Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 instances of IE running. HJT won't run online


  • This topic is locked This topic is locked
9 replies to this topic

#1 silon and garfunkel

silon and garfunkel

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 13 July 2009 - 02:14 AM

Hi.

I pressed "ctrl-alt-delete" when I was online and it showed 2 instances of Internet Explorer running, even though only one was actually running. I decided to run Hijackthis to see what it said but it would not respond, an error report was generated and the internet connection cut out.

I loaded HJT offline, then I went online and ran it. As you can see it also found IE running twice even though only one was active. When I run Firefox no instances of IE show up.

I have XP service pack 3
Avira free 8.2.0.353
Malwarebytes free
GMER catchme
I also run clamwin from time to time.

None of these detected anything.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:24 PM, on 13/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program files\Returnil\Returnil.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\Program Files\TADAust Connect\dialer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Rvsystem] "C:\Program files\Returnil\Returnil.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236411858506
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237702287156
O17 - HKLM\System\CCS\Services\Tcpip\..\{6414ECA6-81D3-4268-89CE-FD1A6E2E73D5}: NameServer = 124.254.72.68 124.254.72.70
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6121 bytes

I hope that someone can help me out with this problem. Thanks.

BC AdBot (Login to Remove)

 


m

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:09 PM

Posted 23 July 2009 - 10:24 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 silon and garfunkel

silon and garfunkel
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 24 July 2009 - 04:36 AM

Hi syler.

Thanks for the reply. A lot has happened since my last post. I was about to start a new topic when I saw this, so I will post here.

I have a problem with a piece of malware that seems to have survived a clean reinstall of windows. No antivirus or antimalware software on my computer could detect it. But passwords were being changed so I did a hijackthis scan and ran the log through an online scanner at networktechs. It said that the ctfmon entires were probably an infection. (It seems its legitimate use is to do with MS Office, which I have never had on this computer). As I could not get any help here, or at other sites, I did a clean reinstall of windows.

After the reinstall I put no discs or flash drives into the computer. I only downloaded Windows updates, Avira, Malwarebytes and Hijackthis. The first time I ran Hijackthis it came back as you see below with the ctfmon entries already there. There were a few more "04 ctfmon" entries before the reinstall.

I can't delete ctfmon.exe, if I rename it a fresh one with the old name pops up. If I check it in HJT it just comes back. I ran ctfmon through Virustotal and only one thing, Esafe detected anything, it found win32.banker.

I have heard that using Boot and Nuke will remove everything including all infections from a hard drive, if you could post instructions for this I could try it. The instructions I found on their site were a little vague.

I would be very grateful for any help you could offer with this problem, I really need to get this off my computer.

Here is the post reinstall HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:52 PM, on 7/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1248072560574
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 3527 bytes

Thanks for any help that you can offer.

Malwarebytes found nothing in safe and normal mode both before and after the reinstall. Logs were clean.

I will post the RSIT log you requested as soon as possible.

Thanks again.

#4 silon and garfunkel

silon and garfunkel
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 24 July 2009 - 04:55 AM

Here are the rsit logs.

info.txt logfile of random's system information tool 1.06 2009-07-24 19:44:04

======Uninstall list======

-->"C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Dell Photo AIO Printer 922-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
HijackThis 2.0.2-->"C:\hjt\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Sandboxie 3.38-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\SETUP.EXE" -l0x9
TADAust Connect-->"C:\Program Files\TADAust Connect\dialer.exe" uninstall
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-07-24]

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: LA-FRXTA9G0LG3A
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 530
Source Name: Disk
Time Written: 20090722174223.000000+600
Event Type: error
User:

Computer Name: LA-FRXTA9G0LG3A
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 529
Source Name: Disk
Time Written: 20090722174219.000000+600
Event Type: error
User:

Computer Name: LA-FRXTA9G0LG3A
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 528
Source Name: Disk
Time Written: 20090722174215.000000+600
Event Type: error
User:

