.dll
[2008/12/03 11:12:25 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winscard.dll
[2008/12/03 11:12:25 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlnotify.dll
[2008/12/03 11:12:25 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlbsctrl.dll
[2008/12/03 11:12:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsta.dll
[2008/12/03 11:12:21 | 02,523,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorsvr.dll
[2008/12/03 11:12:21 | 02,514,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorwks.dll
[2008/12/03 11:12:21 | 02,142,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorlib.dll
[2008/12/03 11:12:21 | 01,265,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.web.dll
[2008/12/03 11:12:21 | 01,232,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sy52106.dll
[2008/12/03 11:12:21 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_isapi.dll
[2008/12/03 11:12:21 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corperfmonext.dll
[2008/12/03 11:12:21 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_wp.exe
[2008/12/03 11:12:18 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ws2_32.dll
[2008/12/03 11:12:18 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ws2help.dll
[2008/12/03 11:12:17 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsnmp32.dll
[2008/12/03 11:12:17 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsapi.dll
[2008/12/03 11:12:17 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshqos.dll
[2008/12/03 11:12:17 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wtsapi32.dll
[2008/12/03 11:12:17 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshtcpip.dll
[2008/12/03 11:12:16 | 00,489,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsvc.dll
[2008/12/03 11:12:16 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2008/12/03 11:11:33 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/12/03 11:11:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2008/12/03 11:11:03 | 00,023,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2008/12/03 11:10:47 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/12/03 11:09:26 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/12/03 11:09:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\PolicyBackup
[2008/12/03 11:08:11 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/12/03 11:07:45 | 02,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msi.dll
[2008/12/03 11:07:45 | 02,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2008/12/03 11:05:54 | 00,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/12/03 11:05:22 | 02,449,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/12/03 11:05:20 | 02,488,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/12/03 11:05:19 | 02,300,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/12/03 11:05:18 | 02,340,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/12/03 11:04:41 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/03 11:03:05 | 00,553,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2008/12/03 11:01:23 | 01,121,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3.dll
[2008/12/03 11:01:23 | 01,121,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/12/03 11:01:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2008/12/03 11:00:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MASON-PREP\Application Data\Identities
[2008/12/03 11:00:21 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\My Documents\desktop.ini
[2008/12/03 11:00:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Application Data\desktop.ini
[2008/12/03 11:00:17 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator.MASON-PREP\Start Menu\Programs\Startup\desktop.ini
[2008/12/03 11:00:17 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Application Data\Microsoft
[2008/12/03 11:00:17 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.MASON-PREP\Application Data\Microsoft
[2008/12/03 10:51:51 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2008/12/03 10:51:51 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/12/03 10:51:51 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/12/03 10:51:50 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/03 10:51:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/12/03 10:49:48 | 00,000,000 | ---D | C] -- C:\CPQSYSTEM
[2008/12/03 10:48:25 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2008/12/03 10:37:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2008/12/03 10:37:08 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/03 10:37:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/03 10:07:26 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/03 10:07:11 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswmiproppage.dll
[2008/12/03 10:07:10 | 01,150,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizardres.dll
[2008/12/03 10:07:10 | 00,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizard.exe
[2008/12/03 10:07:09 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsunicastsinkproppage.dll
[2008/12/03 10:07:09 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssrvmk.dll
[2008/12/03 10:07:09 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssnmp.dll
[2008/12/03 10:07:08 | 00,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsservertypelib.dll
[2008/12/03 10:07:08 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverupgrade.exe
[2008/12/03 10:07:07 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresourceres.dll
[2008/12/03 10:07:07 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresource.dll
[2008/12/03 10:07:06 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverconfig.exe
[2008/12/03 10:07:05 | 03,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserver.dll
[2008/12/03 10:07:05 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspluginres.dll
[2008/12/03 10:07:05 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsscriptproppage.dll
[2008/12/03 10:07:04 | 00,537,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylistres.dll
[2008/12/03 10:07:04 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylist.dll
[2008/12/03 10:07:04 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperfmon.exe
[2008/12/03 10:07:03 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsnetworkdatasourceproppage.dll
[2008/12/03 10:07:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperf.dll
[2008/12/03 10:07:02 | 01,852,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitorres.dll
[2008/12/03 10:07:02 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmulticastsinkproppage.dll
[2008/12/03 10:07:01 | 00,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitor.dll
[2008/12/03 10:07:01 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslogproppages.dll
[2008/12/03 10:07:01 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiphlp.dll
[2008/12/03 10:07:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslf.dll
[2008/12/03 10:07:00 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsipaccessproppage.dll
[2008/12/03 10:07:00 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiislog.dll
[2008/12/03 10:07:00 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpsyscfg.exe
[2008/12/03 10:06:59 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpcontrolproppage.dll
[2008/12/03 10:06:59 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpauthenproppage.dll
[2008/12/03 10:06:58 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserror.dll
[2008/12/03 10:06:58 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserver.exe
[2008/12/03 10:06:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserr.dll
[2008/12/03 10:06:57 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmseditor.exe
[2008/12/03 10:06:57 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdigestauthenproppage.dll
[2008/12/03 10:06:56 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowse.dll
[2008/12/03 10:06:56 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsarchivesinkv1proppage.dll
[2008/12/03 10:06:56 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowseres.dll
[2008/12/03 10:06:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaspadmin.dll
[2008/12/03 10:06:55 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadmin.dll
[2008/12/03 10:06:55 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadminres.dll
[2008/12/03 10:06:55 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsanonauthenproppage.dll
[2008/12/03 10:06:54 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaclcheckproppage.dll
[2008/12/03 10:06:54 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsactscrpt.dll
[2008/12/03 10:06:52 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmilistener.dll
[2008/12/03 10:06:52 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmibridge.dll
[2008/12/03 10:06:51 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2008/12/03 10:06:50 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2008/12/03 10:06:50 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2008/12/03 10:06:50 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsmib.dll
[2008/12/03 10:06:50 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsctrs.dll
[2008/12/03 10:06:49 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2008/12/03 10:06:49 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2008/12/03 10:06:49 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2008/12/03 10:06:47 | 00,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2008/12/03 10:06:47 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2008/12/03 10:06:44 | 00,197,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W98_unidrv.dll
[2008/12/03 10:06:44 | 00,197,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W95_unidrv.dll
[2008/12/03 10:06:44 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2008/12/03 10:06:44 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2008/12/03 10:06:43 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2008/12/03 10:06:42 | 01,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2008/12/03 10:06:42 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2008/12/03 10:06:42 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2008/12/03 10:06:42 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2008/12/03 10:06:41 | 00,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2008/12/03 10:06:41 | 00,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2008/12/03 10:06:41 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftpd.exe
[2008/12/03 10:06:37 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmtest.exe
[2008/12/03 10:06:34 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2008/12/03 10:06:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/12/03 10:06:32 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smef.dll
[2008/12/03 10:06:32 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/12/03 10:06:32 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/12/03 10:06:32 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/12/03 10:06:31 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slbs.dll
[2008/12/03 10:06:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/12/03 10:06:30 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seva.dll
[2008/12/03 10:06:30 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_strap.exe
[2008/12/03 10:06:29 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwiisext.dll
[2008/12/03 10:06:29 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwengb.dll
[2008/12/03 10:06:29 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwcmd.exe
[2008/12/03 10:06:29 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwhlp.dll
[2008/12/03 10:06:29 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwauditext.dll
[2008/12/03 10:06:29 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwsddlanalysis.dll
[2008/12/03 10:06:29 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwviewer.exe
[2008/12/03 10:06:28 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scss.exe
[2008/12/03 10:06:28 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scshost.exe
[2008/12/03 10:06:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2008/12/03 10:06:24 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2008/12/03 10:06:23 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmpppoe.dll
[2008/12/03 10:06:22 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2008/12/03 10:06:22 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3msg.dll
[2008/12/03 10:06:22 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3evt.dll
[2008/12/03 10:06:21 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2008/12/03 10:06:21 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\playlisttransformproppage.dll
[2008/12/03 10:06:18 | 10,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2008/12/03 10:06:18 | 00,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2008/12/03 10:06:18 | 00,535,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2008/12/03 10:06:17 | 01,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2008/12/03 10:06:17 | 00,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2008/12/03 10:06:17 | 00,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2008/12/03 10:06:16 | 00,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2008/12/03 10:06:16 | 00,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2008/12/03 10:06:16 | 00,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2008/12/03 10:06:16 | 00,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2008/12/03 10:06:16 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2008/12/03 10:06:15 | 00,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2008/12/03 10:06:15 | 00,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2008/12/03 10:06:15 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2008/12/03 10:06:15 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\parser.dll
[2008/12/03 10:06:14 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3admin.dll
[2008/12/03 10:06:14 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2008/12/03 10:06:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2008/12/03 10:06:14 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2008/12/03 10:06:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2008/12/03 10:06:11 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmsupp.dll
[2008/12/03 10:06:11 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsneterr.dll
[2008/12/03 10:06:10 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmapi.dll
[2008/12/03 10:06:09 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\namespace.dll
[2008/12/03 10:06:08 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2008/12/03 10:06:07 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcp60.dll
[2008/12/03 10:06:06 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2008/12/03 10:06:05 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2008/12/03 10:06:05 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2008/12/03 10:06:00 | 00,118,784 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\microsoft.windowsmediaservices.dll
[2008/12/03 10:05:59 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mcast.dll
[2008/12/03 10:05:58 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2008/12/03 10:05:56 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2008/12/03 10:05:56 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2008/12/03 10:05:56 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerbprsr.dll
[2008/12/03 10:05:56 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2008/12/03 10:05:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2008/12/03 10:05:55 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2008/12/03 10:05:55 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2008/12/03 10:05:55 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2008/12/03 10:05:55 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2008/12/03 10:05:55 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2008/12/03 10:05:55 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2008/12/03 10:05:55 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2008/12/03 10:05:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2008/12/03 10:05:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2008/12/03 10:05:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2008/12/03 10:05:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2008/12/03 10:05:54 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2008/12/03 10:05:54 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2008/12/03 10:05:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2008/12/03 10:05:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2008/12/03 10:05:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2008/12/03 10:05:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2008/12/03 10:05:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2008/12/03 10:05:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2008/12/03 10:05:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2008/12/03 10:05:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2008/12/03 10:05:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2008/12/03 10:05:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2008/12/03 10:05:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2008/12/03 10:05:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2008/12/03 10:05:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2008/12/03 10:05:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2008/12/03 10:05:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2008/12/03 10:05:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2008/12/03 10:05:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2008/12/03 10:05:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2008/12/03 10:05:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2008/12/03 10:05:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2008/12/03 10:05:53 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2008/12/03 10:05:52 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2008/12/03 10:05:51 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2008/12/03 10:05:50 | 01,499,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsiw.exe
