Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware affecting google


  • This topic is locked This topic is locked
29 replies to this topic

#16 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 10 April 2009 - 05:48 PM

OH NO !!!!!!
This is terrible news.

I guess I need to do what I need to do and the sooner the better. I have a few questions that I hope you can help answer.

Regarding backing up files:
As you indicate, I need to back up all my important file but should not back up any *.exe or *.scr files or any compressed files that contain *.exe or *.scr files. You indicate that the latest variant of the virus also searches and alters htm, html, asp and php files. Does this mean I should not back up any htm, html, asp and php files because they may be infected? You also mention email may be harvested as well. Does this mean I cannot back up my email?

I guess I need to know any type of files I should under no circumstances back up and reload onto my computer after reformat. Most of my important files are Microsoft Office files (word, excel and access). I also have a large number of pictures (jpg) and some videos in various formats. I also have a small library of music (mpg) files. Am I able to back up these types files listed above? Note: I do not have a burnable DVD/CD. I plan to back up my files onto a couple of 8 GIG flash memmory sticks. I checked and my files should all fit. Is there any problem with this.

Re-Formating my harddrive:
I know this is a difficult task with many steps. I know I need to reinstall Windows XP, get my internet up and running and then download all the updates in a certain order as well as reload Microsoft Office and update it. Is there a guide where I can follow step-by-step procedures so I don't mess it up? I'm not certain I know all the steps in how to re-format.

Email:
My old emails are a valuable resource for me. I want to make certain I can transfer to my computer after re-format but I'm not certain how to do it. Is there a guide on how to do this?

Any information or assistance you can provide would be extremely helpful. I would like to get this virus off my system as soon as I can.

Joe Anonymous

BC AdBot (Login to Remove)

 


#17 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:15 PM

Posted 12 April 2009 - 01:16 PM

OH NO !!!!!!
This is terrible news.

I guess I need to do what I need to do and the sooner the better. I have a few questions that I hope you can help answer.

Regarding backing up files:
As you indicate, I need to back up all my important file but should not back up any *.exe or *.scr files or any compressed files that contain *.exe or *.scr files. You indicate that the latest variant of the virus also searches and alters htm, html, asp and php files. Does this mean I should not back up any htm, html, asp and php files because they may be infected? You also mention email may be harvested as well. Does this mean I cannot back up my email?

Yes, Those files are probably corrupted.

I guess I need to know any type of files I should under no circumstances back up and reload onto my computer after reformat. Most of my important files are Microsoft Office files (word, excel and access). I also have a large number of pictures (jpg) and some videos in various formats. I also have a small library of music (mpg) files

Avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.
Avoid backing up htm, html, asp and php files.

Am I able to back up these types files listed above? Note: I do not have a burnable DVD/CD. I plan to back up my files onto a couple of 8 GIG flash memmory sticks. I checked and my files should all fit. Is there any problem with this.

Remember there is a possibility that the flash drives could be infected if you used them while you had the Virut. After you have reformatted and reinstalled everything, be sure to post a new HijackThis log.

Re-Formating my harddrive:
I know this is a difficult task with many steps. I know I need to reinstall Windows XP, get my internet up and running and then download all the updates in a certain order as well as reload Microsoft Office and update it. Is there a guide where I can follow step-by-step procedures so I don't mess it up? I'm not certain I know all the steps in how to re-format.

Clean Install Procedure with Illustrative Screen Captures Click on the screen captures to enlarge.

Email:
My old emails are a valuable resource for me. I want to make certain I can transfer to my computer after re-format but I'm not certain how to do it. Is there a guide on how to do this?

Email are often HTML files which is affected by Virut so I would not try to reinstall them. If you have your emails set to just text files, then they should not be a problem.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#18 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 14 April 2009 - 11:31 PM

Hi suebaby41,

Thanks for the continuing support. Can you please address a few points of clarification for me as well as a couple of more questions before I proceed with the re-formating of my system.

You mention that my flash drives might be corrupted. I have never put any *.exe or other type of possibly infected files you mentioned on to my flash drive. I have only ever put windows office data files (word, excel, access) and jpg files on the flash drive. Since I never put *.exe, *.scr, htm, html, asp, php or compressed files (zip/cab/rar) on my flash drives, does this mean my flash drives are okay?

On a related subject, I am now having trouble accessing my flash drives via my usb ports. After many trials and failed possible solutions, I then tried accessing my camera via my usb port it also would not work. In other words, my usb ports are now unusable. It all worked before my virut infection. I was wondering if the virut virus has anything to do with this. I researched the problem on google and read that there are some viruses that disable your usb ports via the registry so you can not load anti-malware software. A more detailed description of the problem is that anything connected to my usb ports show up fine in device manager with no problems but do not appear in "My Computer" or windows explorer. Researched this extensively and found many other with same problem but no solution that worked for me.

The bigger problem is that without access to my usb ports, I cannot copy and save all my data from my computer prior to re-formating! A possible solution I thought of is to get my hands on an older internal harddrive with at least 20 gigs of capacity and physically install on my computer as a secondary internal slave drive. I can then re-format the secondary harddrive so that it is clean. I can then copy over to it all my files (non virut infected as discussed before). I can then physically remove the secondary harddrive and put it aside. I'll then re-format my primary harddrive and reinstall windows xp to get rid of virut. Once my system is up and running, I'll reconnect the second harddrive with my backed up files as a secondary slave once again and copy all my backed up files. Will this work? What I do not know is if the virut virus will transfer to the secondary harddrive when I first physically hook it up to back up my files. I do not want to just reinfect my computer after my re-format when I re-hook up the secondary drive to recover my files. Can you please comment and advise.

Lastly, you mention I should not try to save my old emails because some may be in html format. You say if my old emails are text files then I should be okay. Is there a way to convert all my old emails into text files thus converting any html emails into text files so I may back them up and keep them?

Thanks,

Joe Anonymous

#19 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:15 PM

Posted 20 April 2009 - 12:22 PM

I was diagnosed Friday with Trigger thumb which is a condition in which my thumb catches in a bent position. My thumb straightens with a snap — like a trigger being pulled and released. It can cause my finger to become locked in a bent position. It is very painful. I am wearing a brace on my left hand.

I can still type and plan to continue working your log. Please be patient as it does slow me down.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#20 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:15 PM

Posted 21 April 2009 - 02:30 PM

You mention that my flash drives might be corrupted. I have never put any *.exe or other type of possibly infected files you mentioned on to my flash drive. I have only ever put windows office data files (word, excel, access) and jpg files on the flash drive. Since I never put *.exe, *.scr, htm, html, asp, php or compressed files (zip/cab/rar) on my flash drives, does this mean my flash drives are okay?

If you are sure about that, then the flash drives should be OK. An excellent preventive measure would be to use the Panda USB Vaccine.

There is an increasing amount of malware which, like the dangerous Conficker worm, spreads via removable devices and drives such as memory sticks, MP3 players, digital cameras, etc. To do this, these malicious codes modify the AutoRun file on these devices. It offers a double layer of preventive protection, allowing users to disable the AutoRun feature on computers as well as on USB drives and other devices:
Vaccine for computers: This is a ‘vaccine' for computers to prevent any AutoRun file from running, regardless of whether the device (memory stick, CD, etc.) is infected or not.
Vaccine for USB devices: This is a ‘vaccine' for removable USB devices, preventing the AutoRun file from becoming a source of infection. The tool disables this file so it cannot be read, modified or replaced by malicious code.
This is a very useful tool as there is no simple way of disabling the AutoRun feature in Windows. This provides users with a simple way of disabling this feature, offering a high degree of protection against infections from removable drives and devices.

  • Please download Panda USB Vaccine and save it to your desktop.
    Alternate Link
  • Unzip the file to your desktop. A folder will appear with the name, USBVaccine.
  • Double click on USBVaccine.exe to start the program. Click Run.
  • Click the button to vaccinate your computer.
  • Insert a USB drive. When the name of the drive appears in the dialog box, click the button to vaccinate your USB drive(s).
  • Click the red arrow to exit the program.
Keep in mind that USB drives that have been vaccinated cannot be reversed except with a format.

On a related subject, I am now having trouble accessing my flash drives via my usb ports. After many trials and failed possible solutions, I then tried accessing my camera via my usb port it also would not work. In other words, my usb ports are now unusable. It all worked before my virut infection. I was wondering if the virut virus has anything to do with this. I researched the problem on google and read that there are some viruses that disable your usb ports via the registry so you can not load anti-malware software. A more detailed description of the problem is that anything connected to my usb ports show up fine in device manager with no problems but do not appear in "My Computer" or windows explorer. Researched this extensively and found many other with same problem but no solution that worked for me.

The bigger problem is that without access to my usb ports, I cannot copy and save all my data from my computer prior to re-formating! A possible solution I thought of is to get my hands on an older internal harddrive with at least 20 gigs of capacity and physically install on my computer as a secondary internal slave drive. I can then re-format the secondary harddrive so that it is clean. I can then copy over to it all my files (non virut infected as discussed before). I can then physically remove the secondary harddrive and put it aside. I'll then re-format my primary harddrive and reinstall windows xp to get rid of virut. Once my system is up and running, I'll reconnect the second harddrive with my backed up files as a secondary slave once again and copy all my backed up files. Will this work?

Yes. I have a second hard drive that I use to backup my primary drive. You can access the files without copying them onto your primary drive. So the only files you would have to copy are ones you need to use. The others can be stored on the second hard drive.

What I do not know is if the virut virus will transfer to the secondary harddrive when I first physically hook it up to back up my files. I do not want to just reinfect my computer after my re-format when I re-hook up the secondary drive to recover my files. Can you please comment and advise.

As long as you remember:
  • Avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.
  • Avoid backing up htm, html, asp and php files.

Lastly, you mention I should not try to save my old emails because some may be in html format. You say if my old emails are text files then I should be okay. Is there a way to convert all my old emails into text files thus converting any html emails into text files so I may back them up and keep them?

I do not think converting the old emails into text files would prevent the Virut infection.
I do not feel comfortable answering your questions without your getting a second opinion because I do not know that much about the workings of computers. I would like you to post your question(s) above in BleepingComputer's Computer Forum, Windows XP Home and Professional, where the computer experts may help you. My expertise is dealing with malware and I prefer that you get the help of computer expert(s) in answering your question(s) and/or solving your problem(s). Please include a link to this thread so that the computer experts may see what we have done.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#21 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 25 April 2009 - 06:48 PM

Hi suebaby41,

Hope your thumb is better.

I believe I might have rid myself of the virut virus but I am not sure. I reformatted my hard drive and reloaded Windows XP as you suggested. I ran a HijackThis log using RSIT.exe and posted the contents of log.txt and info.txt to the end of this post for your review.

For future protection, I loaded on to my computer Avast! free home edition 4.8, Malwarebytes' Anti-Malware and Windows Defender. I am also using the Windows firewall but plan on replacing it with one of the free two-way firewalls you suggested once my virus issue is resolved. Prior to running a HijackThis log, I ran full deep scans using Avast!, Malwarebyte and Windows Defender. I also ran an online scan using Bitdefender. All scans came up clean and found no viruses except for one, Avast!. I ran two different types of scans using Avast!, the first was a Boot-time scan with maximum protection, which runs prior to loading Windows, and the second a regular scan from within the Avast! program. The Avast! Boot-time scan gave the following three messages:

"File C:\Windows\ServicePackfiles\i386\dssenh.dll is infected by Win21:Trojan-gen {other}. Moved to chest."

"File C:\Windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf386\dssenh.dll is infected by Win21:Trojan-gen {other}. Moved to chest."

"File C:\Windows\system32\dssenh.dll is infected by Win21:Trojan-gen {other}. Moved to chest."

These three files, which are all instances of the same file dssenh.dll, were moved to the Avast! chest which is their quarantine area. The quarantined file dssenh.dll sounds like a system file and I do not know if moving this file will disrupt the operation of Windows, although Windows seems to be working fine. I also do not know if this was a false-positive from Avast! and I should move the file back. I believe the file came from the Windows website when I downloaded the required Windows updates. Can you please advise as to what I should do regarding the Avast! Boot-time scan finding. FYI, the Avast! Boot-time scan was the first scan I ran. All the other scans mentioned above, including the regular Avast! scan, did not find anything wrong.

In case it helps, here is what I did to reformat my hard drive. As I inquired in one of my previous posts, I ended up connecting a second internal hard drive to my system. I reformatted this second hard drive to make sure it was clean and then copied all my personal files from my infected hard drive to the secondary hard drive for backup. I made certain not to copy any possibly infected types of files such as *.exe or any other file types you warned me about. I only copied over my personal office files (word, excel, access) and my pictures and video files. I then physically disconnected the secondary internal hard drive with my backed up files and set it aside. I then went thru the time consuming task of reformatting my infected hard drive and reloading Windows XP along with all the updates. I then reloaded all my other programs from scratch. Once my system was working and operational, I reconnected the second internal hard drive and copied over all my backed up files. I then physically disconnected the second hard drive and stored is away for another day. My only concern is the possibility that I transmitted the virut virus over to my second hard drive when backing up and then reinfected my system later when copying my files back over again. However, I don't think this is the case because my systems seems to be running fine and all my previous symptoms are gone, including my google redirects. My only problems seems to be the results of the Avast! Boot-time scan mentioned above. Just to let you know, I lost all my old emails because I did not backup any of my old emails based on your previous warnings. My only casualty, other than all the time, effort and inconvenience, was losing all my old emails.

Regarding my problems with my USB drives and other USB devices, after reformatting and reloading Windows XP, all my USB devices are all functioning normal with Windows recognizing any USB device I hook up. (I'm not sure what problem was before.) Also, I do not believe any of my USB flash drives are infected. Even during my problem, they were all working fine with other computers. I am opting at this point not to download Panda USB Vaccine to disable the AutoRun feature on Windows.

I appreciate all your assistance so far. Please let me know the results of reviewing the HijackThis logs below and whether or not my system is clean. Hopefully you can help me resolve the issue with the Avast! findings mentioned above and determine whether or not there is a virus on my system. Is there anything else I need to do? Should I download any other programs other than those I currently have as mentioned above? If there are any questions listed above that are outside your area of expertise as you mention in your last post, please let me know. I will await your next instructions. Thanks again so much.

Joe Anonymous

Here are the contents of log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Del Real at 2009-04-25 14:13:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (59%) free of 38 GB
Total RAM: 511 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:18 PM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Del Real\Desktop\RSIT.exe
C:\Program Files\trend micro\Del Real.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1240357188055
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4889 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-23 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-23 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-23 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-04-25 14:14:00 ----D---- C:\Program Files\trend micro
2009-04-25 14:13:58 ----D---- C:\rsit
2009-04-25 12:30:50 ----D---- C:\Program Files\Windows Live Safety Center
2009-04-25 11:47:10 ----D---- C:\WINDOWS\BDOSCAN8
2009-04-25 11:47:01 ----D---- C:\WINDOWS\LastGood
2009-04-23 21:55:39 ----N---- C:\WINDOWS\system32\iyvu9_32.dll
2009-04-23 21:55:39 ----A---- C:\WINDOWS\system32\iacenc.dll
2009-04-23 21:55:35 ----D---- C:\Program Files\Ligos
2009-04-23 21:54:34 ----A---- C:\WINDOWS\IsUninst.exe
2009-04-23 21:47:01 ----D---- C:\WINDOWS\Sun
2009-04-23 21:46:30 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-23 21:46:30 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-23 21:46:30 ----A---- C:\WINDOWS\system32\java.exe
2009-04-23 21:46:30 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-23 21:45:40 ----D---- C:\Program Files\Java
2009-04-23 21:44:48 ----D---- C:\Documents and Settings\Del Real\Application Data\Sun
2009-04-23 21:43:19 ----D---- C:\WINDOWS\system32\Adobe
2009-04-23 21:40:46 ----D---- C:\Documents and Settings\Del Real\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-23 21:38:07 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-04-23 21:34:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-23 21:32:19 ----D---- C:\Program Files\Common Files\Adobe
2009-04-23 21:32:19 ----D---- C:\Program Files\Adobe
2009-04-23 21:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-04-23 21:21:49 ----D---- C:\Program Files\NOS
2009-04-23 20:50:34 ----D---- C:\Documents and Settings\Del Real\Application Data\OfficeUpdate12
2009-04-23 20:47:11 ----A---- C:\WINDOWS\ODBC.INI
2009-04-23 20:44:21 ----D---- C:\Program Files\Microsoft Visual Studio
2009-04-23 20:44:18 ----D---- C:\Program Files\Common Files\Designer
2009-04-23 20:43:23 ----D---- C:\WINDOWS\ShellNew
2009-04-23 20:42:19 ----D---- C:\Program Files\Microsoft Office
2009-04-23 20:42:19 ----D---- C:\Documents and Settings\Del Real\Application Data\Microsoft Web Folders
2009-04-23 19:55:46 ----D---- C:\Documents and Settings\Del Real\Application Data\Malwarebytes
2009-04-23 19:55:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-23 19:55:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-22 13:08:18 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2009-04-22 13:08:18 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-04-22 13:08:18 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-04-22 13:08:18 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-04-22 13:08:15 ----D---- C:\Program Files\Alwil Software
2009-04-22 12:59:27 ----D---- C:\Program Files\Windows Defender
2009-04-21 22:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-04-21 22:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-04-21 22:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-04-21 22:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-04-21 22:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-04-21 22:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-04-21 22:24:13 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-04-21 22:24:12 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-04-21 22:23:53 ----D---- C:\Program Files\Windows Media Connect 2
2009-04-21 22:23:39 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-04-21 22:22:50 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-04-21 22:22:27 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-21 22:22:21 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-04-21 21:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-21 21:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-21 21:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-21 21:55:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-21 21:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-21 21:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-21 21:54:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-21 21:54:48 ----D---- C:\WINDOWS\system32\KB905474
2009-04-21 21:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-21 21:54:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-21 21:54:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-21 21:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-21 21:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-21 21:53:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-21 21:53:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-21 21:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-21 21:53:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-21 21:53:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-21 21:53:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-21 21:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-21 21:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-21 21:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-21 21:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-21 21:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-21 21:52:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-21 21:52:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-21 21:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-21 21:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-21 21:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-21 21:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-21 21:51:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-21 21:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-21 21:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-04-21 21:51:04 ----D---- C:\WINDOWS\ie7updates
2009-04-21 21:50:31 ----D---- C:\WINDOWS\WBEM
2009-04-21 21:48:55 ----HDC---- C:\WINDOWS\ie7
2009-04-21 21:48:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-04-21 21:48:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-04-21 21:47:08 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-21 21:39:16 ----D---- C:\WINDOWS\Prefetch
2009-04-21 21:11:35 ----D---- C:\WINDOWS\system32\en-us
2009-04-21 21:11:33 ----D---- C:\WINDOWS\system32\scripting
2009-04-21 21:11:32 ----D---- C:\WINDOWS\l2schemas
2009-04-21 21:11:31 ----D---- C:\WINDOWS\system32\en
2009-04-21 21:04:51 ----D---- C:\WINDOWS\network diagnostic
2009-04-21 20:50:30 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-04-21 20:50:29 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-04-21 20:50:26 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-04-21 20:50:22 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-04-21 20:50:20 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-04-21 20:50:20 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-04-21 20:50:18 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-04-21 20:50:14 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-04-21 20:50:14 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-04-21 20:50:14 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-04-21 20:50:02 ----N---- C:\WINDOWS\system32\setupn.exe
2009-04-21 20:49:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-04-21 20:49:58 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-04-21 20:49:57 ----N---- C:\WINDOWS\system32\qutil.dll
2009-04-21 20:49:57 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-04-21 20:49:56 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-04-21 20:49:56 ----N---- C:\WINDOWS\system32\qagent.dll
2009-04-21 20:49:55 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-04-21 20:49:53 ----N---- C:\WINDOWS\system32\onex.dll
2009-04-21 20:49:44 ----N---- C:\WINDOWS\system32\napstat.exe
2009-04-21 20:49:44 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-04-21 20:49:44 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-04-21 20:49:43 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-04-21 20:49:43 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-04-21 20:49:41 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-04-21 20:49:41 ----N---- C:\WINDOWS\system32\mssha.dll
2009-04-21 20:49:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-04-21 20:49:24 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-04-21 20:49:24 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-04-21 20:49:24 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-04-21 20:49:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-04-21 20:49:13 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-04-21 20:49:12 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-04-21 20:49:12 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-04-21 20:49:12 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-04-21 20:49:12 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-04-21 20:49:01 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-04-21 20:49:00 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-04-21 20:48:47 ----A---- C:\WINDOWS\005469_.tmp
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-04-21 20:48:40 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-04-21 20:48:40 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-04-21 20:48:40 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-04-21 20:48:37 ----N---- C:\WINDOWS\system32\credssp.dll
2009-04-21 20:48:33 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-21 20:48:32 ----N---- C:\WINDOWS\system32\azroles.dll
2009-04-21 20:48:25 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-04-21 20:31:05 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-21 20:18:35 ----D---- C:\WINDOWS\peernet
2009-04-21 20:18:34 ----D---- C:\WINDOWS\provisioning
2009-04-21 20:15:51 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-21 20:11:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-21 20:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-21 20:07:27 ----D---- C:\WINDOWS\EHome
2009-04-21 20:02:58 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-04-21 19:53:44 ----D---- C:\Documents and Settings\Del Real\Application Data\Macromedia
2009-04-21 19:53:44 ----D---- C:\Documents and Settings\Del Real\Application Data\Adobe
2009-04-21 17:44:14 ----A---- C:\WINDOWS\system32\wpa.bak
2009-04-21 16:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-04-21 16:43:30 ----D---- C:\WINDOWS\system32\PreInstall
2009-04-21 16:43:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-04-21 16:43:27 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-04-21 16:43:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-21 16:42:56 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-04-21 16:42:28 ----D---- C:\WINDOWS\system32\bits
2009-04-21 16:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-04-21 16:42:02 ----N---- C:\WINDOWS\system32\xpob2res.dll
2009-04-21 16:42:02 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-04-21 16:42:02 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-04-21 16:42:02 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-04-21 16:42:02 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-04-21 16:40:30 ----A---- C:\WINDOWS\system32\wups2.dll
2009-04-21 16:40:30 ----A---- C:\WINDOWS\system32\wups.dll
2009-04-21 16:40:29 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-04-21 16:40:29 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-04-21 16:40:29 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-04-21 16:40:28 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-04-21 16:40:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-04-21 16:40:04 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-21 10:09:31 ----SHD---- C:\RECYCLER
2009-04-20 22:43:05 ----SD---- C:\WINDOWS\system32\Microsoft
2009-04-20 22:32:57 ----SHD---- C:\WINDOWS\Installer
2009-04-20 22:32:54 ----D---- C:\Documents and Settings\Del Real\Application Data\Identities
2009-04-20 22:32:49 ----HD---- C:\Program Files\Uninstall Information
2009-04-20 22:32:43 ----ASH---- C:\Documents and Settings\Del Real\Application Data\desktop.ini
2009-04-20 22:32:42 ----SD---- C:\Documents and Settings\Del Real\Application Data\Microsoft
2009-04-20 22:30:23 ----SHD---- C:\System Volume Information
2009-04-20 22:30:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-20 22:26:30 ----D---- C:\WINDOWS\system32\xircom
2009-04-20 22:26:30 ----D---- C:\Program Files\xerox
2009-04-20 22:26:30 ----D---- C:\Program Files\microsoft frontpage
2009-04-20 22:25:58 ----A---- C:\WINDOWS\control.ini
2009-04-20 22:25:58 ----A---- C:\AUTOEXEC.BAT
2009-04-20 22:25:48 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-20 22:25:41 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-04-20 22:24:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-20 22:24:28 ----RD---- C:\WINDOWS\Offline Web Pages
2009-04-20 22:24:28 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-04-20 22:24:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-20 22:23:50 ----D---- C:\WINDOWS\system32\DirectX
2009-04-20 22:23:22 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-04-20 22:23:22 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-04-20 22:23:22 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-04-20 22:23:22 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-04-20 22:23:21 ----A---- C:\WINDOWS\system32\atrace.dll
2009-04-20 22:23:18 ----A---- C:\WINDOWS\system32\desktop.ini
2009-04-20 22:23:18 ----A---- C:\WINDOWS\desktop.ini
2009-04-20 22:23:11 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-04-20 22:23:11 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-04-20 22:23:11 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-04-20 22:23:09 ----D---- C:\Program Files\Common Files\Services
2009-04-20 22:23:09 ----A---- C:\WINDOWS\system32\acctres.dll
2009-04-20 22:23:08 ----A---- C:\WINDOWS\system32\inetres.dll
2009-04-20 22:23:04 ----SD---- C:\WINDOWS\Tasks
2009-04-20 22:23:04 ----A---- C:\WINDOWS\system32\isign32.dll
2009-04-20 22:23:04 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-04-20 22:23:04 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-04-20 22:23:04 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-04-20 22:23:04 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-04-20 22:23:01 ----D---- C:\Program Files\Common Files\MSSoap
2009-04-20 22:22:56 ----D---- C:\WINDOWS\srchasst
2009-04-20 22:22:55 ----D---- C:\WINDOWS\system32\Macromed
2009-04-20 22:22:54 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-04-20 22:22:53 ----D---- C:\Program Files\Movie Maker
2009-04-20 22:22:48 ----D---- C:\WINDOWS\system32\Restore
2009-04-20 22:22:48 ----D---- C:\WINDOWS\PCHealth
2009-04-20 22:22:48 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-04-20 22:22:48 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-04-20 22:22:48 ----A---- C:\WINDOWS\system32\srclient.dll
2009-04-20 22:22:47 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-04-20 22:22:47 ----A---- C:\WINDOWS\system32\msconf.dll
2009-04-20 22:22:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-04-20 22:22:47 ----A---- C:\WINDOWS\system32\ils.dll
2009-04-20 22:22:44 ----D---- C:\Program Files\NetMeeting
2009-04-20 22:22:44 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-04-20 22:22:44 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-04-20 22:22:43 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-04-20 22:22:42 ----D---- C:\Program Files\Outlook Express
2009-04-20 22:22:42 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-04-20 22:22:42 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-04-20 22:22:42 ----A---- C:\WINDOWS\system32\mstask.dll
2009-04-20 22:22:35 ----D---- C:\Program Files\Common Files\System
2009-04-20 22:22:34 ----D---- C:\Program Files\Internet Explorer
2009-04-20 22:21:44 ----D---- C:\Program Files\ComPlus Applications
2009-04-20 22:21:42 ----A---- C:\WINDOWS\vbaddin.ini
2009-04-20 22:21:42 ----A---- C:\WINDOWS\vb.ini
2009-04-20 22:21:36 ----D---- C:\WINDOWS\Registration
2009-04-20 22:21:26 ----HD---- C:\Program Files\WindowsUpdate
2009-04-20 22:21:26 ----D---- C:\Program Files\Windows Media Player
2009-04-20 22:21:26 ----D---- C:\Program Files\Online Services
2009-04-20 22:21:17 ----D---- C:\Program Files\Messenger
2009-04-20 22:21:12 ----D---- C:\Program Files\MSN Gaming Zone
2009-04-20 22:21:12 ----A---- C:\WINDOWS\system32\write.exe
2009-04-20 22:21:04 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-04-20 22:21:04 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-04-20 22:21:04 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-04-20 22:21:03 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-04-20 22:21:03 ----A---- C:\WINDOWS\system32\hticons.dll
2009-04-20 22:21:03 ----A---- C:\WINDOWS\system32\avwav.dll
2009-04-20 22:21:03 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-04-20 22:21:03 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-04-20 22:21:02 ----A---- C:\WINDOWS\system32\winchat.exe
2009-04-20 22:20:56 ----A---- C:\WINDOWS\system32\getuname.dll
2009-04-20 22:20:55 ----A---- C:\WINDOWS\system32\winmine.exe
2009-04-20 22:20:55 ----A---- C:\WINDOWS\system32\sol.exe
2009-04-20 22:20:55 ----A---- C:\WINDOWS\system32\charmap.exe
2009-04-20 22:20:55 ----A---- C:\WINDOWS\system32\calc.exe
2009-04-20 22:20:54 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-04-20 22:20:54 ----A---- C:\WINDOWS\system32\reset.exe
2009-04-20 22:20:54 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-04-20 22:20:54 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-04-20 22:20:54 ----A---- C:\WINDOWS\system32\freecell.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\tskill.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\tscon.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\shadow.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\regini.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\msg.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\logoff.exe
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-04-20 22:20:51 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-04-20 22:20:51 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\stclient.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\colbact.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\comuid.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-04-20 22:20:41 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-04-20 22:20:41 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-04-20 22:20:41 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-04-20 22:20:40 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-04-20 22:20:34 ----D---- C:\Program Files\Windows NT
2009-04-20 22:20:34 ----D---- C:\Program Files\MSN
2009-04-20 22:20:34 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-04-20 22:20:34 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-04-20 22:20:33 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-04-20 22:20:33 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-04-20 22:20:33 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-04-20 22:20:33 ----A---- C:\WINDOWS\system32\spider.exe
2009-04-20 22:20:33 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-04-20 22:20:32 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-04-20 22:20:32 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-04-20 22:20:32 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-04-20 22:20:32 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-04-20 22:20:32 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-04-20 22:20:30 ----D---- C:\WINDOWS\system32\MsDtc
2009-04-20 22:20:30 ----D---- C:\WINDOWS\system32\Com
2009-04-20 22:20:30 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-04-20 22:20:30 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-04-20 22:20:30 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-04-20 22:20:29 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-04-20 22:20:26 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-04-20 15:17:58 ----A---- C:\WINDOWS\system32\h323log.txt
2009-04-20 15:14:12 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\sblfx.dll
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\devldr32.exe
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\devcon32.dll
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\ctwdm32.dll
2009-04-20 15:13:17 ----A---- C:\WINDOWS\system32\usbui.dll
2009-04-20 15:12:01 ----A---- C:\WINDOWS\imsins.BAK
2009-04-20 15:11:55 ----D---- C:\Program Files\Common Files\ODBC
2009-04-20 15:11:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-20 15:11:55 ----A---- C:\WINDOWS\ODBCINST.INI
2009-04-20 15:11:51 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-04-20 15:11:50 ----RD---- C:\Program Files
2009-04-20 15:11:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-20 15:11:50 ----D---- C:\Program Files\Common Files
2009-04-20 15:11:47 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-04-20 15:11:47 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-04-20 15:11:47 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-04-20 15:11:46 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-04-20 15:11:42 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-04-20 15:11:42 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-04-20 15:11:42 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-04-20 15:11:42 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-04-20 15:11:42 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-04-20 15:11:37 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-04-20 15:11:37 ----A---- C:\WINDOWS\system32\irclass.dll
2009-04-20 15:11:37 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-04-20 15:11:37 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-04-20 15:11:37 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-04-20 15:11:35 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-04-20 15:11:34 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-04-20 15:11:34 ----A---- C:\WINDOWS\system32\batt.dll
2009-04-20 15:11:34 ----A---- C:\WINDOWS\notepad.exe
2009-04-20 15:11:33 ----A---- C:\WINDOWS\system32\storprop.dll
2009-04-20 15:11:24 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-04-20 15:11:19 ----RA---- C:\WINDOWS\SETA.tmp
2009-04-20 15:11:15 ----RA---- C:\WINDOWS\SET3.tmp
2009-04-20 15:11:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-20 15:11:08 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-20 15:10:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-20 15:10:39 ----A---- C:\WINDOWS\setuplog.txt
2009-04-20 15:10:32 ----D---- C:\Documents and Settings
2009-04-20 15:09:32 ----RASH---- C:\boot.ini
2009-04-20 15:05:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-20 15:05:44 ----RSD---- C:\WINDOWS\Fonts
2009-04-20 15:05:44 ----RD---- C:\WINDOWS\Web
2009-04-20 15:05:44 ----HD---- C:\WINDOWS\inf
2009-04-20 15:05:44 ----D---- C:\WINDOWS\WinSxS
2009-04-20 15:05:44 ----D---- C:\WINDOWS\twain_32
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Temp
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\wins
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\wbem
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\usmt
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\spool
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\ShellExt
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\Setup
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\ras
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\oobe
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\npp
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\mui
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\IME
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\icsxml
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\ias
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\export
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\drivers
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\dhcp
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\config
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\3com_dmi
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\3076
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\2052
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1054
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1042
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1041
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1037
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1033
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1031
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1028
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1025
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system
2009-04-20 15:05:44 ----D---- C:\WINDOWS\security
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Resources
2009-04-20 15:05:44 ----D---- C:\WINDOWS\repair
2009-04-20 15:05:44 ----D---- C:\WINDOWS\mui
2009-04-20 15:05:44 ----D---- C:\WINDOWS\msapps
2009-04-20 15:05:44 ----D---- C:\WINDOWS\msagent
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Media
2009-04-20 15:05:44 ----D---- C:\WINDOWS\java
2009-04-20 15:05:44 ----D---- C:\WINDOWS\ime
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Help
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Driver Cache
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Debug
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Cursors
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Connection Wizard
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Config
2009-04-20 15:05:44 ----D---- C:\WINDOWS\AppPatch
2009-04-20 15:05:44 ----D---- C:\WINDOWS\addins
2009-04-20 15:05:44 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-04-23 21:14:48 ----A---- C:\WINDOWS\win.ini
2009-04-21 20:12:38 ----RASH---- C:\NTDETECT.COM
2009-04-20 15:11:49 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [2009-04-21 250752]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-23 152984]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------



Here are the contents of info.txt:

info.txt logfile of random's system information tool 1.06 2009-04-25 14:14:22

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090425-0]

======System event log======

Computer Name: COMPUTER
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {75522478-5291-4668-AE9C-324AFED4D025}

User: COMPUTER\Del Real

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: driver:avastTestService

Alert Type: Unclassified software

Detection Type:

Record Number: 430
Source Name: WinDefend
Time Written: 20090422130731.000000-420
Event Type: warning
User:

Computer Name: COMPUTER
Event Code: 20
Message: Printer Driver HP LaserJet 6L for Windows NT x86 Version-3 was added or updated. Files:- (null).