Computer Name: LA-FRXTA9G0LG3A
Event Code: 20
Message: Printer Driver Dell Photo AIO Printer 922 for Windows NT x86 Version-3 was added or updated. Files:- DLBTDR5C.DLL, DLBTUI5C.DLL, DLBTUI5C.DLL, DLBTDRV.HLP, DLBTCLR1.LUT, DLBTCLR2.LUT, DLBTCLR3.LUT, DLBTCLR4.LUT, DLBTHPEC.DLL, DLBTHPEP.DLL, DLBTHPEH.DLL, DLBTFLIB.DLL, DLBTSTRN.DLL, DLBTLPA.HLP, DLBTNOTE.HLP, DLBTDRV.CNT, DLBTLPA.CNT, DLBTMA.CNT, DLBTJSWX.EXE, DLBTPSWX.EXE, DLBTJSW.DLL, DLBTJSWR.DLL, DLBTLPA.DLL, DLBTLPAR.DLL, DLBTPRP.DLL, DLBTPRPR.DLL, DLBTPSW.DLL, DLBTPSWR.DLL, DLBTUTIL.DLL, DLBTUPD.DLL, DLBTUPDR.DLL, DLBTCU.DLL, DLBTCUR.DLL, DLBTPP5C.DLL, LEXEDF.DLL, DLBTPCFG.DLL, lexgo.EXE, DLBTCLN.OUT, dlbtaual.out, hlp256.dll, ptzipw32.dll, dlbteula.txt, DLBTGF.DLL, dlbtsk0.dll, dlbtsk1.dll, dlbtsk2.dll, dlbtserv.dll, dlbtcomc.dll, dlbtprox.dll, dlbtcoms.exe, dlbthbn1.dll, dlbtusb1.dll, dlbtlmpm.dll, dlbtcomm.dll, dlbtpplc.dll, dlbtcfg.exe, dlbtw2k.ini, dlbtih.exe, dlbt.loc, dlbtvs.dll, dlbtprod.ini, dlbtunst.exe, dlbtins.dll, dlbtinsr.dll, dlbtcfg.dll, dlbtcomx.dll, dlbtpmui.dll, dlbtphau.out, dlbtphcl.out, dlbtprod.ver.

Record Number: 279
Source Name: Print
Time Written: 20090720163341.000000+600
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LA-FRXTA9G0LG3A
Event Code: 20
Message: Printer Driver Dell Photo AIO Printer 922 for Windows NT x86 Version-3 was added or updated. Files:- DLBTDR5C.DLL, DLBTUI5C.DLL, DLBTUI5C.DLL, DLBTDRV.HLP, DLBTCLR1.LUT, DLBTCLR2.LUT, DLBTCLR3.LUT, DLBTCLR4.LUT, DLBTHPEC.DLL, DLBTHPEP.DLL, DLBTHPEH.DLL, DLBTFLIB.DLL, DLBTSTRN.DLL, DLBTLPA.HLP, DLBTNOTE.HLP, DLBTDRV.CNT, DLBTLPA.CNT, DLBTMA.CNT, DLBTJSWX.EXE, DLBTPSWX.EXE, DLBTJSW.DLL, DLBTJSWR.DLL, DLBTLPA.DLL, DLBTLPAR.DLL, DLBTPRP.DLL, DLBTPRPR.DLL, DLBTPSW.DLL, DLBTPSWR.DLL, DLBTUTIL.DLL, DLBTUPD.DLL, DLBTUPDR.DLL, DLBTCU.DLL, DLBTCUR.DLL, DLBTPP5C.DLL, LEXEDF.DLL, DLBTPCFG.DLL, lexgo.EXE, DLBTCLN.OUT, dlbtaual.out, hlp256.dll, ptzipw32.dll, dlbteula.txt, DLBTGF.DLL, dlbtsk0.dll, dlbtsk1.dll, dlbtsk2.dll, dlbtserv.dll, dlbtcomc.dll, dlbtprox.dll, dlbtcoms.exe, dlbthbn1.dll, dlbtusb1.dll, dlbtlmpm.dll, dlbtcomm.dll, dlbtpplc.dll, dlbtcfg.exe, dlbtw2k.ini, dlbtih.exe, dlbt.loc, dlbtvs.dll, dlbtprod.ini, dlbtunst.exe, dlbtins.dll, dlbtinsr.dll, dlbtcfg.dll, dlbtcomx.dll, dlbtpmui.dll, dlbtphau.out, dlbtphcl.out, dlbtprod.ver.