[2008/12/03 10:05:50 | 01,489,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsia.exe
[2008/12/03 10:05:50 | 00,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\interop_msxml.dll
[2008/12/03 10:05:49 | 00,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2008/12/03 10:05:49 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2008/12/03 10:05:49 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2008/12/03 10:05:49 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/12/03 10:05:49 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2008/12/03 10:05:47 | 09,206,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpzp.dic
[2008/12/03 10:05:47 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2008/12/03 10:05:47 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2008/12/03 10:05:47 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2008/12/03 10:05:46 | 00,854,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjptk.dic
[2008/12/03 10:05:42 | 14,694,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpst.dic
[2008/12/03 10:05:42 | 00,137,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpsb.dic
[2008/12/03 10:05:42 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2008/12/03 10:05:40 | 10,660,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpnm.dic
[2008/12/03 10:05:40 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2008/12/03 10:05:39 | 00,993,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpln.dic
[2008/12/03 10:05:39 | 00,815,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpgn.grm
[2008/12/03 10:05:39 | 00,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2008/12/03 10:05:39 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2008/12/03 10:05:39 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2008/12/03 10:05:39 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcd.dic
[2008/12/03 10:05:39 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2008/12/03 10:05:39 | 00,055,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpch.dic
[2008/12/03 10:05:39 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2008/12/03 10:05:39 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2008/12/03 10:05:39 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2008/12/03 10:05:38 | 00,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2008/12/03 10:05:38 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2008/12/03 10:05:38 | 00,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2008/12/03 10:05:38 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2008/12/03 10:05:38 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2008/12/03 10:05:38 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2008/12/03 10:05:38 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2008/12/03 10:05:38 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2008/12/03 10:05:38 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2008/12/03 10:05:32 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2008/12/03 10:05:28 | 11,091,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2008/12/03 10:05:24 | 10,100,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2008/12/03 10:05:23 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2008/12/03 10:05:23 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2008/12/03 10:05:23 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hexedit.dll
[2008/12/03 10:05:22 | 00,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsxp32.dll
[2008/12/03 10:05:22 | 00,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsxp32.dll
[2008/12/03 10:05:22 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxswzrd.dll
[2008/12/03 10:05:21 | 00,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxstiff.dll
[2008/12/03 10:05:21 | 00,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxstiff.dll
[2008/12/03 10:05:21 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsui.dll
[2008/12/03 10:05:21 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxswzrd.dll
[2008/12/03 10:05:20 | 00,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsres.dll
[2008/12/03 10:05:20 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxssend.exe
[2008/12/03 10:05:20 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxssend.exe
[2008/12/03 10:05:19 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsdrv32.dll
[2008/12/03 10:05:19 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsext32.dll
[2008/12/03 10:05:19 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsext32.dll
[2008/12/03 10:05:19 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsdrv4.dll
[2008/12/03 10:05:18 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxscover.exe
[2008/12/03 10:05:18 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxscover.exe
[2008/12/03 10:05:18 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclnt.exe
[2008/12/03 10:05:18 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclntr.dll
[2008/12/03 10:05:18 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclntr.dll
[2008/12/03 10:05:17 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsapi.dll
[2008/12/03 10:05:17 | 00,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsapi.dll
[2008/12/03 10:05:17 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclnt.exe
[2008/12/03 10:05:16 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsapi.dll
[2008/12/03 10:05:16 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2008/12/03 10:05:16 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2008/12/03 10:05:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2008/12/03 10:05:15 | 00,100,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2008/12/03 10:05:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2008/12/03 10:05:13 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2008/12/03 10:05:08 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2008/12/03 10:05:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2008/12/03 10:05:06 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\complianceextensions.dll
[2008/12/03 10:05:06 | 00,001,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusftp.vbs
[2008/12/03 10:05:05 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2008/12/03 10:05:05 | 00,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2008/12/03 10:05:05 | 00,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2008/12/03 10:05:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cleanri.exe
[2008/12/03 10:05:04 | 00,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2008/12/03 10:05:04 | 00,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2008/12/03 10:05:04 | 00,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2008/12/03 10:05:04 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2008/12/03 10:05:04 | 00,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2008/12/03 10:05:04 | 00,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2008/12/03 10:05:04 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2008/12/03 10:05:04 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2008/12/03 10:05:03 | 01,682,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2008/12/03 10:05:03 | 00,841,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2008/12/03 10:05:03 | 00,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2008/12/03 10:05:03 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/12/03 10:05:03 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2008/12/03 10:05:03 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2008/12/03 10:05:02 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2008/12/03 10:04:59 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhsupp.dll
[2008/12/03 10:04:58 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\au_accnt.dll
[2008/12/03 10:04:57 | 00,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asfarchiver.dll
[2008/12/03 10:04:56 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2008/12/03 10:04:56 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2008/12/03 10:04:56 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2008/12/03 10:04:56 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2008/12/03 10:04:56 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2008/12/03 10:04:56 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2008/12/03 10:04:55 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\addusr.exe
[2008/12/03 10:04:54 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2008/12/03 10:04:48 | 00,254,005 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcrt.dll
[2008/12/03 10:04:47 | 01,163,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42u.dll
[2008/12/03 10:04:45 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42.dll
[2008/12/03 10:04:43 | 00,199,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2008/12/03 10:04:36 | 00,000,000 | ---D | C] -- C:\wmpub
[2008/12/03 10:04:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2008/12/03 10:04:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\rpcproxy
[2008/12/03 10:04:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\reminst
[2008/12/03 10:04:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pop3server
[2008/12/03 10:04:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\netmon
[2008/12/03 10:04:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\certsrv
[2008/12/03 10:03:38 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2008/12/03 10:03:27 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/03 10:03:27 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/03 10:03:27 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/03 10:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/12/03 10:03:27 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2008/12/03 10:03:27 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2008/12/03 10:03:22 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/03 10:03:18 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/03 10:03:18 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/03 10:03:07 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2008/12/03 10:03:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MicrosoftPassport
[2008/12/03 10:03:04 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2008/12/03 10:02:06 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2008/12/03 10:02:06 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2008/12/03 10:01:49 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2008/12/03 10:01:48 | 00,001,367 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2008/12/03 10:01:48 | 00,000,099 | -HS- | C] () -- C:\Documents and Settings\All Users\Desktop\desktop.ini
[2008/12/03 10:01:48 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2008/12/03 10:01:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sausrmsg.dll
[2008/12/03 10:01:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sasitare.dll
[2008/12/03 10:01:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sanic.dll
[2008/12/03 10:01:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sacore.dll
[2008/12/03 10:01:37 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sadattim.dll
[2008/12/03 10:01:37 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sagnlset.dll
[2008/12/03 10:01:37 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sadvceid.dll
[2008/12/03 10:01:37 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sakitmsg.dll
[2008/12/03 10:01:37 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saloclui.dll
[2008/12/03 10:01:37 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sashutdn.dll
[2008/12/03 10:01:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sanicgbl.dll
[2008/12/03 10:01:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saevent.dll
[2008/12/03 10:01:37 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\salogs.dll
[2008/12/03 10:01:37 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sagenmsg.dll
[2008/12/03 10:01:37 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saalteml.dll
[2008/12/03 10:01:37 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saadmweb.dll
[2008/12/03 10:01:37 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\satservr.dll
[2008/12/03 10:01:37 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\salog.dll
[2008/12/03 10:01:37 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\satelnet.dll
[2008/12/03 10:01:37 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sasysinf.dll
[2008/12/03 10:01:37 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saslfcrt.dll
[2008/12/03 10:01:37 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sahelp.dll
[2008/12/03 10:01:37 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sachglng.dll
[2008/12/03 10:01:36 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saadmcfg.dll
[2008/12/03 10:01:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ServerAppliance
[2008/12/03 10:01:32 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2008/12/03 10:01:24 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2008/12/03 10:01:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2008/12/03 10:01:21 | 00,049,104 | -HS- | C] () -- C:\WINDOWS\lanmannt.bmp
[2008/12/03 10:01:21 | 00,049,104 | -HS- | C] () -- C:\WINDOWS\lanma256.bmp
[2008/12/03 10:01:21 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2008/12/03 10:01:21 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2008/12/03 10:01:21 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2008/12/03 10:01:21 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2008/12/03 10:01:21 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2008/12/03 10:01:21 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/12/03 10:01:21 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/12/03 10:01:17 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2008/12/03 10:01:17 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2008/12/03 10:01:17 | 00,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2008/12/03 10:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2008/12/03 10:01:13 | 00,065,593 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csapi3t1.dll
[2008/12/03 10:01:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2008/12/03 10:01:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2008/12/03 10:01:13 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2008/12/03 10:01:13 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2008/12/03 10:01:12 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2008/12/03 10:01:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2008/12/03 10:01:12 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2008/12/03 10:01:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2008/12/03 10:01:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/12/03 10:01:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2008/12/03 10:01:06 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/12/03 10:01:06 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2008/12/03 10:01:06 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/12/03 10:01:06 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2008/12/03 10:01:06 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/12/03 10:01:06 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2008/12/03 10:01:06 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/12/03 10:01:06 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2008/12/03 10:01:06 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2008/12/03 10:01:06 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2008/12/03 10:01:06 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/12/03 10:01:06 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2008/12/03 10:01:06 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/12/03 10:01:06 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups2.dll
