Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/Cinject.u and win32/Slenugga.A..? erhm help?


  • This topic is locked This topic is locked
15 replies to this topic

#1 SbrbnGangsta

SbrbnGangsta

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 27 February 2009 - 05:06 AM

I know i got it from my girlfriends dad's flash drive ..Dont quite no how to get rid of it.... Tried a few things didnt work..So im going to pros for help :thumbup2:
==============================

DDS (Ver_09-02-01.01) - NTFSx86
Run by Donna at 16:41:36.73 on Fri 03/07/2003
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.145 [GMT -8:00]

AV: eTrust EZ Antivirus *On-access scanning enabled* (Updated)
FW: eTrust Personal Firewall Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Donna\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] c:\recycler\s-1-5-21-1888037702-1604341189-830029971-9696\winigon.exe
mRun: [Zone Labs Client] c:\program files\ca\etrust internet security suite\etrust personal firewall\ca.exe
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [QuickTime Task] "c:\windows\system32\qttask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\ca\etrust internet security suite\etrust anti-spam\qsp-2.1.215.15\QOELoader.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [CAVRID] "c:\program files\ca\etrust internet security suite\etrust ez antivirus\CAVRID.exe"
mRun: [CaAvTray] "c:\program files\ca\etrust internet security suite\etrust ez antivirus\CAVTray.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm860YYUS
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-2 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-9-27 5504]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\Vet-Filt.sys [2008-4-5 21031]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\Vet-Rec.sys [2008-4-5 15478]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2008-4-5 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VetFDDNT.sys [2008-4-5 15735]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-4-5 26787]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-4-5 279656]
R2 CAISafe;CAISafe;c:\program files\ca\etrust internet security suite\etrust ez antivirus\iSafe.exe [2008-4-5 259624]
R2 VETMSGNT;VET Message Service;c:\program files\ca\etrust internet security suite\etrust ez antivirus\VetMsg.exe [2008-4-5 202280]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2008-4-5 108360]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\subagames\crossfire\gameguard\dump_wmimmc.sys --> c:\program files\subagames\crossfire\gameguard\dump_wmimmc.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]

=============== Created Last 30 ================

2003-03-07 12:46 <DIR> --dsh--- c:\documents and settings\donna\UserData
2003-03-07 12:39 <DIR> a-dshr-- C:\autorun.inf
2003-03-06 13:04 <DIR> --d----- c:\program files\Subagames
2003-02-13 11:32 157,152 a------- c:\windows\system32\PubPlugin.dll
2003-02-13 11:32 58,800 a------- c:\windows\system32\ijjiPlugin2.dll
2003-02-13 11:32 710,064 a------- c:\windows\system32\ijjiSetup.exe
2003-02-13 11:32 <DIR> --d----- c:\program files\NHN USA
2003-02-08 15:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2003-02-08 15:25 204 a------- C:\Plugins
2003-02-08 15:03 <DIR> --d----- C:\CFLog
2003-02-08 14:58 <DIR> --d----- c:\program files\G4box

==================== Find3M ====================

2003-03-06 20:35 34 a------- c:\documents and settings\donna\jagex_runescape_preferences.dat
2003-02-21 11:42 348,160 a------- c:\windows\system32\MSVCR71.dll
2003-01-06 19:49 22,328 ac------ c:\windows\system32\drivers\PnkBstrK.sys
2003-01-06 19:48 107,832 a------- c:\windows\system32\PnkBstrB.exe
2003-01-05 09:13 17,920 a------- c:\windows\system32\syskgr.exe
2003-01-05 02:04 66,872 a------- c:\windows\system32\PnkBstrA.exe
2003-01-01 21:01 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-08-24 23:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 16:42:14.78 ===============

Attached Files


Posted Image

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:01 PM

Posted 11 March 2009 - 12:49 AM

Hi SbrbnGangsta,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have run any tool or have made a major change to the system since your last post. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#3 SbrbnGangsta

SbrbnGangsta
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 11 March 2009 - 07:08 PM

No major change has come to my computer. Problems with my computer conisist of it overall being more sluggy and webpages freezing peridocally, also its shut down by itself a couple of times and once the screen just shut off but the computer was on,and i rebooted and had no problem.