Record Number: 260
Source Name: Print
Time Written: 20090720162927.000000+600
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-07-24 19:46:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 33 GB (87%) free of 38 GB
Total RAM: 254 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:30 PM, on 7/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Documents and Settings\Owner\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1248072560574
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 3477 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Dell Photo AIO Printer 922"=C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [2004-06-19 290816]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-07-24 19:43:38 ----D---- C:\rsit
2009-07-24 17:29:46 ----D---- C:\Program Files\CCleaner
2009-07-24 16:56:22 ----D---- C:\aaa
2009-07-23 19:49:22 ----D---- C:\Program Files\Mozilla Firefox
2009-07-23 19:45:39 ----D---- C:\hjt
2009-07-22 17:37:37 ----D---- C:\Program Files\Avira
2009-07-22 17:37:37 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-07-22 15:24:51 ----D---- C:\Sandbox
2009-07-22 15:24:32 ----A---- C:\WINDOWS\Sandboxie.ini
2009-07-22 15:24:22 ----D---- C:\Program Files\Sandboxie
2009-07-21 19:04:13 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-07-21 19:04:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-21 19:04:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-21 18:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-21 18:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-21 18:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-21 18:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-21 18:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-21 18:04:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-21 18:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-21 18:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-21 18:04:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-21 18:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-21 18:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-21 18:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-21 18:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-21 18:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-21 18:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-21 18:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-21 18:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-21 18:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-21 18:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-21 18:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-21 18:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-21 18:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-21 18:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-21 18:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-21 18:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-21 18:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-21 18:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-21 18:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-21 18:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-21 18:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-21 18:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-21 18:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-21 17:33:36 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-07-20 19:35:48 ----D---- C:\WINDOWS\ie8updates
2009-07-20 19:35:14 ----D---- C:\WINDOWS\WBEM
2009-07-20 19:34:11 ----HDC---- C:\WINDOWS\ie8
2009-07-20 19:33:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-20 17:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-20 17:11:50 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-20 17:11:32 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-20 17:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-20 17:11:30 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-20 16:57:46 ----A---- C:\WINDOWS\system32\wups2.dll
2009-07-20 16:57:46 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-07-20 16:57:46 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-07-20 16:57:45 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-07-20 16:57:45 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-07-20 16:47:57 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-07-20 16:43:36 ----D---- C:\Program Files\Qualcomm
2009-07-20 16:43:36 ----D---- C:\Program Files\Netscape
2009-07-20 16:43:36 ----D---- C:\Documents and Settings\Owner\Application Data\Thunderbird
2009-07-20 16:43:36 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2009-07-20 16:43:34 ----D---- C:\Program Files\TADAust Connect
2009-07-20 16:42:20 ----A---- C:\WINDOWS\system32\rnaph.dll
2009-07-20 16:33:53 ----A---- C:\WINDOWS\dellstat.ini
2009-07-20 16:33:24 ----RA---- C:\WINDOWS\system32\dlbtsnls.dll
2009-07-20 16:33:24 ----RA---- C:\WINDOWS\system32\dlbtcoin.dll
2009-07-20 16:33:13 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2009-07-20 16:28:57 ----A---- C:\WINDOWS\system32\dlbtpmui.dll
2009-07-20 16:28:56 ----A---- C:\WINDOWS\system32\dlbtvs.dll
2009-07-20 16:28:56 ----A---- C:\WINDOWS\system32\dlbtusb1.dll
2009-07-20 16:28:56 ----A---- C:\WINDOWS\system32\dlbtpplc.dll
2009-07-20 16:28:56 ----A---- C:\WINDOWS\system32\dlbtlmpm.dll
2009-07-20 16:28:56 ----A---- C:\WINDOWS\system32\dlbtih.exe
2009-07-20 16:28:56 ----A---- C:\WINDOWS\system32\dlbthbn1.dll
2009-07-20 16:28:56 ----A---- C:\WINDOWS\system32\dlbtcomm.dll
2009-07-20 16:28:56 ----A---- C:\WINDOWS\system32\dlbtcfg.exe
2009-07-20 16:28:55 ----A---- C:\WINDOWS\system32\dlbtserv.dll
2009-07-20 16:28:55 ----A---- C:\WINDOWS\system32\dlbtprox.dll
2009-07-20 16:28:55 ----A---- C:\WINDOWS\system32\dlbtcoms.exe
2009-07-20 16:28:55 ----A---- C:\WINDOWS\system32\dlbtcomc.dll
2009-07-20 16:28:54 ----A---- C:\WINDOWS\system32\dlbtcur.dll
2009-07-20 16:28:54 ----A---- C:\WINDOWS\system32\dlbtcu.dll
2009-07-20 16:28:50 ----A---- C:\WINDOWS\system32\dlbtjswr.dll
2009-07-20 16:28:45 ----A---- C:\WINDOWS\system32\dlbtutil.dll
2009-07-20 16:28:45 ----A---- C:\WINDOWS\system32\dlbtgf.dll
2009-07-20 16:28:44 ----D---- C:\Program Files\Dell Photo AIO Printer 922
2009-07-20 16:28:06 ----D---- C:\Temp
2009-07-20 16:22:13 ----D---- C:\WINDOWS\Prefetch
2009-07-20 16:14:55 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-07-20 16:14:55 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-07-20 16:14:41 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-07-20 16:14:40 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-20 16:14:40 ----N---- C:\WINDOWS\system32\azroles.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-20 16:14:39 ----N---- C:\WINDOWS\system32\credssp.dll