Record Number: 257
Source Name: Print
Time Written: 20090421213932.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: COMPUTER
Event Code: 20
Message: Printer Driver HP LaserJet 6L for Windows NT x86 Version-3 was added or updated. Files:- (null).

Record Number: 195
Source Name: Print
Time Written: 20090421202649.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: COMPUTER
Event Code: 4311
Message: Initialization failed because the driver device could not be created.

Record Number: 130
Source Name: NetBT
Time Written: 20090421163502.000000-420
Event Type: error
User:

Computer Name: COMPUTER
Event Code: 20
Message: Printer Driver HP LaserJet 6L for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, HPLJ6L.GPD, UNIDRV.HLP, PCL5ERES.DLL, TTFSUB.GPD, UNIRES.DLL, STDNAMES.GPD.

Record Number: 10
Source Name: Print
Time Written: 20090420223036.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: COMPUTER
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 49
Source Name: WinMgmt
Time Written: 20090421211253.000000-420
Event Type: warning
User: COMPUTER\Del Real

Computer Name: COMPUTER
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 43
Source Name: WinMgmt
Time Written: 20090421202730.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: COMPUTER
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 42
Source Name: WinMgmt
Time Written: 20090421202730.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: COMPUTER
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 30
Source Name: WinMgmt
Time Written: 20090421201930.000000-420
Event Type: warning
User: COMPUTER\Del Real

Computer Name: COMPUTER
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.


Record Number: 20
Source Name: Windows Product Activation
Time Written: 20090420223245.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#22 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:15 PM

Posted 26 April 2009 - 10:09 AM

I am not sure why Avast4 tagged the dssenh.dll. The only concern I have is the dssenh.dll is a legitimate dll. If You cannot install some updates or programs, read the article by Microsoft where the dssenh.dll is one of the dlls mentioned that to solve the problem you need to reregister DLL files that are associated with Cryptographic Services. Hopefully, you will not need to do that.
But to be safe, let's upload the file to one of the following:

Note: Internet Explorer is the browser to use for best results.

Please upload suspicious file(s) to Jotti.
  • Click the white box beside the Browse box.
  • Copy and paste the following file path into the white box.

    C:\Windows\system32\dssenh.dll

  • Press Submit. The file will be submitted for testing.
  • Please wait for all the scanners to finish, then post the results in your next response.
Alternatively, if Jotti is busy or inaccessible, you may try VirusTotal.
  • Click the white box beside the Browse box.
  • Copy and paste the following file path into the white box.

    C:\Windows\system32\dssenh.dll

  • Click Send File.
or
  • Please go to VirSCAN.org free on-line scan service.
  • Copy and paste the following file path into the "Suspicious files to scan" box at the top of the page on the VirScan web site:

    C:\Windows\system32\dssenh.dll

  • Click on the Upload button
  • After the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply. (Ctrl & V)

You log looks good. You have a few Optional Fixes if you want to fix them.

You did a good job. As far as I can tell, you do not have any signs of Virut. Be sure to keep your antivirus updated and run a scan once a week at least. You should consider getting one of the third party firewalls; they work much better than the Windows Firewall. I use Online Armor and like it. I also use Avast4, Win Patrol and ThreatFire. Win Patrol and ThreatFire are additional protection programs.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#23 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 26 April 2009 - 08:30 PM

Hi suebaby41,

I think I have resolved my Avast! detection of the file dssenh.dll as a potential virus. I believe it was a false positive detection by Avast!. I did some research on the Avast! forums and found others with the same false positve detection. It also mentioned that Avast! had addressed and solved the problem in their latest edition virus database update, which I have updated on to my computer. To be certain, I then scanned the specific file in Avast! while it was still in the quartantine chest and it came up as no virus detected. I then restored the file to its original location and then ran the Avast! Boot-time deep scan, which originally detected the problem. This time it did not detect any problem with the file or anything else on my system, i.e., no viruses detected. I then ran the file thru Jotti as you suggested and the results were clean. I did not bother posting the Jotti results because it showed no viruses detected on all scans.

I would like to go thru and fix any Optional Fixes you might recommend as you mention in your last post. You had also mentioned Optional Fixes in one of your earlier posts referring to unnecessary programs that load during startup such as instant messaging programs and media players. I would rather not have programs loaded and slowing down my system until I actually need to use them. (I understand some programs such as anti-virus are necessary to load on startup.) Any other recommendations on Optional Fixes are welcome.

Also, I would like to get confirmation that that I should be sufficiently protected with the programs I currently have loaded on to my computer, that is, Avast! free home edition 4.8, Malwarebytes' Anti-Malware free edition and Windows Defender. As I mentioned before and as you recommend, I will also download a third-party two-way firewall to replace Windows firewall. Is there anythinig else you recommend? Also, will these programs interfere with each other? I have heard some anti-virus programs do interfere with each other. I understand I probably cannot be 100% protected. I'm just looking to get a reasonable level of protection without sacraficing too much of my conputer's performance.

I look forward to your response.

Joe Anonymous

#24 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:15 PM

Posted 27 April 2009 - 09:18 AM

I think I have resolved my Avast! detection of the file dssenh.dll as a potential virus. I believe it was a false positive detection by Avast!. I did some research on the Avast! forums and found others with the same false positve detection. It also mentioned that Avast! had addressed and solved the problem in their latest edition virus database update, which I have updated on to my computer. To be certain, I then scanned the specific file in Avast! while it was still in the quartantine chest and it came up as no virus detected. I then restored the file to its original location and then ran the Avast! Boot-time deep scan, which originally detected the problem. This time it did not detect any problem with the file or anything else on my system, i.e., no viruses detected. I then ran the file thru Jotti as you suggested and the results were clean. I did not bother posting the Jotti results because it showed no viruses detected on all scans.

I did not find the information on the Avast Forum at first so I asked the question. I received a reply that referred me to the same discussion that it was a false postive. I assumed that your Avast was updated since it updates itself. So I think you did the right thing there.

I would like to go thru and fix any Optional Fixes you might recommend as you mention in your last post. You had also mentioned Optional Fixes in one of your earlier posts referring to unnecessary programs that load during startup such as instant messaging programs and media players. I would rather not have programs loaded and slowing down my system until I actually need to use them. (I understand some programs such as anti-virus are necessary to load on startup.) Any other recommendations on Optional Fixes are welcome.

Have you made any changes on your computer since you posted the Hijackthis log date 4/25. If you have, please post a new HijackThis log and I will give you instructions on Optional Fixes.

Also, I would like to get confirmation that that I should be sufficiently protected with the programs I currently have loaded on to my computer, that is, Avast! free home edition 4.8, Malwarebytes' Anti-Malware free edition and Windows Defender. As I mentioned before and as you recommend, I will also download a third-party two-way firewall to replace Windows firewall. Is there anythinig else you recommend? Also, will these programs interfere with each other? I have heard some anti-virus programs do interfere with each other. I understand I probably cannot be 100% protected. I'm just looking to get a reasonable level of protection without sacraficing too much of my conputer's performance.

Malwarebytes Free is a scanner which you need to use weekly and it does not offer any resident protection unless you buy the Pro version. It is an excellent program.

Windows Defender has resident protection so it is a good program to have.

WinPatrol

WinPatrol.exe
As a robust SECURITY MONITOR , WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol PLUS includes our uniqueR.I.D. technology.
As a MULTI PURPOSE SUPPORT UTILITY WinPatrol replaces multiple system utilities with its enhanced functionality. WinPatrol PLUS provides easy to understand descriptions of over 20,000 programs.
WinPatrol was the pioneer in using a heuristic behavioral approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without our knowledge. You'll be removing dangerous new programs while others prepare to update their definition/signature data files.
Note: Some fire walls including the newest Zone Alarm are blocking the execution of WinPatrolEx.exe. When you click on the Scotty icon we actually launch WinPatrolEx.exe but Zone Alarm's protection prevents one program from launching another but doesn't necessarily let you know. You'll need to tell Zone Alarm that WinPatrol.exe and WinPatrolEx.exe are your friends.


ThreatFire does not interfere with your current antivirus program.

PCs are under constant attack from viruses, spyware and identity theft. Every day you hear about a new threat to your PC. They're coming faster than ever before, they're getting harder to stop and traditional antivirus products are not able to keep up.
Will your antivirus software catch the latest malware that just came out today? In most cases, no, because it simply does not know how to detect it yet. But ThreatFire's ActiveDefense technology does, and has proven to provide up to 243% more protection when combined with traditional AntiVirus products
If I already have antivirus software why do I need ThreatFire?
ThreatFire is dramatically different to traditional antivirus software. Normal antivirus products usually need to have first identified and seen a threat before they can provide adequate protection against it. The protection is then provided via a signature or fingerprint update, which must first be written by an antivirus researcher. This creates a large window of time where threats are undetected and can therefore infect your PC even when you have antivirus software installed.
How can ThreatFire protect me when traditional antivirus can't?
ThreatFire continually protects your PC against attacks by detecting malicious behavior, such as capturing your keystrokes or stealing your data, instead of only looking for known threats like normal antivirus software. By implementing sophisticated real-time behavioral analysis ThreatFire is able to stop never- before-seen "zero-day" threats solely by detecting their malicious activity.
Zero-day threats are usually designed to take advantage of new vulnerabilities or exploits that are currently unprotected by traditional security products. They are usually distributed in huge quantities very quickly by mass email (SPAM), website hijacks, instant messaging or over peer-to-peer networks. Because they are undetectable they are able to wreak havoc and compromise your PC even when you have up-to-date antivirus software installed.
ThreatFire's patent-pending ActiveDefense technology offers protection against all types of internet threats - both known and unknown - spyware, adware, keyloggers, viruses, worms, Trojans, rootkits, buffer overflows, and other malware. ThreatFire uses its unparalleled protection to hunt down and paralyze those threats that are either too new or too clever to be recognized by traditional "signature-based" antivirus software.
Do I need to be an expert to use ThreatFire?
ThreatFire is advanced technology designed especially for people, not just experts.
We believe security software should be "set and forget" so once you install ThreatFire you won't need to answer lots of technical questions, in fact the only time you should even notice ThreatFire is protecting your PC is when we detect something malicious that requires your attention.


You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#25 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 27 April 2009 - 08:24 PM

Hi suebaby41,

Thanks for the info on WinPatrol and ThreatFire. I definitely plan on installing ThreatFire. I'm still considering WinPatrol for now but will probably just end up installing anyway.

I'd like to go thru any Optional Fixes you recommend. I'm not certain if I have any changes to my computer since my last HijackThis log. I ended up running another HijackThis log just in case. Posted below are the files log.txt and info.txt. (Please note I have not yet installed ThreatFire, WinPatrol or the intended third-party firewall and will wait until any Optional Fixes are done.)

Once again, I look forward to your next response.

Joe Anonymous

Here are the contents of log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Del Real at 2009-04-27 18:15:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (59%) free of 38 GB
Total RAM: 511 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:10 PM, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Del Real\Desktop\RSIT.exe
C:\Program Files\trend micro\Del Real.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1240357188055
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4905 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-23 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-23 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-23 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-04-26 13:57:48 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-04-25 14:14:00 ----D---- C:\Program Files\trend micro
2009-04-25 14:13:58 ----D---- C:\rsit
2009-04-25 12:30:50 ----D---- C:\Program Files\Windows Live Safety Center
2009-04-25 11:47:10 ----D---- C:\WINDOWS\BDOSCAN8
2009-04-23 21:55:39 ----N---- C:\WINDOWS\system32\iyvu9_32.dll
2009-04-23 21:55:39 ----A---- C:\WINDOWS\system32\iacenc.dll
2009-04-23 21:55:35 ----D---- C:\Program Files\Ligos
2009-04-23 21:54:34 ----A---- C:\WINDOWS\IsUninst.exe
2009-04-23 21:47:01 ----D---- C:\WINDOWS\Sun
2009-04-23 21:46:30 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-23 21:46:30 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-23 21:46:30 ----A---- C:\WINDOWS\system32\java.exe
2009-04-23 21:46:30 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-23 21:45:40 ----D---- C:\Program Files\Java
2009-04-23 21:44:48 ----D---- C:\Documents and Settings\Del Real\Application Data\Sun
2009-04-23 21:43:19 ----D---- C:\WINDOWS\system32\Adobe
2009-04-23 21:40:46 ----D---- C:\Documents and Settings\Del Real\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-23 21:38:07 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-04-23 21:34:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-23 21:32:19 ----D---- C:\Program Files\Common Files\Adobe
2009-04-23 21:32:19 ----D---- C:\Program Files\Adobe
2009-04-23 21:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-04-23 21:21:49 ----D---- C:\Program Files\NOS
2009-04-23 20:50:34 ----D---- C:\Documents and Settings\Del Real\Application Data\OfficeUpdate12
2009-04-23 20:47:11 ----A---- C:\WINDOWS\ODBC.INI
2009-04-23 20:44:21 ----D---- C:\Program Files\Microsoft Visual Studio
2009-04-23 20:44:18 ----D---- C:\Program Files\Common Files\Designer
2009-04-23 20:43:23 ----D---- C:\WINDOWS\ShellNew
2009-04-23 20:42:19 ----D---- C:\Program Files\Microsoft Office
2009-04-23 20:42:19 ----D---- C:\Documents and Settings\Del Real\Application Data\Microsoft Web Folders
2009-04-23 19:55:46 ----D---- C:\Documents and Settings\Del Real\Application Data\Malwarebytes
2009-04-23 19:55:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-23 19:55:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-22 13:08:18 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2009-04-22 13:08:18 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-04-22 13:08:18 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-04-22 13:08:18 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-04-22 13:08:15 ----D---- C:\Program Files\Alwil Software
2009-04-22 12:59:27 ----D---- C:\Program Files\Windows Defender
2009-04-21 22:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-04-21 22:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-04-21 22:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-04-21 22:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-04-21 22:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-04-21 22:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-04-21 22:24:13 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-04-21 22:24:12 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-04-21 22:23:53 ----D---- C:\Program Files\Windows Media Connect 2
2009-04-21 22:23:39 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-04-21 22:22:50 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-04-21 22:22:27 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-21 22:22:21 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-04-21 21:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-21 21:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-21 21:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-21 21:55:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-21 21:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-21 21:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-21 21:54:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-21 21:54:48 ----D---- C:\WINDOWS\system32\KB905474
2009-04-21 21:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-21 21:54:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-21 21:54:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-21 21:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-21 21:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-21 21:53:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-21 21:53:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-21 21:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-21 21:53:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-21 21:53:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-21 21:53:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-21 21:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-21 21:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-21 21:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-21 21:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-21 21:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-21 21:52:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-21 21:52:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-21 21:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-21 21:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-21 21:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-21 21:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-21 21:51:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-21 21:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-21 21:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-04-21 21:51:04 ----D---- C:\WINDOWS\ie7updates
2009-04-21 21:50:31 ----D---- C:\WINDOWS\WBEM
2009-04-21 21:48:55 ----HDC---- C:\WINDOWS\ie7
2009-04-21 21:48:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-04-21 21:48:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-04-21 21:47:08 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-21 21:39:16 ----D---- C:\WINDOWS\Prefetch
2009-04-21 21:11:35 ----D---- C:\WINDOWS\system32\en-us
2009-04-21 21:11:33 ----D---- C:\WINDOWS\system32\scripting
2009-04-21 21:11:32 ----D---- C:\WINDOWS\l2schemas
2009-04-21 21:11:31 ----D---- C:\WINDOWS\system32\en
2009-04-21 21:04:51 ----D---- C:\WINDOWS\network diagnostic
2009-04-21 20:50:30 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-04-21 20:50:29 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-04-21 20:50:26 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-04-21 20:50:22 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-04-21 20:50:20 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-04-21 20:50:20 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-04-21 20:50:18 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-04-21 20:50:14 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-04-21 20:50:14 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-04-21 20:50:14 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-04-21 20:50:02 ----N---- C:\WINDOWS\system32\setupn.exe
2009-04-21 20:49:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-04-21 20:49:58 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-04-21 20:49:57 ----N---- C:\WINDOWS\system32\qutil.dll
2009-04-21 20:49:57 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-04-21 20:49:56 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-04-21 20:49:56 ----N---- C:\WINDOWS\system32\qagent.dll
2009-04-21 20:49:55 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-04-21 20:49:53 ----N---- C:\WINDOWS\system32\onex.dll
2009-04-21 20:49:44 ----N---- C:\WINDOWS\system32\napstat.exe
2009-04-21 20:49:44 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-04-21 20:49:44 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-04-21 20:49:43 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-04-21 20:49:43 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-04-21 20:49:41 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-04-21 20:49:41 ----N---- C:\WINDOWS\system32\mssha.dll
2009-04-21 20:49:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-04-21 20:49:24 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-04-21 20:49:24 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-04-21 20:49:24 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-04-21 20:49:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-04-21 20:49:13 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-04-21 20:49:12 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-04-21 20:49:12 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-04-21 20:49:12 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-04-21 20:49:12 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-04-21 20:49:01 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-04-21 20:49:00 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-04-21 20:48:47 ----A---- C:\WINDOWS\005469_.tmp
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-04-21 20:48:45 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-04-21 20:48:42 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-04-21 20:48:40 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-04-21 20:48:40 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-04-21 20:48:40 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-04-21 20:48:37 ----N---- C:\WINDOWS\system32\credssp.dll
2009-04-21 20:48:33 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-21 20:48:32 ----N---- C:\WINDOWS\system32\azroles.dll
2009-04-21 20:48:25 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-04-21 20:31:05 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-21 20:18:35 ----D---- C:\WINDOWS\peernet
2009-04-21 20:18:34 ----D---- C:\WINDOWS\provisioning
2009-04-21 20:15:51 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-21 20:11:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-21 20:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-21 20:07:27 ----D---- C:\WINDOWS\EHome
2009-04-21 20:02:58 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-04-21 19:53:44 ----D---- C:\Documents and Settings\Del Real\Application Data\Macromedia
2009-04-21 19:53:44 ----D---- C:\Documents and Settings\Del Real\Application Data\Adobe
2009-04-21 17:44:14 ----A---- C:\WINDOWS\system32\wpa.bak
2009-04-21 16:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-04-21 16:43:30 ----D---- C:\WINDOWS\system32\PreInstall
2009-04-21 16:43:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-04-21 16:43:27 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-04-21 16:43:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-21 16:42:56 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-04-21 16:42:28 ----D---- C:\WINDOWS\system32\bits
2009-04-21 16:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-04-21 16:42:02 ----N---- C:\WINDOWS\system32\xpob2res.dll
2009-04-21 16:42:02 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-04-21 16:42:02 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-04-21 16:42:02 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-04-21 16:42:02 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-04-21 16:40:30 ----A---- C:\WINDOWS\system32\wups2.dll
2009-04-21 16:40:30 ----A---- C:\WINDOWS\system32\wups.dll
2009-04-21 16:40:29 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-04-21 16:40:29 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-04-21 16:40:29 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-04-21 16:40:28 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-04-21 16:40:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-04-21 16:40:04 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-21 10:09:31 ----SHD---- C:\RECYCLER
2009-04-20 22:43:05 ----SD---- C:\WINDOWS\system32\Microsoft
2009-04-20 22:32:57 ----SHD---- C:\WINDOWS\Installer
2009-04-20 22:32:54 ----D---- C:\Documents and Settings\Del Real\Application Data\Identities
2009-04-20 22:32:49 ----HD---- C:\Program Files\Uninstall Information
2009-04-20 22:32:43 ----ASH---- C:\Documents and Settings\Del Real\Application Data\desktop.ini
2009-04-20 22:32:42 ----SD---- C:\Documents and Settings\Del Real\Application Data\Microsoft
2009-04-20 22:30:23 ----SHD---- C:\System Volume Information
2009-04-20 22:30:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-20 22:26:30 ----D---- C:\WINDOWS\system32\xircom
2009-04-20 22:26:30 ----D---- C:\Program Files\xerox
2009-04-20 22:26:30 ----D---- C:\Program Files\microsoft frontpage
2009-04-20 22:25:58 ----A---- C:\WINDOWS\control.ini
2009-04-20 22:25:58 ----A---- C:\AUTOEXEC.BAT
2009-04-20 22:25:48 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-20 22:25:41 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-04-20 22:24:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-20 22:24:28 ----RD---- C:\WINDOWS\Offline Web Pages
2009-04-20 22:24:28 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-04-20 22:24:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-20 22:23:50 ----D---- C:\WINDOWS\system32\DirectX
2009-04-20 22:23:22 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-04-20 22:23:22 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-04-20 22:23:22 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-04-20 22:23:22 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-04-20 22:23:21 ----A---- C:\WINDOWS\system32\atrace.dll
2009-04-20 22:23:18 ----A---- C:\WINDOWS\system32\desktop.ini
2009-04-20 22:23:18 ----A---- C:\WINDOWS\desktop.ini
2009-04-20 22:23:11 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-04-20 22:23:11 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-04-20 22:23:11 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-04-20 22:23:09 ----D---- C:\Program Files\Common Files\Services
2009-04-20 22:23:09 ----A---- C:\WINDOWS\system32\acctres.dll
2009-04-20 22:23:08 ----A---- C:\WINDOWS\system32\inetres.dll
2009-04-20 22:23:04 ----SD---- C:\WINDOWS\Tasks
2009-04-20 22:23:04 ----A---- C:\WINDOWS\system32\isign32.dll
2009-04-20 22:23:04 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-04-20 22:23:04 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-04-20 22:23:04 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-04-20 22:23:04 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-04-20 22:23:01 ----D---- C:\Program Files\Common Files\MSSoap
2009-04-20 22:22:56 ----D---- C:\WINDOWS\srchasst
2009-04-20 22:22:55 ----D---- C:\WINDOWS\system32\Macromed
2009-04-20 22:22:54 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-04-20 22:22:53 ----D---- C:\Program Files\Movie Maker
2009-04-20 22:22:48 ----D---- C:\WINDOWS\system32\Restore
2009-04-20 22:22:48 ----D---- C:\WINDOWS\PCHealth
2009-04-20 22:22:48 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-04-20 22:22:48 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-04-20 22:22:48 ----A---- C:\WINDOWS\system32\srclient.dll
2009-04-20 22:22:47 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-04-20 22:22:47 ----A---- C:\WINDOWS\system32\msconf.dll
2009-04-20 22:22:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-04-20 22:22:47 ----A---- C:\WINDOWS\system32\ils.dll
2009-04-20 22:22:44 ----D---- C:\Program Files\NetMeeting
2009-04-20 22:22:44 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-04-20 22:22:44 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-04-20 22:22:43 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-04-20 22:22:42 ----D---- C:\Program Files\Outlook Express
2009-04-20 22:22:42 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-04-20 22:22:42 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-04-20 22:22:42 ----A---- C:\WINDOWS\system32\mstask.dll
2009-04-20 22:22:35 ----D---- C:\Program Files\Common Files\System
2009-04-20 22:22:34 ----D---- C:\Program Files\Internet Explorer
2009-04-20 22:21:44 ----D---- C:\Program Files\ComPlus Applications
2009-04-20 22:21:42 ----A---- C:\WINDOWS\vbaddin.ini
2009-04-20 22:21:42 ----A---- C:\WINDOWS\vb.ini
2009-04-20 22:21:36 ----D---- C:\WINDOWS\Registration
2009-04-20 22:21:26 ----HD---- C:\Program Files\WindowsUpdate
2009-04-20 22:21:26 ----D---- C:\Program Files\Windows Media Player
2009-04-20 22:21:26 ----D---- C:\Program Files\Online Services
2009-04-20 22:21:17 ----D---- C:\Program Files\Messenger
2009-04-20 22:21:12 ----D---- C:\Program Files\MSN Gaming Zone
2009-04-20 22:21:12 ----A---- C:\WINDOWS\system32\write.exe
2009-04-20 22:21:04 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-04-20 22:21:04 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-04-20 22:21:04 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-04-20 22:21:03 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-04-20 22:21:03 ----A---- C:\WINDOWS\system32\hticons.dll
2009-04-20 22:21:03 ----A---- C:\WINDOWS\system32\avwav.dll
2009-04-20 22:21:03 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-04-20 22:21:03 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-04-20 22:21:02 ----A---- C:\WINDOWS\system32\winchat.exe
2009-04-20 22:20:56 ----A---- C:\WINDOWS\system32\getuname.dll
2009-04-20 22:20:55 ----A---- C:\WINDOWS\system32\winmine.exe
2009-04-20 22:20:55 ----A---- C:\WINDOWS\system32\sol.exe
2009-04-20 22:20:55 ----A---- C:\WINDOWS\system32\charmap.exe
2009-04-20 22:20:55 ----A---- C:\WINDOWS\system32\calc.exe
2009-04-20 22:20:54 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-04-20 22:20:54 ----A---- C:\WINDOWS\system32\reset.exe
2009-04-20 22:20:54 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-04-20 22:20:54 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-04-20 22:20:54 ----A---- C:\WINDOWS\system32\freecell.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\tskill.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\tscon.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\shadow.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\regini.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\msg.exe
2009-04-20 22:20:53 ----A---- C:\WINDOWS\system32\logoff.exe
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-04-20 22:20:52 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-04-20 22:20:51 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-04-20 22:20:51 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\stclient.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-04-20 22:20:50 ----A---- C:\WINDOWS\system32\colbact.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\comuid.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-04-20 22:20:49 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-04-20 22:20:41 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-04-20 22:20:41 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-04-20 22:20:41 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-04-20 22:20:40 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-04-20 22:20:34 ----D---- C:\Program Files\Windows NT
2009-04-20 22:20:34 ----D---- C:\Program Files\MSN
2009-04-20 22:20:34 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-04-20 22:20:34 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-04-20 22:20:33 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-04-20 22:20:33 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-04-20 22:20:33 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-04-20 22:20:33 ----A---- C:\WINDOWS\system32\spider.exe
2009-04-20 22:20:33 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-04-20 22:20:32 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-04-20 22:20:32 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-04-20 22:20:32 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-04-20 22:20:32 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-04-20 22:20:32 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-04-20 22:20:31 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-04-20 22:20:30 ----D---- C:\WINDOWS\system32\MsDtc
2009-04-20 22:20:30 ----D---- C:\WINDOWS\system32\Com
2009-04-20 22:20:30 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-04-20 22:20:30 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-04-20 22:20:30 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-04-20 22:20:29 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-04-20 22:20:26 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-04-20 15:17:58 ----A---- C:\WINDOWS\system32\h323log.txt
2009-04-20 15:14:12 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\sblfx.dll
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\devldr32.exe
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\devcon32.dll
2009-04-20 15:13:29 ----A---- C:\WINDOWS\system32\ctwdm32.dll
2009-04-20 15:13:17 ----A---- C:\WINDOWS\system32\usbui.dll
2009-04-20 15:12:01 ----A---- C:\WINDOWS\imsins.BAK
2009-04-20 15:11:55 ----D---- C:\Program Files\Common Files\ODBC
2009-04-20 15:11:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-20 15:11:55 ----A---- C:\WINDOWS\ODBCINST.INI
2009-04-20 15:11:51 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-04-20 15:11:50 ----RD---- C:\Program Files
2009-04-20 15:11:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-20 15:11:50 ----D---- C:\Program Files\Common Files
2009-04-20 15:11:47 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-04-20 15:11:47 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-04-20 15:11:47 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-04-20 15:11:46 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-04-20 15:11:45 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-04-20 15:11:43 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-04-20 15:11:42 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-04-20 15:11:42 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-04-20 15:11:42 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-04-20 15:11:42 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-04-20 15:11:42 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-04-20 15:11:40 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-04-20 15:11:37 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-04-20 15:11:37 ----A---- C:\WINDOWS\system32\irclass.dll
2009-04-20 15:11:37 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-04-20 15:11:37 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-04-20 15:11:37 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-04-20 15:11:35 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-04-20 15:11:34 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-04-20 15:11:34 ----A---- C:\WINDOWS\system32\batt.dll
2009-04-20 15:11:34 ----A---- C:\WINDOWS\notepad.exe
2009-04-20 15:11:33 ----A---- C:\WINDOWS\system32\storprop.dll
2009-04-20 15:11:24 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-04-20 15:11:19 ----RA---- C:\WINDOWS\SETA.tmp
2009-04-20 15:11:15 ----RA---- C:\WINDOWS\SET3.tmp
2009-04-20 15:11:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-20 15:11:08 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-20 15:10:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-20 15:10:39 ----A---- C:\WINDOWS\setuplog.txt
2009-04-20 15:10:32 ----D---- C:\Documents and Settings
2009-04-20 15:09:32 ----RASH---- C:\boot.ini
2009-04-20 15:05:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-20 15:05:44 ----RSD---- C:\WINDOWS\Fonts
2009-04-20 15:05:44 ----RD---- C:\WINDOWS\Web
2009-04-20 15:05:44 ----HD---- C:\WINDOWS\inf
2009-04-20 15:05:44 ----D---- C:\WINDOWS\WinSxS
2009-04-20 15:05:44 ----D---- C:\WINDOWS\twain_32
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Temp
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\wins
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\wbem
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\usmt
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\spool
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\ShellExt
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\Setup
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\ras
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\oobe
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\npp
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\mui
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\IME
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\icsxml
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\ias
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\export
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\drivers
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\dhcp
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\config
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\3com_dmi
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\3076
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\2052
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1054
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1042
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1041
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1037
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1033
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1031
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1028
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32\1025
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system32
2009-04-20 15:05:44 ----D---- C:\WINDOWS\system
2009-04-20 15:05:44 ----D---- C:\WINDOWS\security
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Resources
2009-04-20 15:05:44 ----D---- C:\WINDOWS\repair
2009-04-20 15:05:44 ----D---- C:\WINDOWS\mui
2009-04-20 15:05:44 ----D---- C:\WINDOWS\msapps
2009-04-20 15:05:44 ----D---- C:\WINDOWS\msagent
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Media
2009-04-20 15:05:44 ----D---- C:\WINDOWS\java
2009-04-20 15:05:44 ----D---- C:\WINDOWS\ime
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Help
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Driver Cache
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Debug
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Cursors
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Connection Wizard
2009-04-20 15:05:44 ----D---- C:\WINDOWS\Config
2009-04-20 15:05:44 ----D---- C:\WINDOWS\AppPatch
2009-04-20 15:05:44 ----D---- C:\WINDOWS\addins
2009-04-20 15:05:44 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-04-25 22:01:13 ----A---- C:\WINDOWS\system.ini
2009-04-23 21:14:48 ----A---- C:\WINDOWS\win.ini
2009-04-21 20:12:38 ----RASH---- C:\NTDETECT.COM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [2009-04-21 250752]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-23 152984]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------



Here are the contents of info.txt:

info.txt logfile of random's system information tool 1.06 2009-04-27 18:15:14

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090427-0]

======System event log======

Computer Name: COMPUTER
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {75522478-5291-4668-AE9C-324AFED4D025}

User: COMPUTER\Del Real

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: driver:avastTestService

Alert Type: Unclassified software

Detection Type:

Record Number: 430
Source Name: WinDefend
Time Written: 20090422130731.000000-420
Event Type: warning
User:

Computer Name: COMPUTER
Event Code: 20
Message: Printer Driver HP LaserJet 6L for Windows NT x86 Version-3 was added or updated. Files:- (null).

Record Number: 257
Source Name: Print
Time Written: 20090421213932.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: COMPUTER
Event Code: 20
Message: Printer Driver HP LaserJet 6L for Windows NT x86 Version-3 was added or updated. Files:- (null).

Record Number: 195
Source Name: Print
Time Written: 20090421202649.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: COMPUTER
Event Code: 4311
Message: Initialization failed because the driver device could not be created.

Record Number: 130
Source Name: NetBT
Time Written: 20090421163502.000000-420
Event Type: error
User:

Computer Name: COMPUTER
Event Code: 20
Message: Printer Driver HP LaserJet 6L for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, HPLJ6L.GPD, UNIDRV.HLP, PCL5ERES.DLL, TTFSUB.GPD, UNIRES.DLL, STDNAMES.GPD.

Record Number: 10
Source Name: Print
Time Written: 20090420223036.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: COMPUTER
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 49
Source Name: WinMgmt
Time Written: 20090421211253.000000-420
Event Type: warning
User: COMPUTER\Del Real

Computer Name: COMPUTER
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 43
Source Name: WinMgmt
Time Written: 20090421202730.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: COMPUTER
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 42
Source Name: WinMgmt
Time Written: 20090421202730.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: COMPUTER
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 30
Source Name: WinMgmt
Time Written: 20090421201930.000000-420
Event Type: warning
User: COMPUTER\Del Real

Computer Name: COMPUTER
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.


Record Number: 20
Source Name: Windows Product Activation
Time Written: 20090420223245.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#26 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:15 PM

Posted 29 April 2009 - 12:32 PM

By fixing the "Optional Fixes", you will remove the program from your startup but you will not remove the program itself. Note the large number of startup items. This adversely affects the bootup time and computer speed with this large amount of unnecessary programs loading at startup and then running in the background.

Please run HijackThis and click Scan. Place checks next to the HijackThis entries that are Optional Fixes that you have chosen to remove from your startup list.