Heres the contents of the log.txt
============================

rLogfile of random's system information tool 1.05 (written by random/random)
Run by Donna at 2003-03-20 07:58:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (20%) free of 76 GB
Total RAM: 511 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:35 AM, on 3/20/2003
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Donna\Desktop\RSIT.exe
C:\Program Files\trend micro\Donna.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] C:\RECYCLER\S-1-5-21-1888037702-1604341189-830029971-9696\winigon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm860YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8607 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe [2005-06-03 943880]
"Tweak UI"=C:\WINDOWS\system32\TWEAKUI.CPL [2003-03-25 106544]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-02 136600]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2006-09-15 675840]
"QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2008-04-05 98304]
"QOELOADER"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe [2008-04-05 6656]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]
"CAVRID"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe [2008-04-05 185896]
"CaAvTray"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe [2008-04-05 230952]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H []
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe []
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe []
"12CFG94-z641-2SF-N31P-5M1ER6H6L1"=C:\RECYCLER\S-1-5-21-1888037702-1604341189-830029971-9696\winigon.exe [2009-02-26 72704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-11 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\WINDOWS\Downloaded Program Files\PLauncher.exe"="C:\WINDOWS\Downloaded Program Files\PLauncher.exe:*:Enabled:PLauncher Application"
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe"="C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe"
"C:\Program Files\BYOND\bin\byond.exe"="C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond"
"C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe"="C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2008-12-21 01:41:23 ----A---- C:\WINDOWS\system32\syskgr.exe
2008-12-10 10:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 10:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 10:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 10:43:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-04 00:57:56 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-12-04 00:56:57 ----D---- C:\Program Files\Realtek AC97
2008-12-04 00:56:56 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2008-12-04 00:56:54 ----A---- C:\WINDOWS\soundman.exe
2008-12-04 00:56:53 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2008-12-04 00:56:53 ----A---- C:\WINDOWS\alcupd.exe
2008-12-04 00:56:53 ----A---- C:\WINDOWS\Alcrmv.exe
2008-12-04 00:20:19 ----D---- C:\Documents and Settings\Donna\Application Data\Download Manager
2008-12-02 21:58:12 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 21:58:12 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 21:58:12 ----A---- C:\WINDOWS\system32\java.exe
2008-12-02 00:01:35 ----A---- C:\WINDOWS\gmer.ini
2008-12-02 00:01:33 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-02 00:01:33 ----A---- C:\WINDOWS\gmer.exe
2008-12-02 00:01:33 ----A---- C:\WINDOWS\gmer.dll
2008-11-29 17:57:40 ----D---- C:\Program Files\Adobe
2008-11-29 02:09:45 ----A---- C:\WINDOWS\resetlog.txt
2008-11-29 00:50:49 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-25 18:56:00 ----D---- C:\Program Files\trend micro
2008-11-22 13:25:07 ----D---- C:\WINDOWS\ERUNT
2008-11-22 13:08:34 ----D---- C:\SDFix
2008-11-12 04:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 04:24:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 04:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 18:10:57 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-03 01:13:01 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-02 16:13:25 ----D---- C:\WINDOWS\Minidump
2008-11-01 14:59:45 ----D---- C:\Documents and Settings\Donna\Application Data\Design Science
2008-10-24 15:05:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 01:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-17 01:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-17 01:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-17 01:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-17 01:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-15 02:46:34 ----D---- C:\WINDOWS\system32\AGEIA
2008-09-15 02:46:23 ----D---- C:\Program Files\AGEIA Technologies
2008-09-15 02:43:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-15 02:10:13 ----D---- C:\Documents and Settings\Donna\Application Data\IGN_DLM
2008-09-11 22:51:54 ----D---- C:\Program Files\DNA
2008-09-10 01:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 01:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-08 22:18:06 ----D---- C:\Documents and Settings\Donna\Application Data\Real
2008-09-08 22:12:38 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-09-08 22:12:37 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-09-08 22:12:36 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-09-08 22:12:35 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-09-08 22:12:11 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-09-08 22:12:09 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-08-28 01:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-08-28 01:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-08-28 01:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-08-27 15:32:38 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-08-27 15:32:36 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-08-27 15:31:29 ----D---- C:\Program Files\Windows Media Connect 2
2008-08-27 15:31:08 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-08-27 15:27:06 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-08-27 15:23:47 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-08-25 17:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-25 00:25:34 ----D---- C:\WINDOWS\Prefetch
2008-08-25 00:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-25 00:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-25 00:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-25 00:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-25 00:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-25 00:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-25 00:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-24 23:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-24 23:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-24 23:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-24 23:49:11 ----D---- C:\WINDOWS\system32\scripting
2008-08-24 23:49:10 ----D---- C:\WINDOWS\l2schemas
2008-08-24 23:49:08 ----D---- C:\WINDOWS\system32\en
2008-08-24 23:49:07 ----D---- C:\WINDOWS\system32\bits
2008-08-24 23:37:34 ----D---- C:\WINDOWS\network diagnostic
2008-08-24 23:28:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-24 23:01:34 ----A---- C:\WINDOWS\unvise32.exe
2008-08-24 23:01:22 ----D---- C:\Program Files\DivX
2008-08-22 03:54:02 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-22 03:53:51 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-22 03:53:48 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-22 03:53:48 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-22 03:53:26 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-22 03:53:26 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-22 03:52:55 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-22 03:52:44 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-22 03:52:39 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-22 03:52:37 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-22 03:52:35 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-22 03:52:34 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-22 03:52:34 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-22 03:52:29 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-22 03:52:21 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-22 03:51:58 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-22 03:51:58 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-22 03:51:58 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-22 03:51:54 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-22 03:51:54 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-22 03:51:48 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-22 03:51:48 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-22 03:51:13 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-22 03:51:12 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-22 03:51:12 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-22 03:51:11 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-22 03:50:49 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-22 03:50:47 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-22 03:50:45 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-22 03:50:45 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-22 03:50:44 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-22 03:50:44 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-08-22 03:50:44 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-08-22 03:50:43 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-08-22 03:50:42 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-22 03:50:42 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-08-22 03:50:42 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-08-22 03:50:42 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-08-22 03:50:00 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-08-22 03:49:56 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-22 03:49:56 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-22 03:49:56 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-22 03:49:56 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-22 03:49:56 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-22 03:49:56 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-22 03:49:56 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-22 03:49:55 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-22 03:49:46 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-22 03:49:46 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-22 03:49:46 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-22 03:49:46 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-22 03:49:46 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-22 03:49:46 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-22 03:49:45 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-22 03:49:41 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-22 03:49:41 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-22 03:49:39 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-22 03:49:33 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-08-22 03:49:30 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-22 03:49:15 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-22 03:49:13 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-22 03:48:48 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-17 03:50:29 ----D---- C:\Program Files\InterActual
2008-08-14 01:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-14 01:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-14 01:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 01:11:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-14 01:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 01:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-14 01:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-07-15 13:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-27 02:42:07 ----D---- C:\Nexon
2008-06-27 02:42:06 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-06-23 00:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-10 22:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-10 22:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-10 22:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-10 22:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$
2008-06-06 18:15:28 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-06-03 12:00:20 ----HD---- C:\WINDOWS\PIF
2008-06-02 17:36:04 ----A---- C:\WINDOWS\system32\tsccvid.dll
2008-05-30 02:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-05-30 02:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-05-30 02:05:45 ----D---- C:\vcs5BGEffects
2008-04-11 16:55:19 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-11 16:55:13 ----D---- C:\Program Files\DVD Shrink
2008-04-11 16:48:36 ----D---- C:\Program Files\DVD Decrypter
2008-04-11 16:37:58 ----D---- C:\Program Files\Elaborate Bytes
2008-04-11 16:37:28 ----D---- C:\Program Files\SlySoft
2008-04-11 04:50:49 ----AC---- C:\WINDOWS\PhotoSnapViewer.INI
2008-04-09 01:30:28 ----HDC---- C:\WINDOWS\$NtUninstallKB948881$
2008-04-09 01:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-04-09 01:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-04-09 01:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-04-08 08:53:17 ----RHD---- C:\Documents and Settings\Donna\Application Data\yahoo!
2008-04-08 01:08:20 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-08 01:07:48 ----A---- C:\YServer.txt
2008-04-08 01:07:23 ----D---- C:\Program Files\Yahoo!
2008-04-07 15:53:21 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-04-07 15:53:19 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-04-05 15:57:58 ----D---- C:\Program Files\MathType
2008-04-05 14:35:20 ----D---- C:\WINDOWS\CAVTemp
2008-04-05 14:35:19 ----D---- C:\Documents and Settings\Donna\Application Data\OfficeUpdate12
2008-04-05 14:32:53 ----AC---- C:\WINDOWS\ODBC.INI
2008-04-05 14:32:10 ----D---- C:\Program Files\Common Files\Designer
2008-04-05 14:31:56 ----D---- C:\WINDOWS\ShellNew
2008-04-05 14:31:18 ----D---- C:\Program Files\Microsoft Office
2008-04-05 14:31:18 ----D---- C:\Documents and Settings\Donna\Application Data\Microsoft Web Folders
2008-04-05 13:48:35 ----D---- C:\Program Files\Microsoft Games
2008-04-05 13:41:05 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-04-05 13:41:05 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-04-05 13:41:05 ----A---- C:\WINDOWS\system32\vsutil_oem1051.dll
2008-04-05 13:41:05 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-04-05 13:41:01 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-04-05 13:41:00 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-04-05 13:41:00 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-04-05 13:41:00 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-04-05 13:40:51 ----D---- C:\WINDOWS\Internet Logs
2008-04-05 13:40:51 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-04-05 13:40:51 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-04-05 13:40:51 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-04-05 13:40:31 ----AC---- C:\WINDOWS\UnVet32.exe
2008-04-05 13:40:31 ----A---- C:\WINDOWS\system32\VetRedir.dll
2008-04-05 13:40:31 ----A---- C:\WINDOWS\AVShlExt.dll
2008-04-05 13:40:29 ----AC---- C:\WINDOWS\unicows.dll
2008-04-05 13:40:29 ----A---- C:\WINDOWS\system32\iSafProd.dll
2008-04-05 13:40:29 ----A---- C:\WINDOWS\system32\ISafeIf.dll
2008-04-05 13:39:53 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2008-04-05 13:39:48 ----D---- C:\Program Files\Common Files\Scanner
2008-04-05 13:39:39 ----D---- C:\Program Files\CA
2008-04-05 13:38:20 ----A---- C:\caisslog.txt
2008-04-05 13:35:07 ----D---- C:\Program Files\NovaLogic
2008-04-05 13:33:02 ----D---- C:\Program Files\Zip995
2008-04-05 13:32:50 ----AC---- C:\WINDOWS\pe.ini
2008-04-05 13:32:50 ----AC---- C:\WINDOWS\ft99.ini
2008-04-05 13:32:50 ----AC---- C:\WINDOWS\cp.ini
2008-04-05 13:31:16 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2008-04-05 13:31:16 ----A---- C:\WINDOWS\system32\pdfmona.dll
2008-04-05 13:31:16 ----A---- C:\WINDOWS\system32\pdf995mon.dll
2008-04-05 13:31:15 ----D---- C:\Program Files\pdf995
2008-04-05 13:20:24 ----D---- C:\WINDOWS\ie7updates
2008-04-05 13:18:27 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-04-05 13:18:07 ----D---- C:\WINDOWS\system32\Adobe
2008-04-05 13:17:51 ----D---- C:\Documents and Settings\Donna\Application Data\Adobe
2008-04-05 13:16:40 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-05 13:16:30 ----D---- C:\Program Files\Common Files\Adobe
2008-04-05 13:14:30 ----D---- C:\Documents and Settings\Donna\Application Data\Macromedia
2008-04-05 13:12:10 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-04-05 13:12:09 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-04-05 13:12:09 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-04-05 13:12:09 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-05 13:12:08 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-04-05 13:12:07 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-04-05 13:12:07 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-04-05 13:12:07 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-04-05 13:12:07 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-04-05 13:12:07 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-04-05 13:12:06 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-04-05 13:12:06 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-04-05 13:12:06 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-04-05 13:12:05 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-04-05 13:12:04 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-04-05 13:12:03 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-04-05 13:12:03 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-04-05 13:12:01 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-04-05 13:12:01 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-04-05 13:12:00 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-04-05 13:12:00 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-04-05 13:12:00 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-04-05 13:12:00 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-04-05 13:11:59 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-04-05 13:11:59 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-04-05 13:11:59 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-04-05 13:11:59 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-04-05 13:11:58 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-04-05 13:11:58 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-04-05 13:11:49 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-04-05 13:11:48 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-04-05 13:11:48 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-04-05 13:11:48 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-04-05 13:11:47 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-04-05 13:11:47 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-04-05 13:11:47 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-04-05 13:11:46 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-04-05 13:11:46 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-04-05 13:11:45 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-04-05 13:06:09 ----D---- C:\Program Files\iolo
2008-04-05 13:06:09 ----A---- C:\WINDOWS\system32\Incinerator.dll
2008-04-05 12:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-05 12:12:45 ----D---- C:\Program Files\CyberLink
2008-04-05 11:55:28 ----A---- C:\WINDOWS\system32\MRT.exe
2008-04-05 11:55:23 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-04-05 11:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-04-05 11:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB944533$
2008-04-05 11:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-04-05 11:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB942840$
2008-04-05 11:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2008-04-05 11:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-04-05 11:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-04-05 11:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2008-04-05 11:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2008-04-05 11:51:33 ----D---- C:\WINDOWS\WBEM
2008-04-05 11:51:32 ----D---- C:\WINDOWS\system32\en-US
2008-04-05 11:50:21 ----HDC---- C:\WINDOWS\ie7
2008-04-05 11:50:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-04-05 11:50:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-04-05 11:49:51 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-04-05 11:49:49 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-04-05 11:49:44 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-04-05 11:44:54 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-04-05 11:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2008-04-05 11:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-04-05 11:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-04-05 11:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-04-05 11:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2008-04-05 11:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2008-04-05 11:44:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-04-05 11:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-04-05 11:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-04-05 11:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-04-05 11:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-04-05 11:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-04-05 11:43:43 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-04-05 11:43:39 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-04-05 11:43:34 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-04-05 11:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-04-05 11:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-04-05 11:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-04-05 11:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-04-05 11:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-04-05 11:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-04-05 11:43:03 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-04-05 11:42:58 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-04-05 11:42:55 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-04-05 11:42:51 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-04-05 11:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-04-05 11:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-04-05 11:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-04-05 11:42:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-04-05 11:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-04-05 11:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-04-05 11:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-04-05 11:42:13 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-04-05 11:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-04-05 11:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-04-05 11:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-04-05 11:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-04-05 11:41:50 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-04-05 11:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-04-05 11:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-04-05 11:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-04-05 11:41:31 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-04-05 11:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-04-05 11:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-04-05 11:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-04-05 11:41:14 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-04-05 11:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-04-05 11:41:03 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-04-05 11:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-04-05 11:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-04-05 11:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-04-05 11:40:33 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-04-05 11:40:29 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-04-05 11:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-04-05 11:40:17 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-04-05 11:40:13 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-04-05 11:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-04-05 11:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-04-05 11:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-04-05 11:39:50 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-04-05 11:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-04-05 11:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-04-05 11:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-04-05 11:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-04-05 11:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-04-05 11:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-04-05 11:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-04-05 11:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-04-05 11:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-04-05 11:39:10 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-04-05 11:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-04-05 11:39:03 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-04-05 11:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-04-05 11:38:57 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-04-05 11:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-04-05 11:31:57 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-05 11:31:38 ----D---- C:\WINDOWS\system32\PreInstall