2009-07-20 16:14:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-07-20 16:14:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-20 16:14:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-07-20 16:14:37 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-20 16:14:37 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-20 16:14:37 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-07-20 16:14:37 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-07-20 16:14:37 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-20 16:14:37 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-20 16:14:37 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-20 16:14:36 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-20 16:14:36 ----N---- C:\WINDOWS\system32\onex.dll
2009-07-20 16:14:36 ----N---- C:\WINDOWS\system32\napstat.exe
2009-07-20 16:14:36 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-07-20 16:14:36 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-07-20 16:14:36 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-20 16:14:36 ----N---- C:\WINDOWS\system32\mssha.dll
2009-07-20 16:14:35 ----N---- C:\WINDOWS\system32\setupn.exe
2009-07-20 16:14:35 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-20 16:14:35 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-07-20 16:14:35 ----N---- C:\WINDOWS\system32\qutil.dll
2009-07-20 16:14:35 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-07-20 16:14:35 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-07-20 16:14:35 ----N---- C:\WINDOWS\system32\qagent.dll
2009-07-20 16:14:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-07-20 16:14:34 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-07-20 16:14:34 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-20 16:14:34 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-20 16:14:34 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-07-20 16:14:34 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-07-20 16:14:34 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-07-20 16:14:34 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-07-20 16:14:32 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-07-20 16:14:32 ----D---- C:\WINDOWS\system32\en-us
2009-07-20 16:14:32 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-07-20 16:14:31 ----D---- C:\WINDOWS\system32\scripting
2009-07-20 16:14:30 ----D---- C:\WINDOWS\l2schemas
2009-07-20 16:14:29 ----D---- C:\WINDOWS\system32\en
2009-07-20 16:14:29 ----D---- C:\WINDOWS\system32\bits
2009-07-20 16:10:20 ----D---- C:\WINDOWS\network diagnostic
2009-07-20 16:09:01 ----A---- C:\WINDOWS\004805_.tmp
2009-07-20 15:38:50 ----A---- C:\WINDOWS\000001_.tmp
2009-07-20 15:23:19 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2009-07-20 15:23:19 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2009-07-20 15:22:59 ----N---- C:\WINDOWS\Updreg.EXE
2009-07-20 15:22:59 ----A---- C:\WINDOWS\SBWIN.INI
2009-07-20 15:22:57 ----N---- C:\WINDOWS\system32\SFCVRT32.DLL
2009-07-20 15:22:57 ----N---- C:\WINDOWS\system32\MFCUIA32.DLL
2009-07-20 15:22:57 ----N---- C:\WINDOWS\system32\MFCANS32.DLL
2009-07-20 15:22:57 ----N---- C:\WINDOWS\system32\INETWH32.DLL
2009-07-20 15:22:57 ----N---- C:\WINDOWS\system32\AC3API.DLL
2009-07-20 15:22:57 ----N---- C:\WINDOWS\CTRES.DLL
2009-07-20 15:22:57 ----N---- C:\WINDOWS\CTCCW.DLL
2009-07-20 15:22:57 ----N---- C:\WINDOWS\AC3API.INI
2009-07-20 15:22:56 ----N---- C:\WINDOWS\system32\CTWFLT32.DLL
2009-07-20 15:22:56 ----N---- C:\WINDOWS\system32\CTL3D.DLL
2009-07-20 15:22:56 ----D---- C:\WINDOWS\system32\Defaults
2009-07-20 15:22:41 ----RA---- C:\WINDOWS\system32\CtDvInst.dll
2009-07-20 15:22:33 ----RA---- C:\WINDOWS\system32\sfms32.dll
2009-07-20 15:22:33 ----RA---- C:\WINDOWS\system32\sfman32.dll
2009-07-20 15:22:33 ----RA---- C:\WINDOWS\system32\P17res.dll
2009-07-20 15:22:33 ----RA---- C:\WINDOWS\system32\P17CPI.dll
2009-07-20 15:22:33 ----RA---- C:\WINDOWS\system32\P17.dll
2009-07-20 15:22:33 ----RA---- C:\WINDOWS\system32\A3d.dll
2009-07-20 15:22:33 ----D---- C:\WINDOWS\system32\Data
2009-07-20 15:22:33 ----A---- C:\WINDOWS\system32\LudaP17.ini
2009-07-20 15:22:33 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-07-20 15:22:33 ----A---- C:\WINDOWS\INRES.DLL
2009-07-20 15:22:32 ----A---- C:\WINDOWS\system32\OPENAL32.DLL
2009-07-20 15:22:32 ----A---- C:\WINDOWS\system32\EAX.DLL
2009-07-20 15:22:32 ----A---- C:\WINDOWS\P17DEF.EXE
2009-07-20 15:22:32 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-07-20 15:21:21 ----D---- C:\Program Files\Creative
2009-07-20 15:19:48 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\igfxtray.exe
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\igfxress.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\igfxpph.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\igfxexps.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\igfxdo.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\igfxdev.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\ialmrem.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\ialmgicd.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\ialmgdev.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\ialmdev5.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\ialmdd5.dll
2009-07-20 15:18:12 ----A---- C:\WINDOWS\system32\iAlmCoIn_v3762.dll
2009-07-20 15:18:11 ----D---- C:\WINDOWS\Drivers
2009-07-20 15:18:11 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-07-20 15:18:11 ----A---- C:\WINDOWS\system32\hccutils.dll
2009-07-20 15:17:04 ----D---- C:\drvrtmp
2009-07-20 15:17:04 ----A---- C:\WINDOWS\system32\Prounstl.exe
2009-07-20 15:17:04 ----A---- C:\WINDOWS\system32\IntelNic.dll
2009-07-20 15:17:04 ----A---- C:\WINDOWS\system32\e100bmsg.dll
2009-07-20 15:16:13 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-07-20 15:16:08 ----D---- C:\Program Files\CONEXANT
2009-07-20 15:15:47 ----A---- C:\WINDOWS\system32\HSFCI008.dll
2009-07-20 15:14:56 ----SHD---- C:\RECYCLER
2009-07-20 15:13:07 ----D---- C:\Program Files\Intel
2009-07-20 15:09:44 ----RA---- C:\WINDOWS\system32\hhactivex.dll
2009-07-20 15:09:44 ----A---- C:\WINDOWS\system32\RcdScan.dll
2009-07-20 15:09:43 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2009-07-20 15:09:42 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-20 15:09:35 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-19 04:42:52 ----A---- C:\WINDOWS\system32\h323log.txt