[2008/12/03 10:01:06 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/12/03 10:01:06 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2008/12/03 10:01:05 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/12/03 10:01:05 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2008/12/03 10:01:05 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2008/12/03 10:01:05 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2008/12/03 10:01:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2008/12/03 10:01:03 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2008/12/03 10:01:03 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2008/12/03 10:01:03 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2008/12/03 10:01:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2008/12/03 10:00:58 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/12/03 10:00:57 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2008/12/03 10:00:57 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2008/12/03 10:00:57 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2008/12/03 10:00:57 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2008/12/03 10:00:57 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2008/12/03 10:00:57 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2008/12/03 10:00:57 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2008/12/03 10:00:57 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2008/12/03 10:00:54 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2008/12/03 10:00:54 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2008/12/03 10:00:53 | 00,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2008/12/03 10:00:52 | 00,694,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2008/12/03 10:00:52 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2008/12/03 10:00:50 | 00,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2008/12/03 10:00:50 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2008/12/03 10:00:50 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2008/12/03 10:00:50 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2008/12/03 10:00:50 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2008/12/03 10:00:50 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2008/12/03 10:00:49 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2008/12/03 10:00:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2008/12/03 09:59:52 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/12/03 09:59:49 | 00,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/03 09:59:42 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2008/12/03 09:59:40 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/12/03 09:59:40 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/12/03 09:59:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2008/12/03 09:59:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2008/12/03 09:59:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2008/12/03 09:58:57 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/12/03 09:58:57 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/12/03 09:58:57 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2008/12/03 09:58:57 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2008/12/03 09:58:57 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/12/03 09:58:57 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/12/03 09:58:57 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/12/03 09:58:56 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2008/12/03 09:58:56 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2008/12/03 09:58:56 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/03 09:58:56 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/12/03 09:58:56 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/12/03 09:58:56 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/12/03 09:58:56 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/12/03 09:58:56 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/12/03 09:58:55 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2008/12/03 09:58:55 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2008/12/03 09:58:54 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2008/12/03 09:58:54 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2008/12/03 09:58:54 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vsstskex.dll
[2008/12/03 09:58:54 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vsstask.dll
[2008/12/03 09:58:54 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshclus.dll
[2008/12/03 09:58:53 | 01,489,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\instmsia.exe
[2008/12/03 09:58:53 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clussprt.dll
[2008/12/03 09:58:53 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ClusSprt.dll
[2008/12/03 09:58:52 | 01,499,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\instmsiw.exe
[2008/12/03 09:58:50 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\register.exe
[2008/12/03 09:58:50 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/12/03 09:58:50 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aciniupd.exe
[2008/12/03 09:58:50 | 00,012,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/12/03 09:58:50 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acregl.exe
[2008/12/03 09:58:50 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acsr.exe
[2008/12/03 09:58:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Application Compatibility Scripts
[2008/12/03 09:58:49 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2008/12/03 09:58:49 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2008/12/03 09:58:49 | 00,042,109 | ---- | C] () -- C:\WINDOWS\System32\tsmmc.msc
[2008/12/03 09:58:49 | 00,041,732 | ---- | C] () -- C:\WINDOWS\System32\tscc.msc
[2008/12/03 09:58:49 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/12/03 09:58:49 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cprofile.exe
[2008/12/03 09:58:49 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2008/12/03 09:58:49 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2008/12/03 09:58:49 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2008/12/03 09:58:49 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2008/12/03 09:58:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2008/12/03 09:58:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2008/12/03 09:58:49 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/12/03 09:58:49 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2008/12/03 09:58:49 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2008/12/03 09:58:49 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2008/12/03 09:58:48 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2008/12/03 09:58:48 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2008/12/03 09:58:48 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2008/12/03 09:58:48 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2008/12/03 09:58:48 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2008/12/03 09:58:48 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2008/12/03 09:58:48 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2008/12/03 09:58:48 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2008/12/03 09:58:48 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2008/12/03 09:58:48 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2008/12/03 09:58:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2008/12/03 09:58:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2008/12/03 09:58:48 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2008/12/03 09:58:48 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/12/03 09:58:48 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2008/12/03 09:58:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2008/12/03 09:58:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2008/12/03 09:58:47 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2008/12/03 09:58:47 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2008/12/03 09:58:47 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comclust.exe
[2008/12/03 09:58:47 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2008/12/03 09:58:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2008/12/03 09:58:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2008/12/03 09:58:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2008/12/03 09:58:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2008/12/03 09:58:46 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2008/12/03 09:58:46 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2008/12/03 09:58:46 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2008/12/03 09:58:43 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2008/12/03 09:58:43 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2008/12/03 09:58:43 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2008/12/03 09:58:43 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdfs.dll
[2008/12/03 09:58:43 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2008/12/03 09:58:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2008/12/03 09:58:42 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vsavb7rt.dll
[2008/12/03 09:58:42 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vsavb7rtui.dll
[2008/12/03 09:58:42 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbc7ui.dll
[2008/12/03 09:58:42 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\togac.exe
[2008/12/03 09:58:42 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2008/12/03 09:58:42 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wminet_utils.dll
[2008/12/03 09:58:41 | 00,819,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.web.mobile.dll
[2008/12/03 09:58:41 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.windows.forms.tlb
[2008/12/03 09:58:41 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.web.regularexpressions.dll
[2008/12/03 09:58:40 | 00,372,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.management.dll
[2008/12/03 09:58:40 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.runtime.remoting.dll
[2008/12/03 09:58:40 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.serviceprocess.dll
[2008/12/03 09:58:40 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.directoryservices.dll
[2008/12/03 09:58:40 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.tlb
[2008/12/03 09:58:40 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drawing.design.dll
[2008/12/03 09:58:40 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.enterpriseservices.tlb
[2008/12/03 09:58:40 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drawing.tlb
[2008/12/03 09:58:39 | 01,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.design.dll
[2008/12/03 09:58:39 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sos.dll
[2008/12/03 09:58:39 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shfusion.dll
[2008/12/03 09:58:39 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shfusres.dll
[2008/12/03 09:58:39 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.configuration.install.dll
[2008/12/03 09:58:38 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvcr71.dll
[2008/12/03 09:58:38 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dllcache\setregni.exe
[2008/12/03 09:58:38 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perfcounter.dll
[2008/12/03 09:58:38 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ngen.exe
[2008/12/03 09:58:38 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2008/12/03 09:58:38 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regcode.dll
[2008/12/03 09:58:38 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regasm.exe
[2008/12/03 09:58:38 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci8.dll
[2008/12/03 09:58:38 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netuires.dll
[2008/12/03 09:58:38 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regsvcs.exe
[2008/12/03 09:58:37 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscortim.dll
[2008/12/03 09:58:36 | 00,471,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorlib.tlb
[2008/12/03 09:58:36 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorrc.dll
[2008/12/03 09:58:36 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorsec.dll
[2008/12/03 09:58:36 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorsn.dll
[2008/12/03 09:58:36 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorsecr.dll
[2008/12/03 09:58:35 | 01,564,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorcfg.dll
[2008/12/03 09:58:35 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscoree.dll
[2008/12/03 09:58:35 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscordbi.dll
[2008/12/03 09:58:35 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorld.dll
[2008/12/03 09:58:35 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorie.dll
[2008/12/03 09:58:35 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscordbc.dll
[2008/12/03 09:58:35 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migpolwin.exe
[2008/12/03 09:58:35 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migpol.exe
[2008/12/03 09:58:35 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.vsa.dll
[2008/12/03 09:58:35 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.vsa.tlb
[2008/12/03 09:58:35 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscoree.tlb
[2008/12/03 09:58:35 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.vsa.vb.codedomprocessor.dll
[2008/12/03 09:58:35 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft_vsavb.dll
[2008/12/03 09:58:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.vsa.vb.codedomprocessor.tlb
[2008/12/03 09:58:35 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2008/12/03 09:58:34 | 00,720,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.jscript.dll
[2008/12/03 09:58:34 | 00,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.visualbasic.dll
[2008/12/03 09:58:34 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.jscript.tlb
[2008/12/03 09:58:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsc.exe
[2008/12/03 09:58:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\installutillib.dll
[2008/12/03 09:58:34 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iehost.dll
[2008/12/03 09:58:34 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.visualbasic.vsa.dll
[2008/12/03 09:58:34 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isymwrapper.dll
[2008/12/03 09:58:34 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\installutil.exe
[2008/12/03 09:58:34 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieexecremote.dll
[2008/12/03 09:58:34 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieexec.exe
[2008/12/03 09:58:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.visualc.dll
[2008/12/03 09:58:34 | 00,004,608 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\iiehost.dll
[2008/12/03 09:58:33 | 00,798,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eventlogmessages.dll
[2008/12/03 09:58:33 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diasymreader.dll
[2008/12/03 09:58:33 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fusion.dll
[2008/12/03 09:58:33 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscompui.dll
[2008/12/03 09:58:33 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gacutil.exe
[2008/12/03 09:58:33 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csc.exe
[2008/12/03 09:58:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custommarshalers.dll
[2008/12/03 09:58:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cv60450.exe
[2008/12/03 09:58:33 | 00,012,288 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\cscompmgd.dll
[2008/12/03 09:58:32 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cg18030.dll
[2008/12/03 09:58:32 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alink.dll
[2008/12/03 09:58:32 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\caspol.exe
[2008/12/03 09:58:32 | 00,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\configwizards.exe
[2008/12/03 09:58:32 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_rc.dll
[2008/12/03 09:58:32 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_state.exe
[2008/12/03 09:58:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_filter.dll
[2008/12/03 09:58:32 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_regiis.exe
[2008/12/03 09:58:32 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alinkui.dll
[2008/12/03 09:58:32 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accessibility.dll
[2008/12/03 09:58:28 | 00,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2008/12/03 09:58:28 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2008/12/03 09:58:28 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2008/12/03 09:58:28 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2008/12/03 09:58:28 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2008/12/03 09:58:28 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2008/12/03 09:58:27 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lrwizdll.dll
[2008/12/03 09:58:27 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2008/12/03 09:58:27 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2008/12/03 09:58:27 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr.exe
[2008/12/03 09:58:25 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\clusnet.sys
[2008/12/03 09:58:25 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\clusdisk.sys
[2008/12/03 09:58:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cluster
[2008/12/03 09:58:24 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsmmc.dll
[2008/12/03 09:58:24 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsmhst.dll
[2008/12/03 09:58:24 | 00,024,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/12/03 09:58:24 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quser.exe
[2008/12/03 09:58:24 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\flattemp.exe
[2008/12/03 09:58:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsprof.exe
[2008/12/03 09:58:24 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\query.exe
[2008/12/03 09:58:23 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscc.dll
[2008/12/03 09:58:23 | 00,283,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsadmin.exe
[2008/12/03 09:58:23 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2008/12/03 09:58:23 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tssdis.exe
[2008/12/03 09:58:23 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tssdjet.dll
[2008/12/03 09:58:23 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chgport.exe
[2008/12/03 09:58:23 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chgusr.exe
[2008/12/03 09:58:23 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chglogon.exe
[2008/12/03 09:58:23 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\change.exe
[2008/12/03 09:58:22 | 00,755,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2008/12/03 09:58:22 | 00,421,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2008/12/03 09:58:22 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2008/12/03 09:58:22 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/12/03 09:58:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2008/12/03 09:58:22 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2008/12/03 09:58:22 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlsbln.exe
[2008/12/03 09:58:21 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2008/12/03 09:58:21 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2008/12/03 09:58:21 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll

