Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High Cpu Usage And Random Pop-ups


  • Please log in to reply
3 replies to this topic

#1 chrimbo

chrimbo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 06 May 2007 - 12:03 AM

Ok i been having a problem lately with my pc's cpu usage being unusually high with no programs running .
I have like 29 basic processes running but yet my usage is still maxed out .I have also been getting strange pop-ups from random sites in internet explorer.

system specs------------------------

Windows XP Home Edition Sp.2
AMD Athlon 64Bit 3400+ 2.39 GHz
1G of DDR Ram

----------------------------------------





heres my hijack this log , maybe i am running some malicious processes ?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:24:26 AM, on 4/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - C:\WINDOWS\SYSTEM32\TUVSPQO.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C478256C-D3F9-42B7-99C0-B89BCB9533C3} - C:\WINDOWS\System32\geedb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {F6418BBF-26C8-4A2B-9860-1DAA424CE6D7} - C:\WINDOWS\system32\tgabjnnd.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\vrpgakjh.dll",realset
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\System32\geedb.dll
O20 - Winlogon Notify: tuvspqo - C:\WINDOWS\SYSTEM32\tuvspqo.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 6224 bytes



hopefull someone will know whats wrong

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 06 May 2007 - 06:16 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum chrimbo :thumbsup:

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Restart your pc.
As well as the above,also post a new Hijackthis log please.

Posted Image
Posted Image

#3 chrimbo

chrimbo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 06 May 2007 - 08:25 PM

ok i used the vundo program and it found several bad files and deleted them
everything seems to be running better but just in case here are my high-jack this and combo fix logs
--------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:21:15 PM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5E7CFE21-F949-49E6-A1D0-C23D3A0A1995} - C:\WINDOWS\system32\jkklk.dll (file missing)
O2 - BHO: (no name) - {9CF7DB9A-D1E2-4BB3-8C5F-09B019FB12C0} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {F6418BBF-26C8-4A2B-9860-1DAA424CE6D7} - C:\WINDOWS\system32\usniyjbw.dll (file missing)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


------------------------------------------------------------------------------------------------------------------------------------

"Owner" - 2007-05-06 20:11:57 Service Pack 2
ComboFix 07-05.07.1.V - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\albaymuy.dll
C:\WINDOWS\system32\yumyabla.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))