2009-07-19 04:41:18 ----A---- C:\WINDOWS\system32\usbui.dll
2009-07-19 04:40:29 ----D---- C:\Program Files\Common Files\ODBC
2009-07-19 04:40:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-19 04:40:29 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-19 04:40:26 ----RD---- C:\Program Files
2009-07-19 04:40:26 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-07-19 04:40:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-19 04:40:26 ----D---- C:\Program Files\Common Files
2009-07-19 04:40:24 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-07-19 04:40:24 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-07-19 04:40:24 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-07-19 04:40:23 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-07-19 04:40:22 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-07-19 04:40:22 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-07-19 04:40:22 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-07-19 04:40:22 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-07-19 04:40:22 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-07-19 04:40:22 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-07-19 04:40:22 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-07-19 04:40:21 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-07-19 04:40:21 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-07-19 04:40:21 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-07-19 04:40:21 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-07-19 04:40:21 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-07-19 04:40:20 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-07-19 04:40:20 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-07-19 04:40:20 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-07-19 04:40:20 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-07-19 04:40:20 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-07-19 04:40:19 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-07-19 04:40:19 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-07-19 04:40:19 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-07-19 04:40:19 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-07-19 04:40:19 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-07-19 04:40:19 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-07-19 04:40:19 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-07-19 04:40:19 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-07-19 04:40:18 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-19 04:40:18 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-07-19 04:40:18 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-07-19 04:40:17 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-19 04:40:17 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-07-19 04:40:16 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-07-19 04:40:16 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-07-19 04:40:16 ----A---- C:\WINDOWS\system32\batt.dll
2009-07-19 04:40:16 ----A---- C:\WINDOWS\notepad.exe
2009-07-19 04:40:15 ----A---- C:\WINDOWS\system32\storprop.dll
2009-07-19 04:40:08 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-07-19 04:40:07 ----RA---- C:\WINDOWS\SETD.tmp
2009-07-19 04:40:06 ----RA---- C:\WINDOWS\SET7.tmp
2009-07-19 04:40:04 ----RA---- C:\WINDOWS\SET3.tmp
2009-07-19 04:39:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-19 04:39:58 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-19 04:39:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-19 04:39:38 ----D---- C:\Documents and Settings
2009-07-19 04:37:50 ----RASH---- C:\boot.ini
2009-07-19 04:35:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-19 04:35:07 ----RSD---- C:\WINDOWS\Fonts
2009-07-19 04:35:07 ----RD---- C:\WINDOWS\Web
2009-07-19 04:35:07 ----HD---- C:\WINDOWS\inf
2009-07-19 04:35:07 ----D---- C:\WINDOWS\WinSxS
2009-07-19 04:35:07 ----D---- C:\WINDOWS\twain_32
2009-07-19 04:35:07 ----D---- C:\WINDOWS\Temp
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\wins
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\wbem
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\usmt
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\spool
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\ShellExt
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\Setup
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\ras
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\oobe
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\npp
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\mui
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\IME
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\icsxml
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\ias
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\export
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\drivers
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\dhcp
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\config
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\3com_dmi
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\3076
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\2052
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\1054
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\1042
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\1041
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\1037
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\1033
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\1031
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\1028
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32\1025
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system32
2009-07-19 04:35:07 ----D---- C:\WINDOWS\system
2009-07-19 04:35:07 ----D---- C:\WINDOWS\security
2009-07-19 04:35:07 ----D---- C:\WINDOWS\Resources
2009-07-19 04:35:07 ----D---- C:\WINDOWS\repair
2009-07-19 04:35:07 ----D---- C:\WINDOWS\mui
2009-07-19 04:35:07 ----D---- C:\WINDOWS\msapps
2009-07-19 04:35:07 ----D---- C:\WINDOWS\msagent
2009-07-19 04:35:07 ----D---- C:\WINDOWS\Media
2009-07-19 04:35:07 ----D---- C:\WINDOWS\java
2009-07-19 04:35:07 ----D---- C:\WINDOWS\ime
2009-07-19 04:35:07 ----D---- C:\WINDOWS\Help
2009-07-19 04:35:07 ----D---- C:\WINDOWS\Driver Cache
2009-07-19 04:35:07 ----D---- C:\WINDOWS\Debug
2009-07-19 04:35:07 ----D---- C:\WINDOWS\Cursors
2009-07-19 04:35:07 ----D---- C:\WINDOWS\Connection Wizard
2009-07-19 04:35:07 ----D---- C:\WINDOWS\Config
2009-07-19 04:35:07 ----D---- C:\WINDOWS\AppPatch