[2008/12/03 09:58:21 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2008/12/03 09:58:21 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2008/12/03 09:58:21 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2008/12/03 09:58:21 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2008/12/03 09:58:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2008/12/03 09:58:19 | 00,616,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2008/12/03 09:58:19 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2008/12/03 09:58:19 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2008/12/03 09:58:19 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2008/12/03 09:58:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2008/12/03 09:58:18 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2008/12/03 09:58:18 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2008/12/03 09:58:18 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2008/12/03 09:58:10 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2008/12/03 09:58:10 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2008/12/03 09:58:10 | 00,041,914 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/12/03 09:58:10 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2008/12/03 09:58:05 | 00,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/12/03 09:58:04 | 00,041,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/12/03 04:55:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\lls
[2008/12/03 04:55:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\cpl.cfg
[2008/12/03 04:53:35 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2008/12/03 04:53:04 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crcdisk.sys
[2008/12/03 04:52:21 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/12/03 04:51:51 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2008/12/03 04:51:41 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2008/12/03 04:50:26 | 00,004,861 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/03 04:50:21 | 01,166,254 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/03 04:50:21 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2008/12/03 04:50:20 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/03 04:50:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2008/12/03 04:50:19 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2008/12/03 04:50:18 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2008/12/03 04:50:18 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2008/12/03 04:50:17 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2008/12/03 04:50:17 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2008/12/03 04:50:17 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2008/12/03 04:50:17 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2008/12/03 04:50:17 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2008/12/03 04:50:16 | 00,000,000 | R--D | C] -- C:\Program Files
[2008/12/03 04:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2008/12/03 04:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2008/12/03 04:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2008/12/03 04:50:15 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2008/12/03 04:50:14 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2008/12/03 04:50:14 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2008/12/03 04:50:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2008/12/03 04:50:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2008/12/03 04:50:14 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2008/12/03 04:50:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2008/12/03 04:50:13 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2008/12/03 04:50:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2008/12/03 04:50:12 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2008/12/03 04:50:12 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2008/12/03 04:50:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2008/12/03 04:50:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2008/12/03 04:50:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2008/12/03 04:50:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2008/12/03 04:50:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2008/12/03 04:50:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2008/12/03 04:50:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2008/12/03 04:50:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2008/12/03 04:50:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2008/12/03 04:50:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2008/12/03 04:50:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2008/12/03 04:50:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2008/12/03 04:50:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2008/12/03 04:50:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2008/12/03 04:50:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2008/12/03 04:50:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2008/12/03 04:50:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2008/12/03 04:50:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2008/12/03 04:50:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2008/12/03 04:50:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2008/12/03 04:50:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2008/12/03 04:50:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2008/12/03 04:50:10 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2008/12/03 04:50:10 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2008/12/03 04:50:10 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2008/12/03 04:50:10 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2008/12/03 04:50:10 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2008/12/03 04:50:10 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2008/12/03 04:50:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2008/12/03 04:50:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2008/12/03 04:50:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2008/12/03 04:50:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2008/12/03 04:50:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2008/12/03 04:50:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2008/12/03 04:50:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2008/12/03 04:50:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2008/12/03 04:50:09 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2008/12/03 04:50:09 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2008/12/03 04:50:09 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2008/12/03 04:50:09 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2008/12/03 04:50:09 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2008/12/03 04:50:09 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2008/12/03 04:50:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2008/12/03 04:50:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2008/12/03 04:50:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2008/12/03 04:50:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2008/12/03 04:50:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2008/12/03 04:50:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2008/12/03 04:50:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2008/12/03 04:50:08 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2008/12/03 04:50:08 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2008/12/03 04:50:08 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2008/12/03 04:50:08 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2008/12/03 04:50:08 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2008/12/03 04:50:08 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2008/12/03 04:50:08 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2008/12/03 04:50:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2008/12/03 04:50:08 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2008/12/03 04:50:08 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2008/12/03 04:50:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2008/12/03 04:50:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2008/12/03 04:50:07 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2008/12/03 04:50:07 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2008/12/03 04:50:07 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2008/12/03 04:50:07 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2008/12/03 04:50:07 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2008/12/03 04:50:07 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2008/12/03 04:50:07 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2008/12/03 04:50:07 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2008/12/03 04:50:07 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2008/12/03 04:50:07 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2008/12/03 04:50:07 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2008/12/03 04:50:07 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2008/12/03 04:50:07 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2008/12/03 04:50:07 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2008/12/03 04:50:05 | 00,019,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2008/12/03 04:50:05 | 00,013,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2008/12/03 04:50:05 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2008/12/03 04:50:05 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2008/12/03 04:50:05 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2008/12/03 04:50:05 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2008/12/03 04:50:05 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2008/12/03 04:50:05 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2008/12/03 04:50:04 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2008/12/03 04:50:04 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2008/12/03 04:50:04 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2008/12/03 04:50:04 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2008/12/03 04:50:04 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2008/12/03 04:50:04 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2008/12/03 04:50:04 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2008/12/03 04:50:04 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2008/12/03 04:50:04 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2008/12/03 04:50:04 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2008/12/03 04:50:04 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2008/12/03 04:50:04 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2008/12/03 04:50:03 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2008/12/03 04:50:03 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2008/12/03 04:50:03 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2008/12/03 04:50:03 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/12/03 04:50:03 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/12/03 04:50:01 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/12/03 04:49:59 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2008/12/03 04:49:58 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2008/12/03 04:49:58 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/12/03 04:49:58 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/12/03 04:49:52 | 00,000,167 | -HS- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/03 04:49:52 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/03 04:49:52 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/03 04:49:48 | 00,071,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\adminpak.cat
[2008/12/03 04:49:47 | 01,182,996 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP1.CAT
[2008/12/03 04:49:47 | 00,314,515 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmsocm.cat
[2008/12/03 04:49:47 | 00,064,351 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/12/03 04:49:47 | 00,008,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/12/03 04:49:47 | 00,007,627 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/12/03 04:49:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2008/12/03 04:49:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2008/12/03 04:49:27 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/12/03 04:48:48 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/12/03 04:48:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2008/12/03 04:48:43 | 00,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/03 03:54:58 | 00,000,208 | -HS- | C] () -- C:\boot.ini
[2008/12/03 03:54:52 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/12/03 03:51:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\OemDir
[2008/12/03 03:51:03 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2008/12/03 03:51:03 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2008/12/03 03:51:03 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\TAPI
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\clients
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\administration
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\inf
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2008/12/03 03:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2008/12/20 23:00:02 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\pbowxkkl.job
[2008/12/20 22:49:38 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\OTViewIt.exe
[2008/12/20 18:24:40 | 00,008,628 | ---- | M] () -- C:\WINDOWS\mozypro.blk
[2008/12/20 18:24:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\mozypro.flt
[2008/12/20 04:11:03 | 00,002,624 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2008/12/20 01:03:30 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\BMC Scheduled backup (FE_MASON).job
[2008/12/19 21:00:00 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\mjpzqewc.job
[2008/12/19 21:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\lqbmbkxx.job
[2008/12/19 08:43:35 | 02,535,598 | -H-- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Application Data\IconCache.db
[2008/12/19 08:42:10 | 00,016,344 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/16 22:01:07 | 00,000,438 | -HS- | M] () -- C:\WINDOWS\System32\gjSDMnpo.ini
[2008/12/16 21:58:49 | 00,000,422 | -HS- | M] () -- C:\WINDOWS\System32\gjSDMnpo.ini2
[2008/12/16 20:31:18 | 00,896,084 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/16 20:31:18 | 00,243,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/16 20:31:17 | 01,166,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/16 20:27:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/16 20:27:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/16 20:27:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/15 20:13:05 | 00,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/15 08:08:50 | 00,016,344 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2008/12/13 17:13:43 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\HijackThis.lnk
[2008/12/13 16:54:33 | 00,289,917 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/13 16:42:42 | 00,104,448 | ---- | M] () -- C:\WINDOWS\System32\scsajeqi.dll
[2008/12/13 16:42:42 | 00,104,448 | ---- | M] () -- C:\WINDOWS\System32\fllepo.dll
[2008/12/13 16:39:42 | 00,116,736 | ---- | M] () -- C:\WINDOWS\System32\rjrjsesw.dll
[2008/12/13 12:14:20 | 00,104,448 | ---- | M] () -- C:\WINDOWS\System32\zsrfiz.dll
[2008/12/13 12:14:20 | 00,104,448 | ---- | M] () -- C:\WINDOWS\System32\jkwmsosj.dll
[2008/12/12 23:45:23 | 00,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/12 23:14:35 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\jabxll.dll
[2008/12/12 20:36:33 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\vxkaqp.dll
[2008/12/12 14:08:01 | 00,001,373 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\Active Directory Users and Computers.lnk
[2008/12/11 18:47:41 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\Services.lnk
[2008/12/11 14:20:56 | 00,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\BMC Manual backup (FE_MASON).job
[2008/12/10 22:49:49 | 00,067,072 | ---- | M] (ESET) -- C:\WINDOWS\System32\ljJYQKbY.dll
[2008/12/10 22:17:10 | 00,868,655 | -HS- | M] () -- C:\WINDOWS\System32\fhjjQqru.ini
[2008/12/10 21:25:13 | 00,511,832 | ---- | M] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys
[2008/12/10 21:25:13 | 00,015,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008/12/10 19:53:42 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/10 16:39:27 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\NTFS Undelete.lnk
[2008/12/10 11:38:23 | 00,001,200 | -H-- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\My Documents\Default.rdp
[2008/12/10 08:15:18 | 00,106,496 | ---- | M] () -- C:\WINDOWS\System32\blkcoexl.dll
[2008/12/09 16:50:32 | 00,074,023 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\IMFAM-2.0.5.zip
[2008/12/09 10:20:36 | 00,032,137 | ---- | M] () -- C:\WINDOWS\System32\schmmgmt.msc
[2008/12/08 13:11:00 | 00,001,435 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\certnew.cer
[2008/12/08 12:50:32 | 00,001,143 | ---- | M] () -- C:\es1.MASON-PREP.local_ES1CA.crt
[2008/12/08 11:53:55 | 00,040,448 | ---- | M] () -- C:\WINDOWS\System32\fccyvSLB.dll
[2008/12/07 20:55:22 | 00,001,316 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Faculty Access for the Web.lnk
[2008/12/06 21:52:37 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EE Release Notes.lnk
[2008/12/06 21:52:37 | 00,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Education Edge.lnk
[2008/12/06 21:52:37 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blackbaud Management Console SQL.lnk
[2008/12/06 21:35:48 | 00,014,155 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2008/12/06 20:31:48 | 00,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\Event Viewer.lnk
[2008/12/06 20:26:27 | 00,000,685 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\System Manager.lnk
[2008/12/06 11:15:35 | 00,001,485 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\Remote Desktop Connection.lnk
[2008/12/05 14:02:06 | 02,874,184 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.MASON-PREP\Desktop\EASetup.exe
[2008/12/05 09:47:02 | 00,004,861 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/04 14:17:41 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\My Documents\desktop.ini
[2008/12/04 13:05:19 | 00,000,363 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 13:02:42 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk
[2008/12/03 13:02:42 | 00,000,167 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/03 12:17:48 | 00,000,147 | ---- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Application Data\fusioncache.dat
[2008/12/03 11:25:00 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/03 11:18:18 | 00,001,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2008/12/03 11:18:18 | 00,000,099 | -HS- | M] () -- C:\Documents and Settings\All Users\Desktop\desktop.ini
[2008/12/03 11:12:00 | 00,297,072 | RHS- | M] () -- C:\ntldr
[2008/12/03 10:07:33 | 00,000,414 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/12/03 10:03:32 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Start Menu\Programs\Startup\desktop.ini
[2008/12/03 10:03:27 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/03 10:03:27 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/03 10:03:27 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/03 10:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2008/12/03 10:03:27 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/03 10:03:27 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/03 10:03:25 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/03 10:03:18 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/03 10:03:18 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/03 10:03:07 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/03 09:59:49 | 00,021,160 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/03 09:59:40 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/12/03 09:59:40 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2008/12/03 09:57:24 | 00,000,208 | -HS- | M] () -- C:\boot.ini
[2008/12/03 04:55:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\cpl.cfg
[2008/12/03 04:50:15 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/03 04:49:52 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/03 04:49:52 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/03 04:49:52 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator.MASON-PREP\Application Data\desktop.ini
[2008/12/02 17:15:04 | 12,602,669 | ---- | M] () -- C:\faw777.exe