You have reader_sl.exe running at Startup. This is a process associated with the Adobe Reader. It is used to decrease the load time for the reader when a PDF document is selected. This is a non-essential process. You will still be able to start it manually if you need it. You can fix this with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available. This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

msmsgs.exe (MSN Messenger Internet chat tool) is the main process relating to the MSN Messenger Internet chat tool installed by default on most Windows computers. The Windows Messenger (IM, MSN Messenger) from Microsoft provides Online Chat and Instant Messaging. If you don't use Windows Messenger, you can
  • Rename the "Messenger" folder.
  • Uninstall, Stop, Disable or Remove "Windows Messenger (IM, MSN Messenger)".
A tray bar is also installed alongside this process for easy access to its features which include Internet chat, file sharing and audio/video conferencing. This is a non-essential process. Disabling or enabling it is down to user preference. process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

osa.exe or Osa9.exe launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it (Osa9.exe is the Office 2000 variant). This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#27 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 29 April 2009 - 05:41 PM

Hi suebaby41,

I did all the Optional Fixes using HijackThis as you instructed.

Seems like we're getting close to finishing. Is there anything else you recommend? Let me know.

Joe Anonymous

#28 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:15 PM

Posted 30 April 2009 - 08:45 AM

HijackThis is a good tool but is in the process of being updated. Since you had such a serious infection, let's do a few more steps. The online scans are good to use.

Step 1

In Normal Mode, run an online malware check from at least two and preferably three (one may catch something that another one may not) of the following sites
BitDefender
Kaspersky Online Virus Scanner
McAfee FreeScan
Panda's ActiveScan
Trend Micro™ HouseCall
Windows Live Safety Center Free Online Scan
WindowSecurity.com TrojanScan
When you have completed the scans, if you get a report of files that cannot be cleaned / deleted, make a note of the file location of anything that cannot be cleaned / deleted. Please edit the log(s) and remove:
  • items listed as "Object is locked skipped"
  • items reported that are in a quarantine folder
Please post the edited list in your next reply.

Step 2
  • Please download OTScanIt2.exe  to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and do not use the computer while the scan runs.
  • Click the Run Scan button on the toolbar. Make sure not to use the computer while the program is running or it will freeze.
  • When the scan is complete, Notepad will open with the report file.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it.
Use the Add Reply button and post the information in your next reply. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in your reply. If necessary, use more than one post.

If all these reports are clean, then we can feel better about your computer.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#29 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 01 May 2009 - 12:25 AM

Hi suebaby41,

I ran three of the online scans, Bitdefender, Kaspersky and Windows Security.com TrojanScan. Bitdefender and Kaspersky found no items and gave me a clean bill of health. Windows Security.com TrojanScan found only low priority cookies which I can and will delete using Internet Explorer.

I loaded and ran OTScanIt2 as instructed. The log is posted below. Please let me know what to do next.

Joe Anonymous

OTScanIt2 logfile created on: 4/30/2009 10:10:45 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.14.0	 Folder = C:\Documents and Settings\Del Real\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.48 Mb Total Physical Memory | 274.73 Mb Available Physical Memory | 53.71% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.73% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.67 Gb Free Space | 58.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COMPUTER
Current User Name: Del Real
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2009/02/05 13:08:45 | 00,081,000 | ---- | M] (ALWIL Software)
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2009/02/05 13:08:26 | 00,254,040 | ---- | M] (ALWIL Software)
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2009/02/05 13:08:40 | 00,138,680 | ---- | M] (ALWIL Software)
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2009/02/05 13:06:04 | 00,352,920 | ---- | M] (ALWIL Software)
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2009/02/05 13:01:25 | 00,018,752 | ---- | M] (ALWIL Software)
devldr32.exe -> %SystemRoot%\system32\devldr32.exe -> [2001/08/17 15:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/23 21:45:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/11 16:32:52 | 00,494,080 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2009/02/05 13:01:25 | 00,018,752 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2009/02/05 13:08:40 | 00,138,680 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2009/02/05 13:08:26 | 00,254,040 | ---- | M] (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2009/02/05 13:06:04 | 00,352,920 | ---- | M] (ALWIL Software)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/23 21:45:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2009/02/05 13:05:11 | 00,026,944 | ---- | M] (ALWIL Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\DRIVERS\aswFsBlk.sys -> [2009/02/05 13:07:12 | 00,020,560 | ---- | M] (ALWIL Software)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2009/02/05 13:08:10 | 00,094,032 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2009/02/05 13:06:10 | 00,023,152 | ---- | M] (ALWIL Software)
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2009/02/05 13:07:23 | 00,114,768 | ---- | M] (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2009/02/05 13:06:20 | 00,051,376 | ---- | M] (ALWIL Software)
(ctljystk) Creative SBLive! Gameport [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ctljystk.sys -> [2001/08/17 05:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.)
(emu10k) Creative SB Live! (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emu10k1m.sys -> [2001/08/17 05:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.)
(emu10k1) Creative Interface Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctlfacem.sys -> [2001/08/17 05:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\gameenum.sys -> [2008/04/13 11:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation)
(m4cxw2k3) NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\m4cxw2k3.sys -> [2009/04/21 12:43:56 | 00,250,752 | ---- | M] (D-Link Corporation)
(ms_mpu401) Microsoft MPU-401 MIDI UART Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msmpu401.sys -> [2001/08/17 07:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nv4_mini.sys -> [2004/08/03 22:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> [2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sfman) Creative SoundFont Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sfmanm.sys -> [2001/08/17 05:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.)
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\yk51x86.sys -> [2007/12/06 09:51:00 | 00,285,952 | ---- | M] (Marvell)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/04/23 21:45:48 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/04/23 21:45:45 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/04/23 21:45:48 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2009/02/05 13:08:45 | 00,081,000 | ---- | M] (ALWIL Software)
"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Del Real Startup Folder > -> C:\Documents and Settings\Del Real\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> %SystemRoot%\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] -> 
{413D6754-BFD4-47FE-9346-319559290BFA} [HKLM] -> https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab [HTECtrl Class] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scan8/oscan8.cab [BDSCANONLINE Control] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab [Windows Live Safety Center Base Module] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240357188055 [WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240548394808&h=cecf1dcbe86f86f34fe9c774f755b233/&filename=jinstall-6u13-windows-i586-jc.cab [Java Plug-in 1.6.0_13] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> http://ax.emsisoft.com/asquared.cab [a-squared Scanner] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab [Reg Error: Key error.] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{EDB052CB-8078-4868-A15B-D7BFB1E50173} ->	(D-Link DGE-530T Gigabit Ethernet Adapter (rev.B)) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 11:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2009/04/20 22:25:58 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
 