2009-07-19 04:35:07 ----D---- C:\WINDOWS\addins
2009-07-19 04:35:07 ----D---- C:\WINDOWS
2009-07-18 19:10:36 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-18 19:09:23 ----SD---- C:\WINDOWS\system32\Microsoft
2009-07-18 19:05:47 ----N---- C:\WINDOWS\system32\proxycfg.exe
2009-07-18 19:05:47 ----N---- C:\WINDOWS\system32\logman.exe
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\btpanui.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\bthserv.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\bthci.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\blastcln.exe
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\auditusr.exe
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-07-18 19:05:39 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-18 19:05:38 ----N---- C:\WINDOWS\system32\httpapi.dll
2009-07-18 19:05:38 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-18 19:05:38 ----N---- C:\WINDOWS\system32\fwcfg.dll
2009-07-18 19:05:38 ----N---- C:\WINDOWS\system32\fsquirt.exe
2009-07-18 19:05:38 ----N---- C:\WINDOWS\system32\fltmc.exe
2009-07-18 19:05:38 ----N---- C:\WINDOWS\system32\fltlib.dll
2009-07-18 19:05:38 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-07-18 19:05:38 ----N---- C:\WINDOWS\system32\dxdiagn.dll
2009-07-18 19:05:38 ----N---- C:\WINDOWS\system32\d3d9.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\mp4sdmod.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\mp43dmod.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdukx.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdno1.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdinben.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2009-07-18 19:05:37 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2009-07-18 19:05:37 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\powercfg.exe
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\p2psvc.dll
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\p2p.dll
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2009-07-18 19:05:36 ----N---- C:\WINDOWS\system32\msdadiag.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\wmidx.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\wmerror.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\winshfhc.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\w3ssl.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\twext.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\strmfilt.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\smbinst.exe
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\slserv.exe
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\slgen.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2009-07-18 19:05:35 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-07-18 19:05:34 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2009-07-18 19:05:34 ----N---- C:\WINDOWS\system32\wshbth.dll
2009-07-18 19:05:34 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll
2009-07-18 19:05:34 ----N---- C:\WINDOWS\system32\wmspdmoe.dll
2009-07-18 19:05:34 ----N---- C:\WINDOWS\system32\wmspdmod.dll
2009-07-18 19:05:34 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll
2009-07-18 19:05:34 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-18 19:05:34 ----N---- C:\WINDOWS\system32\wmpasf.dll
2009-07-18 19:05:34 ----N---- C:\WINDOWS\system32\wmp.dll
2009-07-18 19:05:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-07-18 19:05:34 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-07-18 19:05:34 ----A---- C:\WINDOWS\system32\wscntfy.exe
2009-07-18 19:05:33 ----N---- C:\WINDOWS\system32\xpob2res.dll
2009-07-18 19:05:33 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2009-07-18 19:05:33 ----N---- C:\WINDOWS\system32\xmlprov.dll
2009-07-18 19:05:33 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2009-07-18 19:05:33 ----N---- C:\WINDOWS\slrundll.exe
2009-07-18 19:05:33 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-07-18 19:05:33 ----A---- C:\WINDOWS\system32\wups.dll
2009-07-18 19:05:33 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-07-18 19:05:31 ----D---- C:\WINDOWS\peernet
2009-07-18 19:05:30 ----D---- C:\WINDOWS\provisioning
2009-07-18 19:03:45 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-18 19:00:56 ----A---- C:\WINDOWS\002043_.tmp
2009-07-18 19:00:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-18 19:00:36 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-18 18:58:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-18 18:58:35 ----D---- C:\WINDOWS\EHome
2009-07-18 18:54:15 ----SHD---- C:\WINDOWS\Installer
2009-07-18 18:54:12 ----D---- C:\Documents and Settings\Owner\Application Data\Identities
2009-07-18 18:54:06 ----HD---- C:\Program Files\Uninstall Information
2009-07-18 18:54:03 ----ASH---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2009-07-18 18:54:02 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-07-18 18:53:57 ----SHD---- C:\System Volume Information
2009-07-18 18:53:56 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-07-18 18:50:34 ----D---- C:\WINDOWS\system32\xircom
2009-07-18 18:50:34 ----D---- C:\Program Files\xerox
2009-07-18 18:50:34 ----D---- C:\Program Files\microsoft frontpage
2009-07-18 18:50:31 ----D---- C:\DELL
2009-07-18 18:48:29 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2009-07-18 18:47:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-18 18:47:28 ----A---- C:\WINDOWS\control.ini
2009-07-18 18:47:28 ----A---- C:\AUTOEXEC.BAT
2009-07-18 18:47:16 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-07-18 18:46:32 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-18 18:46:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-18 18:46:31 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-18 18:46:26 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-18 18:46:08 ----D---- C:\WINDOWS\system32\DirectX
2009-07-18 18:45:49 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-07-18 18:45:49 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-07-18 18:45:49 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-07-18 18:45:49 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-07-18 18:45:49 ----A---- C:\WINDOWS\system32\atrace.dll
2009-07-18 18:45:47 ----A---- C:\WINDOWS\system32\desktop.ini
2009-07-18 18:45:47 ----A---- C:\WINDOWS\desktop.ini
2009-07-18 18:45:42 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-07-18 18:45:42 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-07-18 18:45:42 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-07-18 18:45:41 ----D---- C:\Program Files\Common Files\Services