Extras Log (they were too big to post together)

OTViewIt Extras logfile created on: 12/20/2008 11:00:14 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrator.MASON-PREP\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.28 Gb Available Physical Memory | 14.09% Memory free
3.86 Gb Paging File | 2.26 Gb Available in Paging File | 58.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.99 Gb Total Space | 11.72 Gb Free Space | 58.60% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 13.44 Gb Free Space | 53.77% Space Free | Partition Type: NTFS
Drive E: | 56.74 Gb Total Space | 7.62 Gb Free Space | 13.44% Space Free | Partition Type: NTFS
Drive F: | 565.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 20.00 Gb Total Space | 11.75 Gb Free Space | 58.76% Space Free | Partition Type: NTFS
Drive Z: | 34.46 Gb Total Space | 6.19 Gb Free Space | 17.95% Space Free | Partition Type: NTFS

Computer Name: ES1
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1FA7DC9D-847B-4C81-82CA-85EF5365778F}"=Microsoft Exchange Troubleshooting Assistant
"{21B90409-8000-11D3-8CFE-0150048383C9}"=Microsoft Application Error Reporting
"{24EDA19C-838B-43F7-A518-1454214DD605}"=Microsoft Exchange Server Disaster Recovery Analyzer Tool
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}"=Microsoft SQL Server 2005 Express Edition (FE_EXPRESS)
"{2BAB02C5-DAFF-45AD-839E-2DE186891E47}"=VBA (2627.01)
"{3848AA86-C78E-4FB2-A726-E04047711594}"=Faculty Access for the Web Version 7
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}"=Microsoft XML Parser
"{3E38E4AF-2DB2-4D19-A672-CCD5D8736119}"=MozyPro Remote Backup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{671E4E4D-4798-4F66-9C9E-C5762E73179E}"=Microsoft XML Parser
"{69880C00-08DD-4385-B752-9C62656F6D1E}"=Microsoft SQL Server 2005 Backward compatibility
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{84E36537-CDE4-4F17-9531-AFEEBBEF312E}"=The Education Edge
"{91B90409-8000-11D3-8CFE-0150048383C9}"=Microsoft Application Error Reporting
"{A34AC564-B4A3-4D45-B969-403BC39F0E6A}"=Microsoft .NET Framework 1.1 -- Device Update 4.0
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}"=MSXML 6.0 Parser
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}"=Microsoft Easy Assist v2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}"=Microsoft SQL Server VSS Writer
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}"=Windows Support Tools
"{F8B2F6A2-1429-44EF-A604-81CEF70B82CA}"=Crystal Report
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client
"9161A261-6ABE-4668-BBFA-AD06B3F642CF"=Microsoft Exchange
"ActiveTouchMeetingClient"=WebEx
"FairCom Server for Windows NT"=FairCom Server V6.11.37 for Windows NT/2000
"FSC Alliance Plus"=Follett Alliance Plus 6.40
"FSC Catalog Plus"=Follett Catalog Plus 6.40
"FSC Circulation Plus"=Follett Circulation Plus 6.40
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft SQL Server 2005"=Microsoft SQL Server 2005
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NOD32"=NOD32 antivirus system
"NTFS Undelete_is1"=NTFS Undelete v0.93
"RealVNC_is1"=VNC Free Edition 4.1.2
"Windows Server 2003 Service Pack"=Windows Server 2003 Service Pack 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2008 2:53:35 PM | Computer Name = ES1 | Source = FAWeb7 | ID = 0
Description =