2008-04-05 11:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-04-05 11:24:18 ----D---- C:\Program Files\D-Tools
2008-04-05 11:23:30 ----D---- C:\Documents and Settings\Donna\Application Data\U3
2008-04-05 11:20:37 ----D---- C:\Documents and Settings\Donna\Application Data\ATI
2008-04-05 11:15:52 ----D---- C:\Program Files\Common Files\ATI Technologies
2008-04-05 11:13:47 ----RSD---- C:\WINDOWS\assembly
2008-04-05 11:13:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-04-05 11:12:34 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-04-05 11:12:14 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-04-05 11:11:52 ----D---- C:\Program Files\ATI Technologies
2008-04-05 11:11:03 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2008-04-05 11:11:03 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2008-04-05 11:11:03 ----A---- C:\WINDOWS\system32\atitvo32.dll
2008-04-05 11:11:03 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2008-04-05 11:11:03 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2008-04-05 11:11:03 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2008-04-05 11:11:02 ----A---- C:\WINDOWS\system32\atioglxx.dll
2008-04-05 11:11:01 ----A---- C:\WINDOWS\system32\atioglx1.dll
2008-04-05 11:10:58 ----A---- C:\WINDOWS\system32\atikvmag.dll
2008-04-05 11:10:58 ----A---- C:\WINDOWS\system32\ATIDEMGR.dll
2008-04-05 11:10:58 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2008-04-05 11:10:56 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2008-04-05 11:10:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2008-04-05 11:10:22 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-04-05 11:09:36 ----D---- C:\Diamond
2008-04-05 11:01:50 ----D---- C:\Documents and Settings\Donna\Application Data\Ahead
2008-04-05 11:01:12 ----D---- C:\Program Files\Nero
2008-04-05 11:01:12 ----D---- C:\Program Files\Common Files\Ahead
2008-04-05 10:54:16 ----D---- C:\Program Files\Common Files\ACD Systems
2008-04-05 10:54:01 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-05 10:53:25 ----D---- C:\Program Files\ACD Systems
2008-04-05 10:52:51 ----D---- C:\Program Files\PopCap Games
2008-04-05 10:52:51 ----AC---- C:\WINDOWS\UnGins.exe
2008-04-05 10:49:16 ----A---- C:\WINDOWS\system32\qttask.exe
2008-04-05 10:47:26 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-04-05 10:47:26 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-04-05 10:47:26 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-04-05 10:47:26 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-04-05 10:47:22 ----D---- C:\WINDOWS\system32\QuickTime
2008-04-05 10:47:22 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2008-04-05 10:47:21 ----AC---- C:\WINDOWS\mmtvmj.ini
2008-04-05 10:47:21 ----AC---- C:\WINDOWS\m3jp2k.ini
2008-04-05 10:47:20 ----AC---- C:\WINDOWS\m3jpeg.ini
2008-04-05 10:47:17 ----A---- C:\WINDOWS\system32\mplvpx.dll
2008-04-05 10:47:17 ----A---- C:\WINDOWS\system32\mplvm6.dll
2008-04-05 10:47:16 ----A---- C:\WINDOWS\system32\mplvw7.dll
2008-04-05 10:47:16 ----A---- C:\WINDOWS\system32\mplva6.dll
2008-04-05 10:47:16 ----A---- C:\WINDOWS\system32\mplaw7.dll
2008-04-05 10:47:16 ----A---- C:\WINDOWS\system32\mplapx.dll
2008-04-05 10:47:16 ----A---- C:\WINDOWS\system32\mplam6.dll
2008-04-05 10:47:16 ----A---- C:\WINDOWS\system32\mplaa6.dll
2008-04-05 10:47:16 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2008-04-05 10:47:15 ----A---- C:\WINDOWS\system32\unrar.dll
2008-04-05 10:47:13 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-04-05 10:47:10 ----D---- C:\Program Files\ACE Mega CoDecS Pack
2008-04-05 10:38:31 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-04-05 10:38:31 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-04-05 10:38:31 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-04-05 10:38:31 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-04-05 10:38:31 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-04-05 10:38:31 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-04-05 10:38:31 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-04-05 10:38:31 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-04-05 10:38:31 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-04-05 10:38:31 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-04-05 10:38:30 ----N---- C:\WINDOWS\system32\slserv.exe
2008-04-05 10:38:30 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-04-05 10:38:30 ----N---- C:\WINDOWS\system32\slgen.dll
2008-04-05 10:38:30 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-04-05 10:38:30 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-04-05 10:38:30 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-04-05 10:38:30 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-04-05 10:38:30 ----N---- C:\WINDOWS\slrundll.exe
2008-04-05 10:38:27 ----A---- C:\WINDOWS\system32\uniime.dll
2008-04-05 10:38:27 ----A---- C:\WINDOWS\system32\imjp81k.dll
2008-04-05 10:36:44 ----D---- C:\WINDOWS\ServicePackFiles
2008-04-05 10:36:15 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-04-05 10:36:12 ----D---- C:\WINDOWS\EHome
2008-04-05 10:26:07 ----D---- C:\Program Files\Microsoft Plus!
2008-04-05 10:21:00 ----A---- C:\WINDOWS\system32\vusetup.dll
2008-04-05 10:19:20 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-04-05 10:19:13 ----A---- C:\WINDOWS\system32\Audio3D.dll
2008-04-05 10:19:13 ----A---- C:\WINDOWS\system32\a3d.dll
2008-04-05 10:19:10 ----HD---- C:\Program Files\InstallShield Installation Information
2008-04-05 10:19:07 ----D---- C:\Program Files\Common Files\InstallShield
2008-04-05 10:18:21 ----D---- C:\Program Files\S3
2008-04-05 10:17:09 ----SHD---- C:\RECYCLER
2008-04-05 10:11:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-04-05 10:11:24 ----AC---- C:\WINDOWS\IsUninst.exe
2008-04-05 09:55:26 ----D---- C:\images
2008-04-05 09:52:43 ----D---- C:\Downloads
2008-04-05 09:47:47 ----D---- C:\Documents and Settings\Donna\Application Data\Identities
2008-04-05 09:47:45 ----HD---- C:\Program Files\Uninstall Information
2008-04-05 09:47:29 ----ASH---- C:\Documents and Settings\Donna\Application Data\desktop.ini
2008-04-05 09:47:28 ----SD---- C:\Documents and Settings\Donna\Application Data\Microsoft
2008-04-05 09:46:20 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-04-05 09:41:18 ----D---- C:\WINDOWS\SoftwareDistribution
2008-04-05 09:40:40 ----SD---- C:\WINDOWS\system32\Microsoft
2008-04-05 09:40:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-04-05 09:30:47 ----D---- C:\WINDOWS\system32\xircom
2008-04-05 09:30:47 ----D---- C:\Program Files\xerox
2008-04-05 09:30:47 ----D---- C:\Program Files\microsoft frontpage
2008-04-05 09:30:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-04-05 09:30:35 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-04-05 09:30:06 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-04-05 09:30:01 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-04-05 09:28:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-04-05 09:28:57 ----RD---- C:\WINDOWS\Offline Web Pages
2008-04-05 09:28:57 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-05 09:28:50 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-04-05 09:28:45 ----HD---- C:\Program Files\WindowsUpdate
2008-04-05 09:28:25 ----D---- C:\WINDOWS\system32\DirectX
2008-04-05 09:28:10 ----A---- C:\WINDOWS\system32\atrace.dll
2008-04-05 09:28:08 ----AC---- C:\WINDOWS\desktop.ini
2008-04-05 09:28:08 ----A---- C:\WINDOWS\system32\desktop.ini
2008-04-05 09:28:02 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-04-05 09:28:01 ----D---- C:\Program Files\Common Files\Services
2008-04-05 09:28:01 ----A---- C:\WINDOWS\system32\acctres.dll
2008-04-05 09:27:59 ----SD---- C:\WINDOWS\Tasks
2008-04-05 09:27:59 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-04-05 09:27:58 ----D---- C:\Program Files\Common Files\MSSoap
2008-04-05 09:27:55 ----D---- C:\WINDOWS\system32\Macromed
2008-04-05 09:27:55 ----D---- C:\WINDOWS\srchasst
2008-04-05 09:27:53 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-04-05 09:27:53 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-04-05 09:27:53 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-04-05 09:27:53 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-04-05 09:27:52 ----A---- C:\WINDOWS\system32\wups.dll
2008-04-05 09:27:52 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-04-05 09:27:52 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-04-05 09:27:52 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-04-05 09:27:52 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-04-05 09:27:52 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-04-05 09:27:52 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-04-05 09:27:52 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-04-05 09:27:52 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-04-05 09:27:49 ----D---- C:\Program Files\Movie Maker
2008-04-05 09:27:46 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-04-05 09:27:46 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-04-05 09:27:46 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-04-05 09:27:46 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-04-05 09:27:43 ----D---- C:\WINDOWS\system32\Restore
2008-04-05 09:27:43 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-04-05 09:27:43 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-04-05 09:27:43 ----A---- C:\WINDOWS\system32\srclient.dll
2008-04-05 09:27:43 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-04-05 09:27:43 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-04-05 09:27:42 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-04-05 09:27:42 ----A---- C:\WINDOWS\system32\msconf.dll
2008-04-05 09:27:42 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-04-05 09:27:42 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-04-05 09:27:42 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-04-05 09:27:42 ----A---- C:\WINDOWS\system32\ils.dll
2008-04-05 09:27:40 ----D---- C:\Program Files\NetMeeting
2008-04-05 09:27:40 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-04-05 09:27:40 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-04-05 09:27:39 ----A---- C:\WINDOWS\system32\inetres.dll
2008-04-05 09:27:39 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-04-05 09:27:38 ----D---- C:\Program Files\Outlook Express
2008-04-05 09:27:38 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-04-05 09:27:38 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-04-05 09:27:37 ----A---- C:\WINDOWS\system32\mstask.dll
2008-04-05 09:27:37 ----A---- C:\WINDOWS\system32\isign32.dll
2008-04-05 09:27:37 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-04-05 09:27:37 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-04-05 09:27:37 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-04-05 09:27:32 ----D---- C:\Program Files\Common Files\System
2008-04-05 09:27:29 ----D---- C:\Program Files\Internet Explorer
2008-04-05 09:27:16 ----D---- C:\Program Files\ComPlus Applications
2008-04-05 09:27:14 ----AC---- C:\WINDOWS\vbaddin.ini
2008-04-05 09:27:14 ----AC---- C:\WINDOWS\vb.ini
2008-04-05 09:27:08 ----D---- C:\WINDOWS\Registration
2008-04-05 09:26:37 ----D---- C:\Program Files\Windows Media Player
2008-04-05 09:26:37 ----D---- C:\Program Files\Online Services
2008-04-05 09:26:32 ----D---- C:\Program Files\Messenger
2008-04-05 09:26:29 ----D---- C:\Program Files\MSN Gaming Zone
2008-04-05 09:26:29 ----A---- C:\WINDOWS\system32\write.exe
2008-04-05 09:26:21 ----A---- C:\WINDOWS\system32\winchat.exe
2008-04-05 09:26:21 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-04-05 09:26:21 ----A---- C:\WINDOWS\system32\hticons.dll
2008-04-05 09:26:21 ----A---- C:\WINDOWS\system32\avwav.dll
2008-04-05 09:26:21 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-04-05 09:26:21 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-04-05 09:26:15 ----A---- C:\WINDOWS\system32\winmine.exe
2008-04-05 09:26:15 ----A---- C:\WINDOWS\system32\sol.exe
2008-04-05 09:26:15 ----A---- C:\WINDOWS\system32\getuname.dll
2008-04-05 09:26:15 ----A---- C:\WINDOWS\system32\charmap.exe
2008-04-05 09:26:15 ----A---- C:\WINDOWS\system32\calc.exe
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\tskill.exe
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\tscon.exe
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\shadow.exe
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\reset.exe
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\regini.exe
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-04-05 09:26:14 ----A---- C:\WINDOWS\system32\freecell.exe
2008-04-05 09:26:13 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-04-05 09:26:13 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-04-05 09:26:13 ----A---- C:\WINDOWS\system32\msg.exe
2008-04-05 09:26:13 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-04-05 09:26:13 ----A---- C:\WINDOWS\system32\logoff.exe
2008-04-05 09:26:13 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-04-05 09:26:12 ----A---- C:\WINDOWS\system32\stclient.dll
2008-04-05 09:26:12 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-04-05 09:26:12 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-04-05 09:26:12 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-04-05 09:26:12 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-04-05 09:26:12 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-04-05 09:26:12 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-04-05 09:26:12 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-04-05 09:26:08 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-04-05 09:26:00 ----D---- C:\Program Files\MSN
2008-04-05 09:26:00 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-04-05 09:26:00 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-04-05 09:25:59 ----D---- C:\Program Files\Windows NT
2008-04-05 09:25:59 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-04-05 09:25:59 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-04-05 09:25:59 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-04-05 09:25:59 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-04-05 09:25:58 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-04-05 09:25:58 ----A---- C:\WINDOWS\system32\spider.exe
2008-04-05 09:25:58 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-04-05 09:25:58 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-04-05 09:25:58 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-04-05 09:25:58 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-04-05 09:25:58 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-04-05 09:25:57 ----D---- C:\WINDOWS\system32\MsDtc
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-04-05 09:25:57 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-04-05 09:25:56 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-04-05 09:25:56 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-04-05 09:25:56 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-04-05 09:25:56 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-04-05 09:25:56 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-04-05 09:25:56 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-04-05 09:25:55 ----D---- C:\WINDOWS\system32\Com
2008-04-05 09:25:55 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-04-05 09:25:55 ----A---- C:\WINDOWS\system32\colbact.dll
2008-04-05 09:25:55 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-04-05 09:25:55 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-04-05 09:25:55 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-04-05 09:25:55 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-04-05 09:25:54 ----A---- C:\WINDOWS\system32\comuid.dll
2008-04-05 09:25:54 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-04-05 09:25:50 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-04-05 09:25:50 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-04-05 09:25:50 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-04-05 09:25:50 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-04-05 03:23:23 ----A---- C:\WINDOWS\system32\h323log.txt
2008-04-05 03:15:16 ----A---- C:\WINDOWS\system32\usbui.dll
2008-04-05 03:14:13 ----SHD---- C:\WINDOWS\Installer
2008-04-05 03:14:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-04-05 03:14:12 ----D---- C:\Program Files\Common Files\ODBC
2008-04-05 03:14:12 ----AC---- C:\WINDOWS\ODBCINST.INI
2008-04-05 03:14:09 ----RD---- C:\Program Files
2008-04-05 03:14:09 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-04-05 03:14:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-04-05 03:14:09 ----D---- C:\Program Files\Common Files
2008-04-05 03:14:07 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-04-05 03:14:07 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-04-05 03:14:07 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-04-05 03:14:05 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-04-05 03:14:03 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-04-05 03:14:03 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-04-05 03:14:03 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-04-05 03:14:03 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-04-05 03:14:03 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-04-05 03:14:03 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-04-05 03:14:03 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-04-05 03:14:02 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-04-05 03:14:02 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-04-05 03:14:02 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-04-05 03:14:02 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-04-05 03:14:02 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-04-05 03:14:00 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-04-05 03:13:58 ----A---- C:\WINDOWS\system32\irclass.dll
2008-04-05 03:13:58 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-04-05 03:13:57 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-04-05 03:13:57 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-04-05 03:13:57 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-04-05 03:13:55 ----AC---- C:\WINDOWS\TASKMAN.EXE
2008-04-05 03:13:55 ----A---- C:\WINDOWS\system32\batt.dll
2008-04-05 03:13:54 ----A---- C:\WINDOWS\notepad.exe
2008-04-05 03:13:51 ----A---- C:\WINDOWS\system32\storprop.dll
2008-04-05 03:13:43 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-04-05 03:12:31 ----RAC---- C:\WINDOWS\SET25.tmp
2008-04-05 03:11:55 ----RAC---- C:\WINDOWS\SET8.tmp
2008-04-05 03:11:52 ----RAC---- C:\WINDOWS\SET4.tmp
2008-04-05 03:11:49 ----RAC---- C:\WINDOWS\SET3.tmp
2008-04-05 03:11:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-04-05 03:11:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-04-05 03:11:36 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-05 03:10:35 ----AC---- C:\WINDOWS\setuplog.txt
2008-04-05 03:10:31 ----SHD---- C:\System Volume Information
2008-04-05 03:10:31 ----D---- C:\Documents and Settings
2008-04-05 03:09:24 ----RASH---- C:\boot.ini
2008-04-05 03:03:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-04-05 03:03:54 ----RSD---- C:\WINDOWS\Fonts
2008-04-05 03:03:54 ----RD---- C:\WINDOWS\Web
2008-04-05 03:03:54 ----HD---- C:\WINDOWS\inf
2008-04-05 03:03:54 ----D---- C:\WINDOWS\WinSxS
2008-04-05 03:03:54 ----D---- C:\WINDOWS\twain_32
2008-04-05 03:03:54 ----D---- C:\WINDOWS\Temp
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\wins
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\wbem
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\usmt
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\spool
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\ShellExt
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\Setup
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\ras
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\oobe
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\npp
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\mui
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\inetsrv
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\IME
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\icsxml
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\ias
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\export
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\drivers
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\dhcp
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\config
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\3com_dmi
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\3076
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\2052
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\1054
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\1042
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\1041
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\1037
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\1033
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\1031
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\1028
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32\1025
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system32
2008-04-05 03:03:54 ----D---- C:\WINDOWS\system
2008-04-05 03:03:54 ----D---- C:\WINDOWS\security
2008-04-05 03:03:54 ----D---- C:\WINDOWS\Resources
2008-04-05 03:03:54 ----D---- C:\WINDOWS\repair
2008-04-05 03:03:54 ----D---- C:\WINDOWS\Provisioning
2008-04-05 03:03:54 ----D---- C:\WINDOWS\PeerNet
2008-04-05 03:03:54 ----D---- C:\WINDOWS\pchealth
2008-04-05 03:03:54 ----D---- C:\WINDOWS\mui
2008-04-05 03:03:54 ----D---- C:\WINDOWS\msapps
2008-04-05 03:03:54 ----D---- C:\WINDOWS\msagent
2008-04-05 03:03:54 ----D---- C:\WINDOWS\Media
2008-04-05 03:03:54 ----D---- C:\WINDOWS\java
2008-04-05 03:03:54 ----D---- C:\WINDOWS\ime
2008-04-05 03:03:54 ----D---- C:\WINDOWS\Help
2008-04-05 03:03:54 ----D---- C:\WINDOWS\Driver Cache
2008-04-05 03:03:54 ----D---- C:\WINDOWS\Debug
2008-04-05 03:03:54 ----D---- C:\WINDOWS\Cursors
2008-04-05 03:03:54 ----D---- C:\WINDOWS\Connection Wizard
2008-04-05 03:03:54 ----D---- C:\WINDOWS\Config
2008-04-05 03:03:54 ----D---- C:\WINDOWS\AppPatch
2008-04-05 03:03:54 ----D---- C:\WINDOWS\addins
2008-04-05 03:03:54 ----D---- C:\WINDOWS
2008-03-17 12:49:26 ----A---- C:\WINDOWS\opuc.dll
2008-02-04 16:23:10 ----A---- C:\WINDOWS\system32\OGACheckControl.DLL
2007-11-13 08:54:36 ----A---- C:\WINDOWS\system32\PhysXLoader.dll
2007-11-13 04:31:11 ----N---- C:\WINDOWS\system32\tzchange.exe
2007-10-23 23:47:38 ----A---- C:\WINDOWS\system32\mscories.dll
2007-10-23 23:47:38 ----A---- C:\WINDOWS\system32\mscorier.dll
2007-10-23 23:47:38 ----A---- C:\WINDOWS\system32\mscoree.dll
2007-10-23 23:47:28 ----A---- C:\WINDOWS\system32\dfshim.dll
2007-10-11 13:12:48 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2007-08-13 17:54:10 ----N---- C:\WINDOWS\system32\ieui.dll
2007-08-13 17:54:10 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2007-08-13 17:54:10 ----A---- C:\WINDOWS\system32\msfeeds.dll
2007-08-13 17:54:10 ----A---- C:\WINDOWS\system32\ieframe.dll