[Files/Folders - Created Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/04/30 22:10:16 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/04/30 22:09:33 | 00,665,196 | ---- | C] ()
Kaspersky Report.html -> %UserProfile%\Desktop\Kaspersky Report.html -> [2009/04/30 20:58:04 | 00,002,786 | ---- | C] ()
.housecall6.6 -> %UserProfile%\.housecall6.6 -> [2009/04/30 11:37:25 | 00,000,000 | ---D | C]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/04/29 15:02:01 | 00,001,734 | ---- | C] ()
PrivacIE -> %UserProfile%\PrivacIE -> [2009/04/29 14:57:02 | 00,000,000 | -HSD | C]
IECompatCache -> %UserProfile%\IECompatCache -> [2009/04/29 14:56:59 | 00,000,000 | -HSD | C]
IETldCache -> %UserProfile%\IETldCache -> [2009/04/29 14:45:37 | 00,000,000 | -HSD | C]
ie8updates -> %SystemRoot%\ie8updates -> [2009/04/29 14:37:53 | 00,000,000 | ---D | C]
iecompat.dll -> %SystemRoot%\System32\dllcache\iecompat.dll -> [2009/04/29 14:37:35 | 00,105,984 | ---- | C] (Microsoft Corporation)
ie8 -> %SystemRoot%\ie8 -> [2009/04/29 14:34:00 | 00,000,000 | -H-D | C]
dssenh.dll -> %SystemRoot%\System32\dssenh.dll -> [2009/04/26 13:57:48 | 00,138,752 | ---- | C] (Microsoft Corporation)
dssenh.dll -> %SystemRoot%\System32\dllcache\dssenh.dll -> [2009/04/26 13:57:48 | 00,138,752 | ---- | C] (Microsoft Corporation)
trend micro -> %ProgramFiles%\trend micro -> [2009/04/25 14:14:00 | 00,000,000 | ---D | C]
rsit -> %SystemDrive%\rsit -> [2009/04/25 14:13:58 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/04/25 14:13:19 | 00,781,909 | ---- | C] ()
Windows Live Safety Center -> %ProgramFiles%\Windows Live Safety Center -> [2009/04/25 12:30:50 | 00,000,000 | ---D | C]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [2009/04/25 11:47:10 | 00,000,000 | ---D | C]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [2009/04/23 22:10:09 | 00,001,632 | ---- | C] ()
iacenc.dll -> %SystemRoot%\System32\iacenc.dll -> [2009/04/23 21:55:39 | 00,136,704 | ---- | C] (Ligos Corporation)
iyvu9_32.dll -> %SystemRoot%\System32\iyvu9_32.dll -> [2009/04/23 21:55:39 | 00,056,320 | ---- | C] ()
Ligos -> %ProgramFiles%\Ligos -> [2009/04/23 21:55:35 | 00,000,000 | ---D | C]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2009/04/23 21:47:06 | 00,001,744 | ---- | C] ()
Sun -> %SystemRoot%\Sun -> [2009/04/23 21:47:01 | 00,000,000 | ---D | C]
Java -> %ProgramFiles%\Java -> [2009/04/23 21:45:40 | 00,000,000 | ---D | C]
Sun -> %AppData%\Sun -> [2009/04/23 21:44:48 | 00,000,000 | ---D | C]
Adobe -> %SystemRoot%\System32\Adobe -> [2009/04/23 21:43:19 | 00,000,000 | ---D | C]
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> %AppData%\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [2009/04/23 21:40:46 | 00,000,000 | ---D | C]
Acrobat.com.lnk -> %AllUsersProfile%\Desktop\Acrobat.com.lnk -> [2009/04/23 21:38:28 | 00,000,734 | ---- | C] ()
Adobe AIR -> %CommonProgramFiles%\Adobe AIR -> [2009/04/23 21:38:07 | 00,000,000 | ---D | C]
Adobe Reader 9.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 9.lnk -> [2009/04/23 21:35:34 | 00,001,729 | ---- | C] ()
Adobe -> %AllUsersProfile%\Application Data\Adobe -> [2009/04/23 21:34:26 | 00,000,000 | ---D | C]
Adobe -> %ProgramFiles%\Adobe -> [2009/04/23 21:32:19 | 00,000,000 | ---D | C]
Adobe -> %CommonProgramFiles%\Adobe -> [2009/04/23 21:32:19 | 00,000,000 | ---D | C]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [2009/04/23 21:22:03 | 00,000,000 | ---D | C]
NOS -> %AllUsersProfile%\Application Data\NOS -> [2009/04/23 21:21:51 | 00,000,000 | ---D | C]
NOS -> %ProgramFiles%\NOS -> [2009/04/23 21:21:49 | 00,000,000 | ---D | C]
OfficeUpdate12 -> %AppData%\OfficeUpdate12 -> [2009/04/23 20:50:34 | 00,000,000 | ---D | C]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [2009/04/23 20:47:11 | 00,000,376 | ---- | C] ()
Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk -> [2009/04/23 20:44:58 | 00,002,473 | ---- | C] ()
Microsoft Excel.lnk -> %UserProfile%\Desktop\Microsoft Excel.lnk -> [2009/04/23 20:44:58 | 00,002,471 | ---- | C] ()
Microsoft Visual Studio -> %ProgramFiles%\Microsoft Visual Studio -> [2009/04/23 20:44:21 | 00,000,000 | ---D | C]
Designer -> %CommonProgramFiles%\Designer -> [2009/04/23 20:44:18 | 00,000,000 | ---D | C]
ShellNew -> %SystemRoot%\ShellNew -> [2009/04/23 20:43:23 | 00,000,000 | ---D | C]
Microsoft Web Folders -> %AppData%\Microsoft Web Folders -> [2009/04/23 20:42:19 | 00,000,000 | ---D | C]
Microsoft Office -> %ProgramFiles%\Microsoft Office -> [2009/04/23 20:42:19 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/04/23 19:55:46 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/23 19:55:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/04/23 19:55:39 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/23 19:55:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/04/23 19:55:34 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/04/23 19:55:33 | 00,000,000 | ---D | C]
Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [2009/04/22 17:24:09 | 00,000,000 | ---D | C]
My Videos -> %UserProfile%\My Documents\My Videos -> [2009/04/22 14:04:42 | 00,000,000 | R--D | C]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/04/22 14:03:00 | 00,057,856 | ---- | C] ()
Business Team Files -> %UserProfile%\My Documents\Business Team Files -> [2009/04/22 13:59:27 | 00,000,000 | ---D | C]
Joe's Files -> %UserProfile%\My Documents\Joe's Files -> [2009/04/22 13:51:03 | 00,000,000 | ---D | C]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2009/04/22 13:08:50 | 00,023,152 | ---- | C] (ALWIL Software)
avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk -> [2009/04/22 13:08:50 | 00,001,709 | ---- | C] ()
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2009/04/22 13:08:49 | 00,051,376 | ---- | C] (ALWIL Software)
aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2009/04/22 13:08:48 | 00,026,944 | ---- | C] (ALWIL Software)
AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> [2009/04/22 13:08:46 | 00,097,480 | ---- | C] (ALWIL Software)
aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> [2009/04/22 13:08:45 | 00,114,768 | ---- | C] (ALWIL Software)
aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2009/04/22 13:08:45 | 00,094,032 | ---- | C] (ALWIL Software)
aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> [2009/04/22 13:08:45 | 00,093,296 | ---- | C] (ALWIL Software)
aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> [2009/04/22 13:08:45 | 00,020,560 | ---- | C] (ALWIL Software)
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> [2009/04/22 13:08:18 | 01,256,296 | ---- | C] (ALWIL Software)
MFC71.dll -> %SystemRoot%\System32\MFC71.dll -> [2009/04/22 13:08:18 | 01,060,864 | ---- | C] (Microsoft Corporation)
MSVCP71.dll -> %SystemRoot%\System32\MSVCP71.dll -> [2009/04/22 13:08:18 | 00,499,712 | ---- | C] (Microsoft Corporation)
actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [2009/04/22 13:08:18 | 00,380,928 | ---- | C] ()
MSVCR71.dll -> %SystemRoot%\System32\MSVCR71.dll -> [2009/04/22 13:08:18 | 00,348,160 | ---- | C] (Microsoft Corporation)
Alwil Software -> %ProgramFiles%\Alwil Software -> [2009/04/22 13:08:15 | 00,000,000 | ---D | C]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2009/04/22 13:02:36 | 00,000,330 | -H-- | C] ()
Windows Defender -> %ProgramFiles%\Windows Defender -> [2009/04/22 12:59:27 | 00,000,000 | ---D | C]
Internet.lnk -> %UserProfile%\Desktop\Internet.lnk -> [2009/04/21 22:37:40 | 00,000,104 | ---- | C] ()
spmsg.dll -> %SystemRoot%\System32\spmsg.dll -> [2009/04/21 22:24:13 | 00,016,928 | ---- | C] (Microsoft Corporation)
Windows Media Connect 2 -> %ProgramFiles%\Windows Media Connect 2 -> [2009/04/21 22:23:53 | 00,000,000 | ---D | C]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2009/04/21 22:22:28 | 00,000,000 | -H-- | C] ()
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [2009/04/21 22:22:27 | 00,000,000 | ---D | C]
LogFiles -> %SystemRoot%\System32\LogFiles -> [2009/04/21 22:22:27 | 00,000,000 | ---D | C]
WGASetup.job -> %SystemRoot%\tasks\WGASetup.job -> [2009/04/21 21:54:48 | 00,000,264 | ---- | C] ()
KB905474 -> %SystemRoot%\System32\KB905474 -> [2009/04/21 21:54:48 | 00,000,000 | ---D | C]
ie7updates -> %SystemRoot%\ie7updates -> [2009/04/21 21:51:04 | 00,000,000 | ---D | C]
ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2009/04/21 21:50:47 | 11,063,808 | ---- | C] (Microsoft Corporation)
ieapfltr.dat -> %SystemRoot%\System32\dllcache\ieapfltr.dat -> [2009/04/21 21:50:47 | 03,698,584 | ---- | C] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\dllcache\iertutil.dll -> [2009/04/21 21:50:47 | 01,985,024 | ---- | C] (Microsoft Corporation)
ieframe.dll.mui -> %SystemRoot%\System32\dllcache\ieframe.dll.mui -> [2009/04/21 21:50:47 | 01,241,088 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\dllcache\msfeeds.dll -> [2009/04/21 21:50:47 | 00,594,432 | ---- | C] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\dllcache\ieapfltr.dll -> [2009/04/21 21:50:47 | 00,445,952 | ---- | C] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\dllcache\icardie.dll -> [2009/04/21 21:50:47 | 00,059,904 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\dllcache\msfeedsbs.dll -> [2009/04/21 21:50:47 | 00,055,296 | ---- | C] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\dllcache\ieudinit.exe -> [2009/04/21 21:50:47 | 00,013,824 | ---- | C] (Microsoft Corporation)
WBEM -> %SystemRoot%\WBEM -> [2009/04/21 21:50:31 | 00,000,000 | ---D | C]
ie7 -> %SystemRoot%\ie7 -> [2009/04/21 21:48:55 | 00,000,000 | -H-D | C]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [2009/04/21 21:48:42 | 00,000,000 | -H-D | C]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [2009/04/21 21:48:21 | 00,000,000 | -H-D | C]
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/04/21 21:47:08 | 24,921,544 | ---- | C] (Microsoft Corporation)
Prefetch -> %SystemRoot%\Prefetch -> [2009/04/21 21:39:16 | 00,000,000 | ---D | C]
en-us -> %SystemRoot%\System32\en-us -> [2009/04/21 21:11:35 | 00,000,000 | ---D | C]
scripting -> %SystemRoot%\System32\scripting -> [2009/04/21 21:11:33 | 00,000,000 | ---D | C]
l2schemas -> %SystemRoot%\l2schemas -> [2009/04/21 21:11:32 | 00,000,000 | ---D | C]
en -> %SystemRoot%\System32\en -> [2009/04/21 21:11:31 | 00,000,000 | ---D | C]
network diagnostic -> %SystemRoot%\network diagnostic -> [2009/04/21 21:04:51 | 00,000,000 | ---D | C]
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2009/04/21 20:55:20 | 00,455,296 | ---- | C] (Microsoft Corporation)
bthport.sys -> %SystemRoot%\System32\dllcache\bthport.sys -> [2009/04/21 20:53:32 | 00,272,128 | ---- | C] (Microsoft Corporation)
pdh.dll -> %SystemRoot%\System32\dllcache\pdh.dll -> [2009/04/21 20:51:38 | 00,284,160 | ---- | C] (Microsoft Corporation)
rpcss.dll -> %SystemRoot%\System32\dllcache\rpcss.dll -> [2009/04/21 20:51:37 | 00,401,408 | ---- | C] (Microsoft Corporation)
fastprox.dll -> %SystemRoot%\System32\dllcache\fastprox.dll -> [2009/04/21 20:51:36 | 00,473,600 | ---- | C] (Microsoft Corporation)
services.exe -> %SystemRoot%\System32\dllcache\services.exe -> [2009/04/21 20:51:36 | 00,110,592 | ---- | C] (Microsoft Corporation)
wmiprvse.exe -> %SystemRoot%\System32\dllcache\wmiprvse.exe -> [2009/04/21 20:51:35 | 00,227,840 | ---- | C] (Microsoft Corporation)
wmiprvsd.dll -> %SystemRoot%\System32\dllcache\wmiprvsd.dll -> [2009/04/21 20:51:34 | 00,453,120 | ---- | C] (Microsoft Corporation)
lsasrv.dll -> %SystemRoot%\System32\dllcache\lsasrv.dll -> [2009/04/21 20:51:33 | 00,729,088 | ---- | C] (Microsoft Corporation)
ntdll.dll -> %SystemRoot%\System32\dllcache\ntdll.dll -> [2009/04/21 20:51:32 | 00,714,752 | ---- | C] (Microsoft Corporation)
advapi32.dll -> %SystemRoot%\System32\dllcache\advapi32.dll -> [2009/04/21 20:51:32 | 00,617,472 | ---- | C] (Microsoft Corporation)
ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2009/04/21 20:51:31 | 02,145,280 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2009/04/21 20:51:29 | 02,189,056 | ---- | C] (Microsoft Corporation)
ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2009/04/21 20:51:27 | 02,023,936 | ---- | C] (Microsoft Corporation)
xpsp3res.dll -> %SystemRoot%\System32\xpsp3res.dll -> [2009/04/21 20:50:30 | 00,689,152 | ---- | C] (Microsoft Corporation)
xmllite.dll -> %SystemRoot%\System32\xmllite.dll -> [2009/04/21 20:50:29 | 00,121,856 | ---- | C] (Microsoft Corporation)
wmvds32.ax -> %SystemRoot%\System32\dllcache\wmvds32.ax -> [2009/04/21 20:50:27 | 00,258,048 | ---- | C] (Microsoft Corporation)
wmvdmoe2.dll -> %SystemRoot%\System32\dllcache\wmvdmoe2.dll -> [2009/04/21 20:50:27 | 00,004,096 | ---- | C] (Microsoft Corporation)
wmvdmod.dll -> %SystemRoot%\System32\dllcache\wmvdmod.dll -> [2009/04/21 20:50:27 | 00,004,096 | ---- | C] (Microsoft Corporation)
wmploc.dll -> %SystemRoot%\System32\dllcache\wmploc.dll -> [2009/04/21 20:50:26 | 08,231,936 | ---- | C] (Microsoft Corporation)
WMVCore.dll -> %SystemRoot%\System32\dllcache\WMVCore.dll -> [2009/04/21 20:50:26 | 02,458,112 | ---- | C] (Microsoft Corporation)
WMSPDMOE.dll -> %SystemRoot%\System32\dllcache\WMSPDMOE.dll -> [2009/04/21 20:50:26 | 01,329,152 | ---- | C] (Microsoft Corporation)
wmplayer.chm -> %SystemRoot%\System32\dllcache\wmplayer.chm -> [2009/04/21 20:50:26 | 00,613,334 | ---- | C] ()
WMSPDMOD.dll -> %SystemRoot%\System32\dllcache\WMSPDMOD.dll -> [2009/04/21 20:50:26 | 00,603,648 | ---- | C] (Microsoft Corporation)
wmstream.dll -> %SystemRoot%\System32\dllcache\wmstream.dll -> [2009/04/21 20:50:26 | 00,303,616 | ---- | C] (Microsoft Corporation)
wmv8ds32.ax -> %SystemRoot%\System32\dllcache\wmv8ds32.ax -> [2009/04/21 20:50:26 | 00,278,559 | ---- | C] (Microsoft Corporation)
wmphoto.dll -> %SystemRoot%\System32\wmphoto.dll -> [2009/04/21 20:50:26 | 00,276,992 | ---- | C] (Microsoft Corporation)
wmpns.dll -> %SystemRoot%\System32\dllcache\wmpns.dll -> [2009/04/21 20:50:26 | 00,221,184 | ---- | C] (Microsoft Corporation)
wmsdmoe.dll -> %SystemRoot%\System32\dllcache\wmsdmoe.dll -> [2009/04/21 20:50:26 | 00,115,200 | ---- | C] (Microsoft Corporation)
wmpshell.dll -> %SystemRoot%\System32\dllcache\wmpshell.dll -> [2009/04/21 20:50:26 | 00,099,840 | ---- | C] (Microsoft Corporation)
wmplayer.adm -> %SystemRoot%\System32\dllcache\wmplayer.adm -> [2009/04/21 20:50:26 | 00,069,612 | ---- | C] ()
wmplayer.exe -> %SystemRoot%\System32\dllcache\wmplayer.exe -> [2009/04/21 20:50:26 | 00,064,000 | ---- | C] (Microsoft Corporation)
wmplay.chm -> %SystemRoot%\System32\dllcache\wmplay.chm -> [2009/04/21 20:50:26 | 00,023,195 | ---- | C] ()
wmpui.dll -> %SystemRoot%\System32\dllcache\wmpui.dll -> [2009/04/21 20:50:26 | 00,020,480 | ---- | C] (Microsoft Corporation)
wmptour.hta -> %SystemRoot%\System32\dllcache\wmptour.hta -> [2009/04/21 20:50:26 | 00,010,457 | ---- | C] ()
wmsdmoe2.dll -> %SystemRoot%\System32\dllcache\wmsdmoe2.dll -> [2009/04/21 20:50:26 | 00,004,096 | ---- | C] (Microsoft Corporation)
wmsdmod.dll -> %SystemRoot%\System32\dllcache\wmsdmod.dll -> [2009/04/21 20:50:26 | 00,004,096 | ---- | C] (Microsoft Corporation)
wmptour.css -> %SystemRoot%\System32\dllcache\wmptour.css -> [2009/04/21 20:50:26 | 00,001,771 | ---- | C] ()
wmpocm.inf -> %SystemRoot%\System32\dllcache\wmpocm.inf -> [2009/04/21 20:50:26 | 00,000,855 | ---- | C] ()
wmploc.js -> %SystemRoot%\System32\dllcache\wmploc.js -> [2009/04/21 20:50:26 | 00,000,420 | ---- | C] ()
wmpaud7.wav -> %SystemRoot%\System32\dllcache\wmpaud7.wav -> [2009/04/21 20:50:25 | 00,343,204 | ---- | C] ()
wmpaud6.wav -> %SystemRoot%\System32\dllcache\wmpaud6.wav -> [2009/04/21 20:50:25 | 00,343,204 | ---- | C] ()
wmpdxm.dll -> %SystemRoot%\System32\dllcache\wmpdxm.dll -> [2009/04/21 20:50:25 | 00,314,880 | ---- | C] (Microsoft Corporation)
wmpaud9.wav -> %SystemRoot%\System32\dllcache\wmpaud9.wav -> [2009/04/21 20:50:25 | 00,172,196 | ---- | C] ()
wmpaud8.wav -> %SystemRoot%\System32\dllcache\wmpaud8.wav -> [2009/04/21 20:50:25 | 00,172,196 | ---- | C] ()
wmpband.dll -> %SystemRoot%\System32\dllcache\wmpband.dll -> [2009/04/21 20:50:25 | 00,096,256 | ---- | C] (Microsoft Corporation)
wmpaud5.wav -> %SystemRoot%\System32\dllcache\wmpaud5.wav -> [2009/04/21 20:50:25 | 00,086,196 | ---- | C] ()
wmpcore.dll -> %SystemRoot%\System32\dllcache\wmpcore.dll -> [2009/04/21 20:50:25 | 00,020,480 | ---- | C] (Microsoft Corporation)
wmpcd.dll -> %SystemRoot%\System32\dllcache\wmpcd.dll -> [2009/04/21 20:50:25 | 00,020,480 | ---- | C] (Microsoft Corporation)
wmpaud1.wav -> %SystemRoot%\System32\dllcache\wmpaud1.wav -> [2009/04/21 20:50:24 | 00,354,468 | ---- | C] ()
wmpasf.dll -> %SystemRoot%\System32\dllcache\wmpasf.dll -> [2009/04/21 20:50:24 | 00,242,688 | ---- | C] (Microsoft Corporation)
wmpaud3.wav -> %SystemRoot%\System32\dllcache\wmpaud3.wav -> [2009/04/21 20:50:24 | 00,172,196 | ---- | C] ()
wmpaud4.wav -> %SystemRoot%\System32\dllcache\wmpaud4.wav -> [2009/04/21 20:50:24 | 00,086,180 | ---- | C] ()
wmpaud2.wav -> %SystemRoot%\System32\dllcache\wmpaud2.wav -> [2009/04/21 20:50:24 | 00,086,180 | ---- | C] ()
wmp.inf -> %SystemRoot%\System32\dllcache\wmp.inf -> [2009/04/21 20:50:24 | 00,029,070 | ---- | C] ()
wmp.ocx -> %SystemRoot%\System32\dllcache\wmp.ocx -> [2009/04/21 20:50:24 | 00,020,480 | ---- | C] (Microsoft Corporation)
wmp.dll -> %SystemRoot%\System32\dllcache\wmp.dll -> [2009/04/21 20:50:23 | 10,838,016 | ---- | C] (Microsoft Corporation)
WMNetmgr.dll -> %SystemRoot%\System32\dllcache\WMNetmgr.dll -> [2009/04/21 20:50:23 | 00,938,496 | ---- | C] (Microsoft Corporation)
wmidx.dll -> %SystemRoot%\System32\dllcache\wmidx.dll -> [2009/04/21 20:50:23 | 00,157,184 | ---- | C] (Microsoft Corporation)
WMADMOE.dll -> %SystemRoot%\System32\dllcache\WMADMOE.dll -> [2009/04/21 20:50:22 | 01,117,696 | ---- | C] (Microsoft Corporation)
WMADMOD.dll -> %SystemRoot%\System32\dllcache\WMADMOD.dll -> [2009/04/21 20:50:22 | 00,757,248 | ---- | C] (Microsoft Corporation)
wmerror.dll -> %SystemRoot%\System32\dllcache\wmerror.dll -> [2009/04/21 20:50:22 | 00,227,328 | ---- | C] (Microsoft Corporation)
wmasf.dll -> %SystemRoot%\System32\dllcache\wmasf.dll -> [2009/04/21 20:50:22 | 00,222,720 | ---- | C] (Microsoft Corporation)
wlanapi.dll -> %SystemRoot%\System32\wlanapi.dll -> [2009/04/21 20:50:22 | 00,069,120 | ---- | C] (Microsoft Corporation)
wmdmps.dll -> %SystemRoot%\System32\dllcache\wmdmps.dll -> [2009/04/21 20:50:22 | 00,037,376 | ---- | C] (Microsoft Corporation)
wmdmlog.dll -> %SystemRoot%\System32\dllcache\wmdmlog.dll -> [2009/04/21 20:50:22 | 00,033,792 | ---- | C] (Microsoft Corporation)
wmdm.inf -> %SystemRoot%\System32\dllcache\wmdm.inf -> [2009/04/21 20:50:22 | 00,017,272 | ---- | C] ()
wm7.gif -> %SystemRoot%\System32\dllcache\wm7.gif -> [2009/04/21 20:50:22 | 00,008,677 | ---- | C] ()
wm9.gif -> %SystemRoot%\System32\dllcache\wm9.gif -> [2009/04/21 20:50:22 | 00,007,892 | ---- | C] ()
wm2.gif -> %SystemRoot%\System32\dllcache\wm2.gif -> [2009/04/21 20:50:22 | 00,007,636 | ---- | C] ()
wm4.gif -> %SystemRoot%\System32\dllcache\wm4.gif -> [2009/04/21 20:50:22 | 00,007,369 | ---- | C] ()
wmfsdk.inf -> %SystemRoot%\System32\dllcache\wmfsdk.inf -> [2009/04/21 20:50:22 | 00,006,769 | ---- | C] ()
wm3.gif -> %SystemRoot%\System32\dllcache\wm3.gif -> [2009/04/21 20:50:22 | 00,006,241 | ---- | C] ()
wm6.gif -> %SystemRoot%\System32\dllcache\wm6.gif -> [2009/04/21 20:50:22 | 00,006,060 | ---- | C] ()
wm1.gif -> %SystemRoot%\System32\dllcache\wm1.gif -> [2009/04/21 20:50:22 | 00,005,789 | ---- | C] ()
wm8.gif -> %SystemRoot%\System32\dllcache\wm8.gif -> [2009/04/21 20:50:22 | 00,004,193 | ---- | C] ()
wm5.gif -> %SystemRoot%\System32\dllcache\wm5.gif -> [2009/04/21 20:50:22 | 00,002,477 | ---- | C] ()
windowscodecs.dll -> %SystemRoot%\System32\windowscodecs.dll -> [2009/04/21 20:50:20 | 00,712,704 | ---- | C] (Microsoft Corporation)
windowscodecsext.dll -> %SystemRoot%\System32\windowscodecsext.dll -> [2009/04/21 20:50:20 | 00,346,112 | ---- | C] (Microsoft Corporation)
viz.wmv -> %SystemRoot%\System32\dllcache\viz.wmv -> [2009/04/21 20:50:18 | 00,300,969 | ---- | C] ()
verclsid.exe -> %SystemRoot%\System32\verclsid.exe -> [2009/04/21 20:50:18 | 00,028,672 | ---- | C] (Microsoft Corporation)
videobg.gif -> %SystemRoot%\System32\dllcache\videobg.gif -> [2009/04/21 20:50:18 | 00,017,489 | ---- | C] ()
vidsamp.gif -> %SystemRoot%\System32\dllcache\vidsamp.gif -> [2009/04/21 20:50:18 | 00,005,290 | ---- | C] ()
unregmp2.exe -> %SystemRoot%\System32\dllcache\unregmp2.exe -> [2009/04/21 20:50:14 | 00,317,440 | ---- | C] (Microsoft Corporation)
tzchange.exe -> %SystemRoot%\System32\tzchange.exe -> [2009/04/21 20:50:14 | 00,062,976 | ---- | C] (Microsoft Corporation)
tsgqec.dll -> %SystemRoot%\System32\tsgqec.dll -> [2009/04/21 20:50:14 | 00,053,248 | ---- | C] (Microsoft Corporation)
tspkg.dll -> %SystemRoot%\System32\tspkg.dll -> [2009/04/21 20:50:14 | 00,050,688 | ---- | C] (Microsoft Corporation)
tourbg.gif -> %SystemRoot%\System32\dllcache\tourbg.gif -> [2009/04/21 20:50:13 | 00,023,829 | ---- | C] ()
tour.js -> %SystemRoot%\System32\dllcache\tour.js -> [2009/04/21 20:50:13 | 00,003,187 | ---- | C] ()
tplay.gif -> %SystemRoot%\System32\dllcache\tplay.gif -> [2009/04/21 20:50:13 | 00,002,469 | ---- | C] ()
tpause.gif -> %SystemRoot%\System32\dllcache\tpause.gif -> [2009/04/21 20:50:13 | 00,002,450 | ---- | C] ()
tplayh.gif -> %SystemRoot%\System32\dllcache\tplayh.gif -> [2009/04/21 20:50:13 | 00,002,375 | ---- | C] ()
tpauseh.gif -> %SystemRoot%\System32\dllcache\tpauseh.gif -> [2009/04/21 20:50:13 | 00,002,371 | ---- | C] ()
taon.gif -> %SystemRoot%\System32\dllcache\taon.gif -> [2009/04/21 20:50:11 | 00,001,398 | ---- | C] ()
taonh.gif -> %SystemRoot%\System32\dllcache\taonh.gif -> [2009/04/21 20:50:11 | 00,001,380 | ---- | C] ()
taoff.gif -> %SystemRoot%\System32\dllcache\taoff.gif -> [2009/04/21 20:50:11 | 00,001,380 | ---- | C] ()
taoffh.gif -> %SystemRoot%\System32\dllcache\taoffh.gif -> [2009/04/21 20:50:11 | 00,001,367 | ---- | C] ()
strmdll.dll -> %SystemRoot%\System32\dllcache\strmdll.dll -> [2009/04/21 20:50:10 | 00,247,326 | ---- | C] (Microsoft Corporation)
sl_anet.acm -> %SystemRoot%\System32\dllcache\sl_anet.acm -> [2009/04/21 20:50:06 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.)
snd.htm -> %SystemRoot%\System32\dllcache\snd.htm -> [2009/04/21 20:50:06 | 00,001,148 | ---- | C] ()
skins.inf -> %SystemRoot%\System32\dllcache\skins.inf -> [2009/04/21 20:50:05 | 00,000,908 | ---- | C] ()
shmedia.dll -> %SystemRoot%\System32\dllcache\shmedia.dll -> [2009/04/21 20:50:04 | 00,152,064 | ---- | C] (Microsoft Corporation)
setup_wm.exe -> %SystemRoot%\System32\dllcache\setup_wm.exe -> [2009/04/21 20:50:02 | 01,669,120 | ---- | C] (Microsoft Corporation)
setupn.exe -> %SystemRoot%\System32\setupn.exe -> [2009/04/21 20:50:02 | 00,032,768 | ---- | C] (Microsoft Corporation)
sffp_mmc.sys -> %SystemRoot%\System32\drivers\sffp_mmc.sys -> [2009/04/21 20:50:02 | 00,010,240 | ---- | C] (Microsoft Corporation)
rtuner.wmv -> %SystemRoot%\System32\dllcache\rtuner.wmv -> [2009/04/21 20:50:00 | 00,572,557 | ---- | C] ()
rhttpaa.dll -> %SystemRoot%\System32\rhttpaa.dll -> [2009/04/21 20:49:59 | 00,290,304 | ---- | C] (Microsoft Corporation)
revert.wmz -> %SystemRoot%\System32\dllcache\revert.wmz -> [2009/04/21 20:49:59 | 00,066,725 | ---- | C] ()
rasqec.dll -> %SystemRoot%\System32\rasqec.dll -> [2009/04/21 20:49:58 | 00,061,952 | ---- | C] (Microsoft Corporation)
qutil.dll -> %SystemRoot%\System32\qutil.dll -> [2009/04/21 20:49:57 | 00,076,800 | ---- | C] (Microsoft Corporation)
qcliprov.dll -> %SystemRoot%\System32\qcliprov.dll -> [2009/04/21 20:49:57 | 00,062,464 | ---- | C] (Microsoft Corporation)
qagentrt.dll -> %SystemRoot%\System32\qagentrt.dll -> [2009/04/21 20:49:56 | 00,291,328 | ---- | C] (Microsoft Corporation)
qagent.dll -> %SystemRoot%\System32\qagent.dll -> [2009/04/21 20:49:56 | 00,150,528 | ---- | C] (Microsoft Corporation)
photometadatahandler.dll -> %SystemRoot%\System32\photometadatahandler.dll -> [2009/04/21 20:49:55 | 00,412,160 | ---- | C] (Microsoft Corporation)
plyr_err.chm -> %SystemRoot%\System32\dllcache\plyr_err.chm -> [2009/04/21 20:49:55 | 00,077,307 | ---- | C] ()
plylst6.wpl -> %SystemRoot%\System32\dllcache\plylst6.wpl -> [2009/04/21 20:49:55 | 00,001,477 | ---- | C] ()
plylst5.wpl -> %SystemRoot%\System32\dllcache\plylst5.wpl -> [2009/04/21 20:49:55 | 00,001,477 | ---- | C] ()
plylst3.wpl -> %SystemRoot%\System32\dllcache\plylst3.wpl -> [2009/04/21 20:49:55 | 00,001,474 | ---- | C] ()
plylst12.wpl -> %SystemRoot%\System32\dllcache\plylst12.wpl -> [2009/04/21 20:49:55 | 00,001,451 | ---- | C] ()
plylst4.wpl -> %SystemRoot%\System32\dllcache\plylst4.wpl -> [2009/04/21 20:49:55 | 00,001,448 | ---- | C] ()
plylst1.wpl -> %SystemRoot%\System32\dllcache\plylst1.wpl -> [2009/04/21 20:49:55 | 00,001,250 | ---- | C] ()
plylst2.wpl -> %SystemRoot%\System32\dllcache\plylst2.wpl -> [2009/04/21 20:49:55 | 00,001,049 | ---- | C] ()
plylst7.wpl -> %SystemRoot%\System32\dllcache\plylst7.wpl -> [2009/04/21 20:49:55 | 00,001,046 | ---- | C] ()
plylst8.wpl -> %SystemRoot%\System32\dllcache\plylst8.wpl -> [2009/04/21 20:49:55 | 00,001,036 | ---- | C] ()
plylst11.wpl -> %SystemRoot%\System32\dllcache\plylst11.wpl -> [2009/04/21 20:49:55 | 00,000,789 | ---- | C] ()
plylst10.wpl -> %SystemRoot%\System32\dllcache\plylst10.wpl -> [2009/04/21 20:49:55 | 00,000,787 | ---- | C] ()
plylst9.wpl -> %SystemRoot%\System32\dllcache\plylst9.wpl -> [2009/04/21 20:49:55 | 00,000,784 | ---- | C] ()
plylst13.wpl -> %SystemRoot%\System32\dllcache\plylst13.wpl -> [2009/04/21 20:49:55 | 00,000,783 | ---- | C] ()
plylst14.wpl -> %SystemRoot%\System32\dllcache\plylst14.wpl -> [2009/04/21 20:49:55 | 00,000,775 | ---- | C] ()
plylst15.wpl -> %SystemRoot%\System32\dllcache\plylst15.wpl -> [2009/04/21 20:49:55 | 00,000,733 | ---- | C] ()
onex.dll -> %SystemRoot%\System32\onex.dll -> [2009/04/21 20:49:53 | 00,144,384 | ---- | C] (Microsoft Corporation)
nuskin.wmv -> %SystemRoot%\System32\dllcache\nuskin.wmv -> [2009/04/21 20:49:50 | 00,375,519 | ---- | C] ()
npdsplay.dll -> %SystemRoot%\System32\dllcache\npdsplay.dll -> [2009/04/21 20:49:46 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.))
npdrmv2.dll -> %SystemRoot%\System32\dllcache\npdrmv2.dll -> [2009/04/21 20:49:46 | 00,226,816 | ---- | C] (Microsoft Corporation)
npds.zip -> %SystemRoot%\System32\dllcache\npds.zip -> [2009/04/21 20:49:46 | 00,022,060 | ---- | C] ()
npwmsdrm.dll -> %SystemRoot%\System32\dllcache\npwmsdrm.dll -> [2009/04/21 20:49:46 | 00,010,240 | ---- | C] (Microsoft Corporation)
npdrmv2.zip -> %SystemRoot%\System32\dllcache\npdrmv2.zip -> [2009/04/21 20:49:46 | 00,000,403 | ---- | C] ()
napmontr.dll -> %SystemRoot%\System32\napmontr.dll -> [2009/04/21 20:49:44 | 00,193,024 | ---- | C] (Microsoft Corporation)
napstat.exe -> %SystemRoot%\System32\napstat.exe -> [2009/04/21 20:49:44 | 00,176,640 | ---- | C] (Microsoft Corporation)
napipsec.dll -> %SystemRoot%\System32\napipsec.dll -> [2009/04/21 20:49:44 | 00,030,208 | ---- | C] (Microsoft Corporation)
msxml6.dll -> %SystemRoot%\System32\msxml6.dll -> [2009/04/21 20:49:43 | 01,307,648 | ---- | C] (Microsoft Corporation)
msxml6.dll -> %SystemRoot%\System32\dllcache\msxml6.dll -> [2009/04/21 20:49:43 | 01,307,648 | ---- | C] (Microsoft Corporation)
msxml6r.dll -> %SystemRoot%\System32\msxml6r.dll -> [2009/04/21 20:49:43 | 00,079,872 | ---- | C] (Microsoft Corporation)
msxml6r.dll -> %SystemRoot%\System32\dllcache\msxml6r.dll -> [2009/04/21 20:49:43 | 00,079,872 | ---- | C] (Microsoft Corporation)
mswmdm.dll -> %SystemRoot%\System32\dllcache\mswmdm.dll -> [2009/04/21 20:49:42 | 00,321,536 | ---- | C] (Microsoft Corporation)
msscp.dll -> %SystemRoot%\System32\dllcache\msscp.dll -> [2009/04/21 20:49:41 | 00,414,720 | ---- | C] (Microsoft Corporation)
mssha.dll -> %SystemRoot%\System32\mssha.dll -> [2009/04/21 20:49:41 | 00,155,136 | ---- | C] (Microsoft Corporation)
msshavmsg.dll -> %SystemRoot%\System32\msshavmsg.dll -> [2009/04/21 20:49:41 | 00,076,800 | ---- | C] (Microsoft Corporation)
msscds32.ax -> %SystemRoot%\System32\dllcache\msscds32.ax -> [2009/04/21 20:49:41 | 00,069,632 | ---- | C] (Microsoft Corporation)
mspmsp.dll -> %SystemRoot%\System32\dllcache\mspmsp.dll -> [2009/04/21 20:49:39 | 00,175,616 | ---- | C] (Microsoft Corporation)
mspmsnsv.dll -> %SystemRoot%\System32\dllcache\mspmsnsv.dll -> [2009/04/21 20:49:39 | 00,027,136 | ---- | C] (Microsoft Corporation)
msnetobj.dll -> %SystemRoot%\System32\dllcache\msnetobj.dll -> [2009/04/21 20:49:37 | 00,179,712 | ---- | C] (Microsoft Corporation)
msdxm.ocx -> %SystemRoot%\System32\dllcache\msdxm.ocx -> [2009/04/21 20:49:32 | 00,844,314 | ---- | C] ()
msdxmlc.dll -> %SystemRoot%\System32\dllcache\msdxmlc.dll -> [2009/04/21 20:49:32 | 00,004,126 | ---- | C] ()
msaud32.acm -> %SystemRoot%\System32\dllcache\msaud32.acm -> [2009/04/21 20:49:28 | 00,294,912 | ---- | C] (Microsoft Corporation)
msadds32.ax -> %SystemRoot%\System32\dllcache\msadds32.ax -> [2009/04/21 20:49:28 | 00,221,184 | ---- | C] (Microsoft Corporation)
mpg4ds32.ax -> %SystemRoot%\System32\dllcache\mpg4ds32.ax -> [2009/04/21 20:49:26 | 00,262,144 | ---- | C] (Microsoft Corporation)
mpvis.dll -> %SystemRoot%\System32\dllcache\mpvis.dll -> [2009/04/21 20:49:26 | 00,243,712 | ---- | C] (Microsoft Corporation)
mplay32.exe -> %SystemRoot%\System32\dllcache\mplay32.exe -> [2009/04/21 20:49:26 | 00,123,392 | ---- | C] (Microsoft Corporation)
mplayer2.hlp -> %SystemRoot%\System32\dllcache\mplayer2.hlp -> [2009/04/21 20:49:26 | 00,097,117 | ---- | C] ()
mplayer2.inf -> %SystemRoot%\System32\dllcache\mplayer2.inf -> [2009/04/21 20:49:26 | 00,018,286 | ---- | C] ()
mplayer2.exe -> %SystemRoot%\System32\dllcache\mplayer2.exe -> [2009/04/21 20:49:26 | 00,004,639 | ---- | C] (Microsoft Corporation)
mplogoh.gif -> %SystemRoot%\System32\dllcache\mplogoh.gif -> [2009/04/21 20:49:26 | 00,002,778 | ---- | C] ()
mplogo.gif -> %SystemRoot%\System32\dllcache\mplogo.gif -> [2009/04/21 20:49:26 | 00,002,545 | ---- | C] ()
mplayer2.cnt -> %SystemRoot%\System32\dllcache\mplayer2.cnt -> [2009/04/21 20:49:26 | 00,001,885 | ---- | C] ()
mmcperf.exe -> %SystemRoot%\System32\mmcperf.exe -> [2009/04/21 20:49:25 | 00,033,792 | ---- | C] (Microsoft Corporation)
MPG4DMOD.dll -> %SystemRoot%\System32\dllcache\MPG4DMOD.dll -> [2009/04/21 20:49:25 | 00,004,096 | ---- | C] (Microsoft Corporation)