Error - 12/18/2008 2:53:41 PM | Computer Name = ES1 | Source = FAWeb7 | ID = 0
Description =

Error - 12/18/2008 3:14:14 PM | Computer Name = ES1 | Source = FAWeb7 | ID = 0
Description =

Error - 12/18/2008 3:17:00 PM | Computer Name = ES1 | Source = FAWeb7 | ID = 0
Description =

Error - 12/18/2008 4:16:00 PM | Computer Name = ES1 | Source = FAWeb7 | ID = 0
Description =

Error - 12/18/2008 4:30:00 PM | Computer Name = ES1 | Source = FAWeb7 | ID = 0
Description =

Error - 12/18/2008 4:54:20 PM | Computer Name = ES1 | Source = FAWeb7 | ID = 0
Description =

Error - 12/19/2008 10:06:20 AM | Computer Name = ES1 | Source = FAWeb7 | ID = 0
Description =

Error - 12/19/2008 3:54:09 PM | Computer Name = ES1 | Source = MSExchangeTransport | ID = 269659
Description = An error occurred while Microsoft Exchange Intelligent Message Filter
attempted to filter a message with ID <494BF98D.000006.01832@NANCY-PC>, P1 From
smtp:ncombs53@hughes.net and Subject Marriage. This message will not be filtered.
The
error code is 0x800710f0. For more information, click http://www.microsoft.com/contentredirect.asp.