2007-08-13 17:45:16 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2007-08-13 17:40:52 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2007-08-13 17:39:10 ----A---- C:\WINDOWS\system32\ieudinit.exe
2007-08-13 17:38:48 ----N---- C:\WINDOWS\system32\advpack.dll.mui
2007-08-13 17:36:40 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2007-08-13 17:36:26 ----A---- C:\WINDOWS\system32\icardie.dll
2007-08-13 17:34:04 ----A---- C:\WINDOWS\system32\iertutil.dll
2007-07-30 18:19:12 ----A---- C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19:02 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2007-07-30 18:18:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2007-07-30 18:18:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2007-07-23 07:03:32 ----A---- C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
2007-07-23 07:03:32 ----A---- C:\WINDOWS\system32\AgCPanelSwedish.dll
2007-07-23 07:03:32 ----A---- C:\WINDOWS\system32\AgCPanelSpanish.dll
2007-07-23 07:03:30 ----A---- C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
2007-07-23 07:03:30 ----A---- C:\WINDOWS\system32\AgCPanelPortugese.dll
2007-07-23 07:03:30 ----A---- C:\WINDOWS\system32\AgCPanelKorean.dll
2007-07-23 07:03:30 ----A---- C:\WINDOWS\system32\AgCPanelJapanese.dll
2007-07-23 07:03:30 ----A---- C:\WINDOWS\system32\AgCPanelGerman.dll
2007-07-23 07:03:30 ----A---- C:\WINDOWS\system32\AgCPanelFrench.dll
2007-07-11 11:27:48 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2006-10-18 19:58:00 ----N---- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 19:58:00 ----N---- C:\WINDOWS\system32\uwdf.exe
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 19:47:22 ----N---- C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 19:47:20 ----N---- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 19:47:20 ----N---- C:\WINDOWS\system32\wmpps.dll
2006-10-18 19:47:20 ----N---- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 19:47:20 ----N---- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 19:47:20 ----N---- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 19:47:20 ----N---- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 19:47:20 ----A---- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 19:47:18 ----N---- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 19:47:18 ----N---- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 19:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 19:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 19:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 19:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 19:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 19:47:14 ----N---- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 19:47:14 ----N---- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 19:47:14 ----N---- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 19:47:14 ----N---- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 19:47:08 ----N---- C:\WINDOWS\system32\audiodev.dll
2006-10-18 18:00:46 ----N---- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 18:00:14 ----N---- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-02 13:28:42 ----N---- C:\WINDOWS\system32\msdelta.dll
2006-09-28 18:13:26 ----N---- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 16:56:38 ----N---- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 16:56:38 ----N---- C:\WINDOWS\system32\WudfHost.exe
2006-09-28 16:56:16 ----N---- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 16:56:14 ----N---- C:\WINDOWS\system32\WudfSvc.dll
2006-06-29 07:05:44 ----N---- C:\WINDOWS\system32\normaliz.dll
2006-06-29 07:05:44 ----N---- C:\WINDOWS\system32\idndl.dll
2006-06-28 16:59:26 ----N---- C:\WINDOWS\system32\nlsdl.dll
2006-03-16 17:38:01 ----N---- C:\WINDOWS\system32\verclsid.exe
2006-02-28 05:00:00 ----RASH---- C:\NTDETECT.COM
2006-02-28 05:00:00 ----RA---- C:\WINDOWS\system32\ctl3dv2.dll
2006-02-28 05:00:00 ----R---- C:\WINDOWS\system32\perfmon.msc
2006-02-28 05:00:00 ----N---- C:\WINDOWS\system32\corpol.dll
2006-02-28 05:00:00 ----AC---- C:\WINDOWS\winhelp.exe
2006-02-28 05:00:00 ----AC---- C:\WINDOWS\win.ini
2006-02-28 05:00:00 ----AC---- C:\WINDOWS\vmmreg32.dll
2006-02-28 05:00:00 ----AC---- C:\WINDOWS\twunk_32.exe
2006-02-28 05:00:00 ----AC---- C:\WINDOWS\twunk_16.exe
2006-02-28 05:00:00 ----AC---- C:\WINDOWS\twain.dll
2006-02-28 05:00:00 ----AC---- C:\WINDOWS\system.ini
2006-02-28 05:00:00 ----AC---- C:\WINDOWS\msdfmap.ini
2006-02-28 05:00:00 ----A---- C:\WINDOWS\winhlp32.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\twain_32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\zipfldr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\xpob2res.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\xmlprov.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\xenroll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\xcopy.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\xactsrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wstdecod.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wsock32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wshrm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wshnetbs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wshisn.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wship6.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wshext.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wshcon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wshbth.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wshatm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wscsvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wscript.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wscntfy.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ws2help.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ws2_32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wpabaln.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wowexec.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wowdeb.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wow32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\WMVCore.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmstream.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\WMSPDMOE.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\WMSPDMOD.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmpui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmpshell.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmploc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmpcore.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmpcd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmpasf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\WMNetmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmiprop.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmidx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmerror.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmerrenu.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmdmps.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wmasf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\WMADMOE.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\WMADMOD.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wlnotify.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wldap32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wkssvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winver.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wintrust.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winstrm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winsta.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winsrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winspool.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winsock.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winshfhc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winscard.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winrnr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winntbbu.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winnls.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winmsd.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winmm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winlogon.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winipsec.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wininet.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winhttp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winhlp32.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winfax.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\winbrand.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\win87em.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\win32spl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\win.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wifeman.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wiavusd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wiavideo.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wiashext.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wiaservc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wiascr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wiadss.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wiadefui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wextract.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\webvw.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\webhits.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\webclnt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\webcheck.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wdigest.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wavemsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\w3ssl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\w32topl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\w32tm.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\w32time.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vssvc.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vssapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vssadmin.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vss_ps.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vjoy.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vga64k.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vga256.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vga.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vfpodbc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\version.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\verifier.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\verifier.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ver.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vdmredir.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vcdex.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vbscript.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\vbajet32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\uxtheme.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\utilman.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\utildll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usp10.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\userinit.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\userenv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\user32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\user.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usbmon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\urlmon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\url.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ureg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ups.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\upnpui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\upnphost.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\upnpcont.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\upnp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\untfs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\unlodctr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\uniplat.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\unimdmat.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\umdmxfrm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\umandlg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ulib.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ufat.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\udhisapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\typelib.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\txflog.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\twext.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tsddd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tsd32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tsappcmp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\trkwks.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tree.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\traffic.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tracert6.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tracert.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tourstart.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\toolhelp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\themeui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tftp.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\termmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\telnet.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tcpmon.ini
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tcpmon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tcpmib.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\taskmgr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\taskman.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tapiui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tapisrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tapiperf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tapi32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tapi3.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\tapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\t2embed.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\systray.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\syssetup.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\syskey.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sysinv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sysedit.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\syncui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\synceng.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\syncapp.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sxs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\swprv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\svcpack.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\svchost.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\subst.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\strmfilt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\strmdll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\storage.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\stobject.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\stimon.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sti_ci.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sti.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\srvsvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sqlwoa.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sqlwid.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sprestrt.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\spoolsv.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\spoolss.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\spnpinst.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sort.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\softpub.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\snmpapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\smss.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\smbinst.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\slbiop.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\slbcsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\slayerxp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\skeys.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\skdll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sisbkup.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sigverif.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sigtab.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shutdown.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shsvcs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shscrap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shrpubw.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shmgrate.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shmedia.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shlwapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shimgvw.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shimeng.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shgina.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shfolder.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shellstyle.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shell32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shell.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shdocvw.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\shdoclc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\share.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sfmapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sfc_os.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sfc.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sfc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\setver.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\setupdll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\setupapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\setup.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sethc.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\serwvdrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\services.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\services.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\serialui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\senscfg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sensapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sens.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sendmail.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\security.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\secur32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\seclogon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sdpblb.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sdbinst.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\scrrun.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\scrobj.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\scredir.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\schannel.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\scesrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\scecli.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sccsccp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sccbase.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\scardsvr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\scardssp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\scarddlg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sc.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sbeio.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sbe.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\savedump.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\samsrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\samlib.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\runonce.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rundll32.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\runas.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rtutils.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rtm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rtcshare.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsvpperf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsvpmsg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsvp.ini
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsvp.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsmui.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsmsink.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsmps.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsm.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rshx32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsh.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rsaenh.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rpcss.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rpcns4.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\routetab.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\routemon.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\route.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rnr20.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\riched32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\riched20.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rexec.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\resutils.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\replace.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rend.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\regwizc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\regwiz.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\regsvr32.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\regsvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\regedt32.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\regapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\reg.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\redir.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\recover.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rdpdd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rcp.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rcimlby.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rastls.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rastapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasser.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rassapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasrad.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasppp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasphone.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasmxs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasmontr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasmans.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasman.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasdlg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasdial.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasctrs.ini
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasctrs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\raschap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasautou.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasauto.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasapi32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\query.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\quartz.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\qosname.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\qedwipes.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\qedit.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\qdvd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\qdv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\qcap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\qasf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pubprn.vbs
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pstorec.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\psnppagn.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pschdprf.ini