MP4SDMOD.dll -> %SystemRoot%\System32\dllcache\MP4SDMOD.dll -> [2009/04/21 20:49:25 | 00,004,096 | ---- | C] (Microsoft Corporation)
MP43DMOD.dll -> %SystemRoot%\System32\dllcache\MP43DMOD.dll -> [2009/04/21 20:49:25 | 00,004,096 | ---- | C] (Microsoft Corporation)
migrate.exe -> %SystemRoot%\System32\dllcache\migrate.exe -> [2009/04/21 20:49:24 | 00,786,432 | ---- | C] (Microsoft Corporation)
mmcex.dll -> %SystemRoot%\System32\mmcex.dll -> [2009/04/21 20:49:24 | 00,397,312 | ---- | C] (Microsoft Corporation)
microsoft.managementconsole.dll -> %SystemRoot%\System32\microsoft.managementconsole.dll -> [2009/04/21 20:49:24 | 00,184,320 | ---- | C] (Microsoft Corporation)
mmcfxcommon.dll -> %SystemRoot%\System32\mmcfxcommon.dll -> [2009/04/21 20:49:24 | 00,106,496 | ---- | C] (Microsoft Corporation)
mdlib.wmv -> %SystemRoot%\System32\dllcache\mdlib.wmv -> [2009/04/21 20:49:22 | 00,457,607 | ---- | C] ()
logagent.exe -> %SystemRoot%\System32\dllcache\logagent.exe -> [2009/04/21 20:49:20 | 00,100,864 | ---- | C] (Microsoft Corporation)
LAPRXY.dll -> %SystemRoot%\System32\dllcache\LAPRXY.dll -> [2009/04/21 20:49:18 | 00,011,264 | ---- | C] (Microsoft Corporation)
l3codeca.acm -> %SystemRoot%\System32\dllcache\l3codeca.acm -> [2009/04/21 20:49:13 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
kmsvc.dll -> %SystemRoot%\System32\kmsvc.dll -> [2009/04/21 20:49:13 | 00,061,440 | ---- | C] (Microsoft Corporation)
l2gpstore.dll -> %SystemRoot%\System32\l2gpstore.dll -> [2009/04/21 20:49:13 | 00,037,376 | ---- | C] (Microsoft Corporation)
kbdpash.dll -> %SystemRoot%\System32\kbdpash.dll -> [2009/04/21 20:49:12 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdnepr.dll -> %SystemRoot%\System32\kbdnepr.dll -> [2009/04/21 20:49:12 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdiultn.dll -> %SystemRoot%\System32\kbdiultn.dll -> [2009/04/21 20:49:12 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdbhc.dll -> %SystemRoot%\System32\kbdbhc.dll -> [2009/04/21 20:49:12 | 00,006,144 | ---- | C] (Microsoft Corporation)
smtpapi.dll -> %SystemRoot%\System32\smtpapi.dll -> [2009/04/21 20:49:01 | 00,010,752 | ---- | C] (Microsoft Corporation)
rwnh.dll -> %SystemRoot%\System32\rwnh.dll -> [2009/04/21 20:49:00 | 00,009,728 | ---- | C] (Microsoft Corporation)
pid.inf -> %SystemRoot%\System32\pid.inf -> [2009/04/21 20:49:00 | 00,000,974 | ---- | C] ()
events.js -> %SystemRoot%\System32\dllcache\events.js -> [2009/04/21 20:48:46 | 00,005,971 | ---- | C] ()
eapp3hst.dll -> %SystemRoot%\System32\eapp3hst.dll -> [2009/04/21 20:48:45 | 00,184,832 | ---- | C] (Microsoft Corporation)
eapphost.dll -> %SystemRoot%\System32\eapphost.dll -> [2009/04/21 20:48:45 | 00,180,224 | ---- | C] (Microsoft Corporation)
eappcfg.dll -> %SystemRoot%\System32\eappcfg.dll -> [2009/04/21 20:48:45 | 00,126,976 | ---- | C] (Microsoft Corporation)
eappgnui.dll -> %SystemRoot%\System32\eappgnui.dll -> [2009/04/21 20:48:45 | 00,094,208 | ---- | C] (Microsoft Corporation)
eapqec.dll -> %SystemRoot%\System32\eapqec.dll -> [2009/04/21 20:48:45 | 00,059,392 | ---- | C] (Microsoft Corporation)
eappprxy.dll -> %SystemRoot%\System32\eappprxy.dll -> [2009/04/21 20:48:45 | 00,040,960 | ---- | C] (Microsoft Corporation)
eapsvc.dll -> %SystemRoot%\System32\eapsvc.dll -> [2009/04/21 20:48:45 | 00,033,792 | ---- | C] (Microsoft Corporation)
eapolqec.dll -> %SystemRoot%\System32\eapolqec.dll -> [2009/04/21 20:48:45 | 00,030,720 | ---- | C] (Microsoft Corporation)
dxmasf.dll -> %SystemRoot%\System32\dllcache\dxmasf.dll -> [2009/04/21 20:48:44 | 00,498,742 | ---- | C] ()
drmv2clt.dll -> %SystemRoot%\System32\dllcache\drmv2clt.dll -> [2009/04/21 20:48:42 | 00,991,744 | ---- | C] (Microsoft Corporation)
dot3ui.dll -> %SystemRoot%\System32\dot3ui.dll -> [2009/04/21 20:48:42 | 00,650,752 | ---- | C] (Microsoft Corporation)
drmclien.dll -> %SystemRoot%\System32\dllcache\drmclien.dll -> [2009/04/21 20:48:42 | 00,299,520 | ---- | C] (Microsoft Corporation)
dot3svc.dll -> %SystemRoot%\System32\dot3svc.dll -> [2009/04/21 20:48:42 | 00,132,096 | ---- | C] (Microsoft Corporation)
drmstor.dll -> %SystemRoot%\System32\dllcache\drmstor.dll -> [2009/04/21 20:48:42 | 00,087,040 | ---- | C] (Microsoft Corporation)
dot3cfg.dll -> %SystemRoot%\System32\dot3cfg.dll -> [2009/04/21 20:48:42 | 00,057,856 | ---- | C] (Microsoft Corporation)
dot3msm.dll -> %SystemRoot%\System32\dot3msm.dll -> [2009/04/21 20:48:42 | 00,056,320 | ---- | C] (Microsoft Corporation)
dot3gpclnt.dll -> %SystemRoot%\System32\dot3gpclnt.dll -> [2009/04/21 20:48:42 | 00,039,936 | ---- | C] (Microsoft Corporation)
dot3api.dll -> %SystemRoot%\System32\dot3api.dll -> [2009/04/21 20:48:42 | 00,026,112 | ---- | C] (Microsoft Corporation)
dot3dlg.dll -> %SystemRoot%\System32\dot3dlg.dll -> [2009/04/21 20:48:42 | 00,009,216 | ---- | C] (Microsoft Corporation)
dlimport.exe -> %SystemRoot%\System32\dllcache\dlimport.exe -> [2009/04/21 20:48:41 | 00,294,912 | ---- | C] (Microsoft Corporation)
dhcpqec.dll -> %SystemRoot%\System32\dhcpqec.dll -> [2009/04/21 20:48:40 | 00,048,640 | ---- | C] (Microsoft Corporation)
dimsroam.dll -> %SystemRoot%\System32\dimsroam.dll -> [2009/04/21 20:48:40 | 00,039,936 | ---- | C] (Microsoft Corporation)
dimsntfy.dll -> %SystemRoot%\System32\dimsntfy.dll -> [2009/04/21 20:48:40 | 00,019,456 | ---- | C] (Microsoft Corporation)
custsat.dll -> %SystemRoot%\System32\dllcache\custsat.dll -> [2009/04/21 20:48:38 | 00,033,792 | ---- | C] (Microsoft Corporation)
copycd.wmv -> %SystemRoot%\System32\dllcache\copycd.wmv -> [2009/04/21 20:48:37 | 00,381,425 | ---- | C] ()
compact.wmz -> %SystemRoot%\System32\dllcache\compact.wmz -> [2009/04/21 20:48:37 | 00,184,959 | ---- | C] ()
credssp.dll -> %SystemRoot%\System32\credssp.dll -> [2009/04/21 20:48:37 | 00,012,800 | ---- | C] (Microsoft Corporation)
controls.css -> %SystemRoot%\System32\dllcache\controls.css -> [2009/04/21 20:48:37 | 00,009,585 | ---- | C] ()
contents.htm -> %SystemRoot%\System32\dllcache\contents.htm -> [2009/04/21 20:48:37 | 00,008,298 | ---- | C] ()
controls.js -> %SystemRoot%\System32\dllcache\controls.js -> [2009/04/21 20:48:37 | 00,006,878 | ---- | C] ()
cnth.gif -> %SystemRoot%\System32\dllcache\cnth.gif -> [2009/04/21 20:48:37 | 00,000,773 | ---- | C] ()
cnt.gif -> %SystemRoot%\System32\dllcache\cnt.gif -> [2009/04/21 20:48:37 | 00,000,773 | ---- | C] ()
cntd.gif -> %SystemRoot%\System32\dllcache\cntd.gif -> [2009/04/21 20:48:37 | 00,000,772 | ---- | C] ()
cloapph.gif -> %SystemRoot%\System32\dllcache\cloapph.gif -> [2009/04/21 20:48:36 | 00,000,760 | ---- | C] ()
cloapp.gif -> %SystemRoot%\System32\dllcache\cloapp.gif -> [2009/04/21 20:48:36 | 00,000,717 | ---- | C] ()
cewmdm.dll -> %SystemRoot%\System32\dllcache\cewmdm.dll -> [2009/04/21 20:48:34 | 00,229,376 | ---- | C] (Microsoft Corporation)
blackbox.dll -> %SystemRoot%\System32\dllcache\blackbox.dll -> [2009/04/21 20:48:33 | 00,542,720 | ---- | C] (Microsoft Corporation)
bitsprx4.dll -> %SystemRoot%\System32\bitsprx4.dll -> [2009/04/21 20:48:33 | 00,007,168 | ---- | C] (Microsoft Corporation)
bktrh.gif -> %SystemRoot%\System32\dllcache\bktrh.gif -> [2009/04/21 20:48:33 | 00,000,999 | ---- | C] ()
azroles.dll -> %SystemRoot%\System32\azroles.dll -> [2009/04/21 20:48:32 | 00,233,472 | ---- | C] (Microsoft Corporation)
asferror.dll -> %SystemRoot%\System32\dllcache\asferror.dll -> [2009/04/21 20:48:29 | 00,007,168 | ---- | C] (Microsoft Corporation)
aaclient.dll -> %SystemRoot%\System32\aaclient.dll -> [2009/04/21 20:48:25 | 00,136,192 | ---- | C] (Microsoft Corporation)
rmcast.sys -> %SystemRoot%\System32\dllcache\rmcast.sys -> [2009/04/21 20:42:02 | 00,203,136 | ---- | C] (Microsoft Corporation)
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2009/04/21 20:41:59 | 00,333,952 | ---- | C] (Microsoft Corporation)
msadce.dll -> %SystemRoot%\System32\dllcache\msadce.dll -> [2009/04/21 20:41:58 | 00,331,776 | ---- | C] (Microsoft Corporation)
inetcomm.dll -> %SystemRoot%\System32\dllcache\inetcomm.dll -> [2009/04/21 20:32:14 | 00,691,712 | ---- | C] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2009/04/21 20:31:55 | 00,337,408 | ---- | C] (Microsoft Corporation)
msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2009/04/21 20:31:54 | 01,106,944 | ---- | C] (Microsoft Corporation)
xpsp4res.dll -> %SystemRoot%\System32\xpsp4res.dll -> [2009/04/21 20:31:05 | 00,002,560 | ---- | C] (Microsoft Corporation)
sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> [2009/04/21 20:31:04 | 01,203,922 | ---- | C] ()
wordpad.exe -> %SystemRoot%\System32\dllcache\wordpad.exe -> [2009/04/21 20:31:03 | 00,215,552 | ---- | C] (Microsoft Corporation)
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/04/21 20:29:11 | 00,017,856 | ---- | C] ()
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [2009/04/21 20:19:53 | 00,316,640 | ---- | C] ()
peernet -> %SystemRoot%\peernet -> [2009/04/21 20:18:35 | 00,000,000 | ---D | C]
provisioning -> %SystemRoot%\provisioning -> [2009/04/21 20:18:34 | 00,000,000 | ---D | C]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2009/04/21 20:15:51 | 00,000,000 | ---D | C]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [2009/04/21 20:11:08 | 00,000,000 | ---D | C]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2009/04/21 20:07:30 | 00,000,000 | -H-D | C]
EHome -> %SystemRoot%\EHome -> [2009/04/21 20:07:27 | 00,000,000 | ---D | C]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [2009/04/21 20:02:58 | 00,067,866 | ---- | C] ()
spnpinst.exe -> %SystemRoot%\System32\spnpinst.exe -> [2009/04/21 20:02:58 | 00,011,264 | ---- | C] (Microsoft Corporation)
secupd.sig -> %SystemRoot%\System32\secupd.sig -> [2009/04/21 20:02:58 | 00,007,208 | ---- | C] ()
secupd.dat -> %SystemRoot%\System32\secupd.dat -> [2009/04/21 20:02:58 | 00,004,569 | ---- | C] ()
Macromedia -> %AppData%\Macromedia -> [2009/04/21 19:53:44 | 00,000,000 | ---D | C]
Adobe -> %AppData%\Adobe -> [2009/04/21 19:53:44 | 00,000,000 | ---D | C]
wpa.bak -> %SystemRoot%\System32\wpa.bak -> [2009/04/21 17:44:14 | 00,002,422 | ---- | C] ()
Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [2009/04/21 16:46:00 | 00,000,000 | ---D | C]
PreInstall -> %SystemRoot%\System32\PreInstall -> [2009/04/21 16:43:30 | 00,000,000 | ---D | C]
spupdsvc.exe -> %SystemRoot%\System32\spupdsvc.exe -> [2009/04/21 16:43:28 | 00,026,144 | ---- | C] (Microsoft Corporation)
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [2009/04/21 16:43:27 | 00,000,000 | -H-D | C]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [2009/04/21 16:42:56 | 00,000,000 | -H-D | C]
bits -> %SystemRoot%\System32\bits -> [2009/04/21 16:42:28 | 00,000,000 | ---D | C]
xpob2res.dll -> %SystemRoot%\System32\xpob2res.dll -> [2009/04/21 16:42:02 | 00,438,784 | ---- | C] (Microsoft Corporation)
winhttp.dll -> %SystemRoot%\System32\winhttp.dll -> [2009/04/21 16:42:02 | 00,354,304 | ---- | C] (Microsoft Corporation)
qmgrprxy.dll -> %SystemRoot%\System32\qmgrprxy.dll -> [2009/04/21 16:42:02 | 00,018,944 | ---- | C] (Microsoft Corporation)
bitsprx2.dll -> %SystemRoot%\System32\bitsprx2.dll -> [2009/04/21 16:42:02 | 00,008,192 | ---- | C] (Microsoft Corporation)
bitsprx3.dll -> %SystemRoot%\System32\bitsprx3.dll -> [2009/04/21 16:42:02 | 00,007,168 | ---- | C] (Microsoft Corporation)
wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2009/04/21 16:40:30 | 00,043,544 | ---- | C] (Microsoft Corporation)
wups.dll -> %SystemRoot%\System32\wups.dll -> [2009/04/21 16:40:30 | 00,034,328 | ---- | C] (Microsoft Corporation)
wucltui.dll -> %SystemRoot%\System32\wucltui.dll -> [2009/04/21 16:40:29 | 00,323,608 | ---- | C] (Microsoft Corporation)
wuaucpl.cpl -> %SystemRoot%\System32\wuaucpl.cpl -> [2009/04/21 16:40:29 | 00,213,528 | ---- | C] (Microsoft Corporation)
wucltui.dll.mui -> %SystemRoot%\System32\wucltui.dll.mui -> [2009/04/21 16:40:29 | 00,031,768 | ---- | C] (Microsoft Corporation)
wuaucpl.cpl.mui -> %SystemRoot%\System32\wuaucpl.cpl.mui -> [2009/04/21 16:40:29 | 00,023,576 | ---- | C] (Microsoft Corporation)
wuaueng.dll.mui -> %SystemRoot%\System32\wuaueng.dll.mui -> [2009/04/21 16:40:29 | 00,018,456 | ---- | C] (Microsoft Corporation)
wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2009/04/21 16:40:28 | 00,561,688 | ---- | C] (Microsoft Corporation)
wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2009/04/21 16:40:28 | 00,023,576 | ---- | C] (Microsoft Corporation)
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [2009/04/21 16:40:04 | 00,000,000 | ---D | C]
UserData -> %UserProfile%\UserData -> [2009/04/21 16:39:44 | 00,000,000 | -HSD | C]
m4cxw2k3.sys -> %SystemRoot%\System32\drivers\m4cxw2k3.sys -> [2009/04/21 16:33:03 | 00,250,752 | ---- | C] (D-Link Corporation)
Downloaded Files -> %UserProfile%\My Documents\Downloaded Files -> [2009/04/21 16:31:23 | 00,000,000 | ---D | C]
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/04/21 10:09:31 | 00,000,000 | -HSD | C]
usbstor.sys -> %SystemRoot%\System32\drivers\usbstor.sys -> [2009/04/21 09:24:22 | 00,026,368 | ---- | C] (Microsoft Corporation)
Microsoft -> %SystemRoot%\System32\Microsoft -> [2009/04/20 22:43:05 | 00,000,000 | --SD | C]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/04/20 22:42:57 | 06,093,738 | -H-- | C] ()
Installer -> %SystemRoot%\Installer -> [2009/04/20 22:32:57 | 00,000,000 | -HSD | C]
Identities -> %AppData%\Identities -> [2009/04/20 22:32:54 | 00,000,000 | ---D | C]
Uninstall Information -> %ProgramFiles%\Uninstall Information -> [2009/04/20 22:32:49 | 00,000,000 | -H-D | C]
My Music -> %UserProfile%\My Documents\My Music -> [2009/04/20 22:32:48 | 00,000,000 | R--D | C]
desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [2009/04/20 22:32:47 | 00,000,079 | -HS- | C] ()
My Pictures -> %UserProfile%\My Documents\My Pictures -> [2009/04/20 22:32:47 | 00,000,000 | R--D | C]
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/04/20 22:32:43 | 00,000,178 | -HS- | C] ()
desktop.ini -> %AppData%\desktop.ini -> [2009/04/20 22:32:43 | 00,000,062 | -HS- | C] ()
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [2009/04/20 22:32:43 | 00,000,000 | ---D | C]
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/04/20 22:32:42 | 01,835,008 | -H-- | C] ()
desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [2009/04/20 22:32:42 | 00,000,084 | -HS- | C] ()
Microsoft -> %AppData%\Microsoft -> [2009/04/20 22:32:42 | 00,000,000 | --SD | C]
SendTo -> %UserProfile%\SendTo -> [2009/04/20 22:32:42 | 00,000,000 | RH-D | C]
Recent -> %UserProfile%\Recent -> [2009/04/20 22:32:42 | 00,000,000 | RH-D | C]
Application Data -> %AppData% -> [2009/04/20 22:32:42 | 00,000,000 | RH-D | C]
Start Menu -> %UserProfile%\Start Menu -> [2009/04/20 22:32:42 | 00,000,000 | R--D | C]
My Documents -> %UserProfile%\My Documents -> [2009/04/20 22:32:42 | 00,000,000 | R--D | C]
Favorites -> %UserProfile%\Favorites -> [2009/04/20 22:32:42 | 00,000,000 | R--D | C]
Cookies -> %UserProfile%\Cookies -> [2009/04/20 22:32:42 | 00,000,000 | -HSD | C]
Templates -> %UserProfile%\Templates -> [2009/04/20 22:32:42 | 00,000,000 | -H-D | C]
PrintHood -> %UserProfile%\PrintHood -> [2009/04/20 22:32:42 | 00,000,000 | -H-D | C]
NetHood -> %UserProfile%\NetHood -> [2009/04/20 22:32:42 | 00,000,000 | -H-D | C]
Local Settings -> %UserProfile%\Local Settings -> [2009/04/20 22:32:42 | 00,000,000 | -H-D | C]
Desktop -> %UserProfile%\Desktop -> [2009/04/20 22:32:42 | 00,000,000 | ---D | C]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/04/20 22:32:40 | 53,639,9872 | -HS- | C] ()
System Volume Information -> %SystemDrive%\System Volume Information -> [2009/04/20 22:30:23 | 00,000,000 | -HSD | C]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [2009/04/20 22:30:11 | 00,008,192 | ---- | C] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/04/20 22:29:11 | 00,002,048 | --S- | C] ()
winzm.ime -> %SystemRoot%\System32\dllcache\winzm.ime -> [2009/04/20 22:28:57 | 00,156,672 | ---- | C] (Microsoft Corporation)
winsp.ime -> %SystemRoot%\System32\dllcache\winsp.ime -> [2009/04/20 22:28:56 | 00,156,672 | ---- | C] (Microsoft Corporation)
winpy.ime -> %SystemRoot%\System32\dllcache\winpy.ime -> [2009/04/20 22:28:56 | 00,156,672 | ---- | C] (Microsoft Corporation)
winime.ime -> %SystemRoot%\System32\dllcache\winime.ime -> [2009/04/20 22:28:56 | 00,065,536 | ---- | C] (Microsoft Corporation)
winar30.ime -> %SystemRoot%\System32\dllcache\winar30.ime -> [2009/04/20 22:28:55 | 00,079,360 | ---- | C] (Microsoft Corporation)
wingb.ime -> %SystemRoot%\System32\dllcache\wingb.ime -> [2009/04/20 22:28:55 | 00,072,704 | ---- | C] (Microsoft Corporation)
weitekp9.dll -> %SystemRoot%\System32\dllcache\weitekp9.dll -> [2009/04/20 22:28:54 | 00,041,600 | ---- | C] (Microsoft Corporation)
weitekp9.sys -> %SystemRoot%\System32\dllcache\weitekp9.sys -> [2009/04/20 22:28:54 | 00,031,232 | ---- | C] (Microsoft Corporation)
wamps51.dll -> %SystemRoot%\System32\dllcache\wamps51.dll -> [2009/04/20 22:28:52 | 00,009,216 | ---- | C] (Microsoft Corporation)
w3ext.dll -> %SystemRoot%\System32\dllcache\w3ext.dll -> [2009/04/20 22:28:51 | 00,073,728 | ---- | C] (Microsoft Corporation)
w32.dll -> %SystemRoot%\System32\dllcache\w32.dll -> [2009/04/20 22:28:51 | 00,048,256 | ---- | C] (Microsoft Corporation)
w3svapi.dll -> %SystemRoot%\System32\dllcache\w3svapi.dll -> [2009/04/20 22:28:51 | 00,005,632 | ---- | C] (Microsoft Corporation)
w3ctrs51.dll -> %SystemRoot%\System32\dllcache\w3ctrs51.dll -> [2009/04/20 22:28:51 | 00,004,608 | ---- | C] (Microsoft Corporation)
voicepad.dll -> %SystemRoot%\System32\dllcache\voicepad.dll -> [2009/04/20 22:28:50 | 00,426,041 | ---- | C] (Microsoft Corporation)
voicesub.dll -> %SystemRoot%\System32\dllcache\voicesub.dll -> [2009/04/20 22:28:50 | 00,086,073 | ---- | C] (Microsoft Corporation)
uniime.dll -> %SystemRoot%\System32\dllcache\uniime.dll -> [2009/04/20 22:28:48 | 00,076,288 | ---- | C] (Microsoft Corporation)
unicdime.ime -> %SystemRoot%\System32\dllcache\unicdime.ime -> [2009/04/20 22:28:48 | 00,065,024 | ---- | C] (Microsoft Corporation)
tsprof.exe -> %SystemRoot%\System32\dllcache\tsprof.exe -> [2009/04/20 22:28:47 | 00,014,336 | ---- | C] (Microsoft Corporation)
tintsetp.exe -> %SystemRoot%\System32\dllcache\tintsetp.exe -> [2009/04/20 22:28:46 | 00,455,168 | ---- | C] (Microsoft Corporation)
tintlphr.exe -> %SystemRoot%\System32\dllcache\tintlphr.exe -> [2009/04/20 22:28:46 | 00,044,032 | ---- | C] (Microsoft Corporation)
tmigrate.dll -> %SystemRoot%\System32\dllcache\tmigrate.dll -> [2009/04/20 22:28:46 | 00,010,240 | ---- | C] (Microsoft Corporation)
tintlgnt.ime -> %SystemRoot%\System32\dllcache\tintlgnt.ime -> [2009/04/20 22:28:45 | 00,571,392 | ---- | C] (Microsoft Corporation)
thawbrkr.dll -> %SystemRoot%\System32\dllcache\thawbrkr.dll -> [2009/04/20 22:28:45 | 00,185,344 | ---- | C] (Microsoft Corporation)
tdipx.sys -> %SystemRoot%\System32\dllcache\tdipx.sys -> [2009/04/20 22:28:44 | 00,021,896 | ---- | C] (Microsoft Corporation)
tdspx.sys -> %SystemRoot%\System32\dllcache\tdspx.sys -> [2009/04/20 22:28:44 | 00,019,464 | ---- | C] (Microsoft Corporation)
tdasync.sys -> %SystemRoot%\System32\dllcache\tdasync.sys -> [2009/04/20 22:28:44 | 00,013,192 | ---- | C] (Microsoft Corporation)
status.dll -> %SystemRoot%\System32\dllcache\status.dll -> [2009/04/20 22:28:42 | 00,016,896 | ---- | C] (Microsoft Corporation)
srusbusd.dll -> %SystemRoot%\System32\dllcache\srusbusd.dll -> [2009/04/20 22:28:41 | 00,101,376 | ---- | C] (Microsoft Corporation)
softkey.dll -> %SystemRoot%\System32\dllcache\softkey.dll -> [2009/04/20 22:28:40 | 00,143,422 | ---- | C] (Microsoft Corporation)
snmpstup.dll -> %SystemRoot%\System32\dllcache\snmpstup.dll -> [2009/04/20 22:28:39 | 00,010,240 | ---- | C] (Microsoft Corporation)
EXCH_snprfdll.dll -> %SystemRoot%\System32\dllcache\EXCH_snprfdll.dll -> [2009/04/20 22:28:39 | 00,007,168 | ---- | C] (Microsoft Corporation)
EXCH_smtpctrs.dll -> %SystemRoot%\System32\dllcache\EXCH_smtpctrs.dll -> [2009/04/20 22:28:37 | 00,012,288 | ---- | C] (Microsoft Corporation)
EXCH_smtpapi.dll -> %SystemRoot%\System32\dllcache\EXCH_smtpapi.dll -> [2009/04/20 22:28:37 | 00,009,728 | ---- | C] (Microsoft Corporation)
smimsgif.dll -> %SystemRoot%\System32\dllcache\smimsgif.dll -> [2009/04/20 22:28:37 | 00,005,632 | ---- | C] (Microsoft Corporation)
smierrsy.dll -> %SystemRoot%\System32\dllcache\smierrsy.dll -> [2009/04/20 22:28:37 | 00,005,632 | ---- | C] (Microsoft Corporation)
sm9aw.dll -> %SystemRoot%\System32\dllcache\sm9aw.dll -> [2009/04/20 22:28:36 | 00,038,912 | ---- | C] (Microsoft Corporation)
smb6w.dll -> %SystemRoot%\System32\dllcache\smb6w.dll -> [2009/04/20 22:28:36 | 00,031,744 | ---- | C] (Microsoft Corporation)
sma3w.dll -> %SystemRoot%\System32\dllcache\sma3w.dll -> [2009/04/20 22:28:36 | 00,031,744 | ---- | C] (Microsoft Corporation)
sm93w.dll -> %SystemRoot%\System32\dllcache\sm93w.dll -> [2009/04/20 22:28:36 | 00,026,624 | ---- | C] (Microsoft Corporation)
sm92w.dll -> %SystemRoot%\System32\dllcache\sm92w.dll -> [2009/04/20 22:28:36 | 00,026,624 | ---- | C] (Microsoft Corporation)
sm90w.dll -> %SystemRoot%\System32\dllcache\sm90w.dll -> [2009/04/20 22:28:36 | 00,026,112 | ---- | C] (Microsoft Corporation)
sm8dw.dll -> %SystemRoot%\System32\dllcache\sm8dw.dll -> [2009/04/20 22:28:36 | 00,026,112 | ---- | C] (Microsoft Corporation)
smierrsm.dll -> %SystemRoot%\System32\dllcache\smierrsm.dll -> [2009/04/20 22:28:36 | 00,015,872 | ---- | C] (Microsoft Corporation)
sm87w.dll -> %SystemRoot%\System32\dllcache\sm87w.dll -> [2009/04/20 22:28:35 | 00,030,208 | ---- | C] (Microsoft Corporation)
sm81w.dll -> %SystemRoot%\System32\dllcache\sm81w.dll -> [2009/04/20 22:28:35 | 00,030,208 | ---- | C] (Microsoft Corporation)
sm8cw.dll -> %SystemRoot%\System32\dllcache\sm8cw.dll -> [2009/04/20 22:28:35 | 00,029,184 | ---- | C] (Microsoft Corporation)
sm8aw.dll -> %SystemRoot%\System32\dllcache\sm8aw.dll -> [2009/04/20 22:28:35 | 00,026,112 | ---- | C] (Microsoft Corporation)
sm89w.dll -> %SystemRoot%\System32\dllcache\sm89w.dll -> [2009/04/20 22:28:35 | 00,026,112 | ---- | C] (Microsoft Corporation)
sm59w.dll -> %SystemRoot%\System32\dllcache\sm59w.dll -> [2009/04/20 22:28:35 | 00,025,088 | ---- | C] (Microsoft Corporation)
simptcp.dll -> %SystemRoot%\System32\dllcache\simptcp.dll -> [2009/04/20 22:28:35 | 00,018,944 | ---- | C] (Microsoft Corporation)
EXCH_seo.dll -> %SystemRoot%\System32\dllcache\EXCH_seo.dll -> [2009/04/20 22:28:31 | 00,205,824 | ---- | C] (Microsoft Corporation)
EXCH_seos.dll -> %SystemRoot%\System32\dllcache\EXCH_seos.dll -> [2009/04/20 22:28:31 | 00,026,112 | ---- | C] (Microsoft Corporation)
EXCH_scripto.dll -> %SystemRoot%\System32\dllcache\EXCH_scripto.dll -> [2009/04/20 22:28:30 | 00,057,856 | ---- | C] (Microsoft Corporation)
rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> [2009/04/20 22:28:29 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.)
EXCH_rwnh.dll -> %SystemRoot%\System32\dllcache\EXCH_rwnh.dll -> [2009/04/20 22:28:29 | 00,009,216 | ---- | C] (Microsoft Corporation)
rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> [2009/04/20 22:28:28 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.)
romanime.ime -> %SystemRoot%\System32\dllcache\romanime.ime -> [2009/04/20 22:28:27 | 00,026,112 | ---- | C] (Microsoft Corporation)
EXCH_regtrace.exe -> %SystemRoot%\System32\dllcache\EXCH_regtrace.exe -> [2009/04/20 22:28:26 | 00,023,040 | ---- | C] (Microsoft Corporation)
register.exe -> %SystemRoot%\System32\dllcache\register.exe -> [2009/04/20 22:28:26 | 00,014,848 | ---- | C] (Microsoft Corporation)
quick.ime -> %SystemRoot%\System32\dllcache\quick.ime -> [2009/04/20 22:28:24 | 00,077,824 | ---- | C] (Microsoft Corporation)
quser.exe -> %SystemRoot%\System32\dllcache\quser.exe -> [2009/04/20 22:28:24 | 00,016,384 | ---- | C] (Microsoft Corporation)
query.exe -> %SystemRoot%\System32\dllcache\query.exe -> [2009/04/20 22:28:24 | 00,009,728 | ---- | C] (Microsoft Corporation)
pmxviceo.dll -> %SystemRoot%\System32\dllcache\pmxviceo.dll -> [2009/04/20 22:28:22 | 00,131,584 | ---- | C] (Microsoft Corporation)
pmxmcro.dll -> %SystemRoot%\System32\dllcache\pmxmcro.dll -> [2009/04/20 22:28:22 | 00,011,264 | ---- | C] (Microsoft Corporation)
pmxgl.dll -> %SystemRoot%\System32\dllcache\pmxgl.dll -> [2009/04/20 22:28:22 | 00,006,144 | ---- | C] (Microsoft Corporation)
pintlgnt.ime -> %SystemRoot%\System32\dllcache\pintlgnt.ime -> [2009/04/20 22:28:21 | 00,482,304 | ---- | C] (Microsoft Corporation)
pintlphr.exe -> %SystemRoot%\System32\dllcache\pintlphr.exe -> [2009/04/20 22:28:21 | 00,070,144 | ---- | C] (Microsoft Corporation)
pmigrate.dll -> %SystemRoot%\System32\dllcache\pmigrate.dll -> [2009/04/20 22:28:21 | 00,067,584 | ---- | C] (Microsoft Corporation)
pintlcsd.dll -> %SystemRoot%\System32\dllcache\pintlcsd.dll -> [2009/04/20 22:28:21 | 00,053,760 | ---- | C] (Microsoft Corporation)
pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [2009/04/20 22:28:20 | 00,175,104 | ---- | C] ()
phon.ime -> %SystemRoot%\System32\dllcache\phon.ime -> [2009/04/20 22:28:20 | 00,079,360 | ---- | C] (Microsoft Corporation)
permchk.dll -> %SystemRoot%\System32\dllcache\permchk.dll -> [2009/04/20 22:28:20 | 00,020,992 | ---- | C] (Microsoft Corporation)
padrs411.dll -> %SystemRoot%\System32\dllcache\padrs411.dll -> [2009/04/20 22:28:19 | 00,036,927 | ---- | C] (Microsoft Corporation)
pagecnt.dll -> %SystemRoot%\System32\dllcache\pagecnt.dll -> [2009/04/20 22:28:19 | 00,031,744 | ---- | C] (Microsoft Corporation)
padrs404.dll -> %SystemRoot%\System32\dllcache\padrs404.dll -> [2009/04/20 22:28:19 | 00,015,872 | ---- | C] (Microsoft Corporation)
padrs804.dll -> %SystemRoot%\System32\dllcache\padrs804.dll -> [2009/04/20 22:28:19 | 00,015,360 | ---- | C] (Microsoft Corporation)
padrs412.dll -> %SystemRoot%\System32\dllcache\padrs412.dll -> [2009/04/20 22:28:19 | 00,014,336 | ---- | C] (Microsoft Corporation)
EXCH_ntfsdrv.dll -> %SystemRoot%\System32\dllcache\EXCH_ntfsdrv.dll -> [2009/04/20 22:28:16 | 00,038,912 | ---- | C] (Microsoft Corporation)
nextlink.dll -> %SystemRoot%\System32\dllcache\nextlink.dll -> [2009/04/20 22:28:14 | 00,053,248 | ---- | C] (Microsoft Corporation)
multibox.dll -> %SystemRoot%\System32\dllcache\multibox.dll -> [2009/04/20 22:28:12 | 00,229,439 | ---- | C] (Microsoft Corporation)
msir3jp.lex -> %SystemRoot%\System32\dllcache\msir3jp.lex -> [2009/04/20 22:28:06 | 01,875,968 | ---- | C] (Microsoft Corporation)
msir3jp.dll -> %SystemRoot%\System32\dllcache\msir3jp.dll -> [2009/04/20 22:28:06 | 00,098,304 | ---- | C] (Microsoft Corporation)
mga.sys -> %SystemRoot%\System32\dllcache\mga.sys -> [2009/04/20 22:27:59 | 00,092,416 | ---- | C] (Microsoft Corporation)
mga.dll -> %SystemRoot%\System32\dllcache\mga.dll -> [2009/04/20 22:27:59 | 00,092,032 | ---- | C] (Microsoft Corporation)
EXCH_mailmsg.dll -> %SystemRoot%\System32\dllcache\EXCH_mailmsg.dll -> [2009/04/20 22:27:58 | 00,065,536 | ---- | C] (Microsoft Corporation)
mdsync.dll -> %SystemRoot%\System32\dllcache\mdsync.dll -> [2009/04/20 22:27:58 | 00,026,624 | ---- | C] (Microsoft Corporation)
logscrpt.dll -> %SystemRoot%\System32\dllcache\logscrpt.dll -> [2009/04/20 22:27:56 | 00,022,016 | ---- | C] (Microsoft Corporation)
korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex -> [2009/04/20 22:27:54 | 01,158,818 | ---- | C] ()
korwbrkr.dll -> %SystemRoot%\System32\dllcache\korwbrkr.dll -> [2009/04/20 22:27:54 | 00,070,656 | ---- | C] (Microsoft Corporation)
kbdvntc.dll -> %SystemRoot%\System32\dllcache\kbdvntc.dll -> [2009/04/20 22:27:54 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdusa.dll -> %SystemRoot%\System32\dllcache\kbdusa.dll -> [2009/04/20 22:27:54 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdurdu.dll -> %SystemRoot%\System32\dllcache\kbdurdu.dll -> [2009/04/20 22:27:54 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdth3.dll -> %SystemRoot%\System32\dllcache\kbdth3.dll -> [2009/04/20 22:27:53 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdth2.dll -> %SystemRoot%\System32\dllcache\kbdth2.dll -> [2009/04/20 22:27:53 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdth1.dll -> %SystemRoot%\System32\dllcache\kbdth1.dll -> [2009/04/20 22:27:53 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdth0.dll -> %SystemRoot%\System32\dllcache\kbdth0.dll -> [2009/04/20 22:27:53 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdsyr2.dll -> %SystemRoot%\System32\dllcache\kbdsyr2.dll -> [2009/04/20 22:27:53 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdnecat.dll -> %SystemRoot%\System32\dllcache\kbdnecat.dll -> [2009/04/20 22:27:52 | 00,009,216 | ---- | C] (Microsoft Corporation)
kbdnecnt.dll -> %SystemRoot%\System32\dllcache\kbdnecnt.dll -> [2009/04/20 22:27:52 | 00,007,680 | ---- | C] (Microsoft Corporation)
kbdnec95.dll -> %SystemRoot%\System32\dllcache\kbdnec95.dll -> [2009/04/20 22:27:52 | 00,007,168 | ---- | C] (Microsoft Corporation)
kbdsyr1.dll -> %SystemRoot%\System32\dllcache\kbdsyr1.dll -> [2009/04/20 22:27:52 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdintel.dll -> %SystemRoot%\System32\dllcache\kbdintel.dll -> [2009/04/20 22:27:52 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdinpun.dll -> %SystemRoot%\System32\dllcache\kbdinpun.dll -> [2009/04/20 22:27:51 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdintam.dll -> %SystemRoot%\System32\dllcache\kbdintam.dll -> [2009/04/20 22:27:51 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdinmar.dll -> %SystemRoot%\System32\dllcache\kbdinmar.dll -> [2009/04/20 22:27:51 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdinkan.dll -> %SystemRoot%\System32\dllcache\kbdinkan.dll -> [2009/04/20 22:27:51 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdinhin.dll -> %SystemRoot%\System32\dllcache\kbdinhin.dll -> [2009/04/20 22:27:51 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdinguj.dll -> %SystemRoot%\System32\dllcache\kbdinguj.dll -> [2009/04/20 22:27:50 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdindev.dll -> %SystemRoot%\System32\dllcache\kbdindev.dll -> [2009/04/20 22:27:50 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdheb.dll -> %SystemRoot%\System32\dllcache\kbdheb.dll -> [2009/04/20 22:27:50 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdfa.dll -> %SystemRoot%\System32\dllcache\kbdfa.dll -> [2009/04/20 22:27:50 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdgeo.dll -> %SystemRoot%\System32\dllcache\kbdgeo.dll -> [2009/04/20 22:27:50 | 00,005,120 | ---- | C] (Microsoft Corporation)