2009-07-18 18:45:41 ----A---- C:\WINDOWS\system32\acctres.dll
2009-07-18 18:45:40 ----A---- C:\WINDOWS\system32\inetres.dll
2009-07-18 18:45:38 ----SD---- C:\WINDOWS\Tasks
2009-07-18 18:45:38 ----A---- C:\WINDOWS\system32\isign32.dll
2009-07-18 18:45:38 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-07-18 18:45:38 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-07-18 18:45:37 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-07-18 18:45:37 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-07-18 18:45:36 ----D---- C:\Program Files\Common Files\MSSoap
2009-07-18 18:45:33 ----D---- C:\WINDOWS\srchasst
2009-07-18 18:45:32 ----D---- C:\WINDOWS\system32\Macromed
2009-07-18 18:45:32 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-07-18 18:45:32 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-07-18 18:45:31 ----D---- C:\Program Files\Movie Maker
2009-07-18 18:45:28 ----D---- C:\WINDOWS\system32\Restore
2009-07-18 18:45:28 ----D---- C:\WINDOWS\PCHealth
2009-07-18 18:45:28 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-07-18 18:45:28 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-07-18 18:45:28 ----A---- C:\WINDOWS\system32\srclient.dll
2009-07-18 18:45:28 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-07-18 18:45:28 ----A---- C:\WINDOWS\system32\ils.dll
2009-07-18 18:45:27 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-07-18 18:45:27 ----A---- C:\WINDOWS\system32\msconf.dll
2009-07-18 18:45:26 ----D---- C:\Program Files\NetMeeting
2009-07-18 18:45:26 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-18 18:45:26 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-18 18:45:25 ----D---- C:\Program Files\Outlook Express
2009-07-18 18:45:25 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-07-18 18:45:25 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-18 18:45:24 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-07-18 18:45:24 ----A---- C:\WINDOWS\system32\mstask.dll
2009-07-18 18:45:22 ----D---- C:\Program Files\Internet Explorer
2009-07-18 18:45:22 ----D---- C:\Program Files\Common Files\System
2009-07-18 18:45:08 ----D---- C:\Program Files\ComPlus Applications
2009-07-18 18:45:07 ----A---- C:\WINDOWS\vbaddin.ini
2009-07-18 18:45:07 ----A---- C:\WINDOWS\vb.ini
2009-07-18 18:45:02 ----D---- C:\WINDOWS\Registration
2009-07-18 18:44:38 ----HD---- C:\Program Files\WindowsUpdate
2009-07-18 18:44:38 ----D---- C:\Program Files\Windows Media Player
2009-07-18 18:44:38 ----D---- C:\Program Files\Online Services
2009-07-18 18:44:33 ----D---- C:\Program Files\Messenger
2009-07-18 18:44:29 ----D---- C:\Program Files\MSN Gaming Zone
2009-07-18 18:44:29 ----A---- C:\WINDOWS\system32\write.exe
2009-07-18 18:44:24 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-07-18 18:44:23 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-07-18 18:44:23 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-07-18 18:44:23 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-07-18 18:44:23 ----A---- C:\WINDOWS\system32\hticons.dll
2009-07-18 18:44:23 ----A---- C:\WINDOWS\system32\avwav.dll
2009-07-18 18:44:23 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-07-18 18:44:23 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-07-18 18:44:22 ----A---- C:\WINDOWS\system32\winchat.exe
2009-07-18 18:44:18 ----A---- C:\WINDOWS\system32\winmine.exe
2009-07-18 18:44:18 ----A---- C:\WINDOWS\system32\sol.exe
2009-07-18 18:44:18 ----A---- C:\WINDOWS\system32\getuname.dll
2009-07-18 18:44:18 ----A---- C:\WINDOWS\system32\charmap.exe
2009-07-18 18:44:18 ----A---- C:\WINDOWS\system32\calc.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\tskill.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\tscon.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\shadow.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\reset.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\regini.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-07-18 18:44:17 ----A---- C:\WINDOWS\system32\freecell.exe
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\msg.exe
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\logoff.exe
2009-07-18 18:44:16 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-07-18 18:44:15 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-07-18 18:44:15 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-07-18 18:44:15 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-07-18 18:44:15 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-07-18 18:44:15 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-07-18 18:44:15 ----A---- C:\WINDOWS\system32\colbact.dll
2009-07-18 18:44:14 ----A---- C:\WINDOWS\system32\stclient.dll
2009-07-18 18:44:14 ----A---- C:\WINDOWS\system32\comuid.dll
2009-07-18 18:44:14 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-07-18 18:44:14 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-07-18 18:44:14 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-07-18 18:44:14 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-07-18 18:44:14 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-07-18 18:44:14 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-07-18 18:44:09 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-07-18 18:44:09 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-07-18 18:44:09 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-07-18 18:44:09 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-07-18 18:44:05 ----D---- C:\Program Files\Windows NT
2009-07-18 18:44:05 ----D---- C:\Program Files\MSN
2009-07-18 18:44:05 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-07-18 18:44:05 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-07-18 18:44:05 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-07-18 18:44:04 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-07-18 18:44:04 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-07-18 18:44:04 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-07-18 18:44:04 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-07-18 18:44:04 ----A---- C:\WINDOWS\system32\spider.exe
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-07-18 18:44:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-07-18 18:44:02 ----D---- C:\WINDOWS\system32\MsDtc
2009-07-18 18:44:02 ----D---- C:\WINDOWS\system32\Com
2009-07-18 18:44:02 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-07-18 18:44:02 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-07-18 18:44:02 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-07-18 18:44:00 ----A---- C:\WINDOWS\system32\licwmi.dll