Error - 12/19/2008 5:56:19 PM | Computer Name = ES1 | Source = MSExchangeTransport | ID = 269659
Description = An error occurred while Microsoft Exchange Intelligent Message Filter
attempted to filter a message with ID <d014da280812191354g35dde6b6x33842bd6554277a9@mail.gmail.com>,
P1 From smtp:vssteele@gmail.com and Subject Re: snow. This message will not be
filtered. The error code is 0x800710f0. For more information, click http://www.microsoft.com/contentredirect.asp.

[ DNS Server Events ]
Error - 12/14/2008 4:02:47 PM | Computer Name = ES1 | Source = DNS | ID = 6525
Description = A zone transfer request for the secondary zone MASON-PREP.local was
refused by the master DNS server at 172.18.1.12. Check the zone at the master server
172.18.1.12 to verify that zone transfer is enabled to this server. To do so, use
the DNS console, and select master server 172.18.1.12 as the applicable server,
then in secondary zone MASON-PREP.local Properties, view the settings on the Zone
Transfers tab. Based on the settings you choose, make any configuration adjustments
there (or possibly in the Name Servers tab) so that a zone transfer can be made
to this server.

Error - 12/14/2008 4:04:41 PM | Computer Name = ES1 | Source = DNS | ID = 6525
Description = A zone transfer request for the secondary zone MASON-PREP.local was
refused by the master DNS server at 172.18.1.12. Check the zone at the master server
172.18.1.12 to verify that zone transfer is enabled to this server. To do so, use
the DNS console, and select master server 172.18.1.12 as the applicable server,
then in secondary zone MASON-PREP.local Properties, view the settings on the Zone
Transfers tab. Based on the settings you choose, make any configuration adjustments
there (or possibly in the Name Servers tab) so that a zone transfer can be made
to this server.

Error - 12/14/2008 6:09:43 PM | Computer Name = ES1 | Source = DNS | ID = 6525
Description = A zone transfer request for the secondary zone MASON-PREP.local was
refused by the master DNS server at 172.18.1.12. Check the zone at the master server
172.18.1.12 to verify that zone transfer is enabled to this server. To do so, use
the DNS console, and select master server 172.18.1.12 as the applicable server,
then in secondary zone MASON-PREP.local Properties, view the settings on the Zone
Transfers tab. Based on the settings you choose, make any configuration adjustments
there (or possibly in the Name Servers tab) so that a zone transfer can be made
to this server.

Error - 12/14/2008 6:11:37 PM | Computer Name = ES1 | Source = DNS | ID = 6525
Description = A zone transfer request for the secondary zone MASON-PREP.local was
refused by the master DNS server at 172.18.1.12. Check the zone at the master server
172.18.1.12 to verify that zone transfer is enabled to this server. To do so, use
the DNS console, and select master server 172.18.1.12 as the applicable server,
then in secondary zone MASON-PREP.local Properties, view the settings on the Zone
Transfers tab. Based on the settings you choose, make any configuration adjustments
there (or possibly in the Name Servers tab) so that a zone transfer can be made
to this server.

Error - 12/14/2008 6:13:32 PM | Computer Name = ES1 | Source = DNS | ID = 6525
Description = A zone transfer request for the secondary zone MASON-PREP.local was
refused by the master DNS server at 172.18.1.12. Check the zone at the master server
172.18.1.12 to verify that zone transfer is enabled to this server. To do so, use
the DNS console, and select master server 172.18.1.12 as the applicable server,
then in secondary zone MASON-PREP.local Properties, view the settings on the Zone
Transfers tab. Based on the settings you choose, make any configuration adjustments
there (or possibly in the Name Servers tab) so that a zone transfer can be made
to this server.

Error - 12/15/2008 9:13:36 PM | Computer Name = ES1 | Source = DNS | ID = 6525
Description = A zone transfer request for the secondary zone MASON-PREP.local was
refused by the master DNS server at 172.18.1.12. Check the zone at the master server
172.18.1.12 to verify that zone transfer is enabled to this server. To do so, use
the DNS console, and select master server 172.18.1.12 as the applicable server,
then in secondary zone MASON-PREP.local Properties, view the settings on the Zone
Transfers tab. Based on the settings you choose, make any configuration adjustments
there (or possibly in the Name Servers tab) so that a zone transfer can be made
to this server.

Error - 12/15/2008 9:15:30 PM | Computer Name = ES1 | Source = DNS | ID = 6525
Description = A zone transfer request for the secondary zone MASON-PREP.local was
refused by the master DNS server at 172.18.1.12. Check the zone at the master server
172.18.1.12 to verify that zone transfer is enabled to this server. To do so, use
the DNS console, and select master server 172.18.1.12 as the applicable server,
then in secondary zone MASON-PREP.local Properties, view the settings on the Zone
Transfers tab. Based on the settings you choose, make any configuration adjustments
there (or possibly in the Name Servers tab) so that a zone transfer can be made
to this server.

Error - 12/15/2008 9:17:24 PM | Computer Name = ES1 | Source = DNS | ID = 6525
Description = A zone transfer request for the secondary zone MASON-PREP.local was
refused by the master DNS server at 172.18.1.12. Check the zone at the master server
172.18.1.12 to verify that zone transfer is enabled to this server. To do so, use
the DNS console, and select master server 172.18.1.12 as the applicable server,
then in secondary zone MASON-PREP.local Properties, view the settings on the Zone
Transfers tab. Based on the settings you choose, make any configuration adjustments
there (or possibly in the Name Servers tab) so that a zone transfer can be made
to this server.

Error - 12/16/2008 9:27:39 PM | Computer Name = ES1 | Source = DNS | ID = 6525
Description = A zone transfer request for the secondary zone MASON-PREP.local was
refused by the master DNS server at 172.18.1.12. Check the zone at the master server
172.18.1.12 to verify that zone transfer is enabled to this server. To do so, use
the DNS console, and select master server 172.18.1.12 as the applicable server,
then in secondary zone MASON-PREP.local Properties, view the settings on the Zone
Transfers tab. Based on the settings you choose, make any configuration adjustments
there (or possibly in the Name Servers tab) so that a zone transfer can be made
to this server.

Error - 12/16/2008 9:29:33 PM | Computer Name = ES1 | Source = DNS | ID = 6525
Description = A zone transfer request for the secondary zone MASON-PREP.local was
refused by the master DNS server at 172.18.1.12. Check the zone at the master server
172.18.1.12 to verify that zone transfer is enabled to this server. To do so, use
the DNS console, and select master server 172.18.1.12 as the applicable server,
then in secondary zone MASON-PREP.local Properties, view the settings on the Zone
Transfers tab. Based on the settings you choose, make any configuration adjustments
there (or possibly in the Name Servers tab) so that a zone transfer can be made
to this server.

[ System Events ]
Error - 12/19/2008 9:41:39 AM | Computer Name = ES1 | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Shared Fax Driver required for printer Fax is unknown.
Contact the administrator to install the driver before you log in again.

Error - 12/19/2008 9:41:39 AM | Computer Name = ES1 | Source = TermServDevices | ID = 1111
Description = Driver CutePDF Writer required for printer CutePDF Writer is unknown.
Contact the administrator to install the driver before you log in again.

Error - 12/19/2008 9:41:40 AM | Computer Name = ES1 | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Office Document Image Writer Driver required for
printer Microsoft Office Document Image Writer is unknown. Contact the administrator
to install the driver before you log in again.