kbddiv2.dll -> %SystemRoot%\System32\dllcache\kbddiv2.dll -> [2009/04/20 22:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbddiv1.dll -> %SystemRoot%\System32\dllcache\kbddiv1.dll -> [2009/04/20 22:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbda3.dll -> %SystemRoot%\System32\dllcache\kbda3.dll -> [2009/04/20 22:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdarmw.dll -> %SystemRoot%\System32\dllcache\kbdarmw.dll -> [2009/04/20 22:27:49 | 00,005,120 | ---- | C] (Microsoft Corporation)
kbdarme.dll -> %SystemRoot%\System32\dllcache\kbdarme.dll -> [2009/04/20 22:27:49 | 00,005,120 | ---- | C] (Microsoft Corporation)
jupiw.dll -> %SystemRoot%\System32\dllcache\jupiw.dll -> [2009/04/20 22:27:48 | 00,018,432 | ---- | C] (Microsoft Corporation)
iwrps.dll -> %SystemRoot%\System32\dllcache\iwrps.dll -> [2009/04/20 22:27:48 | 00,009,216 | ---- | C] (Microsoft Corporation)
kbd101a.dll -> %SystemRoot%\System32\dllcache\kbd101a.dll -> [2009/04/20 22:27:48 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbda2.dll -> %SystemRoot%\System32\dllcache\kbda2.dll -> [2009/04/20 22:27:48 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbda1.dll -> %SystemRoot%\System32\dllcache\kbda1.dll -> [2009/04/20 22:27:48 | 00,005,632 | ---- | C] (Microsoft Corporation)
isapips.dll -> %SystemRoot%\System32\dllcache\isapips.dll -> [2009/04/20 22:27:47 | 00,007,168 | ---- | C] (Microsoft Corporation)
infoctrs.dll -> %SystemRoot%\System32\dllcache\infoctrs.dll -> [2009/04/20 22:27:46 | 00,008,704 | ---- | C] (Microsoft Corporation)
imskdic.dll -> %SystemRoot%\System32\dllcache\imskdic.dll -> [2009/04/20 22:27:45 | 00,471,102 | ---- | C] (Microsoft Corporation)
imskf.dll -> %SystemRoot%\System32\dllcache\imskf.dll -> [2009/04/20 22:27:45 | 00,315,455 | ---- | C] (Microsoft Corporation)
imjputyc.dll -> %SystemRoot%\System32\dllcache\imjputyc.dll -> [2009/04/20 22:27:44 | 00,274,489 | ---- | C] (Microsoft Corporation)
imjputy.exe -> %SystemRoot%\System32\dllcache\imjputy.exe -> [2009/04/20 22:27:44 | 00,262,200 | ---- | C] (Microsoft Corporation)
imjprw.exe -> %SystemRoot%\System32\dllcache\imjprw.exe -> [2009/04/20 22:27:44 | 00,233,527 | ---- | C] (Microsoft Corporation)
imlang.dll -> %SystemRoot%\System32\dllcache\imlang.dll -> [2009/04/20 22:27:44 | 00,102,456 | ---- | C] (Microsoft Corporation)
imkrinst.exe -> %SystemRoot%\System32\dllcache\imkrinst.exe -> [2009/04/20 22:27:44 | 00,059,904 | ---- | C] (Microsoft Corporation)
imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe -> [2009/04/20 22:27:44 | 00,059,392 | ---- | C] ()
imjpuex.exe -> %SystemRoot%\System32\dllcache\imjpuex.exe -> [2009/04/20 22:27:44 | 00,045,109 | ---- | C] (Microsoft Corporation)
imjpcus.dll -> %SystemRoot%\System32\dllcache\imjpcus.dll -> [2009/04/20 22:27:43 | 00,716,856 | ---- | C] (Microsoft Corporation)
imjpdct.exe -> %SystemRoot%\System32\dllcache\imjpdct.exe -> [2009/04/20 22:27:43 | 00,307,257 | ---- | C] (Microsoft Corporation)
imjpmig.exe -> %SystemRoot%\System32\dllcache\imjpmig.exe -> [2009/04/20 22:27:43 | 00,208,952 | ---- | C] (Microsoft Corporation)
imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe -> [2009/04/20 22:27:43 | 00,196,665 | ---- | C] ()
imjpdsvr.exe -> %SystemRoot%\System32\dllcache\imjpdsvr.exe -> [2009/04/20 22:27:43 | 00,155,705 | ---- | C] (Microsoft Corporation)
imjpdct.dll -> %SystemRoot%\System32\dllcache\imjpdct.dll -> [2009/04/20 22:27:43 | 00,081,976 | ---- | C] (Microsoft Corporation)
imjpdadm.exe -> %SystemRoot%\System32\dllcache\imjpdadm.exe -> [2009/04/20 22:27:43 | 00,057,398 | ---- | C] (Microsoft Corporation)
imjp81k.dll -> %SystemRoot%\System32\dllcache\imjp81k.dll -> [2009/04/20 22:27:42 | 00,811,064 | ---- | C] (Microsoft Corporation)
imjpcic.dll -> %SystemRoot%\System32\dllcache\imjpcic.dll -> [2009/04/20 22:27:42 | 00,368,696 | ---- | C] (Microsoft Corporation)
imjp81.ime -> %SystemRoot%\System32\dllcache\imjp81.ime -> [2009/04/20 22:27:42 | 00,340,023 | ---- | C] (Microsoft Corporation)
imepadsv.exe -> %SystemRoot%\System32\dllcache\imepadsv.exe -> [2009/04/20 22:27:42 | 00,311,359 | ---- | C] (Microsoft Corporation)
imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex -> [2009/04/20 22:27:41 | 00,134,339 | ---- | C] ()
imekrcic.dll -> %SystemRoot%\System32\dllcache\imekrcic.dll -> [2009/04/20 22:27:41 | 00,106,496 | ---- | C] (Microsoft Corporation)
imepadsm.dll -> %SystemRoot%\System32\dllcache\imepadsm.dll -> [2009/04/20 22:27:41 | 00,102,463 | ---- | C] (Microsoft Corporation)
imekr61.ime -> %SystemRoot%\System32\dllcache\imekr61.ime -> [2009/04/20 22:27:41 | 00,094,720 | ---- | C] (Microsoft Corporation)
imekrmbx.dll -> %SystemRoot%\System32\dllcache\imekrmbx.dll -> [2009/04/20 22:27:41 | 00,086,016 | ---- | C] (Microsoft Corporation)
imekrmig.exe -> %SystemRoot%\System32\dllcache\imekrmig.exe -> [2009/04/20 22:27:41 | 00,044,032 | ---- | C] (Microsoft Corporation)
iissync.exe -> %SystemRoot%\System32\dllcache\iissync.exe -> [2009/04/20 22:27:41 | 00,006,656 | ---- | C] (Microsoft Corporation)
iisclex4.dll -> %SystemRoot%\System32\dllcache\iisclex4.dll -> [2009/04/20 22:27:40 | 00,060,928 | ---- | C] (Microsoft Corporation)
iiscrmap.dll -> %SystemRoot%\System32\dllcache\iiscrmap.dll -> [2009/04/20 22:27:40 | 00,019,456 | ---- | C] (Microsoft Corporation)
iismui.dll -> %SystemRoot%\System32\dllcache\iismui.dll -> [2009/04/20 22:27:40 | 00,003,584 | ---- | C] (Microsoft Corporation)
hwxkor.dll -> %SystemRoot%\System32\dllcache\hwxkor.dll -> [2009/04/20 22:27:34 | 10,129,408 | ---- | C] (Microsoft Corporation)
hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [2009/04/20 22:27:29 | 13,463,552 | ---- | C] ()
hwxcht.dll -> %SystemRoot%\System32\dllcache\hwxcht.dll -> [2009/04/20 22:27:25 | 10,096,640 | ---- | C] (Microsoft Corporation)
hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex -> [2009/04/20 22:27:23 | 00,108,827 | ---- | C] ()
hanjadic.dll -> %SystemRoot%\System32\dllcache\hanjadic.dll -> [2009/04/20 22:27:23 | 00,036,864 | ---- | C] (Microsoft Corporation)
fxsroute.dll -> %SystemRoot%\System32\dllcache\fxsroute.dll -> [2009/04/20 22:27:21 | 00,031,744 | ---- | C] (Microsoft Corporation)
fxssend.exe -> %SystemRoot%\System32\dllcache\fxssend.exe -> [2009/04/20 22:27:21 | 00,011,264 | ---- | C] (Microsoft Corporation)
fxsclntr.dll -> %SystemRoot%\System32\dllcache\fxsclntr.dll -> [2009/04/20 22:27:19 | 00,132,608 | ---- | C] (Microsoft Corporation)
fxscfgwz.dll -> %SystemRoot%\System32\dllcache\fxscfgwz.dll -> [2009/04/20 22:27:19 | 00,111,104 | ---- | C] (Microsoft Corporation)
ftpctrs2.dll -> %SystemRoot%\System32\dllcache\ftpctrs2.dll -> [2009/04/20 22:27:19 | 00,007,680 | ---- | C] (Microsoft Corporation)
ftlx041e.dll -> %SystemRoot%\System32\dllcache\ftlx041e.dll -> [2009/04/20 22:27:18 | 00,006,144 | ---- | C] (Microsoft Corporation)
EXCH_fcachdll.dll -> %SystemRoot%\System32\dllcache\EXCH_fcachdll.dll -> [2009/04/20 22:27:17 | 00,043,520 | ---- | C] (Microsoft Corporation)
flattemp.exe -> %SystemRoot%\System32\dllcache\flattemp.exe -> [2009/04/20 22:27:17 | 00,014,848 | ---- | C] (Microsoft Corporation)
esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> [2009/04/20 22:27:15 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.)
esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> [2009/04/20 22:27:15 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.)
esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> [2009/04/20 22:27:15 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.)
et4000.sys -> %SystemRoot%\System32\dllcache\et4000.sys -> [2009/04/20 22:27:15 | 00,025,856 | ---- | C] (Microsoft Corporation)
edb500.dll -> %SystemRoot%\System32\dllcache\edb500.dll -> [2009/04/20 22:27:14 | 00,514,587 | ---- | C] (Microsoft Corporation)
dayi.ime -> %SystemRoot%\System32\dllcache\dayi.ime -> [2009/04/20 22:27:09 | 00,078,848 | ---- | C] (Microsoft Corporation)
cprofile.exe -> %SystemRoot%\System32\dllcache\cprofile.exe -> [2009/04/20 22:27:08 | 00,018,944 | ---- | C] (Microsoft Corporation)
cplexe.exe -> %SystemRoot%\System32\dllcache\cplexe.exe -> [2009/04/20 22:27:07 | 00,057,399 | ---- | C] (Microsoft Corporation)
convlog.exe -> %SystemRoot%\System32\dllcache\convlog.exe -> [2009/04/20 22:27:07 | 00,056,320 | ---- | C] (Microsoft Corporation)
controt.dll -> %SystemRoot%\System32\dllcache\controt.dll -> [2009/04/20 22:27:07 | 00,033,792 | ---- | C] (Microsoft Corporation)
counters.dll -> %SystemRoot%\System32\dllcache\counters.dll -> [2009/04/20 22:27:07 | 00,020,480 | ---- | C] (Microsoft Corporation)
cintsetp.exe -> %SystemRoot%\System32\dllcache\cintsetp.exe -> [2009/04/20 22:27:03 | 00,480,256 | ---- | C] (Microsoft Corporation)
cintime.dll -> %SystemRoot%\System32\dllcache\cintime.dll -> [2009/04/20 22:27:03 | 00,198,656 | ---- | C] (Microsoft Corporation)
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [2009/04/20 22:27:03 | 00,173,568 | ---- | C] ()
chtskdic.dll -> %SystemRoot%\System32\dllcache\chtskdic.dll -> [2009/04/20 22:27:03 | 00,056,320 | ---- | C] (Microsoft Corporation)
cintlgnt.ime -> %SystemRoot%\System32\dllcache\cintlgnt.ime -> [2009/04/20 22:27:03 | 00,021,504 | ---- | C] (Microsoft Corporation)
chtbrkr.dll -> %SystemRoot%\System32\dllcache\chtbrkr.dll -> [2009/04/20 22:27:02 | 00,838,144 | ---- | C] (Microsoft Corporation)
chtmbx.dll -> %SystemRoot%\System32\dllcache\chtmbx.dll -> [2009/04/20 22:27:02 | 00,097,792 | ---- | C] (Microsoft Corporation)
chsbrkr.dll -> %SystemRoot%\System32\dllcache\chsbrkr.dll -> [2009/04/20 22:27:01 | 01,677,824 | ---- | C] (Microsoft Corporation)
chgport.exe -> %SystemRoot%\System32\dllcache\chgport.exe -> [2009/04/20 22:27:01 | 00,015,872 | ---- | C] (Microsoft Corporation)
chgusr.exe -> %SystemRoot%\System32\dllcache\chgusr.exe -> [2009/04/20 22:27:01 | 00,014,336 | ---- | C] (Microsoft Corporation)
chglogon.exe -> %SystemRoot%\System32\dllcache\chglogon.exe -> [2009/04/20 22:27:01 | 00,013,312 | ---- | C] (Microsoft Corporation)
change.exe -> %SystemRoot%\System32\dllcache\change.exe -> [2009/04/20 22:27:01 | 00,009,728 | ---- | C] (Microsoft Corporation)
chajei.ime -> %SystemRoot%\System32\dllcache\chajei.ime -> [2009/04/20 22:27:00 | 00,078,336 | ---- | C] (Microsoft Corporation)
cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> [2009/04/20 22:26:59 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH)
c_iscii.dll -> %SystemRoot%\System32\dllcache\c_iscii.dll -> [2009/04/20 22:26:59 | 00,010,752 | ---- | C] (Microsoft Corporation)
c_is2022.dll -> %SystemRoot%\System32\dllcache\c_is2022.dll -> [2009/04/20 22:26:59 | 00,006,656 | ---- | C] (Microsoft Corporation)
browscap.dll -> %SystemRoot%\System32\dllcache\browscap.dll -> [2009/04/20 22:26:58 | 00,045,568 | ---- | C] (Microsoft Corporation)
authfilt.dll -> %SystemRoot%\System32\dllcache\authfilt.dll -> [2009/04/20 22:26:57 | 00,009,216 | ---- | C] (Microsoft Corporation)
EXCH_aqueue.dll -> %SystemRoot%\System32\dllcache\EXCH_aqueue.dll -> [2009/04/20 22:26:56 | 00,312,832 | ---- | C] (Microsoft Corporation)
asptxn.dll -> %SystemRoot%\System32\dllcache\asptxn.dll -> [2009/04/20 22:26:56 | 00,029,184 | ---- | C] (Microsoft Corporation)
aspperf.dll -> %SystemRoot%\System32\dllcache\aspperf.dll -> [2009/04/20 22:26:56 | 00,010,240 | ---- | C] (Microsoft Corporation)
EXCH_aqadmin.dll -> %SystemRoot%\System32\dllcache\EXCH_aqadmin.dll -> [2009/04/20 22:26:55 | 00,045,056 | ---- | C] (Microsoft Corporation)
adrot.dll -> %SystemRoot%\System32\dllcache\adrot.dll -> [2009/04/20 22:26:54 | 00,049,664 | ---- | C] (Microsoft Corporation)
EXCH_adsiisex.dll -> %SystemRoot%\System32\dllcache\EXCH_adsiisex.dll -> [2009/04/20 22:26:54 | 00,005,632 | ---- | C] (Microsoft Corporation)
admxprox.dll -> %SystemRoot%\System32\dllcache\admxprox.dll -> [2009/04/20 22:26:53 | 00,006,144 | ---- | C] (Microsoft Corporation)
wamregps.dll -> %SystemRoot%\System32\dllcache\wamregps.dll -> [2009/04/20 22:26:50 | 00,007,168 | ---- | C] (Microsoft Corporation)
EXCH_smtpsnap.dll -> %SystemRoot%\System32\dllcache\EXCH_smtpsnap.dll -> [2009/04/20 22:26:48 | 02,134,528 | ---- | C] (Microsoft Corporation)
EXCH_smtpadm.dll -> %SystemRoot%\System32\dllcache\EXCH_smtpadm.dll -> [2009/04/20 22:26:47 | 00,175,104 | ---- | C] (Microsoft Corporation)
inetsloc.dll -> %SystemRoot%\System32\dllcache\inetsloc.dll -> [2009/04/20 22:26:41 | 00,019,968 | ---- | C] (Microsoft Corporation)
inetmgr.exe -> %SystemRoot%\System32\dllcache\inetmgr.exe -> [2009/04/20 22:26:41 | 00,007,680 | ---- | C] (Microsoft Corporation)
iisui.dll -> %SystemRoot%\System32\dllcache\iisui.dll -> [2009/04/20 22:26:40 | 00,169,984 | ---- | C] (Microsoft Corporation)
iisreset.exe -> %SystemRoot%\System32\dllcache\iisreset.exe -> [2009/04/20 22:26:40 | 00,014,336 | ---- | C] (Microsoft Corporation)
iisrstap.dll -> %SystemRoot%\System32\dllcache\iisrstap.dll -> [2009/04/20 22:26:40 | 00,005,632 | ---- | C] (Microsoft Corporation)
ftpsapi2.dll -> %SystemRoot%\System32\dllcache\ftpsapi2.dll -> [2009/04/20 22:26:39 | 00,006,144 | ---- | C] (Microsoft Corporation)
certmap.ocx -> %SystemRoot%\System32\dllcache\certmap.ocx -> [2009/04/20 22:26:35 | 00,094,720 | ---- | C] (Microsoft Corporation)
xircom -> %SystemRoot%\System32\xircom -> [2009/04/20 22:26:30 | 00,000,000 | ---D | C]
xerox -> %ProgramFiles%\xerox -> [2009/04/20 22:26:30 | 00,000,000 | ---D | C]
microsoft frontpage -> %ProgramFiles%\microsoft frontpage -> [2009/04/20 22:26:30 | 00,000,000 | ---D | C]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [2009/04/20 22:25:58 | 00,002,626 | ---- | C] ()
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [2009/04/20 22:25:58 | 00,000,000 | RHS- | C] ()
IO.SYS -> %SystemDrive%\IO.SYS -> [2009/04/20 22:25:58 | 00,000,000 | RHS- | C] ()
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [2009/04/20 22:25:58 | 00,000,000 | ---- | C] ()
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [2009/04/20 22:25:58 | 00,000,000 | ---- | C] ()
wmpscheme.xml -> %SystemRoot%\System32\wmpscheme.xml -> [2009/04/20 22:25:55 | 00,025,065 | ---- | C] ()
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [2009/04/20 22:25:55 | 00,023,392 | ---- | C] ()
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [2009/04/20 22:25:55 | 00,016,832 | ---- | C] ()
WMSysPrx.prx -> %SystemRoot%\WMSysPrx.prx -> [2009/04/20 22:25:53 | 00,299,552 | ---- | C] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/04/20 22:25:44 | 00,000,006 | -H-- | C] ()
mapi32.dll -> %SystemRoot%\System32\mapi32.dll -> [2009/04/20 22:25:41 | 00,112,128 | ---- | C] (Microsoft Corporation)
DRM -> %AllUsersProfile%\DRM -> [2009/04/20 22:24:42 | 00,000,000 | -HSD | C]
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [2009/04/20 22:24:28 | 00,000,488 | RH-- | C] ()
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [2009/04/20 22:24:28 | 00,000,488 | RH-- | C] ()
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [2009/04/20 22:24:28 | 00,000,000 | --SD | C]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [2009/04/20 22:24:28 | 00,000,000 | R--D | C]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | C] ()
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | C] ()
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | C] ()
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | C] ()
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | C] ()
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | C] ()
nls302en.lex -> %SystemRoot%\System32\dllcache\nls302en.lex -> [2009/04/20 22:23:58 | 04,399,505 | ---- | C] ()
DirectX -> %SystemRoot%\System32\DirectX -> [2009/04/20 22:23:50 | 00,000,000 | ---D | C]
safrslv.dll -> %SystemRoot%\System32\safrslv.dll -> [2009/04/20 22:23:22 | 00,045,568 | ---- | C] (Microsoft Corporation)
safrcdlg.dll -> %SystemRoot%\System32\safrcdlg.dll -> [2009/04/20 22:23:22 | 00,043,520 | ---- | C] (Microsoft Corporation)
racpldlg.dll -> %SystemRoot%\System32\racpldlg.dll -> [2009/04/20 22:23:22 | 00,043,520 | ---- | C] (Microsoft Corporation)
safrdm.dll -> %SystemRoot%\System32\safrdm.dll -> [2009/04/20 22:23:22 | 00,029,696 | ---- | C] (Microsoft Corporation)
helphost.exe -> %SystemRoot%\System32\dllcache\helphost.exe -> [2009/04/20 22:23:21 | 00,099,840 | ---- | C] (Microsoft Corporation)
notiflag.exe -> %SystemRoot%\System32\dllcache\notiflag.exe -> [2009/04/20 22:23:21 | 00,035,328 | ---- | C] (Microsoft Corporation)
brpinfo.dll -> %SystemRoot%\System32\dllcache\brpinfo.dll -> [2009/04/20 22:23:21 | 00,021,504 | ---- | C] (Microsoft Corporation)
atrace.dll -> %SystemRoot%\System32\dllcache\atrace.dll -> [2009/04/20 22:23:21 | 00,011,264 | ---- | C] (Microsoft Corporation)
atrace.dll -> %SystemRoot%\System32\atrace.dll -> [2009/04/20 22:23:21 | 00,011,264 | ---- | C] (Microsoft Corporation)
hcappres.dll -> %SystemRoot%\System32\dllcache\hcappres.dll -> [2009/04/20 22:23:21 | 00,006,656 | ---- | C] (Microsoft Corporation)
winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [2009/04/20 22:23:18 | 00,048,680 | -HS- | C] ()
winnt.bmp -> %SystemRoot%\winnt.bmp -> [2009/04/20 22:23:18 | 00,048,680 | -HS- | C] ()
srdiag.exe -> %SystemRoot%\System32\dllcache\srdiag.exe -> [2009/04/20 22:23:12 | 00,047,104 | ---- | C] (Microsoft Corporation)
srframe.mmf -> %SystemRoot%\System32\dllcache\srframe.mmf -> [2009/04/20 22:23:12 | 00,000,984 | ---- | C] ()
msg723.acm -> %SystemRoot%\System32\msg723.acm -> [2009/04/20 22:23:11 | 00,118,784 | ---- | C] (Microsoft Corporation)
mnmsrvc.exe -> %SystemRoot%\System32\mnmsrvc.exe -> [2009/04/20 22:23:11 | 00,032,768 | ---- | C] (Microsoft Corporation)
nmevtmsg.dll -> %SystemRoot%\System32\nmevtmsg.dll -> [2009/04/20 22:23:11 | 00,012,288 | ---- | C] (Microsoft Corporation)
nmevtmsg.dll -> %SystemRoot%\System32\dllcache\nmevtmsg.dll -> [2009/04/20 22:23:11 | 00,012,288 | ---- | C] (Microsoft Corporation)
msinfo32.exe -> %SystemRoot%\System32\dllcache\msinfo32.exe -> [2009/04/20 22:23:10 | 00,039,936 | ---- | C] (Microsoft Corporation)
wb32.exe -> %SystemRoot%\System32\dllcache\wb32.exe -> [2009/04/20 22:23:10 | 00,012,288 | ---- | C] (Microsoft Corporation)
cb32.exe -> %SystemRoot%\System32\dllcache\cb32.exe -> [2009/04/20 22:23:10 | 00,012,288 | ---- | C] (Microsoft Corporation)
acctres.dll -> %SystemRoot%\System32\dllcache\acctres.dll -> [2009/04/20 22:23:09 | 00,064,512 | ---- | C] (Microsoft Corporation)
acctres.dll -> %SystemRoot%\System32\acctres.dll -> [2009/04/20 22:23:09 | 00,064,512 | ---- | C] (Microsoft Corporation)
Services -> %CommonProgramFiles%\Services -> [2009/04/20 22:23:09 | 00,000,000 | ---D | C]
inetres.dll -> %SystemRoot%\System32\inetres.dll -> [2009/04/20 22:23:08 | 00,048,128 | ---- | C] (Microsoft Corporation)
desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [2009/04/20 22:23:05 | 00,000,065 | RH-- | C] ()
inetcfg.dll -> %SystemRoot%\System32\inetcfg.dll -> [2009/04/20 22:23:04 | 00,274,432 | ---- | C] (Microsoft Corporation)
isign32.dll -> %SystemRoot%\System32\isign32.dll -> [2009/04/20 22:23:04 | 00,081,920 | ---- | C] (Microsoft Corporation)
icwdial.dll -> %SystemRoot%\System32\icwdial.dll -> [2009/04/20 22:23:04 | 00,073,728 | ---- | C] (Microsoft Corporation)
icwphbk.dll -> %SystemRoot%\System32\icwphbk.dll -> [2009/04/20 22:23:04 | 00,065,536 | ---- | C] (Microsoft Corporation)
icfgnt5.dll -> %SystemRoot%\System32\icfgnt5.dll -> [2009/04/20 22:23:04 | 00,016,384 | ---- | C] (Microsoft Corporation)
icfgnt5.dll -> %SystemRoot%\System32\dllcache\icfgnt5.dll -> [2009/04/20 22:23:04 | 00,016,384 | ---- | C] (Microsoft Corporation)
Tasks -> %SystemRoot%\Tasks -> [2009/04/20 22:23:04 | 00,000,000 | --SD | C]
icwres.dll -> %SystemRoot%\System32\dllcache\icwres.dll -> [2009/04/20 22:23:03 | 00,061,440 | ---- | C] (Microsoft Corporation)
trialoc.dll -> %SystemRoot%\System32\dllcache\trialoc.dll -> [2009/04/20 22:23:03 | 00,040,960 | ---- | C] (Microsoft Corporation)
mssoap1.dll -> %SystemRoot%\System32\dllcache\mssoap1.dll -> [2009/04/20 22:23:02 | 00,235,520 | ---- | C] (Microsoft Corporation)
icwtutor.exe -> %SystemRoot%\System32\dllcache\icwtutor.exe -> [2009/04/20 22:23:02 | 00,073,728 | ---- | C] (Microsoft Corporation)
wisc10.dll -> %SystemRoot%\System32\dllcache\wisc10.dll -> [2009/04/20 22:23:02 | 00,025,088 | ---- | C] (Microsoft Corporation)
mssoapr.dll -> %SystemRoot%\System32\dllcache\mssoapr.dll -> [2009/04/20 22:23:02 | 00,023,552 | ---- | C] (Microsoft Corporation)
isignup.exe -> %SystemRoot%\System32\dllcache\isignup.exe -> [2009/04/20 22:23:02 | 00,016,384 | ---- | C] (Microsoft Corporation)
MSSoap -> %CommonProgramFiles%\MSSoap -> [2009/04/20 22:23:01 | 00,000,000 | ---D | C]
ieinfo5.ocx -> %SystemRoot%\System32\dllcache\ieinfo5.ocx -> [2009/04/20 22:23:00 | 00,093,184 | ---- | C] (Microsoft Corporation)
srchasst -> %SystemRoot%\srchasst -> [2009/04/20 22:22:56 | 00,000,000 | ---D | C]
wmpvis.dll -> %SystemRoot%\System32\dllcache\wmpvis.dll -> [2009/04/20 22:22:55 | 00,520,192 | ---- | C] (Microsoft Corporation)
Macromed -> %SystemRoot%\System32\Macromed -> [2009/04/20 22:22:55 | 00,000,000 | ---D | C]
qmgr.dll -> %SystemRoot%\System32\qmgr.dll -> [2009/04/20 22:22:54 | 00,409,088 | ---- | C] (Microsoft Corporation)
wmmres.dll -> %SystemRoot%\System32\dllcache\wmmres.dll -> [2009/04/20 22:22:54 | 00,319,542 | ---- | C] (Microsoft Corporation)
wmmutil.dll -> %SystemRoot%\System32\dllcache\wmmutil.dll -> [2009/04/20 22:22:54 | 00,163,897 | ---- | C] (Microsoft Corporation)
wmmfilt.dll -> %SystemRoot%\System32\dllcache\wmmfilt.dll -> [2009/04/20 22:22:54 | 00,110,648 | ---- | C] (Microsoft Corporation)
Movie Maker -> %ProgramFiles%\Movie Maker -> [2009/04/20 22:22:53 | 00,000,000 | ---D | C]
srrstr.dll -> %SystemRoot%\System32\srrstr.dll -> [2009/04/20 22:22:48 | 00,239,104 | ---- | C] (Microsoft Corporation)
srsvc.dll -> %SystemRoot%\System32\srsvc.dll -> [2009/04/20 22:22:48 | 00,171,008 | ---- | C] (Microsoft Corporation)
sr.sys -> %SystemRoot%\System32\drivers\sr.sys -> [2009/04/20 22:22:48 | 00,073,472 | ---- | C] (Microsoft Corporation)
srclient.dll -> %SystemRoot%\System32\srclient.dll -> [2009/04/20 22:22:48 | 00,067,584 | ---- | C] (Microsoft Corporation)
Restore -> %SystemRoot%\System32\Restore -> [2009/04/20 22:22:48 | 00,000,000 | ---D | C]
PCHealth -> %SystemRoot%\PCHealth -> [2009/04/20 22:22:48 | 00,000,000 | ---D | C]
msh261.drv -> %SystemRoot%\System32\msh261.drv -> [2009/04/20 22:22:47 | 00,188,416 | ---- | C] (Microsoft Corporation)
ils.dll -> %SystemRoot%\System32\ils.dll -> [2009/04/20 22:22:47 | 00,081,920 | ---- | C] (Microsoft Corporation)
msconf.dll -> %SystemRoot%\System32\msconf.dll -> [2009/04/20 22:22:47 | 00,069,632 | ---- | C] (Microsoft Corporation)
mnmdd.dll -> %SystemRoot%\System32\mnmdd.dll -> [2009/04/20 22:22:47 | 00,034,560 | ---- | C] (Microsoft Corporation)
nmmkcert.dll -> %SystemRoot%\System32\nmmkcert.dll -> [2009/04/20 22:22:47 | 00,028,672 | ---- | C] (Microsoft Corporation)
msoeacct.dll -> %SystemRoot%\System32\msoeacct.dll -> [2009/04/20 22:22:44 | 00,252,928 | ---- | C] (Microsoft Corporation)
msoert2.dll -> %SystemRoot%\System32\msoert2.dll -> [2009/04/20 22:22:44 | 00,105,984 | ---- | C] (Microsoft Corporation)
NetMeeting -> %ProgramFiles%\NetMeeting -> [2009/04/20 22:22:44 | 00,000,000 | ---D | C]
inetcomm.dll -> %SystemRoot%\System32\inetcomm.dll -> [2009/04/20 22:22:43 | 00,691,712 | ---- | C] (Microsoft Corporation)
mstask.dll -> %SystemRoot%\System32\mstask.dll -> [2009/04/20 22:22:42 | 00,274,944 | ---- | C] (Microsoft Corporation)
schedsvc.dll -> %SystemRoot%\System32\schedsvc.dll -> [2009/04/20 22:22:42 | 00,192,512 | ---- | C] (Microsoft Corporation)
mstinit.exe -> %SystemRoot%\System32\mstinit.exe -> [2009/04/20 22:22:42 | 00,012,288 | ---- | C] (Microsoft Corporation)
Outlook Express -> %ProgramFiles%\Outlook Express -> [2009/04/20 22:22:42 | 00,000,000 | ---D | C]
System -> %CommonProgramFiles%\System -> [2009/04/20 22:22:35 | 00,000,000 | ---D | C]
Internet Explorer -> %ProgramFiles%\Internet Explorer -> [2009/04/20 22:22:34 | 00,000,000 | ---D | C]
My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [2009/04/20 22:22:33 | 00,000,000 | R--D | C]
My Music -> %AllUsersProfile%\Documents\My Music -> [2009/04/20 22:22:33 | 00,000,000 | R--D | C]
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [2009/04/20 22:21:58 | 00,021,640 | ---- | C] ()
ComPlus Applications -> %ProgramFiles%\ComPlus Applications -> [2009/04/20 22:21:44 | 00,000,000 | ---D | C]
Registration -> %SystemRoot%\Registration -> [2009/04/20 22:21:36 | 00,000,000 | ---D | C]
WindowsUpdate -> %ProgramFiles%\WindowsUpdate -> [2009/04/20 22:21:26 | 00,000,000 | -H-D | C]
Windows Media Player -> %ProgramFiles%\Windows Media Player -> [2009/04/20 22:21:26 | 00,000,000 | ---D | C]
Online Services -> %ProgramFiles%\Online Services -> [2009/04/20 22:21:26 | 00,000,000 | ---D | C]
Messenger -> %ProgramFiles%\Messenger -> [2009/04/20 22:21:17 | 00,000,000 | ---D | C]
bckgres.dll -> %SystemRoot%\System32\dllcache\bckgres.dll -> [2009/04/20 22:21:15 | 01,817,687 | ---- | C] (Microsoft Corporation)
rvseres.dll -> %SystemRoot%\System32\dllcache\rvseres.dll -> [2009/04/20 22:21:15 | 00,753,236 | ---- | C] (Microsoft Corporation)
bckg.dll -> %SystemRoot%\System32\dllcache\bckg.dll -> [2009/04/20 22:21:15 | 00,082,501 | ---- | C] (Microsoft Corporation)
rvse.dll -> %SystemRoot%\System32\dllcache\rvse.dll -> [2009/04/20 22:21:15 | 00,048,706 | ---- | C] (Microsoft Corporation)
bckgzm.exe -> %SystemRoot%\System32\dllcache\bckgzm.exe -> [2009/04/20 22:21:15 | 00,042,577 | ---- | C] (Microsoft Corporation)
rvsezm.exe -> %SystemRoot%\System32\dllcache\rvsezm.exe -> [2009/04/20 22:21:15 | 00,042,574 | ---- | C] (Microsoft Corporation)
shvlres.dll -> %SystemRoot%\System32\dllcache\shvlres.dll -> [2009/04/20 22:21:14 | 02,178,131 | ---- | C] (Microsoft Corporation)
hrtzres.dll -> %SystemRoot%\System32\dllcache\hrtzres.dll -> [2009/04/20 22:21:14 | 01,175,635 | ---- | C] (Microsoft Corporation)
chkrres.dll -> %SystemRoot%\System32\dllcache\chkrres.dll -> [2009/04/20 22:21:14 | 00,780,885 | ---- | C] (Microsoft Corporation)
shvl.dll -> %SystemRoot%\System32\dllcache\shvl.dll -> [2009/04/20 22:21:14 | 00,066,113 | ---- | C] (Microsoft Corporation)
hrtz.dll -> %SystemRoot%\System32\dllcache\hrtz.dll -> [2009/04/20 22:21:14 | 00,057,409 | ---- | C] (Microsoft Corporation)
chkrzm.exe -> %SystemRoot%\System32\dllcache\chkrzm.exe -> [2009/04/20 22:21:14 | 00,042,575 | ---- | C] (Microsoft Corporation)
shvlzm.exe -> %SystemRoot%\System32\dllcache\shvlzm.exe -> [2009/04/20 22:21:14 | 00,042,573 | ---- | C] (Microsoft Corporation)
hrtzzm.exe -> %SystemRoot%\System32\dllcache\hrtzzm.exe -> [2009/04/20 22:21:14 | 00,042,573 | ---- | C] (Microsoft Corporation)
chkr.dll -> %SystemRoot%\System32\dllcache\chkr.dll -> [2009/04/20 22:21:14 | 00,040,515 | ---- | C] (Microsoft Corporation)
zeeverm.dll -> %SystemRoot%\System32\dllcache\zeeverm.dll -> [2009/04/20 22:21:14 | 00,004,677 | ---- | C] (Microsoft Corporation)
cmnresm.dll -> %SystemRoot%\System32\dllcache\cmnresm.dll -> [2009/04/20 22:21:13 | 01,039,955 | ---- | C] (Microsoft Corporation)
cmnclim.dll -> %SystemRoot%\System32\dllcache\cmnclim.dll -> [2009/04/20 22:21:13 | 00,217,160 | ---- | C] (Microsoft Corporation)
zoneclim.dll -> %SystemRoot%\System32\dllcache\zoneclim.dll -> [2009/04/20 22:21:13 | 00,113,222 | ---- | C] (Microsoft Corporation)
zcorem.dll -> %SystemRoot%\System32\dllcache\zcorem.dll -> [2009/04/20 22:21:13 | 00,041,029 | ---- | C] (Microsoft Corporation)
uniansi.dll -> %SystemRoot%\System32\dllcache\uniansi.dll -> [2009/04/20 22:21:13 | 00,032,339 | ---- | C] (Microsoft Corporation)
zonelibm.dll -> %SystemRoot%\System32\dllcache\zonelibm.dll -> [2009/04/20 22:21:13 | 00,013,894 | ---- | C] (Microsoft Corporation)
zclientm.exe -> %SystemRoot%\System32\dllcache\zclientm.exe -> [2009/04/20 22:21:12 | 00,036,937 | ---- | C] (Microsoft Corporation)
znetm.dll -> %SystemRoot%\System32\dllcache\znetm.dll -> [2009/04/20 22:21:12 | 00,029,760 | ---- | C] (Microsoft Corporation)
write.exe -> %SystemRoot%\System32\write.exe -> [2009/04/20 22:21:12 | 00,005,632 | ---- | C] (Microsoft Corporation)
write.exe -> %SystemRoot%\System32\dllcache\write.exe -> [2009/04/20 22:21:12 | 00,005,632 | ---- | C] (Microsoft Corporation)
MSN Gaming Zone -> %ProgramFiles%\MSN Gaming Zone -> [2009/04/20 22:21:12 | 00,000,000 | ---D | C]
accwiz.exe -> %SystemRoot%\System32\accwiz.exe -> [2009/04/20 22:21:04 | 00,184,320 | ---- | C] (Microsoft Corporation)
sndvol32.exe -> %SystemRoot%\System32\sndvol32.exe -> [2009/04/20 22:21:04 | 00,138,752 | ---- | C] (Microsoft Corporation)
sndvol32.exe -> %SystemRoot%\System32\dllcache\sndvol32.exe -> [2009/04/20 22:21:04 | 00,138,752 | ---- | C] (Microsoft Corporation)
sndrec32.exe -> %SystemRoot%\System32\sndrec32.exe -> [2009/04/20 22:21:04 | 00,131,584 | ---- | C] (Microsoft Corporation)
access.cpl -> %SystemRoot%\System32\access.cpl -> [2009/04/20 22:21:04 | 00,068,608 | ---- | C] (Microsoft Corporation)
avtapi.dll -> %SystemRoot%\System32\dllcache\avtapi.dll -> [2009/04/20 22:21:03 | 00,227,840 | ---- | C] (Microsoft Corporation)
avtapi.dll -> %SystemRoot%\System32\avtapi.dll -> [2009/04/20 22:21:03 | 00,227,840 | ---- | C] (Microsoft Corporation)
avwav.dll -> %SystemRoot%\System32\dllcache\avwav.dll -> [2009/04/20 22:21:03 | 00,073,216 | ---- | C] (Microsoft Corporation)
avwav.dll -> %SystemRoot%\System32\avwav.dll -> [2009/04/20 22:21:03 | 00,073,216 | ---- | C] (Microsoft Corporation)
avmeter.dll -> %SystemRoot%\System32\dllcache\avmeter.dll -> [2009/04/20 22:21:03 | 00,016,384 | ---- | C] (Microsoft Corporation)
avmeter.dll -> %SystemRoot%\System32\avmeter.dll -> [2009/04/20 22:21:03 | 00,016,384 | ---- | C] (Microsoft Corporation)
winchat.exe -> %SystemRoot%\System32\winchat.exe -> [2009/04/20 22:21:02 | 00,035,328 | ---- | C] (Microsoft Corporation)
winchat.exe -> %SystemRoot%\System32\dllcache\winchat.exe -> [2009/04/20 22:21:02 | 00,035,328 | ---- | C] (Microsoft Corporation)
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [2009/04/20 22:20:58 | 00,009,522 | ---- | C] ()
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [2009/04/20 22:20:57 | 00,065,978 | ---- | C] ()
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [2009/04/20 22:20:57 | 00,065,954 | ---- | C] ()