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pschdprf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\psbase.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\psapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\proxycfg.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\proquota.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\progman.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\profmap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\prodspec.ini
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\printui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\print.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\prflbmsg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\powrprof.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\powercfg.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\polstore.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pngfilt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pmspl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\plustab.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ping6.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ping.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pifmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pidgen.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\photowiz.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\perfwci.ini
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\perfts.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\perfproc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\perfos.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\perfnet.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\perfmon.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\perffilt.ini
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\perfdisk.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\perfctrs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\perfci.ini
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pentnt.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pdh.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pautoenr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\pathping.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\panmap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\packager.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\p2psvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\p2p.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\osuninst.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\osuninst.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\osk.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\opengl32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\olethk32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\olesvr32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\olesvr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\olepro32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\oleprn.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\oledlg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\olecnv32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\olecli32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\olecli.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\oleaut32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\oleacc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ole32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ole2nls.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ole2disp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ole2.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\offfilt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odtext32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odpdx32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odfox32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odexl32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\oddbse32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbctrac.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbcji32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbcint.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbccu32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbccr32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbccp32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbcconf.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbcconf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbcad32.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbc32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\odbc16gt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ocmanage.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\occache.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\objsel.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\oakley.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\nwprovau.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntvdm.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntshrui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntsdexts.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntsd.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntprint.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntmsoprq.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntmsmgr.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntmsevt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntmarta.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntlanui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntlanman.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ntdll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\nslookup.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\npptools.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\notepad.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\nlhtml.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\newdev.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netui2.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netui1.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netui0.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netstat.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netshell.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netsh.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netsetup.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netrap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netplwiz.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netmsg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netman.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netlogon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netid.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\neth.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netevent.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netdde.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netcfgx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netapi32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\netapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\net1.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\net.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\nddenb32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\nddeapir.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\nddeapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ncxpnt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\nbtstat.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\narrhook.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\narrator.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mydocs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mycomput.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mtxclu.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msxmlr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msxml3r.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msxml3.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msxml2r.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msxml2.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msxml.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msxbde40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mswstr10.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mswsock.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mswmdm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mswdat10.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msw3prt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvideo.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvidctl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvidc32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvfw32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvcrt20.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvcrt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvcp60.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvcp50.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvcirt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msvbvm50.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msv1_0.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msutb.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mstime.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mstext40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msswchx.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msswch.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mssip32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mssign32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msscp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mssap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msrle32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msrepl40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msrclr40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msrating.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msratelc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msr2cenu.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msr2c.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msprivs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msports.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mspmsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mspbde40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mspatcha.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msorcl32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msorc32r.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msobjs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msnsspc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msnetobj.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msltus40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msls31.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mslbui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msjtes40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msjter40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msjint40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msjet40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msisip.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msimtf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msimsg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msimg32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msihnd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msiexec.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msieftp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msidntld.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msidle.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msident.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mshtmler.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mshtmled.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mshta.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msgsvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msgina.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msftedit.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msexcl40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msexch40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msencode.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msdmo.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msdart.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msdadiag.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msctfp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msctf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mscms.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mscat32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msaudite.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msasn1.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msapsspc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msafd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msacm32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msacm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\msaatext.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mrinfo.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mprui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mprmsg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mprdim.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mprddm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mprapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mpr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mpnotify.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\MPG4DMOD.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\MP4SDMOD.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\MP43DMOD.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mountvol.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\moricons.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\more.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\modex.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\modemui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mode.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mobsync.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mobsync.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mmutilse.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mmsystem.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mmdrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mmcshext.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mmcbase.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mmc.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mll_qic.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mll_mtf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mll_hp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mlang.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mimefilt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\migpwd.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\miglibnt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\midimap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mfc42u.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mfc42.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mfc40u.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mfc40.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mf3216.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mem.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mdminst.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mdhcp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mciwave.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mciseq.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mciole32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mciole16.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mcicda.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mciavi32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mchgrcoi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mcdsrv32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mcd32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mcastmib.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mapistub.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\makecab.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\magnify.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mag_hook.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lzexpand.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lz32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lusrmgr.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lsass.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lsasrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lprmonui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lprhelp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lpr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lpq.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lpk.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\logonui.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\logman.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\loghours.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\logagent.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lodctr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\locator.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\localui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\localspl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\localsec.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\loadperf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\loadfix.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lnkstub.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lmrt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\linkinfo.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\lights.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\licmgr10.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\licdll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\LAPRXY.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\langwrbk.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\label.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\krnl386.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\keymgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kernel32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kerberos.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kdcom.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kd1394.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdusx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdusr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdusl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdus.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdukx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbduk.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdsw.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdsg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdsf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdpo.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdno1.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdno.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdnec.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdne.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdmac.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdla.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdit142.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdit.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdir.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdinben.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdic.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdgr1.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdgae.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdfr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdfo.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdfi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdfc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdes.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbddv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdda.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdcan.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdca.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdbr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdbene.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kbdbe.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\kb16.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\jsproxy.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\jscript.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\jobexec.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\jgsh400.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\jgsd400.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\jgpl400.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\jgmd400.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\jgdw400.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\jgaw400.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\jet500.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ixsso.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iuengine.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\itss.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\itircl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ir50_32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ir32_32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipxwan.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipxsap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipxroute.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipxrip.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipxpromn.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipxmontr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipv6.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipsec6.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iprtprio.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iprop.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ippromon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipmontr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ipconfig.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iologmsg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\inseng.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\input.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\initpki.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\infosoft.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\inetppui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\inetpp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\inetmib1.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\inetcplc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\imm32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\imgutil.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\imeshare.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\imapi.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\imagehlp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ifsutil.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ifmon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iexpress.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iesetup.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iernonce.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iepeers.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ieencode.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ieakui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ieaksie.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ieakeng.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\idq.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\icmui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\icmp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\icm32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iccvid.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iassvcs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iassdo.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iassam.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iasrecst.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iasrad.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iaspolcy.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iasnap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iashlpr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iasads.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\iasacct.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\htui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\httpapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\hotplug.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\hostname.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\hnetmon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\hlink.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\hhsetup.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\help.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\hccoin.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\HAL.DLL