Error - 12/19/2008 9:41:40 AM | Computer Name = ES1 | Source = TermServDevices | ID = 1111
Description = Driver Microsoft XPS Document Writer required for printer Microsoft
XPS Document Writer is unknown. Contact the administrator to install the driver
before you log in again.

Error - 12/19/2008 7:06:22 PM | Computer Name = ES1 | Source = LsaSrv | ID = 6033
Description = An anonymous session connected from LOCALHOST has attempted to open
an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED
to prevent leaking security sensitive information to the anonymous caller. The application
that made this attempt needs to be fixed. Please contact the application vendor.
As
a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock
DWORD value to 1. This message will be logged at most once a day.

Error - 12/20/2008 8:03:08 PM | Computer Name = ES1 | Source = LsaSrv | ID = 6033
Description = An anonymous session connected from LOCALHOST has attempted to open
an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED
to prevent leaking security sensitive information to the anonymous caller. The application
that made this attempt needs to be fixed. Please contact the application vendor.
As
a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock
DWORD value to 1. This message will be logged at most once a day.

Error - 12/20/2008 11:58:42 PM | Computer Name = ES1 | Source = TermServDevices | ID = 1111
Description = Driver HP Deskjet 6940 series required for printer Network HP Deskjet
6940 series is unknown. Contact the administrator to install the driver before
you log in again.

Error - 12/20/2008 11:58:42 PM | Computer Name = ES1 | Source = TermServDevices | ID = 1111
Description = Driver CutePDF Writer required for printer CutePDF Writer is unknown.
Contact the administrator to install the driver before you log in again.

Error - 12/20/2008 11:58:43 PM | Computer Name = ES1 | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Shared Fax Driver required for printer Fax is unknown.
Contact the administrator to install the driver before you log in again.

Error - 12/20/2008 11:58:43 PM | Computer Name = ES1 | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Office Document Image Writer Driver required for
printer Microsoft Office Document Image Writer is unknown. Contact the administrator
to install the driver before you log in again.


< End of report >

#6 pkscoach

pkscoach
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 21 December 2008 - 01:44 PM

Sorry if I confused you - I tried to post both logs together, and it said they were too big, but it posted them anyway.
The OTViewIt log and Extras log are both in the previous reply. Let me know if you have any trouble reading them and I will try again.
Thanks!

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 21 December 2008 - 02:14 PM

Hello.

Sorry if I confused you - I tried to post both logs together, and it said they were too big, but it posted them anyway.
The OTViewIt log and Extras log are both in the previous reply. Let me know if you have any trouble reading them and I will try again.
Thanks!

Nope. It's fine, I can see the OTViewIT and Extra log fine. Give me some time to look over the log and I'll get back to you as soon as possible.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 21 December 2008 - 10:53 PM

Hello.

This is my first time dealing with a windows 2003 machine so please bare with me, some tools don't work on windows 2003 so it may be a bit difficult dealing with these persistent vundo files and registry keys..

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Leave your USB drive plugged in while running Malwarebytes Anti-Malware.

We will run Malwarebytes Anti-Malware again. Please follow the instructions below to download and install it encase you removed it..

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Please post back with:
-malwarebytes Anti-Malware log
-Fresh OTViewIT log


:thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 pkscoach

pkscoach
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 22 December 2008 - 03:27 PM

Hi-

I downloaded FlashDisinfector and copied it to the desktop of the computer. However, it won't do anything. When I opened Task Manager to see what applications and processes were running, it didn't appear.

I then left Task Manager running and tried to run FlashDisinfector again. Flash_Disinfector appeared in the Processes screen of Task Manager for 4-5 seconds, and then disappeared.

Any advice? Thanks!

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 22 December 2008 - 04:13 PM

Hello.

I downloaded FlashDisinfector and copied it to the desktop of the computer. However, it won't do anything. When I opened Task Manager to see what applications and processes were running, it didn't appear.

I then left Task Manager running and tried to run FlashDisinfector again. Flash_Disinfector appeared in the Processes screen of Task Manager for 4-5 seconds, and then disappeared.

After you double click it did you get an message, similar to this after a while: "If you have a Flash dirve, please plug it in the machine.

The screen will go blank for a while. Don't get alarmed. This is Normal.

Click OK to begin disinfection."?

The part you said "Flash_Disinfector appeared in the Processes screen of Task Manager for 4-5 seconds, and then disappeared" is normal. When Flash_Disinfector disappers from Task Manager you should get the message I descibed above.

Try running it one more time and if it doesn't work, please try booting your computer into Safe Mode and see if it works.
If not please tell me in your next reply.

How to Boot into Safe Mode

I suggest you read over the instructions on how to boot into Safe Mode and then print these instructions out or save them in Notepad because you won't have access to this page while in Safe Mode.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use your arrow keys to navigate and highlight Safe Mode.
  • Hit Enter.
  • You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP.
  • Hit Enter.
Your computer will proceed to booting into Safe Mode. During the boot process, you may see random code go past your screen. Simply wait for it to pass. Your computer should boot like usually, except with Safe Mode written in the corners of your screen. Your screen may also appear to be a different size because the video drivers are not loaded properly in Safe Mode.

After the boot, you will be asked whether you wish to use system restore, or to continue to Safe Mode. Select OK to choose Safe mode.



Reboot back to Normal mode if you went into Safe Mode and run the Malwarebytes Anti-Malware scan.

Please post back with:
-Malwarebytes Anti-Malware scan log
-Fresh OTViewIT log


:thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 pkscoach

pkscoach
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 22 December 2008 - 04:55 PM

I didn't get any messages when I ran the program. I'm not at work now, but I will go in later and reboot the computer in safe mode and try again - thanks.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 22 December 2008 - 06:27 PM

I didn't get any messages when I ran the program. I'm not at work now, but I will go in later and reboot the computer in safe mode and try again - thanks.

Sure, no problem. Also run the Malware bytes Anti-Malware scan as well.

Post back with the:
-Malware bytes anti-malware log
-Fresh OTViewIT log


I'll review it when it comes back :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 pkscoach

pkscoach
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 23 December 2008 - 12:31 PM

I had no luck running FlashDisinfector. I tried running in normal mode and in safe mode. Could this be incompatible with Windows 2003 Server?

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 23 December 2008 - 12:46 PM

Hello.

I had no luck running FlashDisinfector. I tried running in normal mode and in safe mode. Could this be incompatible with Windows 2003 Server?

yes perhaps.

please continue with running malwarebytes anti-malware please. Instead of doing a quick scan please do a Full Scan because you have already done a quick scan before perhaps.

Post back with the malwarebytes anti-malware log and a fresh OTViewIT log.

:thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 pkscoach

pkscoach
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 23 December 2008 - 04:18 PM

OK - here's the MBAM log

Malwarebytes' Anti-Malware 1.31
Database version: 1537
Windows 5.2.3790 Service Pack 2

12/23/2008 4:03:59 PM
mbam-log-2008-12-23 (16-03-59).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 238051
Time elapsed: 26 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\nnnmkLDu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rqRIaXNF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fccyvSLB.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5afb7699-262a-4e28-8ee8-cd9a8c51a580} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5afb7699-262a-4e28-8ee8-cd9a8c51a580} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccyvslb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnmkldu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnmkldu -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nnnmkLDu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uDLkmnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uDLkmnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyvSLB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ddCUOfDU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UDfOUCdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UDfOUCdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIaXNF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\FNXaIRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FNXaIRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Temporary Internet Files\Content.IE5\01E7K16Z\divx[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Temporary Internet Files\Content.IE5\01E7K16Z\divx[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Temporary Internet Files\Content.IE5\CHQJGTE3\divx[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Temporary Internet Files\Content.IE5\CHQJGTE3\divx[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Temporary Internet Files\Content.IE5\SL2JC5AB\divx[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MASON-PREP\Local Settings\Temporary Internet Files\Content.IE5\SL2JC5AB\divx[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\INF3E26.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

I'll send the OTViewit logs next




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users