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [2009/04/20 22:20:57 | 00,065,832 | ---- | C] ()
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [2009/04/20 22:20:57 | 00,026,680 | ---- | C] ()
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [2009/04/20 22:20:57 | 00,026,582 | ---- | C] ()
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [2009/04/20 22:20:57 | 00,017,362 | ---- | C] ()
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [2009/04/20 22:20:57 | 00,017,336 | ---- | C] ()
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [2009/04/20 22:20:57 | 00,017,062 | ---- | C] ()
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [2009/04/20 22:20:57 | 00,016,730 | ---- | C] ()
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [2009/04/20 22:20:57 | 00,001,272 | ---- | C] ()
getuname.dll -> %SystemRoot%\System32\getuname.dll -> [2009/04/20 22:20:56 | 00,605,696 | ---- | C] (Microsoft Corporation)
getuname.dll -> %SystemRoot%\System32\dllcache\getuname.dll -> [2009/04/20 22:20:56 | 00,605,696 | ---- | C] (Microsoft Corporation)
subrange.uce -> %SystemRoot%\System32\subrange.uce -> [2009/04/20 22:20:56 | 00,093,702 | ---- | C] ()
ideograf.uce -> %SystemRoot%\System32\ideograf.uce -> [2009/04/20 22:20:56 | 00,060,458 | ---- | C] ()
gb2312.uce -> %SystemRoot%\System32\gb2312.uce -> [2009/04/20 22:20:56 | 00,024,006 | ---- | C] ()
shiftjis.uce -> %SystemRoot%\System32\shiftjis.uce -> [2009/04/20 22:20:56 | 00,016,740 | ---- | C] ()
korean.uce -> %SystemRoot%\System32\korean.uce -> [2009/04/20 22:20:56 | 00,012,876 | ---- | C] ()
kanji_2.uce -> %SystemRoot%\System32\kanji_2.uce -> [2009/04/20 22:20:56 | 00,008,484 | ---- | C] ()
kanji_1.uce -> %SystemRoot%\System32\kanji_1.uce -> [2009/04/20 22:20:56 | 00,006,948 | ---- | C] ()
winmine.exe -> %SystemRoot%\System32\winmine.exe -> [2009/04/20 22:20:55 | 00,119,808 | ---- | C] (Microsoft Corporation)
winmine.exe -> %SystemRoot%\System32\dllcache\winmine.exe -> [2009/04/20 22:20:55 | 00,119,808 | ---- | C] (Microsoft Corporation)
calc.exe -> %SystemRoot%\System32\dllcache\calc.exe -> [2009/04/20 22:20:55 | 00,114,688 | ---- | C] (Microsoft Corporation)
calc.exe -> %SystemRoot%\System32\calc.exe -> [2009/04/20 22:20:55 | 00,114,688 | ---- | C] (Microsoft Corporation)
charmap.exe -> %SystemRoot%\System32\dllcache\charmap.exe -> [2009/04/20 22:20:55 | 00,080,384 | ---- | C] (Microsoft Corporation)
charmap.exe -> %SystemRoot%\System32\charmap.exe -> [2009/04/20 22:20:55 | 00,080,384 | ---- | C] (Microsoft Corporation)
sol.exe -> %SystemRoot%\System32\sol.exe -> [2009/04/20 22:20:55 | 00,056,832 | ---- | C] (Microsoft Corporation)
sol.exe -> %SystemRoot%\System32\dllcache\sol.exe -> [2009/04/20 22:20:55 | 00,056,832 | ---- | C] (Microsoft Corporation)
bopomofo.uce -> %SystemRoot%\System32\bopomofo.uce -> [2009/04/20 22:20:55 | 00,022,984 | ---- | C] ()
mshearts.exe -> %SystemRoot%\System32\mshearts.exe -> [2009/04/20 22:20:54 | 00,126,976 | ---- | C] (Microsoft Corporation)
mshearts.exe -> %SystemRoot%\System32\dllcache\mshearts.exe -> [2009/04/20 22:20:54 | 00,126,976 | ---- | C] (Microsoft Corporation)
rdshost.exe -> %SystemRoot%\System32\rdshost.exe -> [2009/04/20 22:20:54 | 00,067,072 | ---- | C] (Microsoft Corporation)
freecell.exe -> %SystemRoot%\System32\freecell.exe -> [2009/04/20 22:20:54 | 00,055,296 | ---- | C] (Microsoft Corporation)
freecell.exe -> %SystemRoot%\System32\dllcache\freecell.exe -> [2009/04/20 22:20:54 | 00,055,296 | ---- | C] (Microsoft Corporation)
tdtcp.sys -> %SystemRoot%\System32\drivers\tdtcp.sys -> [2009/04/20 22:20:54 | 00,021,896 | ---- | C] (Microsoft Corporation)
tdpipe.sys -> %SystemRoot%\System32\drivers\tdpipe.sys -> [2009/04/20 22:20:54 | 00,012,040 | ---- | C] (Microsoft Corporation)
reset.exe -> %SystemRoot%\System32\reset.exe -> [2009/04/20 22:20:54 | 00,009,728 | ---- | C] (Microsoft Corporation)
reset.exe -> %SystemRoot%\System32\dllcache\reset.exe -> [2009/04/20 22:20:54 | 00,009,728 | ---- | C] (Microsoft Corporation)
usrlogon.cmd -> %SystemRoot%\System32\usrlogon.cmd -> [2009/04/20 22:20:54 | 00,001,161 | ---- | C] ()
regini.exe -> %SystemRoot%\System32\regini.exe -> [2009/04/20 22:20:53 | 00,033,792 | ---- | C] (Microsoft Corporation)
regini.exe -> %SystemRoot%\System32\dllcache\regini.exe -> [2009/04/20 22:20:53 | 00,033,792 | ---- | C] (Microsoft Corporation)
qwinsta.exe -> %SystemRoot%\System32\qwinsta.exe -> [2009/04/20 22:20:53 | 00,022,016 | ---- | C] (Microsoft Corporation)
qwinsta.exe -> %SystemRoot%\System32\dllcache\qwinsta.exe -> [2009/04/20 22:20:53 | 00,022,016 | ---- | C] (Microsoft Corporation)
msg.exe -> %SystemRoot%\System32\msg.exe -> [2009/04/20 22:20:53 | 00,020,992 | ---- | C] (Microsoft Corporation)
msg.exe -> %SystemRoot%\System32\dllcache\msg.exe -> [2009/04/20 22:20:53 | 00,020,992 | ---- | C] (Microsoft Corporation)
qprocess.exe -> %SystemRoot%\System32\qprocess.exe -> [2009/04/20 22:20:53 | 00,019,968 | ---- | C] (Microsoft Corporation)
tsshutdn.exe -> %SystemRoot%\System32\tsshutdn.exe -> [2009/04/20 22:20:53 | 00,016,896 | ---- | C] (Microsoft Corporation)
tsshutdn.exe -> %SystemRoot%\System32\dllcache\tsshutdn.exe -> [2009/04/20 22:20:53 | 00,016,896 | ---- | C] (Microsoft Corporation)
qappsrv.exe -> %SystemRoot%\System32\qappsrv.exe -> [2009/04/20 22:20:53 | 00,016,896 | ---- | C] (Microsoft Corporation)
qappsrv.exe -> %SystemRoot%\System32\dllcache\qappsrv.exe -> [2009/04/20 22:20:53 | 00,016,896 | ---- | C] (Microsoft Corporation)
tskill.exe -> %SystemRoot%\System32\tskill.exe -> [2009/04/20 22:20:53 | 00,016,384 | ---- | C] (Microsoft Corporation)
tskill.exe -> %SystemRoot%\System32\dllcache\tskill.exe -> [2009/04/20 22:20:53 | 00,016,384 | ---- | C] (Microsoft Corporation)
rwinsta.exe -> %SystemRoot%\System32\rwinsta.exe -> [2009/04/20 22:20:53 | 00,015,872 | ---- | C] (Microsoft Corporation)
rwinsta.exe -> %SystemRoot%\System32\dllcache\rwinsta.exe -> [2009/04/20 22:20:53 | 00,015,872 | ---- | C] (Microsoft Corporation)
logoff.exe -> %SystemRoot%\System32\logoff.exe -> [2009/04/20 22:20:53 | 00,015,360 | ---- | C] (Microsoft Corporation)
logoff.exe -> %SystemRoot%\System32\dllcache\logoff.exe -> [2009/04/20 22:20:53 | 00,015,360 | ---- | C] (Microsoft Corporation)
tsdiscon.exe -> %SystemRoot%\System32\tsdiscon.exe -> [2009/04/20 22:20:53 | 00,014,848 | ---- | C] (Microsoft Corporation)
tsdiscon.exe -> %SystemRoot%\System32\dllcache\tsdiscon.exe -> [2009/04/20 22:20:53 | 00,014,848 | ---- | C] (Microsoft Corporation)
tscon.exe -> %SystemRoot%\System32\tscon.exe -> [2009/04/20 22:20:53 | 00,014,848 | ---- | C] (Microsoft Corporation)
tscon.exe -> %SystemRoot%\System32\dllcache\tscon.exe -> [2009/04/20 22:20:53 | 00,014,848 | ---- | C] (Microsoft Corporation)
shadow.exe -> %SystemRoot%\System32\shadow.exe -> [2009/04/20 22:20:53 | 00,014,848 | ---- | C] (Microsoft Corporation)
shadow.exe -> %SystemRoot%\System32\dllcache\shadow.exe -> [2009/04/20 22:20:53 | 00,014,848 | ---- | C] (Microsoft Corporation)
rdpcfgex.dll -> %SystemRoot%\System32\rdpcfgex.dll -> [2009/04/20 22:20:53 | 00,004,096 | ---- | C] (Microsoft Corporation)
rdpcfgex.dll -> %SystemRoot%\System32\dllcache\rdpcfgex.dll -> [2009/04/20 22:20:53 | 00,004,096 | ---- | C] (Microsoft Corporation)
tslabels.h -> %SystemRoot%\System32\tslabels.h -> [2009/04/20 22:20:53 | 00,003,286 | ---- | C] ()
msdtctm.dll -> %SystemRoot%\System32\msdtctm.dll -> [2009/04/20 22:20:52 | 00,956,928 | ---- | C] (Microsoft Corporation)
msdtcuiu.dll -> %SystemRoot%\System32\msdtcuiu.dll -> [2009/04/20 22:20:52 | 00,161,792 | ---- | C] (Microsoft Corporation)
mtxoci.dll -> %SystemRoot%\System32\mtxoci.dll -> [2009/04/20 22:20:52 | 00,091,648 | ---- | C] (Microsoft Corporation)
cdmodem.dll -> %SystemRoot%\System32\dllcache\cdmodem.dll -> [2009/04/20 22:20:52 | 00,015,872 | ---- | C] (Microsoft Corporation)
cdmodem.dll -> %SystemRoot%\System32\cdmodem.dll -> [2009/04/20 22:20:52 | 00,015,872 | ---- | C] (Microsoft Corporation)
xolehlp.dll -> %SystemRoot%\System32\xolehlp.dll -> [2009/04/20 22:20:52 | 00,011,776 | ---- | C] (Microsoft Corporation)
msdtcprf.h -> %SystemRoot%\System32\msdtcprf.h -> [2009/04/20 22:20:52 | 00,000,768 | ---- | C] ()
msdtclog.dll -> %SystemRoot%\System32\msdtclog.dll -> [2009/04/20 22:20:51 | 00,058,880 | ---- | C] (Microsoft Corporation)
mtsadmin.tlb -> %SystemRoot%\System32\dllcache\mtsadmin.tlb -> [2009/04/20 22:20:51 | 00,019,456 | ---- | C] (Microsoft Corporation)
msdtc.exe -> %SystemRoot%\System32\msdtc.exe -> [2009/04/20 22:20:51 | 00,006,144 | ---- | C] (Microsoft Corporation)
comrepl.dll -> %SystemRoot%\System32\comrepl.dll -> [2009/04/20 22:20:50 | 00,097,792 | ---- | C] (Microsoft Corporation)
colbact.dll -> %SystemRoot%\System32\colbact.dll -> [2009/04/20 22:20:50 | 00,060,416 | ---- | C] (Microsoft Corporation)
stclient.dll -> %SystemRoot%\System32\stclient.dll -> [2009/04/20 22:20:50 | 00,059,392 | ---- | C] (Microsoft Corporation)
mtxlegih.dll -> %SystemRoot%\System32\mtxlegih.dll -> [2009/04/20 22:20:50 | 00,034,304 | ---- | C] (Microsoft Corporation)
mtxdm.dll -> %SystemRoot%\System32\mtxdm.dll -> [2009/04/20 22:20:50 | 00,030,720 | ---- | C] (Microsoft Corporation)
comaddin.dll -> %SystemRoot%\System32\comaddin.dll -> [2009/04/20 22:20:50 | 00,028,160 | ---- | C] (Microsoft Corporation)
dcomcnfg.exe -> %SystemRoot%\System32\dcomcnfg.exe -> [2009/04/20 22:20:50 | 00,006,144 | ---- | C] (Microsoft Corporation)
mtxex.dll -> %SystemRoot%\System32\mtxex.dll -> [2009/04/20 22:20:50 | 00,004,096 | ---- | C] (Microsoft Corporation)
comuid.dll -> %SystemRoot%\System32\comuid.dll -> [2009/04/20 22:20:49 | 00,539,648 | ---- | C] (Microsoft Corporation)
clbcatq.dll -> %SystemRoot%\System32\clbcatq.dll -> [2009/04/20 22:20:49 | 00,498,688 | ---- | C] (Microsoft Corporation)
catsrv.dll -> %SystemRoot%\System32\catsrv.dll -> [2009/04/20 22:20:49 | 00,226,304 | ---- | C] (Microsoft Corporation)
comsnap.dll -> %SystemRoot%\System32\comsnap.dll -> [2009/04/20 22:20:49 | 00,167,424 | ---- | C] (Microsoft Corporation)
clbcatex.dll -> %SystemRoot%\System32\clbcatex.dll -> [2009/04/20 22:20:49 | 00,110,592 | ---- | C] (Microsoft Corporation)
catsrvps.dll -> %SystemRoot%\System32\catsrvps.dll -> [2009/04/20 22:20:49 | 00,085,504 | ---- | C] (Microsoft Corporation)
wmi2xml.dll -> %SystemRoot%\System32\dllcache\wmi2xml.dll -> [2009/04/20 22:20:48 | 00,045,568 | ---- | C] (Microsoft Corporation)
wmipicmp.dll -> %SystemRoot%\System32\dllcache\wmipicmp.dll -> [2009/04/20 22:20:44 | 00,075,264 | ---- | C] (Microsoft Corporation)
wmimsg.dll -> %SystemRoot%\System32\dllcache\wmimsg.dll -> [2009/04/20 22:20:44 | 00,061,440 | ---- | C] (Microsoft Corporation)
wmitimep.dll -> %SystemRoot%\System32\dllcache\wmitimep.dll -> [2009/04/20 22:20:44 | 00,052,224 | ---- | C] (Microsoft Corporation)
winmgmtr.dll -> %SystemRoot%\System32\dllcache\winmgmtr.dll -> [2009/04/20 22:20:44 | 00,016,384 | ---- | C] (Microsoft Corporation)
winmgmt.exe -> %SystemRoot%\System32\dllcache\winmgmt.exe -> [2009/04/20 22:20:44 | 00,013,312 | ---- | C] (Microsoft Corporation)
updprov.dll -> %SystemRoot%\System32\dllcache\updprov.dll -> [2009/04/20 22:20:43 | 00,116,224 | ---- | C] (Microsoft Corporation)
tmplprov.dll -> %SystemRoot%\System32\dllcache\tmplprov.dll -> [2009/04/20 22:20:43 | 00,061,952 | ---- | C] (Microsoft Corporation)
wbemdisp.tlb -> %SystemRoot%\System32\dllcache\wbemdisp.tlb -> [2009/04/20 22:20:43 | 00,059,904 | ---- | C] (Microsoft Corporation)
trnsprov.dll -> %SystemRoot%\System32\dllcache\trnsprov.dll -> [2009/04/20 22:20:43 | 00,059,904 | ---- | C] (Microsoft Corporation)
wbemads.tlb -> %SystemRoot%\System32\dllcache\wbemads.tlb -> [2009/04/20 22:20:43 | 00,031,232 | ---- | C] (Microsoft Corporation)
unsecapp.exe -> %SystemRoot%\System32\dllcache\unsecapp.exe -> [2009/04/20 22:20:43 | 00,016,896 | ---- | C] (Microsoft Corporation)
wbemads.dll -> %SystemRoot%\System32\dllcache\wbemads.dll -> [2009/04/20 22:20:43 | 00,012,288 | ---- | C] (Microsoft Corporation)
msiprov.dll -> %SystemRoot%\System32\dllcache\msiprov.dll -> [2009/04/20 22:20:42 | 00,273,920 | ---- | C] (Microsoft Corporation)
smtpcons.dll -> %SystemRoot%\System32\dllcache\smtpcons.dll -> [2009/04/20 22:20:42 | 00,040,960 | ---- | C] (Microsoft Corporation)
dsprov.dll -> %SystemRoot%\System32\dllcache\dsprov.dll -> [2009/04/20 22:20:41 | 00,120,320 | ---- | C] (Microsoft Corporation)
wmimgmt.msc -> %SystemRoot%\System32\wmimgmt.msc -> [2009/04/20 22:20:41 | 00,063,488 | ---- | C] ()
servdeps.dll -> %SystemRoot%\System32\servdeps.dll -> [2009/04/20 22:20:41 | 00,056,320 | ---- | C] (Microsoft Corporation)
fwdprov.dll -> %SystemRoot%\System32\dllcache\fwdprov.dll -> [2009/04/20 22:20:41 | 00,053,248 | ---- | C] (Microsoft Corporation)
mmfutil.dll -> %SystemRoot%\System32\mmfutil.dll -> [2009/04/20 22:20:41 | 00,017,408 | ---- | C] (Microsoft Corporation)
cmprops.dll -> %SystemRoot%\System32\cmprops.dll -> [2009/04/20 22:20:40 | 00,185,344 | ---- | C] (Microsoft Corporation)
mspaint.exe -> %SystemRoot%\System32\mspaint.exe -> [2009/04/20 22:20:34 | 00,343,040 | ---- | C] (Microsoft Corporation)
mplay32.exe -> %SystemRoot%\System32\mplay32.exe -> [2009/04/20 22:20:34 | 00,123,392 | ---- | C] (Microsoft Corporation)
Windows NT -> %ProgramFiles%\Windows NT -> [2009/04/20 22:20:34 | 00,000,000 | ---D | C]
MSN -> %ProgramFiles%\MSN -> [2009/04/20 22:20:34 | 00,000,000 | ---D | C]
wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2009/04/20 22:20:33 | 01,809,944 | ---- | C] (Microsoft Corporation)
wuaueng.dll -> %SystemRoot%\System32\dllcache\wuaueng.dll -> [2009/04/20 22:20:33 | 01,809,944 | ---- | C] (Microsoft Corporation)
spider.exe -> %SystemRoot%\System32\spider.exe -> [2009/04/20 22:20:33 | 00,538,624 | ---- | C] (Microsoft Corporation)
clipbrd.exe -> %SystemRoot%\System32\clipbrd.exe -> [2009/04/20 22:20:33 | 00,102,912 | ---- | C] (Microsoft Corporation)
wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2009/04/20 22:20:33 | 00,051,224 | ---- | C] (Microsoft Corporation)
wuauclt.exe -> %SystemRoot%\System32\dllcache\wuauclt.exe -> [2009/04/20 22:20:33 | 00,051,224 | ---- | C] (Microsoft Corporation)
wuauserv.dll -> %SystemRoot%\System32\wuauserv.dll -> [2009/04/20 22:20:33 | 00,006,656 | ---- | C] (Microsoft Corporation)
mstscax.dll -> %SystemRoot%\System32\mstscax.dll -> [2009/04/20 22:20:32 | 02,061,824 | ---- | C] (Microsoft Corporation)
mstsc.exe -> %SystemRoot%\System32\mstsc.exe -> [2009/04/20 22:20:32 | 00,677,888 | ---- | C] (Microsoft Corporation)
rdpwd.sys -> %SystemRoot%\System32\drivers\rdpwd.sys -> [2009/04/20 22:20:32 | 00,139,656 | ---- | C] (Microsoft Corporation)
tscfgwmi.dll -> %SystemRoot%\System32\tscfgwmi.dll -> [2009/04/20 22:20:32 | 00,093,696 | ---- | C] (Microsoft Corporation)
remotepg.dll -> %SystemRoot%\System32\remotepg.dll -> [2009/04/20 22:20:32 | 00,060,416 | ---- | C] (Microsoft Corporation)
rdsaddin.exe -> %SystemRoot%\System32\rdsaddin.exe -> [2009/04/20 22:20:32 | 00,013,824 | ---- | C] (Microsoft Corporation)
termsrv.dll -> %SystemRoot%\System32\termsrv.dll -> [2009/04/20 22:20:31 | 00,295,424 | ---- | C] (Microsoft Corporation)
rdchost.dll -> %SystemRoot%\System32\rdchost.dll -> [2009/04/20 22:20:31 | 00,147,968 | ---- | C] (Microsoft Corporation)
sessmgr.exe -> %SystemRoot%\System32\sessmgr.exe -> [2009/04/20 22:20:31 | 00,141,312 | ---- | C] (Microsoft Corporation)
rdpwsx.dll -> %SystemRoot%\System32\rdpwsx.dll -> [2009/04/20 22:20:31 | 00,087,176 | ---- | C] (Microsoft Corporation)
rdpclip.exe -> %SystemRoot%\System32\rdpclip.exe -> [2009/04/20 22:20:31 | 00,062,976 | ---- | C] (Microsoft Corporation)
tscupgrd.exe -> %SystemRoot%\System32\tscupgrd.exe -> [2009/04/20 22:20:31 | 00,044,544 | ---- | C] (Microsoft Corporation)
rdpsnd.dll -> %SystemRoot%\System32\rdpsnd.dll -> [2009/04/20 22:20:31 | 00,019,968 | ---- | C] (Microsoft Corporation)
icaapi.dll -> %SystemRoot%\System32\icaapi.dll -> [2009/04/20 22:20:31 | 00,011,264 | ---- | C] (Microsoft Corporation)
catsrvut.dll -> %SystemRoot%\System32\catsrvut.dll -> [2009/04/20 22:20:30 | 00,625,664 | ---- | C] (Microsoft Corporation)
msdtcprx.dll -> %SystemRoot%\System32\msdtcprx.dll -> [2009/04/20 22:20:30 | 00,428,032 | ---- | C] (Microsoft Corporation)
cfgbkend.dll -> %SystemRoot%\System32\cfgbkend.dll -> [2009/04/20 22:20:30 | 00,038,912 | ---- | C] (Microsoft Corporation)
MsDtc -> %SystemRoot%\System32\MsDtc -> [2009/04/20 22:20:30 | 00,000,000 | ---D | C]
Com -> %SystemRoot%\System32\Com -> [2009/04/20 22:20:30 | 00,000,000 | ---D | C]
comsvcs.dll -> %SystemRoot%\System32\comsvcs.dll -> [2009/04/20 22:20:29 | 01,267,200 | ---- | C] (Microsoft Corporation)
licwmi.dll -> %SystemRoot%\System32\licwmi.dll -> [2009/04/20 22:20:26 | 00,058,880 | ---- | C] (Microsoft Corporation)
rdpdr.sys -> %SystemRoot%\System32\drivers\rdpdr.sys -> [2009/04/20 22:20:24 | 00,196,224 | ---- | C] (Microsoft Corporation)
termdd.sys -> %SystemRoot%\System32\drivers\termdd.sys -> [2009/04/20 22:20:24 | 00,040,840 | ---- | C] (Microsoft Corporation)
My Videos -> %AllUsersProfile%\Documents\My Videos -> [2009/04/20 22:20:22 | 00,000,000 | R--D | C]
aec.sys -> %SystemRoot%\System32\drivers\aec.sys -> [2009/04/20 15:14:58 | 00,142,592 | ---- | C] (Microsoft Corporation)
swmidi.sys -> %SystemRoot%\System32\drivers\swmidi.sys -> [2009/04/20 15:14:57 | 00,056,576 | ---- | C] (Microsoft Corporation)
dmusic.sys -> %SystemRoot%\System32\drivers\dmusic.sys -> [2009/04/20 15:14:55 | 00,052,864 | ---- | C] (Microsoft Corporation)
mskssrv.sys -> %SystemRoot%\System32\drivers\mskssrv.sys -> [2009/04/20 15:14:53 | 00,007,552 | ---- | C] (Microsoft Corporation)
mspclock.sys -> %SystemRoot%\System32\drivers\mspclock.sys -> [2009/04/20 15:14:52 | 00,005,376 | ---- | C] (Microsoft Corporation)
drmkaud.sys -> %SystemRoot%\System32\drivers\drmkaud.sys -> [2009/04/20 15:14:50 | 00,002,944 | ---- | C] (Microsoft Corporation)
mspqm.sys -> %SystemRoot%\System32\drivers\mspqm.sys -> [2009/04/20 15:14:49 | 00,004,992 | ---- | C] (Microsoft Corporation)
sysaudio.sys -> %SystemRoot%\System32\drivers\sysaudio.sys -> [2009/04/20 15:14:47 | 00,060,800 | ---- | C] (Microsoft Corporation)
wdmaud.sys -> %SystemRoot%\System32\drivers\wdmaud.sys -> [2009/04/20 15:14:45 | 00,083,072 | ---- | C] (Microsoft Corporation)
kmixer.sys -> %SystemRoot%\System32\drivers\kmixer.sys -> [2009/04/20 15:14:43 | 00,172,416 | ---- | C] (Microsoft Corporation)
splitter.sys -> %SystemRoot%\System32\drivers\splitter.sys -> [2009/04/20 15:14:42 | 00,006,272 | ---- | C] (Microsoft Corporation)
audstub.sys -> %SystemRoot%\System32\drivers\audstub.sys -> [2009/04/20 15:14:37 | 00,003,072 | ---- | C] (Microsoft Corporation)
redbook.sys -> %SystemRoot%\System32\drivers\redbook.sys -> [2009/04/20 15:14:20 | 00,057,600 | ---- | C] (Microsoft Corporation)
msmpu401.sys -> %SystemRoot%\System32\drivers\msmpu401.sys -> [2009/04/20 15:13:52 | 00,002,944 | ---- | C] (Microsoft Corporation)
viaagp.sys -> %SystemRoot%\System32\drivers\viaagp.sys -> [2009/04/20 15:13:47 | 00,042,240 | ---- | C] (Microsoft Corporation)
portcls.sys -> %SystemRoot%\System32\drivers\portcls.sys -> [2009/04/20 15:13:29 | 00,146,048 | ---- | C] (Microsoft Corporation)
ksproxy.ax -> %SystemRoot%\System32\ksproxy.ax -> [2009/04/20 15:13:29 | 00,129,536 | ---- | C] (Microsoft Corporation)
drmk.sys -> %SystemRoot%\System32\drivers\drmk.sys -> [2009/04/20 15:13:29 | 00,060,160 | ---- | C] (Microsoft Corporation)
ksuser.dll -> %SystemRoot%\System32\ksuser.dll -> [2009/04/20 15:13:29 | 00,004,096 | ---- | C] (Microsoft Corporation)
2gmgsmt.sf2 -> %SystemRoot%\System32\drivers\2gmgsmt.sf2 -> [2009/04/20 15:13:28 | 02,104,298 | ---- | C] ()
gameenum.sys -> %SystemRoot%\System32\drivers\gameenum.sys -> [2009/04/20 15:13:26 | 00,010,624 | ---- | C] (Microsoft Corporation)
gameenum.sys -> %SystemRoot%\System32\dllcache\gameenum.sys -> [2009/04/20 15:13:26 | 00,010,624 | ---- | C] (Microsoft Corporation)
usbui.dll -> %SystemRoot%\System32\usbui.dll -> [2009/04/20 15:13:17 | 00,074,240 | ---- | C] (Microsoft Corporation)
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/04/20 15:12:01 | 00,001,374 | ---- | C] ()
ODBC -> %CommonProgramFiles%\ODBC -> [2009/04/20 15:11:55 | 00,000,000 | ---D | C]
spcommon.dll -> %SystemRoot%\System32\dllcache\spcommon.dll -> [2009/04/20 15:11:53 | 00,077,824 | ---- | C] (Microsoft Corporation)
spcplui.dll -> %SystemRoot%\System32\dllcache\spcplui.dll -> [2009/04/20 15:11:53 | 00,061,440 | ---- | C] (Microsoft Corporation)
sam.spd -> %SystemRoot%\System32\dllcache\sam.spd -> [2009/04/20 15:11:52 | 01,685,606 | ---- | C] ()
spttseng.dll -> %SystemRoot%\System32\dllcache\spttseng.dll -> [2009/04/20 15:11:52 | 00,774,144 | ---- | C] (Microsoft Corporation)
sam.sdf -> %SystemRoot%\System32\dllcache\sam.sdf -> [2009/04/20 15:11:52 | 00,000,888 | ---- | C] ()
ltts1033.lxa -> %SystemRoot%\System32\dllcache\ltts1033.lxa -> [2009/04/20 15:11:51 | 00,643,717 | ---- | C] ()
r1033tts.lxa -> %SystemRoot%\System32\dllcache\r1033tts.lxa -> [2009/04/20 15:11:51 | 00,605,050 | ---- | C] ()
sapisvr.exe -> %SystemRoot%\System32\dllcache\sapisvr.exe -> [2009/04/20 15:11:51 | 00,036,864 | ---- | C] (Microsoft Corporation)
SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [2009/04/20 15:11:51 | 00,000,000 | ---D | C]
Program Files -> %ProgramFiles% -> [2009/04/20 15:11:50 | 00,000,000 | R--D | C]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [2009/04/20 15:11:50 | 00,000,000 | ---D | C]
Common Files -> %CommonProgramFiles% -> [2009/04/20 15:11:50 | 00,000,000 | ---D | C]
c_28603.nls -> %SystemRoot%\System32\c_28603.nls -> [2009/04/20 15:11:49 | 00,066,082 | ---- | C] ()
c_857.nls -> %SystemRoot%\System32\c_857.nls -> [2009/04/20 15:11:47 | 00,066,594 | ---- | C] ()
c_28599.nls -> %SystemRoot%\System32\c_28599.nls -> [2009/04/20 15:11:47 | 00,066,082 | ---- | C] ()
c_10081.nls -> %SystemRoot%\System32\c_10081.nls -> [2009/04/20 15:11:47 | 00,066,082 | ---- | C] ()
kbdtuq.dll -> %SystemRoot%\System32\kbdtuq.dll -> [2009/04/20 15:11:47 | 00,006,144 | R--- | C] (Microsoft Corporation)
kbdtuf.dll -> %SystemRoot%\System32\kbdtuf.dll -> [2009/04/20 15:11:47 | 00,006,144 | R--- | C] (Microsoft Corporation)
kbdtuq.dll -> %SystemRoot%\System32\dllcache\kbdtuq.dll -> [2009/04/20 15:11:47 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdtuf.dll -> %SystemRoot%\System32\dllcache\kbdtuf.dll -> [2009/04/20 15:11:47 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdazel.dll -> %SystemRoot%\System32\kbdazel.dll -> [2009/04/20 15:11:47 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdazel.dll -> %SystemRoot%\System32\dllcache\kbdazel.dll -> [2009/04/20 15:11:47 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdkyr.dll -> %SystemRoot%\System32\kbdkyr.dll -> [2009/04/20 15:11:46 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdkyr.dll -> %SystemRoot%\System32\dllcache\kbdkyr.dll -> [2009/04/20 15:11:46 | 00,005,632 | ---- | C] (Microsoft Corporation)
C_28595.NLS -> %SystemRoot%\System32\C_28595.NLS -> [2009/04/20 15:11:45 | 00,066,082 | ---- | C] ()
c_10017.nls -> %SystemRoot%\System32\c_10017.nls -> [2009/04/20 15:11:45 | 00,066,082 | ---- | C] ()
c_10007.nls -> %SystemRoot%\System32\c_10007.nls -> [2009/04/20 15:11:45 | 00,066,082 | ---- | C] ()
kbdycc.dll -> %SystemRoot%\System32\kbdycc.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbduzb.dll -> %SystemRoot%\System32\kbduzb.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdur.dll -> %SystemRoot%\System32\kbdur.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdtat.dll -> %SystemRoot%\System32\kbdtat.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdru1.dll -> %SystemRoot%\System32\kbdru1.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdru.dll -> %SystemRoot%\System32\kbdru.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdmon.dll -> %SystemRoot%\System32\kbdmon.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdkaz.dll -> %SystemRoot%\System32\kbdkaz.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdbu.dll -> %SystemRoot%\System32\kbdbu.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdblr.dll -> %SystemRoot%\System32\kbdblr.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdaze.dll -> %SystemRoot%\System32\kbdaze.dll -> [2009/04/20 15:11:45 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdycc.dll -> %SystemRoot%\System32\dllcache\kbdycc.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbduzb.dll -> %SystemRoot%\System32\dllcache\kbduzb.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdur.dll -> %SystemRoot%\System32\dllcache\kbdur.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdtat.dll -> %SystemRoot%\System32\dllcache\kbdtat.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdru1.dll -> %SystemRoot%\System32\dllcache\kbdru1.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdru.dll -> %SystemRoot%\System32\dllcache\kbdru.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdmon.dll -> %SystemRoot%\System32\dllcache\kbdmon.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdkaz.dll -> %SystemRoot%\System32\dllcache\kbdkaz.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdbu.dll -> %SystemRoot%\System32\dllcache\kbdbu.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdblr.dll -> %SystemRoot%\System32\dllcache\kbdblr.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdaze.dll -> %SystemRoot%\System32\dllcache\kbdaze.dll -> [2009/04/20 15:11:45 | 00,005,632 | ---- | C] (Microsoft Corporation)
c_869.nls -> %SystemRoot%\System32\c_869.nls -> [2009/04/20 15:11:43 | 00,066,594 | ---- | C] ()
c_737.nls -> %SystemRoot%\System32\c_737.nls -> [2009/04/20 15:11:43 | 00,066,594 | ---- | C] ()
c_875.nls -> %SystemRoot%\System32\c_875.nls -> [2009/04/20 15:11:43 | 00,066,082 | ---- | C] ()
C_28597.NLS -> %SystemRoot%\System32\C_28597.NLS -> [2009/04/20 15:11:43 | 00,066,082 | ---- | C] ()
c_10006.nls -> %SystemRoot%\System32\c_10006.nls -> [2009/04/20 15:11:43 | 00,066,082 | ---- | C] ()
kbdhept.dll -> %SystemRoot%\System32\kbdhept.dll -> [2009/04/20 15:11:43 | 00,008,192 | R--- | C] (Microsoft Corporation)
kbdhept.dll -> %SystemRoot%\System32\dllcache\kbdhept.dll -> [2009/04/20 15:11:43 | 00,008,192 | ---- | C] (Microsoft Corporation)
kbdhela3.dll -> %SystemRoot%\System32\kbdhela3.dll -> [2009/04/20 15:11:43 | 00,006,656 | R--- | C] (Microsoft Corporation)
kbdhela3.dll -> %SystemRoot%\System32\dllcache\kbdhela3.dll -> [2009/04/20 15:11:43 | 00,006,656 | ---- | C] (Microsoft Corporation)
kbdhela2.dll -> %SystemRoot%\System32\kbdhela2.dll -> [2009/04/20 15:11:43 | 00,006,144 | R--- | C] (Microsoft Corporation)
kbdgkl.dll -> %SystemRoot%\System32\kbdgkl.dll -> [2009/04/20 15:11:43 | 00,006,144 | R--- | C] (Microsoft Corporation)
kbdhela2.dll -> %SystemRoot%\System32\dllcache\kbdhela2.dll -> [2009/04/20 15:11:43 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdgkl.dll -> %SystemRoot%\System32\dllcache\kbdgkl.dll -> [2009/04/20 15:11:43 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdhe319.dll -> %SystemRoot%\System32\kbdhe319.dll -> [2009/04/20 15:11:43 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdhe220.dll -> %SystemRoot%\System32\kbdhe220.dll -> [2009/04/20 15:11:43 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdhe.dll -> %SystemRoot%\System32\kbdhe.dll -> [2009/04/20 15:11:43 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdhe319.dll -> %SystemRoot%\System32\dllcache\kbdhe319.dll -> [2009/04/20 15:11:43 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdhe220.dll -> %SystemRoot%\System32\dllcache\kbdhe220.dll -> [2009/04/20 15:11:43 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdhe.dll -> %SystemRoot%\System32\dllcache\kbdhe.dll -> [2009/04/20 15:11:43 | 00,005,632 | ---- | C] (Microsoft Corporation)
c_866.nls -> %SystemRoot%\System32\c_866.nls -> [2009/04/20 15:11:42 | 00,066,594 | ---- | C] ()
c_855.nls -> %SystemRoot%\System32\c_855.nls -> [2009/04/20 15:11:42 | 00,066,594 | ---- | C] ()
C_28594.NLS -> %SystemRoot%\System32\C_28594.NLS -> [2009/04/20 15:11:42 | 00,066,082 | ---- | C] ()
kbdlv1.dll -> %SystemRoot%\System32\kbdlv1.dll -> [2009/04/20 15:11:42 | 00,006,144 | R--- | C] (Microsoft Corporation)
kbdlv.dll -> %SystemRoot%\System32\kbdlv.dll -> [2009/04/20 15:11:42 | 00,006,144 | R--- | C] (Microsoft Corporation)
kbdest.dll -> %SystemRoot%\System32\kbdest.dll -> [2009/04/20 15:11:42 | 00,006,144 | R--- | C] (Microsoft Corporation)
kbdlv1.dll -> %SystemRoot%\System32\dllcache\kbdlv1.dll -> [2009/04/20 15:11:42 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdlv.dll -> %SystemRoot%\System32\dllcache\kbdlv.dll -> [2009/04/20 15:11:42 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdest.dll -> %SystemRoot%\System32\dllcache\kbdest.dll -> [2009/04/20 15:11:42 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdlt1.dll -> %SystemRoot%\System32\kbdlt1.dll -> [2009/04/20 15:11:42 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdlt.dll -> %SystemRoot%\System32\kbdlt.dll -> [2009/04/20 15:11:42 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdlt1.dll -> %SystemRoot%\System32\dllcache\kbdlt1.dll -> [2009/04/20 15:11:42 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdlt.dll -> %SystemRoot%\System32\dllcache\kbdlt.dll -> [2009/04/20 15:11:42 | 00,005,632 | ---- | C] (Microsoft Corporation)
c_852.nls -> %SystemRoot%\System32\c_852.nls -> [2009/04/20 15:11:40 | 00,066,594 | ---- | C] ()
c_10082.nls -> %SystemRoot%\System32\c_10082.nls -> [2009/04/20 15:11:40 | 00,066,082 | ---- | C] ()
c_10029.nls -> %SystemRoot%\System32\c_10029.nls -> [2009/04/20 15:11:40 | 00,066,082 | ---- | C] ()
c_10010.nls -> %SystemRoot%\System32\c_10010.nls -> [2009/04/20 15:11:40 | 00,066,082 | ---- | C] ()
kbdcz.dll -> %SystemRoot%\System32\kbdcz.dll -> [2009/04/20 15:11:40 | 00,007,168 | R--- | C] (Microsoft Corporation)
kbdcz.dll -> %SystemRoot%\System32\dllcache\kbdcz.dll -> [2009/04/20 15:11:40 | 00,007,168 | ---- | C] (Microsoft Corporation)
kbdycl.dll -> %SystemRoot%\System32\kbdycl.dll -> [2009/04/20 15:11:40 | 00,006,656 | R--- | C] (Microsoft Corporation)
kbdsl1.dll -> %SystemRoot%\System32\kbdsl1.dll -> [2009/04/20 15:11:40 | 00,006,656 | R--- | C] (Microsoft Corporation)
kbdsl.dll -> %SystemRoot%\System32\kbdsl.dll -> [2009/04/20 15:11:40 | 00,006,656 | R--- | C] (Microsoft Corporation)
kbdpl.dll -> %SystemRoot%\System32\kbdpl.dll -> [2009/04/20 15:11:40 | 00,006,656 | R--- | C] (Microsoft Corporation)