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\h323msp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\grpconv.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\graphics.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\graftabl.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\glu32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\glmf32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\gdi32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\gdi.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\gcdef.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fwcfg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ftsrch.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ftp.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fsutil.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fsusd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fsquirt.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fsmgmt.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\framebuf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\format.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\forcedos.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fontview.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fontsub.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fontext.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fmifs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fixmapi.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\finger.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\findstr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\find.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\filemgmt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\feclient.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fc.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\faultrep.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\fastopen.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\exts.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\extrac32.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\extmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\expsrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\expand.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\exe2bin.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\eventvwr.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\eventvwr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\eventlog.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\eventcls.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\eula.txt
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\eudcedit.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\esentutl.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\esentprf.ini
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\esentprf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\esent97.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\esent.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\es.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ersvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\encdec.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\encapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\els.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\edlin.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\edit.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dxtrans.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dxmasf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dxdiag.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dx8vb.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dx7vb.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dwwin.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\duser.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dumprep.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dswave.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dsuiext.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dssenh.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dssec.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dsquery.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dsprpres.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dsprop.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dsound3d.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dsound.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dskquoui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dskquota.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dsdmo.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dsauth.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ds32gt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ds16gt.dLL
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\drwatson.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\drprov.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\drmstor.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\drmclien.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpwsock.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpvvox.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpvoice.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpvacm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpserial.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpnet.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dplayx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dplay.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dpcdll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dosx.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\doskey.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\docprop2.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\docprop.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dnsapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmusic.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmsynth.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmstyle.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmserver.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmscript.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmremote.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmocx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmloader.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmintf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmime.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmdskres.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmconfig.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmcompos.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmband.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dmadmin.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dllhost.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dispex.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\diskperf.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\diskpart.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\diskcopy.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\diskcopy.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\diskcomp.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dinput8.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dinput.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dimap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\digest.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\diantz.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\diactfrm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dgnet.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dfrgui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dfrgres.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dfrg.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\devmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\devmgmt.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\devenum.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\deskperf.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\deskmon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\deskadp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\defrag.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\debug.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ddrawex.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ddraw.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ddeshare.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ddeml.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dciman32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dbghelp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dbgeng.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\davclnt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\datime.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dataclen.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\danim.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\d3dxof.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\d3drm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\d3dramp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\d3dim700.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\d3dim.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\d3d9.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\d3d8.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ctl3d32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ctfmon.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\csseqchk.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\csrss.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\csrsrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cscui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cscript.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cscdll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cryptui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cryptnet.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cryptext.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cryptdll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\crypt32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\crtdll.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\credui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\convert.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\control.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\console.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\conime.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\confmsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\comres.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\compstui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\compobj.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\compmgmt.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\compatui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\compact.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\comp.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\commdlg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\command.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\comdlg32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\comctl32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\comcat.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cnvfat.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cnetcfg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cmutil.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cmstp.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cmpbk32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cmmon32.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cmdl32.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cmdial32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cmd.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\clusapi.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\clipsrv.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cliconfg.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cliconfg.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\clb.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ckcnv.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cisvc.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ciodm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cidaemon.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cic.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ciadv.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ciadmin.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\chkntfs.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\chkdsk.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\chcp.com
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cewmdm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\certmgr.msc
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\certmgr.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\certcli.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cdosys.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cdm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cdfview.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ccfgnt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cards.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\capesnpn.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\camocx.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cacls.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cabview.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\cabinet.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\btpanui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\bthserv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\bthci.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\browsewm.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\browseui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\browser.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\browselc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\bootvid.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\bootok.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\blastcln.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\blackbox.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\bidispl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\batmeter.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\basesrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\avifile.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\avifil32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\avicap32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\avicap.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\autolfn.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\autofmt.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\autodisc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\autoconv.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\autochk.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\authz.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\auditusr.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\audiosrv.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\attrib.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\atmpvcno.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\atmlib.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\atmfd.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\atmadm.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\atl.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\atkctrs.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\at.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\asycfilt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\asferror.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\arp.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\apphelp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\append.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\apcups.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\amstream.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\alrsvc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\alg.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\ahui.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\advpack.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\advapi32.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\adsnt.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\adsmsext.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\adsldpc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\adsldp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\adptif.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\admparse.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\actxprxy.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\actmovie.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\activeds.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\aclui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\acledit.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\aaaamon.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\6to4svc.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\regedit.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\hh.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\explorer.exe
2005-09-23 06:28:56 ----A---- C:\WINDOWS\system32\netfxperf.dll
2005-09-12 14:13:46 ----AC---- C:\WINDOWS\UNRecode.exe
2005-09-12 14:13:46 ----AC---- C:\WINDOWS\UNNeroVision.exe
2005-09-12 14:13:46 ----AC---- C:\WINDOWS\UNNeroShowTime.exe
2005-09-12 14:13:46 ----AC---- C:\WINDOWS\UNNeroMediaHome.exe
2005-09-12 14:13:46 ----AC---- C:\WINDOWS\UNNeroBackItUp.exe
2005-07-12 13:44:42 ----A---- C:\WINDOWS\system32\InsDrvZD64.DLL
2005-04-21 06:45:35 ----A---- C:\WINDOWS\system32\ElbyCDIO.dll
2005-02-16 13:18:04 ----A---- C:\WINDOWS\system32\NeroCo.dll
2004-08-03 23:56:58 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2004-08-03 23:56:58 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2004-08-03 23:56:50 ----N---- C:\WINDOWS\system32\faxpatch.exe
2004-08-03 17:56:48 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2004-08-03 17:56:48 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2004-08-03 17:56:46 ----A---- C:\WINDOWS\system32\pjlmon.dll
2004-08-03 17:56:46 ----A---- C:\WINDOWS\system32\pid.dll
2004-08-03 17:56:46 ----A---- C:\WINDOWS\system32\msyuv.dll
2004-08-03 17:56:44 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2004-08-03 17:56:44 ----A---- C:\WINDOWS\system32\hid.dll
2004-08-03 17:56:44 ----A---- C:\WINDOWS\system32\dmutil.dll
2004-08-03 17:56:42 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2004-08-03 15:59:00 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2004-07-26 15:16:10 ----A---- C:\WINDOWS\system32\imagXRA7.dll
2004-07-26 15:16:10 ----A---- C:\WINDOWS\system32\imagXR7.dll
2004-07-26 15:16:10 ----A---- C:\WINDOWS\system32\imagXpr7.dll
2004-07-26 15:16:10 ----A---- C:\WINDOWS\system32\imagX7.dll
2004-07-09 07:43:56 ----A---- C:\WINDOWS\system32\TwnLib4.dll
2004-03-23 15:38:00 ----A---- C:\WINDOWS\system32\InsDrvZD.dll
2004-01-14 10:25:00 ----A---- C:\WINDOWS\system32\ZDPN50.DLL
2003-10-02 01:20:48 ----A---- C:\WINDOWS\daemon.dll
2003-05-25 03:07:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2003-03-20 07:58:18 ----D---- C:\rsit
2003-03-16 06:20:08 ----D---- C:\Program Files\Microsoft Silverlight
2003-03-14 11:24:00 ----A---- C:\WINDOWS\system32\ZyDelReg.exe
2003-03-07 13:39:21 ----RASHD---- C:\autorun.inf
2003-03-06 14:04:44 ----D---- C:\Program Files\Subagames
2003-02-13 12:32:14 ----A---- C:\WINDOWS\system32\PubPlugin.dll
2003-02-13 12:32:14 ----A---- C:\WINDOWS\system32\ijjiPlugin2.dll
2003-02-13 12:32:13 ----D---- C:\Program Files\NHN USA
2003-02-13 12:32:13 ----A---- C:\WINDOWS\system32\ijjiSetup.exe
2003-02-08 16:25:47 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2003-02-08 16:03:59 ----D---- C:\CFLog
2003-02-08 15:58:04 ----D---- C:\Program Files\G4box
2003-01-21 04:50:59 ----D---- C:\Program Files\BYOND
2003-01-20 04:35:24 ----D---- C:\ijji
2003-01-14 10:07:16 ----D---- C:\.jagex_cache_32
2003-01-11 20:29:40 ----D---- C:\Program Files\Smilebox
2003-01-11 20:29:22 ----D---- C:\Documents and Settings\Donna\Application Data\Smilebox
2003-01-11 17:01:25 ----D---- C:\Documents and Settings\Donna\Application Data\CyberLink
2003-01-09 23:44:56 ----D---- C:\dvd_temp
2003-01-08 13:28:25 ----D---- C:\Documents and Settings\Donna\Application Data\The Labyrinth Plus! Edition
2003-01-07 14:27:51 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2003-01-07 14:27:51 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2003-01-07 14:27:51 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2003-01-06 06:10:08 ----D---- C:\WINDOWS\.file_store_32
2003-01-05 03:04:19 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2003-01-05 03:04:13 ----D---- C:\WINDOWS\system32\LogFiles
2003-01-05 03:04:12 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2003-01-04 01:12:23 ----D---- C:\cdcgames
2003-01-04 00:51:02 ----A---- C:\WINDOWS\system32\muweb.dll
2003-01-04 00:51:02 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2003-01-04 00:51:02 ----A---- C:\WINDOWS\system32\mucltui.dll
2003-01-03 23:59:53 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2003-01-03 23:59:44 ----D---- C:\Program Files\Windows Live
2003-01-03 23:59:31 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2003-01-03 00:00:03 ----D---- C:\Documents and Settings\Donna\Application Data\ArcSoft
2003-01-02 23:59:43 ----RA---- C:\WINDOWS\system32\unicows.dll
2003-01-02 23:59:43 ----D---- C:\Program Files\Common Files\ArcSoft
2003-01-02 23:59:14 ----AC---- C:\WINDOWS\PCDLIB32.DLL
2003-01-02 23:59:09 ----D---- C:\Program Files\ArcSoft
2003-01-02 23:55:27 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2003-01-02 23:53:55 ----AC---- C:\WINDOWS\WindowsXP-KB822603-x86.exe
2003-01-02 23:53:54 ----A---- C:\WINDOWS\vsnp2std.exe
2003-01-02 23:53:54 ----A---- C:\WINDOWS\snp2std.ini
2003-01-02 23:53:52 ----D---- C:\Program Files\Common Files\snp2std
2003-01-02 23:53:52 ----A---- C:\WINDOWS\system32\vsnp2std.dll
2003-01-02 23:53:52 ----A---- C:\WINDOWS\system32\rsnp2std.dll
2003-01-02 23:53:52 ----A---- C:\WINDOWS\system32\csnp2std.dll
2003-01-02 23:53:30 ----D---- C:\Documents and Settings\Donna\Application Data\InstallShield
2003-01-02 20:58:14 ----D---- C:\Documents and Settings\Donna\Application Data\WinRAR
2003-01-02 20:50:50 ----D---- C:\Program Files\WinRAR
2003-01-02 20:32:17 ----AC---- C:\WINDOWS\GunzLauncher.INI
2003-01-02 20:32:12 ----D---- C:\Program Files\Common Files\INCA Shared
2003-01-02 20:24:36 ----HD---- C:\Documents and Settings\Donna\Application Data\ijjigame
2003-01-02 18:08:55 ----D---- C:\Program Files\SystemRequirementsLab
2003-01-02 07:08:31 ----D---- C:\WINDOWS\.fearisle_store_35
2003-01-02 06:51:47 ----D---- C:\.runebash_file_store_32
2003-01-02 06:23:36 ----D---- C:\Documents and Settings\Donna\Application Data\MySpace
2003-01-02 05:33:17 ----D---- C:\WINDOWS\.ric_file_store_32
2003-01-02 01:30:02 ----D---- C:\WINDOWS\pss
2003-01-02 01:17:50 ----A---- C:\WINDOWS\system32\wmpns.dll
2003-01-01 23:31:31 ----D---- C:\WINDOWS\.mpr_file_store_32
2003-01-01 23:18:29 ----A---- C:\WINDOWS\system32\GTW32N50.dll
2003-01-01 23:07:12 ----D---- C:\WINDOWS\.jagex_cache_32
2003-01-01 23:07:04 ----D---- C:\WINDOWS\Sun
2003-01-01 23:07:04 ----D---- C:\Documents and Settings\Donna\Application Data\Sun
2003-01-01 23:06:17 ----D---- C:\Program Files\Java
2003-01-01 23:06:05 ----D---- C:\Program Files\Common Files\Java
2003-01-01 22:22:57 ----AC---- C:\WINDOWS\NeroDigital.ini