======List of files/folders modified in the last 1 months======

2009-07-19 04:40:25 ----A---- C:\WINDOWS\system.ini
2009-07-18 19:06:34 ----A---- C:\WINDOWS\win.ini
2009-07-18 19:01:45 ----RASH---- C:\NTDETECT.COM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-10 840960]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-14 44032]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-05-28 53760]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-17 421888]

-----------------EOF-----------------

#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:09 PM

Posted 24 July 2009 - 10:23 AM

Hello silon and garfunkel,

I don't think that you have any malware problems here, ctfmon.exe is a legitimate file that comes with a clean install of
Windows XP it has in some cases been linked with malware but im sure that is not the case here. We can run a rootkit scan
but if it finds nothing I dont think you have any problems.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

unite.jpg


#6 silon and garfunkel

silon and garfunkel
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 25 July 2009 - 03:09 AM

Hi syler.

Thanks for the help.

I hope you are right about there being no malware. I will download gmer and post the results with my next post.

I have just a couple of questions. In case you can shed any light.

1. Why would esafe at virustotal detect win32.banker in ctfmon?

2. Why would the hijackthis log scanner at networktechs say ctfmon is nearly always bad?

Thanks.

#7 silon and garfunkel

silon and garfunkel
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 25 July 2009 - 03:51 AM

This was all there was.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-25 18:41:04
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT F990FB9E ZwCreateKey
SSDT F990FB94 ZwCreateThread
SSDT F990FBA3 ZwDeleteKey
SSDT F990FBAD ZwDeleteValueKey
SSDT F990FBB2 ZwLoadKey
SSDT F990FB80 ZwOpenProcess
SSDT F990FB85 ZwOpenThread
SSDT F990FBBC ZwReplaceKey
SSDT F990FBB7 ZwRestoreKey
SSDT F990FBA8 ZwSetValueKey
SSDT F990FB8F ZwTerminateProcess

---- EOF - GMER 1.0.15 ----

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:09 PM

Posted 25 July 2009 - 03:59 AM

1. Why would esafe at virustotal detect win32.banker in ctfmon?


It is just a false positive, it happens, when 40 out of 41 scanners are telling me it's fine, I would generally belive the 40.
I have just scanned ctfmon from my machine, this is what I got.

http://www.virustotal.com/analisis/5fb24fc...e5b1-1248512194

2. Why would the hijackthis log scanner at networktechs say ctfmon is nearly always bad?


Well like I said it can be linked with malware so that's why it will be flagging it but I wouldn't trust an automated analysis,
they can produce false positives too.

Notings showing with Gmer so I am sure you are clean, do you have anymore questions if not I will close this topic.

Syler

unite.jpg


#9 silon and garfunkel

silon and garfunkel
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 26 July 2009 - 03:23 AM

OK syler, I'm sure you're right, thanks for helping.

I have just one more question if thats ok. On the first HJT log that I posted here IE is shown twice but I only had one window with IE open. Is this normal?

C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

Edited by silon and garfunkel, 26 July 2009 - 03:25 AM.


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:09 PM

Posted 26 July 2009 - 05:12 AM

Yes that can be normal it's nothing to worry about, I think you are looking to hard for problems that aren't there,
I will close this topic now since you appear to be clean.

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users