kbdhu.dll -> %SystemRoot%\System32\kbdhu.dll -> [2009/04/20 15:11:40 | 00,006,656 | R--- | C] (Microsoft Corporation)
kbdcz2.dll -> %SystemRoot%\System32\kbdcz2.dll -> [2009/04/20 15:11:40 | 00,006,656 | R--- | C] (Microsoft Corporation)
kbdcz1.dll -> %SystemRoot%\System32\kbdcz1.dll -> [2009/04/20 15:11:40 | 00,006,656 | R--- | C] (Microsoft Corporation)
kbdcr.dll -> %SystemRoot%\System32\kbdcr.dll -> [2009/04/20 15:11:40 | 00,006,656 | R--- | C] (Microsoft Corporation)
KBDAL.DLL -> %SystemRoot%\System32\KBDAL.DLL -> [2009/04/20 15:11:40 | 00,006,656 | R--- | C] (Microsoft Corporation)
kbdycl.dll -> %SystemRoot%\System32\dllcache\kbdycl.dll -> [2009/04/20 15:11:40 | 00,006,656 | ---- | C] (Microsoft Corporation)
kbdsl1.dll -> %SystemRoot%\System32\dllcache\kbdsl1.dll -> [2009/04/20 15:11:40 | 00,006,656 | ---- | C] (Microsoft Corporation)
kbdsl.dll -> %SystemRoot%\System32\dllcache\kbdsl.dll -> [2009/04/20 15:11:40 | 00,006,656 | ---- | C] (Microsoft Corporation)
kbdpl.dll -> %SystemRoot%\System32\dllcache\kbdpl.dll -> [2009/04/20 15:11:40 | 00,006,656 | ---- | C] (Microsoft Corporation)
kbdhu.dll -> %SystemRoot%\System32\dllcache\kbdhu.dll -> [2009/04/20 15:11:40 | 00,006,656 | ---- | C] (Microsoft Corporation)
kbdcz2.dll -> %SystemRoot%\System32\dllcache\kbdcz2.dll -> [2009/04/20 15:11:40 | 00,006,656 | ---- | C] (Microsoft Corporation)
kbdcz1.dll -> %SystemRoot%\System32\dllcache\kbdcz1.dll -> [2009/04/20 15:11:40 | 00,006,656 | ---- | C] (Microsoft Corporation)
kbdcr.dll -> %SystemRoot%\System32\dllcache\kbdcr.dll -> [2009/04/20 15:11:40 | 00,006,656 | ---- | C] (Microsoft Corporation)
kbdal.dll -> %SystemRoot%\System32\dllcache\kbdal.dll -> [2009/04/20 15:11:40 | 00,006,656 | ---- | C] (Microsoft Corporation)
kbdro.dll -> %SystemRoot%\System32\kbdro.dll -> [2009/04/20 15:11:40 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdpl1.dll -> %SystemRoot%\System32\kbdpl1.dll -> [2009/04/20 15:11:40 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdhu1.dll -> %SystemRoot%\System32\kbdhu1.dll -> [2009/04/20 15:11:40 | 00,005,632 | R--- | C] (Microsoft Corporation)
kbdro.dll -> %SystemRoot%\System32\dllcache\kbdro.dll -> [2009/04/20 15:11:40 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdpl1.dll -> %SystemRoot%\System32\dllcache\kbdpl1.dll -> [2009/04/20 15:11:40 | 00,005,632 | ---- | C] (Microsoft Corporation)
kbdhu1.dll -> %SystemRoot%\System32\dllcache\kbdhu1.dll -> [2009/04/20 15:11:40 | 00,005,632 | ---- | C] (Microsoft Corporation)
c_20127.nls -> %SystemRoot%\System32\c_20127.nls -> [2009/04/20 15:11:38 | 00,066,082 | ---- | C] ()
spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> [2009/04/20 15:11:37 | 00,024,661 | ---- | C] (Perle Systems Ltd.)
spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> [2009/04/20 15:11:37 | 00,024,661 | ---- | C] (Perle Systems Ltd.)
irclass.dll -> %SystemRoot%\System32\irclass.dll -> [2009/04/20 15:11:37 | 00,013,312 | ---- | C] (Microsoft Corporation)
irclass.dll -> %SystemRoot%\System32\dllcache\irclass.dll -> [2009/04/20 15:11:37 | 00,013,312 | ---- | C] (Microsoft Corporation)
irenum.sys -> %SystemRoot%\System32\drivers\irenum.sys -> [2009/04/20 15:11:37 | 00,011,264 | ---- | C] (Microsoft Corporation)
msvideo.dll -> %SystemRoot%\System32\dllcache\msvideo.dll -> [2009/04/20 15:11:36 | 00,126,912 | ---- | C] (Microsoft Corporation)
MSVIDEO.DLL -> %SystemRoot%\System\MSVIDEO.DLL -> [2009/04/20 15:11:36 | 00,126,912 | ---- | C] (Microsoft Corporation)
olecli.dll -> %SystemRoot%\System32\dllcache\olecli.dll -> [2009/04/20 15:11:36 | 00,082,944 | ---- | C] (Microsoft Corporation)
OLECLI.DLL -> %SystemRoot%\System\OLECLI.DLL -> [2009/04/20 15:11:36 | 00,082,944 | ---- | C] (Microsoft Corporation)
olesvr.dll -> %SystemRoot%\System32\dllcache\olesvr.dll -> [2009/04/20 15:11:36 | 00,024,064 | ---- | C] (Microsoft Corporation)
OLESVR.DLL -> %SystemRoot%\System\OLESVR.DLL -> [2009/04/20 15:11:36 | 00,024,064 | ---- | C] (Microsoft Corporation)
tapi.dll -> %SystemRoot%\System32\dllcache\tapi.dll -> [2009/04/20 15:11:36 | 00,019,200 | ---- | C] (Microsoft Corporation)
TAPI.DLL -> %SystemRoot%\System\TAPI.DLL -> [2009/04/20 15:11:36 | 00,019,200 | ---- | C] (Microsoft Corporation)
wfwnet.drv -> %SystemRoot%\System32\dllcache\wfwnet.drv -> [2009/04/20 15:11:36 | 00,013,600 | ---- | C] (Microsoft Corporation)
WFWNET.DRV -> %SystemRoot%\System\WFWNET.DRV -> [2009/04/20 15:11:36 | 00,013,600 | ---- | C] (Microsoft Corporation)
ver.dll -> %SystemRoot%\System32\dllcache\ver.dll -> [2009/04/20 15:11:36 | 00,009,008 | ---- | C] (Microsoft Corporation)
VER.DLL -> %SystemRoot%\System\VER.DLL -> [2009/04/20 15:11:36 | 00,009,008 | ---- | C] (Microsoft Corporation)
shell.dll -> %SystemRoot%\System32\dllcache\shell.dll -> [2009/04/20 15:11:36 | 00,005,120 | ---- | C] (Microsoft Corporation)
SHELL.DLL -> %SystemRoot%\System\SHELL.DLL -> [2009/04/20 15:11:36 | 00,005,120 | ---- | C] (Microsoft Corporation)
timer.drv -> %SystemRoot%\System32\dllcache\timer.drv -> [2009/04/20 15:11:36 | 00,004,048 | ---- | C] (Microsoft Corporation)
TIMER.DRV -> %SystemRoot%\System\TIMER.DRV -> [2009/04/20 15:11:36 | 00,004,048 | ---- | C] (Microsoft Corporation)
system.drv -> %SystemRoot%\System32\dllcache\system.drv -> [2009/04/20 15:11:36 | 00,003,360 | ---- | C] (Microsoft Corporation)
SYSTEM.DRV -> %SystemRoot%\System\SYSTEM.DRV -> [2009/04/20 15:11:36 | 00,003,360 | ---- | C] (Microsoft Corporation)
vga.drv -> %SystemRoot%\System32\dllcache\vga.drv -> [2009/04/20 15:11:36 | 00,002,176 | ---- | C] (Microsoft Corporation)
VGA.DRV -> %SystemRoot%\System\VGA.DRV -> [2009/04/20 15:11:36 | 00,002,176 | ---- | C] (Microsoft Corporation)
mouse.drv -> %SystemRoot%\System32\dllcache\mouse.drv -> [2009/04/20 15:11:36 | 00,002,032 | ---- | C] (Microsoft Corporation)
MOUSE.DRV -> %SystemRoot%\System\MOUSE.DRV -> [2009/04/20 15:11:36 | 00,002,032 | ---- | C] (Microsoft Corporation)
sound.drv -> %SystemRoot%\System32\dllcache\sound.drv -> [2009/04/20 15:11:36 | 00,001,744 | ---- | C] (Microsoft Corporation)
SOUND.DRV -> %SystemRoot%\System\SOUND.DRV -> [2009/04/20 15:11:36 | 00,001,744 | ---- | C] (Microsoft Corporation)
avifile.dll -> %SystemRoot%\System32\dllcache\avifile.dll -> [2009/04/20 15:11:35 | 00,109,456 | ---- | C] (Microsoft Corporation)
AVIFILE.DLL -> %SystemRoot%\System\AVIFILE.DLL -> [2009/04/20 15:11:35 | 00,109,456 | ---- | C] (Microsoft Corporation)
mciavi.drv -> %SystemRoot%\System32\dllcache\mciavi.drv -> [2009/04/20 15:11:35 | 00,073,376 | ---- | C] (Microsoft Corporation)
MCIAVI.DRV -> %SystemRoot%\System\MCIAVI.DRV -> [2009/04/20 15:11:35 | 00,073,376 | ---- | C] (Microsoft Corporation)
avicap.dll -> %SystemRoot%\System32\dllcache\avicap.dll -> [2009/04/20 15:11:35 | 00,069,584 | ---- | C] (Microsoft Corporation)
AVICAP.DLL -> %SystemRoot%\System\AVICAP.DLL -> [2009/04/20 15:11:35 | 00,069,584 | ---- | C] (Microsoft Corporation)
mmsystem.dll -> %SystemRoot%\System\mmsystem.dll -> [2009/04/20 15:11:35 | 00,068,768 | ---- | C] (Microsoft Corporation)
commdlg.dll -> %SystemRoot%\System32\dllcache\commdlg.dll -> [2009/04/20 15:11:35 | 00,032,816 | ---- | C] (Microsoft Corporation)
COMMDLG.DLL -> %SystemRoot%\System\COMMDLG.DLL -> [2009/04/20 15:11:35 | 00,032,816 | ---- | C] (Microsoft Corporation)
mciwave.drv -> %SystemRoot%\System32\dllcache\mciwave.drv -> [2009/04/20 15:11:35 | 00,028,160 | ---- | C] (Microsoft Corporation)
MCIWAVE.DRV -> %SystemRoot%\System\MCIWAVE.DRV -> [2009/04/20 15:11:35 | 00,028,160 | ---- | C] (Microsoft Corporation)
mciseq.drv -> %SystemRoot%\System32\dllcache\mciseq.drv -> [2009/04/20 15:11:35 | 00,025,264 | ---- | C] (Microsoft Corporation)
MCISEQ.DRV -> %SystemRoot%\System\MCISEQ.DRV -> [2009/04/20 15:11:35 | 00,025,264 | ---- | C] (Microsoft Corporation)
TASKMAN.EXE -> %SystemRoot%\TASKMAN.EXE -> [2009/04/20 15:11:35 | 00,015,360 | ---- | C] (Microsoft Corporation)
taskman.exe -> %SystemRoot%\System32\dllcache\taskman.exe -> [2009/04/20 15:11:35 | 00,015,360 | ---- | C] (Microsoft Corporation)
lzexpand.dll -> %SystemRoot%\System32\dllcache\lzexpand.dll -> [2009/04/20 15:11:35 | 00,009,936 | ---- | C] (Microsoft Corporation)
LZEXPAND.DLL -> %SystemRoot%\System\LZEXPAND.DLL -> [2009/04/20 15:11:35 | 00,009,936 | ---- | C] (Microsoft Corporation)
keyboard.drv -> %SystemRoot%\System32\dllcache\keyboard.drv -> [2009/04/20 15:11:35 | 00,002,000 | ---- | C] (Microsoft Corporation)
KEYBOARD.DRV -> %SystemRoot%\System\KEYBOARD.DRV -> [2009/04/20 15:11:35 | 00,002,000 | ---- | C] (Microsoft Corporation)
mmtask.tsk -> %SystemRoot%\System32\dllcache\mmtask.tsk -> [2009/04/20 15:11:35 | 00,001,152 | ---- | C] (Microsoft Corporation)
MMTASK.TSK -> %SystemRoot%\System\MMTASK.TSK -> [2009/04/20 15:11:35 | 00,001,152 | ---- | C] (Microsoft Corporation)
winspool.drv -> %SystemRoot%\System\winspool.drv -> [2009/04/20 15:11:34 | 00,146,432 | ---- | C] (Microsoft Corporation)
notepad.exe -> %SystemRoot%\notepad.exe -> [2009/04/20 15:11:34 | 00,069,120 | ---- | C] (Microsoft Corporation)
batt.dll -> %SystemRoot%\System32\batt.dll -> [2009/04/20 15:11:34 | 00,008,704 | ---- | C] (Microsoft Corporation)
AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT -> [2009/04/20 15:11:34 | 00,001,688 | ---- | C] ()
storprop.dll -> %SystemRoot%\System32\storprop.dll -> [2009/04/20 15:11:33 | 00,074,752 | ---- | C] (Microsoft Corporation)
desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [2009/04/20 15:11:24 | 00,000,131 | -HS- | C] ()
desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini -> [2009/04/20 15:11:24 | 00,000,084 | -HS- | C] ()
desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [2009/04/20 15:11:24 | 00,000,062 | -HS- | C] ()
Start Menu -> %AllUsersProfile%\Start Menu -> [2009/04/20 15:11:24 | 00,000,000 | R--D | C]
Documents -> %AllUsersProfile%\Documents -> [2009/04/20 15:11:24 | 00,000,000 | R--D | C]
Templates -> %AllUsersProfile%\Templates -> [2009/04/20 15:11:24 | 00,000,000 | -H-D | C]
Favorites -> %AllUsersProfile%\Favorites -> [2009/04/20 15:11:24 | 00,000,000 | ---D | C]
Desktop -> %AllUsersProfile%\Desktop -> [2009/04/20 15:11:24 | 00,000,000 | ---D | C]
CLASSES.CAT -> %SystemRoot%\System32\dllcache\CLASSES.CAT -> [2009/04/20 15:11:22 | 00,657,548 | ---- | C] ()
MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT -> [2009/04/20 15:11:22 | 00,399,645 | ---- | C] ()
WFC.CAT -> %SystemRoot%\System32\dllcache\WFC.CAT -> [2009/04/20 15:11:22 | 00,390,168 | ---- | C] ()
DAJAVAC.CAT -> %SystemRoot%\System32\dllcache\DAJAVAC.CAT -> [2009/04/20 15:11:22 | 00,056,081 | ---- | C] ()
DX3.CAT -> %SystemRoot%\System32\dllcache\DX3.CAT -> [2009/04/20 15:11:22 | 00,052,311 | ---- | C] ()
MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT -> [2009/04/20 15:11:22 | 00,037,484 | ---- | C] ()
TCLASSES.CAT -> %SystemRoot%\System32\dllcache\TCLASSES.CAT -> [2009/04/20 15:11:22 | 00,022,151 | ---- | C] ()
XMLDSOC.CAT -> %SystemRoot%\System32\dllcache\XMLDSOC.CAT -> [2009/04/20 15:11:22 | 00,021,281 | ---- | C] ()
MSJDBC.CAT -> %SystemRoot%\System32\dllcache\MSJDBC.CAT -> [2009/04/20 15:11:22 | 00,014,031 | ---- | C] ()
HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT -> [2009/04/20 15:11:22 | 00,013,472 | ---- | C] ()
IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT -> [2009/04/20 15:11:22 | 00,008,574 | ---- | C] ()
OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT -> [2009/04/20 15:11:22 | 00,007,382 | ---- | C] ()
NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT -> [2009/04/20 15:11:21 | 00,797,189 | ---- | C] ()
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [2009/04/20 15:11:08 | 00,000,000 | ---D | C]
CatRoot -> %SystemRoot%\System32\CatRoot -> [2009/04/20 15:11:08 | 00,000,000 | ---D | C]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [2009/04/20 15:10:58 | 00,000,000 | --SD | C]
Application Data -> %AllUsersProfile%\Application Data -> [2009/04/20 15:10:58 | 00,000,000 | RH-D | C]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [2009/04/20 15:10:32 | 00,000,000 | ---D | C]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/04/20 15:10:31 | 00,110,992 | ---- | C] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/04/20 15:09:32 | 00,000,211 | RHS- | C] ()
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [2009/04/20 15:09:29 | 00,000,261 | ---- | C] ()
Fonts -> %SystemRoot%\Fonts -> [2009/04/20 15:05:44 | 00,000,000 | R-SD | C]
dllcache -> %SystemRoot%\System32\dllcache -> [2009/04/20 15:05:44 | 00,000,000 | RHSD | C]
Web -> %SystemRoot%\Web -> [2009/04/20 15:05:44 | 00,000,000 | R--D | C]
inf -> %SystemRoot%\inf -> [2009/04/20 15:05:44 | 00,000,000 | -H-D | C]
WinSxS -> %SystemRoot%\WinSxS -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
wins -> %SystemRoot%\System32\wins -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
WINDOWS -> %SystemRoot% -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
wbem -> %SystemRoot%\System32\wbem -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
usmt -> %SystemRoot%\System32\usmt -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
twain_32 -> %SystemRoot%\twain_32 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
Temp -> %SystemRoot%\Temp -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
system32 -> %SystemRoot%\system32 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
system -> %SystemRoot%\system -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
spool -> %SystemRoot%\System32\spool -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
ShellExt -> %SystemRoot%\System32\ShellExt -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
Setup -> %SystemRoot%\System32\Setup -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
security -> %SystemRoot%\security -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
Resources -> %SystemRoot%\Resources -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
repair -> %SystemRoot%\repair -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
ras -> %SystemRoot%\System32\ras -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
oobe -> %SystemRoot%\System32\oobe -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
npp -> %SystemRoot%\System32\npp -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
mui -> %SystemRoot%\System32\mui -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
mui -> %SystemRoot%\mui -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
msapps -> %SystemRoot%\msapps -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
msagent -> %SystemRoot%\msagent -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
Media -> %SystemRoot%\Media -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
java -> %SystemRoot%\java -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
inetsrv -> %SystemRoot%\System32\inetsrv -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
IME -> %SystemRoot%\System32\IME -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
ime -> %SystemRoot%\ime -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
icsxml -> %SystemRoot%\System32\icsxml -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
ias -> %SystemRoot%\System32\ias -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
Help -> %SystemRoot%\Help -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
export -> %SystemRoot%\System32\export -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
etc -> %SystemRoot%\System32\drivers\etc -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
drivers -> %SystemRoot%\System32\drivers -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
Driver Cache -> %SystemRoot%\Driver Cache -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
disdn -> %SystemRoot%\System32\drivers\disdn -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
dhcp -> %SystemRoot%\System32\dhcp -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
Debug -> %SystemRoot%\Debug -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
Cursors -> %SystemRoot%\Cursors -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
Connection Wizard -> %SystemRoot%\Connection Wizard -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
config -> %SystemRoot%\System32\config -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
Config -> %SystemRoot%\Config -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
AppPatch -> %SystemRoot%\AppPatch -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
addins -> %SystemRoot%\addins -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
3com_dmi -> %SystemRoot%\System32\3com_dmi -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
3076 -> %SystemRoot%\System32\3076 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
2052 -> %SystemRoot%\System32\2052 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
1054 -> %SystemRoot%\System32\1054 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
1042 -> %SystemRoot%\System32\1042 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
1041 -> %SystemRoot%\System32\1041 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
1037 -> %SystemRoot%\System32\1037 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
1033 -> %SystemRoot%\System32\1033 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
1031 -> %SystemRoot%\System32\1031 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
1028 -> %SystemRoot%\System32\1028 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
1025 -> %SystemRoot%\System32\1025 -> [2009/04/20 15:05:44 | 00,000,000 | ---D | C]
HTEWEB.DLL -> %SystemRoot%\HTEWEB.DLL -> [2008/11/08 15:53:20 | 00,348,160 | ---- | C] ()
bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini -> [2008/01/09 15:01:48 | 00,000,453 | ---- | C] ()
win.ini -> %SystemRoot%\win.ini -> [2002/08/29 05:00:00 | 00,000,613 | ---- | C] ()
system.ini -> %SystemRoot%\system.ini -> [2002/08/29 05:00:00 | 00,000,231 | ---- | C] ()
MSRTEDIT.DLL -> %SystemRoot%\System32\MSRTEDIT.DLL -> [1999/01/22 11:46:58 | 00,065,536 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/04/30 22:09:42 | 00,665,196 | ---- | M] ()
a2trust.dat -> %UserProfile%\Local Settings\Temp\a2onlinescan\a2trust.dat -> [2009/04/30 21:36:54 | 00,021,907 | ---- | M] ()
a2wl.dat -> %UserProfile%\Local Settings\Temp\a2onlinescan\a2wl.dat -> [2009/04/30 21:36:53 | 00,136,704 | ---- | M] ()
T3.dll -> %UserProfile%\Local Settings\Temp\a2onlinescan\T3.dll -> [2009/04/30 21:33:38 | 06,052,344 | ---- | M] (IKARUS Security Software)
a2heur.dat -> %UserProfile%\Local Settings\Temp\a2onlinescan\a2heur.dat -> [2009/04/30 21:31:44 | 00,008,306 | ---- | M] ()
engine.dll -> %UserProfile%\Local Settings\Temp\a2onlinescan\engine.dll -> [2009/04/30 21:31:43 | 00,454,272 | ---- | M] (Emsi Software GmbH)
resource.dll -> %UserProfile%\Local Settings\Temp\a2onlinescan\resource.dll -> [2009/04/30 21:31:36 | 00,353,400 | ---- | M] (Emsi Software GmbH)
vdbupdate.dll -> %UserProfile%\Local Settings\Temp\a2onlinescan\vdbupdate.dll -> [2009/04/30 21:31:33 | 00,154,104 | ---- | M] (Ikarus Software GmbH)
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2009/04/30 21:05:42 | 00,000,330 | -H-- | M] ()
Perflib_Perfdata_4c8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_4c8.dat -> [2009/04/30 21:02:43 | 00,016,384 | ---- | M] ()
WGASetup.job -> %SystemRoot%\tasks\WGASetup.job -> [2009/04/30 21:02:35 | 00,000,264 | ---- | M] ()
Perflib_Perfdata_5bc.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5bc.dat -> [2009/04/30 21:02:26 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/04/30 21:02:24 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/04/30 21:02:16 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/04/30 21:02:15 | 53,639,9872 | -HS- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/04/30 21:01:10 | 01,835,008 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/04/30 21:00:57 | 00,000,178 | -HS- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/04/30 21:00:33 | 06,093,738 | -H-- | M] ()
Kaspersky Report.html -> %UserProfile%\Desktop\Kaspersky Report.html -> [2009/04/30 20:58:04 | 00,002,786 | ---- | M] ()
sfdb.dat -> %UserProfile%\Local Settings\Temp\jkos-Del Real\engine\bases\sfdb.dat -> [2009/04/30 18:33:31 | 00,000,084 | ---- | M] ()
kosglue-7.0.26.0.dll -> %UserProfile%\Local Settings\Temp\jkos-Del Real\binaries\kosglue-7.0.26.0.dll -> [2009/04/30 17:40:34 | 00,729,152 | ---- | M] (Kaspersky Lab)
msvcr80.dll -> %UserProfile%\Local Settings\Temp\jkos-Del Real\binaries\msvcr80.dll -> [2009/04/30 17:40:34 | 00,626,688 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> %UserProfile%\Local Settings\Temp\jkos-Del Real\binaries\msvcp80.dll -> [2009/04/30 17:40:34 | 00,548,864 | ---- | M] (Microsoft Corporation)
kave.dll -> %UserProfile%\Local Settings\Temp\jkos-Del Real\binaries\kave.dll -> [2009/04/30 17:40:34 | 00,282,624 | ---- | M] (Kaspersky Lab.)
prLoader.dll -> %UserProfile%\Local Settings\Temp\jkos-Del Real\binaries\prLoader.dll -> [2009/04/30 17:40:34 | 00,184,320 | ---- | M] (Kaspersky Lab)
ScanningProcess.exe -> %UserProfile%\Local Settings\Temp\jkos-Del Real\binaries\ScanningProcess.exe -> [2009/04/30 17:40:34 | 00,139,264 | ---- | M] (Kaspersky Lab.)
prremote.dll -> %UserProfile%\Local Settings\Temp\jkos-Del Real\binaries\prremote.dll -> [2009/04/30 17:40:34 | 00,090,112 | ---- | M] (Kaspersky Lab)
ikave.dll -> %UserProfile%\Local Settings\Temp\jkos-Del Real\binaries\ikave.dll -> [2009/04/30 17:40:34 | 00,065,536 | ---- | M] ()
msvcm80.dll -> %UserProfile%\Local Settings\Temp\jkos-Del Real\binaries\msvcm80.dll -> [2009/04/30 17:40:33 | 00,479,232 | ---- | M] (Microsoft Corporation)
FSSync.dll -> %UserProfile%\Local Settings\Temp\jkos-Del Real\binaries\FSSync.dll -> [2009/04/30 17:40:33 | 00,038,400 | ---- | M] (Kaspersky Lab)
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2009/04/30 17:37:27 | 00,001,744 | ---- | M] ()
Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk -> [2009/04/30 12:37:07 | 00,002,473 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/04/30 11:23:43 | 00,005,477 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/04/30 11:23:43 | 00,004,232 | ---- | M] ()
Perflib_Perfdata_5c4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5c4.dat -> [2009/04/30 11:03:11 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5d0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5d0.dat -> [2009/04/29 15:37:19 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5cc.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5cc.dat -> [2009/04/29 15:14:52 | 00,016,384 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/04/29 15:02:01 | 00,001,734 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/04/29 14:59:33 | 00,002,422 | ---- | M] ()
desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [2009/04/29 14:45:40 | 00,000,079 | -HS- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/04/29 14:37:29 | 00,001,374 | ---- | M] ()
Perflib_Perfdata_5d4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5d4.dat -> [2009/04/29 14:23:07 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5ec.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5ec.dat -> [2009/04/28 17:13:53 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_594.dat -> %SystemRoot%\Temp\Perflib_Perfdata_594.dat -> [2009/04/27 17:57:15 | 00,016,384 | ---- | M] ()
dssenh.dll -> %SystemRoot%\System32\dssenh.dll -> [2009/04/26 13:57:48 | 00,138,752 | ---- | M] (Microsoft Corporation)
dssenh.dll -> %SystemRoot%\System32\dllcache\dssenh.dll -> [2009/04/26 13:57:48 | 00,138,752 | ---- | M] (Microsoft Corporation)
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/04/25 22:03:07 | 00,017,856 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/04/25 22:02:48 | 00,110,992 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/04/25 22:01:13 | 00,000,231 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/04/25 14:13:22 | 00,781,909 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/04/24 23:12:22 | 00,057,856 | ---- | M] ()
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [2009/04/24 23:08:40 | 00,001,632 | ---- | M] ()
Perflib_Perfdata_620.dat -> %SystemRoot%\Temp\Perflib_Perfdata_620.dat -> [2009/04/24 18:58:07 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_614.dat -> %SystemRoot%\Temp\Perflib_Perfdata_614.dat -> [2009/04/24 17:24:20 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_610.dat -> %SystemRoot%\Temp\Perflib_Perfdata_610.dat -> [2009/04/24 10:33:27 | 00,016,384 | ---- | M] ()
Acrobat.com.lnk -> %AllUsersProfile%\Desktop\Acrobat.com.lnk -> [2009/04/23 21:38:28 | 00,000,734 | ---- | M] ()
Adobe Reader 9.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 9.lnk -> [2009/04/23 21:35:35 | 00,001,729 | ---- | M] ()
Microsoft Excel.lnk -> %UserProfile%\Desktop\Microsoft Excel.lnk -> [2009/04/23 21:19:32 | 00,002,471 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/04/23 21:14:48 | 00,000,613 | ---- | M] ()
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [2009/04/23 21:14:26 | 00,000,059 | ---- | M] ()
Perflib_Perfdata_5c0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5c0.dat -> [2009/04/23 21:02:42 | 00,016,384 | ---- | M] ()
ODBC.INI -> %SystemRoot%\ODBC.INI -> [2009/04/23 20:47:12 | 00,000,376 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/04/23 19:55:39 | 00,000,696 | ---- | M] ()
Perflib_Perfdata_634.dat -> %SystemRoot%\Temp\Perflib_Perfdata_634.dat -> [2009/04/22 13:10:36 | 00,016,384 | ---- | M] ()
avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk -> [2009/04/22 13:08:50 | 00,001,709 | ---- | M] ()
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [2009/04/22 13:08:45 | 00,002,626 | ---- | M] ()
setupeng.exe -> %UserProfile%\Local Settings\Temp\_av_inet.tm~a02888\setupeng.exe -> [2009/04/22 13:07:24 | 32,793,088 | ---- | M] ()
Internet.lnk -> %UserProfile%\Desktop\Internet.lnk -> [2009/04/21 22:37:40 | 00,000,104 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/04/21 22:35:13 | 00,356,120 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/04/21 22:35:13 | 00,311,934 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/04/21 22:35:13 | 00,040,196 | ---- | M] ()
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [2009/04/21 22:24:06 | 00,023,392 | ---- | M] ()
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [2009/04/21 22:24:06 | 00,016,832 | ---- | M] ()
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2009/04/21 22:22:28 | 00,000,000 | -H-- | M] ()
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [2009/04/21 21:40:27 | 00,316,640 | ---- | M] ()
ntldr -> %SystemDrive%\ntldr -> [2009/04/21 21:04:28 | 00,250,048 | RHS- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/04/21 20:20:09 | 00,000,211 | RHS- | M] ()
NTDETECT.COM -> %SystemDrive%\NTDETECT.COM -> [2009/04/21 20:12:38 | 00,047,564 | RHS- | M] ()
wpa.bak -> %SystemRoot%\System32\wpa.bak -> [2009/04/21 17:44:14 | 00,002,422 | ---- | M] ()
desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [2009/04/21 16:37:48 | 00,000,131 | -HS- | M] ()
m4cxw2k3.sys -> %SystemRoot%\System32\drivers\m4cxw2k3.sys -> [2009/04/21 12:43:56 | 00,250,752 | ---- | M] (D-Link Corporation)
wmpscheme.xml -> %SystemRoot%\System32\wmpscheme.xml -> [2009/04/20 22:32:55 | 00,025,065 | ---- | M] ()
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [2009/04/20 22:30:11 | 00,008,192 | ---- | M] ()
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [2009/04/20 22:29:11 | 00,000,261 | ---- | M] ()
desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [2009/04/20 22:26:06 | 00,000,084 | -HS- | M] ()
desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini -> [2009/04/20 22:26:06 | 00,000,084 | -HS- | M] ()
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [2009/04/20 22:25:58 | 00,000,000 | RHS- | M] ()
IO.SYS -> %SystemDrive%\IO.SYS -> [2009/04/20 22:25:58 | 00,000,000 | RHS- | M] ()
control.ini -> %SystemRoot%\control.ini -> [2009/04/20 22:25:58 | 00,000,000 | ---- | M] ()
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [2009/04/20 22:25:58 | 00,000,000 | ---- | M] ()
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [2009/04/20 22:25:58 | 00,000,000 | ---- | M] ()
WMSysPrx.prx -> %SystemRoot%\WMSysPrx.prx -> [2009/04/20 22:25:53 | 00,299,552 | ---- | M] ()
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [2009/04/20 22:25:41 | 00,004,161 | ---- | M] ()
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [2009/04/20 22:24:28 | 00,000,488 | RH-- | M] ()
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [2009/04/20 22:24:28 | 00,000,488 | RH-- | M] ()
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | M] ()
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | M] ()
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | M] ()
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | M] ()
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | M] ()
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [2009/04/20 22:24:20 | 00,000,749 | RH-- | M] ()
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [2009/04/20 22:21:58 | 00,021,640 | ---- | M] ()
vb.ini -> %SystemRoot%\vb.ini -> [2009/04/20 22:21:42 | 00,000,036 | ---- | M] ()
desktop.ini -> %AppData%\desktop.ini -> [2009/04/20 15:11:24 | 00,000,062 | -HS- | M] ()
desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [2009/04/20 15:11:24 | 00,000,062 | -HS- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation)
FP_AX_CAB_INSTALLER.exe -> %UserProfile%\Local Settings\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER.exe -> [2009/02/02 18:07:40 | 01,914,440 | ---- | M] (Adobe Systems Incorporated)
setup.exe -> %UserProfile%\Local Settings\Temp\sr1patch\setup.exe -> [2000/03/09 19:00:56 | 00,233,472 | ---- | M] (Microsoft Corporation)
< End of report >


#30 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:15 PM

Posted 01 May 2009 - 10:19 AM

Please delete OTScanIt.exe and the OTScanIt folder from your desktop.

Everything in the logs looks good. I wish you luck and no more Virut infections!

I am going to close your topic. I am going to be unable to work logs for a while. I have trigger thumb on my left hand and carpal tunnel on both hands. I see a surgeon on Monday and will have surgery as soon as possible so I will be taking a break from working logs.

If you need more help, please start a new topic. Thanks.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Edited by suebaby41, 01 May 2009 - 10:34 AM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users