======List of files/folders modified in the last 3 months======

2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wowfaxui.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\wowfax.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrvpa.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrvoica.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrv80a.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrv42a.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrsvpia.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrshuta.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrsdpia.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrrtosa.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrprbda.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrlbva.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrfaxa.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrdtea.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrdpa.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrcoina.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\usrcntra.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\streamci.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sprio800.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\sprio600.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\spnike.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\paqsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\mdwmdmsp.dll
2006-02-28 05:00:00 ----A---- C:\WINDOWS\system32\dvdplay.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-04-05 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-04-05 15735]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-04-05 21031]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-04-05 26787]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-04-05 15478]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2005-06-03 279656]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-07-11 19200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-11 1777152]
R3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-04-05 108360]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys []
S2 npkcrypt;npkcrypt; \??\C:\Nexon\Mabinogi\npkcrypt.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Donna\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\Subagames\CrossFire\GameGuard\dump_wmimmc.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-02 85969]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-05-03 12039680]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys []
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-11 430080]
R2 CAISafe;CAISafe; C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe [2008-04-05 259624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-02 152984]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2003-01-05 66872]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe [2008-04-05 202280]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2005-06-03 1210112]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-10-11 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

And once again thanks for you time/effort in helping me.
Posted Image

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:01 PM

Posted 11 March 2009 - 07:56 PM

Hi again,
  • Turn off Windows automatic updates as it might lead to unexpected results at this stage:
    • Go to start -> Control Panel -> double-click System to open it.
    • Go to the Automatic Updates tab.
    • Select the "Turn off Automatic Updates" box.
    • Click Apply and then OK.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - HKCU\..\Run: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] C:\RECYCLER\S-1-5-21-1888037702-1604341189-830029971-9696\winigon.exe


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Go to start => Run => Copy/paste the following lines one by one in the run box and click OK after each line.

    sc stop vsmon
    sc delete vsmon
    sc config vsdatant start= disabled


  • Reboot your computer.

  • Go to start => Run => Copy/paste the following line and click OK.

    sc delete vsdatant

  • You have Java™ 6 Update 11 and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ 6 Update 5
    Java™ 6 Update 7


  • Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked). Then click run cleaner.

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.
Please include in your next reply:
  • The log of MBAM.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#5 SbrbnGangsta

SbrbnGangsta
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 12 March 2009 - 06:34 PM

Thanks or the quick respone, and sorry it took me a day to get this done. My newborn son keeps my pretty busy.

Nice clear instructions and it went over smooth. My antivirus didnt pop up with any warnings after i reboots.

Here's the logs
=================
Malwarebytes' Anti-Malware 1.34
Database version: 1842
Windows 5.1.2600 Service Pack 3

3/21/2003 7:17:05 AM
mbam-log-2003-03-21 (07-17-05).txt

Scan type: Quick Scan
Objects scanned: 80642
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg94-z641-2sf-n31p-5m1er6h6l1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1888037702-1604341189-830029971-9696\winigon.exe (Trojan.Agent) -> Delete on reboot.
=========================================

Hijack log
==============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:20 AM, on 3/21/2003
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\trend micro\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8030 bytes
Posted Image

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:01 PM

Posted 13 March 2009 - 07:32 AM

Well done and thanks for the detailed feedback. :thumbup2:
  • Are you sure you did the step 3 , because the ZoneAlarm service is still running. If you haven't done it please do it. If you have done it do the following:
    • Run HijackThis.
      • Click on Open the Misc Tools Section.
      • Click on "Open Process Manager"
        Find and Click on C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      • Click on "Kill Process" button, then click Yes.
    • Then go to start => Run => Copy/paste the following line and click OK.

      sc delete vsmon
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please include in your next reply:
  • The Combofix log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#7 SbrbnGangsta

SbrbnGangsta
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 13 March 2009 - 06:38 PM

Um it wont let me kill the process....
And yes ive followed all your steps 100 percent.
Posted Image

Edited by SbrbnGangsta, 13 March 2009 - 06:39 PM.

Posted Image

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:01 PM

Posted 13 March 2009 - 06:45 PM

  • Go to start > Run copy/paste the following line in the run box and click OK.

    sc config vsmon start= disabled

  • Reboot. Open Task Manager or Hijackthis and see if the process is still there (it should not).

  • Go to start > Run copy/paste the following line in the run box and click OK.

    sc delete vsmon
You may proceed with the next step.

#9 SbrbnGangsta

SbrbnGangsta
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 14 March 2009 - 01:08 AM

I'm sorry, I did exactly as you asked. I got the same message as before.
Posted Image

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:01 PM

Posted 14 March 2009 - 08:31 AM

We will remove this later on . Please proceed with Combofix.

#11 SbrbnGangsta

SbrbnGangsta
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 15 March 2009 - 06:07 PM

Combo fix log here
=============================
ComboFix 09-03-14.02 - Donna 2003-03-24 6:52:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.217 [GMT -7:00]
Running from: c:\documents and settings\Donna\Desktop\ComboFix.exe
AV: eTrust EZ Antivirus *On-access scanning disabled* (Updated)
FW: eTrust Personal Firewall Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 17:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 17:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-15 11:15 2,058,548 ----a-w c:\windows\Internet Logs\tvDebug.zip
2003-03-24 13:31 34 ----a-w c:\documents and settings\Donna\jagex_runescape_preferences.dat
2008-08-25 07:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\program files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe" [2005-06-03 943880]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2008-04-05 98304]
"QOELOADER"="c:\program files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe" [2008-04-05 6656]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"CAVRID"="c:\program files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" [2008-04-05 185896]
"CaAvTray"="c:\program files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" [2008-04-05 230952]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-02 136600]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 c:\windows\system32\tweakui.cpl]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PLauncher.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56187:TCP"= 56187:TCP:Pando Media Booster
"56187:UDP"= 56187:UDP:Pando Media Booster

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-02 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-09-27 5504]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Subagames\CrossFire\GameGuard\dump_wmimmc.sys --> c:\program files\Subagames\CrossFire\GameGuard\dump_wmimmc.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe
HKCU-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 06:53:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-14 6:55:29
ComboFix-quarantined-files.txt 2009-03-14 13:55:25

Pre-Run: 15,233,736,704 bytes free
Post-Run: 15,304,970,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

114 --- E O F --- 2008-12-17 22:43:20

Fresh Hijack Log
======================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:39 AM, on 3/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7205 bytes
Posted Image

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:01 PM

Posted 15 March 2009 - 06:37 PM

SbrbnGangsta,

Was Zone Alarm firewall installed before on the computer?

Open notepad and copy/paste the text in the code box below into it:

http://www.bleepingcomputer.com/forums/index.php?showtopic=206901&st=0&gopid=1172906&#entry1172906
Collect::[66]
c:\program files\Subagames\CrossFire\GameGuard\dump_wmimmc.sys
Driver::
dump_wmimmc

Save this as CFScript.txt


Posted Image


Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Important Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


#13 SbrbnGangsta

SbrbnGangsta
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 15 March 2009 - 11:40 PM

Um No It was never installed on this computer atleast to my knowledge. Ill have what you requested up soon.


Here's the combofix log.

====================================

ComboFix 09-03-15.01 - Donna 2009-03-14 12:41:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.240 [GMT -7:00]
Running from: c:\documents and settings\Donna\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Donna\Desktop\CFScript.txt
AV: eTrust EZ Antivirus *On-access scanning disabled* (Updated)
FW: eTrust Personal Firewall Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DUMP_WMIMMC
-------\Service_dump_wmimmc


((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 12:44 . 2009-03-15 12:45 1,374 --a------ c:\windows\imsins.BAK
2009-03-14 12:38 . 2009-03-14 12:38 0 --a------ c:\windows\nsreg.dat
2009-03-14 12:06 . 2008-12-20 16:15 6,066,688 --a------ c:\windows\system32\SET16.tmp
2009-03-14 12:06 . 2008-12-20 16:15 1,160,192 --a------ c:\windows\system32\SET7.tmp
2009-03-14 12:06 . 2008-12-20 16:15 826,368 --a------ c:\windows\system32\SET5.tmp
2009-03-14 12:06 . 2008-12-20 16:15 459,264 --a------ c:\windows\system32\SET10.tmp
2009-03-14 12:06 . 2008-12-20 16:15 383,488 --a------ c:\windows\system32\SET18.tmp
2009-03-14 12:06 . 2008-12-20 16:15 267,776 --a------ c:\windows\system32\SET14.tmp
2009-03-14 12:06 . 2008-12-20 16:15 124,928 --a------ c:\windows\system32\SET20.tmp
2009-03-14 12:06 . 2008-12-20 16:15 105,984 --a------ c:\windows\system32\SET8.tmp
2009-03-14 12:06 . 2008-12-20 16:15 63,488 --a------ c:\windows\system32\SET1D.tmp
2009-03-14 12:06 . 2008-12-20 16:15 52,224 --a------ c:\windows\system32\SETF.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 18:44 34 ----a-w c:\documents and settings\Donna\jagex_runescape_preferences.dat
2009-03-14 13:59 --------- d-----w c:\program files\trend micro
2009-02-11 17:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 17:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-08-25 07:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-14_ 6.54.31.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2003-03-24 13:30:26 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2009-03-14 18:43:49 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2003-03-24 13:30:26 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2009-03-14 18:43:49 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2009-03-14 19:08:50 6,024 ----a-w c:\windows\SoftwareDistribution\EventCache\{31FB3AE4-09A5-45A6-AB87-CBDE51B52CCD}.bin
+ 2009-03-15 19:47:20 5,032 ----a-w c:\windows\SoftwareDistribution\EventCache\{9DC71450-38FC-4E38-AFE7-BD84F1B4485B}.bin
+ 2008-09-15 12:12:56 1,846,400 ------w c:\windows\system32\_000006_.tmp.dll
+ 2008-04-14 00:12:05 144,384 ------w c:\windows\system32\_000007_.tmp.dll
- 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-17 04:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 00:12:05 144,384 -c--a-w c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 06:54:55 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys
- 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2007-06-12 04:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-12 01:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-11-25 11:30:21 135,664 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-15 19:48:48 135,664 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 19:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2007-08-11 01:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 16:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\system32\win32k.sys
- 2007-06-12 04:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-12 01:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
+ 2009-03-15 19:48:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_70c.dat
+ 2009-03-15 19:49:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_c14.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\program files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe" [2005-06-03 943880]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2008-04-05 98304]
"QOELOADER"="c:\program files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe" [2008-04-05 6656]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"CAVRID"="c:\program files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" [2008-04-05 185896]
"CaAvTray"="c:\program files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" [2008-04-05 230952]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-02 136600]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 c:\windows\system32\tweakui.cpl]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PLauncher.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56187:TCP"= 56187:TCP:Pando Media Booster
"56187:UDP"= 56187:UDP:Pando Media Booster

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-02 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-09-27 5504]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 12:49:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2009-03-15 12:54:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-15 19:54:40
ComboFix2.txt 2009-03-14 13:55:31

Pre-Run: 15,183,941,632 bytes free
Post-Run: 14,881,878,016 bytes free

316 --- E O F --- 2008-12-17 22:43:20

Edited by SbrbnGangsta, 16 March 2009 - 12:04 AM.

Posted Image

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:01 PM

Posted 16 March 2009 - 12:58 PM

So the service we tried to remove was not a leftover and it was eTrust protecting it. If eTrust is working properly, no problem. In case you have any problem with it you may uninstall it and reinstall it again.

Everything looks good now.
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore.

    The first reboot might be a little slow, the next one will be faster.

  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. Update it manually (if you use the free version) once in 2-3 weeks and enable the restriction.
Please let me know Combofix uninstalled properly.

Happy surfing!

#15 SbrbnGangsta

SbrbnGangsta
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 18 March 2009 - 04:20 PM

Alright, Thanks for your help, and combo fix was succesfully uninstalled.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users