2007-05-06 19:59 <DIR> d-------- C:\VundoFix Backups
2007-05-06 04:53 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-05-05 13:26 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2007-05-05 13:26 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2007-05-05 13:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-05-04 16:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-04 15:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-04 12:38 <DIR> dr-h----- C:\DOCUME~1\Owner\APPLIC~1\yahoo!
2007-04-29 07:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Messenger 5.0.0544
2007-04-29 07:40 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-26 22:26 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ventrilo
2007-04-26 22:25 <DIR> d-------- C:\Program Files\Ventrilo
2007-04-26 22:20 22,584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-26 22:19 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-04-26 22:19 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-04-26 20:54 <DIR> d-------- C:\Program Files\Activision
2007-04-26 20:51 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-04-26 18:50 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-04-26 02:46 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-04-26 02:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-26 02:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-26 02:18 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-04-26 02:16 <DIR> d-------- C:\Program Files\iTunes
2007-04-26 02:16 <DIR> d-------- C:\Program Files\iPod
2007-04-26 02:14 <DIR> d-------- C:\Program Files\QuickTime
2007-04-26 02:12 <DIR> d-------- C:\Program Files\Apple Software Update
2007-04-26 02:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-04-25 06:47 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-04-25 06:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-25 06:37 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-04-25 02:18 1,500,509 ---hs---- C:\WINDOWS\system32\bdeeg.ini2
2007-04-22 12:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-22 12:03 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-04-22 12:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 04:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore
2007-04-22 04:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-04-22 04:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-04-22 04:55 <DIR> d-------- C:\Program Files\Viewpoint
2007-04-22 04:55 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-04-22 04:55 <DIR> d-------- C:\Program Files\AIM6
2007-04-22 04:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-04-22 04:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-04-22 04:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-04-22 04:49 <DIR> d-------- C:\Program Files\Yahoo!
2007-04-22 02:09 4 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\8EA1D971.DAT
2007-04-22 02:09 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\MilkShape 3D 1.x.x
2007-04-21 23:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-21 23:18 <DIR> d-------- C:\Program Files\Steam
2007-04-21 03:12 335 --a------ C:\WINDOWS\mozregistry.dat
2007-04-20 19:07 <DIR> d-------- C:\Program Files\FlashFXP
2007-04-20 19:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\FlashFXP
2007-04-20 19:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SmartFTP
2007-04-20 17:19 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-04-20 17:19 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-20 17:19 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-04-20 17:14 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Publish Providers
2007-04-20 17:13 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sony
2007-04-20 17:07 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-04-20 17:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-04-20 17:06 <DIR> d-------- C:\Program Files\Vstplugins
2007-04-20 17:05 <DIR> d-------- C:\Program Files\Sony
2007-04-20 16:57 <DIR> d-------- C:\Program Files\Sony Setup
2007-04-20 00:42 <DIR> d-------- C:\DOCUME~1\Owner\Shared
2007-04-20 00:42 <DIR> d-------- C:\DOCUME~1\Owner\Incomplete
2007-04-20 00:42 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\LimeWire
2007-04-18 00:27 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Help
2007-04-18 00:03 <DIR> d-------- C:\WINDOWS\pss
2007-04-17 22:59 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-04-17 22:58 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-17 22:58 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-17 22:58 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-17 22:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-17 22:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-17 22:58 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-04-17 22:58 <DIR> d-------- C:\Program Files\DivX
2007-04-17 21:52 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-17 01:01 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-04-17 01:01 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-04-17 01:01 <DIR> d-------- C:\Program Files\AlienGUIse
2007-04-16 21:36 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-04-16 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-04-16 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-16 03:00 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-15 23:38 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-04-15 22:45 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-15 22:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-15 20:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\.gaim
2007-04-15 20:55 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-04-15 20:54 <DIR> d-------- C:\Fraps
2007-04-15 19:32 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Creative
2007-04-15 19:30 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-15 19:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-15 19:25 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-04-15 19:25 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2007-04-15 19:25 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-04-15 19:25 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-04-15 19:25 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-04-15 19:25 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-04-15 19:25 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-04-15 19:25 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-04-15 19:25 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-04-15 19:25 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-15 19:25 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-04-15 19:25 755,200 --------- C:\WINDOWS\system32\ir50_32.dll
2007-04-15 19:25 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-04-15 19:25 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-04-15 19:25 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-04-15 19:25 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-15 19:25 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-04-15 19:25 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-04-15 19:25 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-04-15 19:25 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-04-15 19:25 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-04-15 19:25 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-04-15 19:25 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-15 19:25 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-04-15 19:25 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-04-15 19:25 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-04-15 19:25 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-15 19:25 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-04-15 19:25 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-04-15 19:25 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-04-15 19:25 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-04-15 19:25 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-04-15 19:25 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-04-15 19:25 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-04-15 19:25 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-04-15 19:25 59,392 --------- C:\WINDOWS\system32\logman.exe
2007-04-15 19:25 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-04-15 19:25 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-04-15 19:25 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2007-04-15 19:25 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-15 19:25 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-04-15 19:25 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-04-15 19:25 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-04-15 19:25 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-04-15 19:25 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2007-04-15 19:25 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-04-15 19:25 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-04-15 19:25 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-04-15 19:25 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-04-15 19:25 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-04-15 19:25 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-04-15 19:25 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-04-15 19:25 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-04-15 19:25 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-04-15 19:25 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-04-15 19:25 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-04-15 19:25 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-04-15 19:25 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2007-04-15 19:25 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-04-15 19:25 4,096 --------- C:\WINDOWS\system32\MP4SDMOD.dll
2007-04-15 19:25 4,096 --------- C:\WINDOWS\system32\MP43DMOD.dll
2007-04-15 19:25 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-04-15 19:25 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-04-15 19:25 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-04-15 19:25 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-04-15 19:25 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-04-15 19:25 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-04-15 19:25 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-04-15 19:25 338,432 --------- C:\WINDOWS\system32\ir41_qcx.dll
2007-04-15 19:25 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-04-15 19:25 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-04-15 19:25 32,866 --------- C:\WINDOWS\slrundll.exe
2007-04-15 19:25 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-04-15 19:25 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-04-15 19:25 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2007-04-15 19:25 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-04-15 19:25 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-04-15 19:25 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-04-15 19:25 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-04-15 19:25 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-04-15 19:25 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-04-15 19:25 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-04-15 19:25 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-04-15 19:25 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-04-15 19:25 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-04-15 19:25 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-04-15 19:25 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-04-15 19:25 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-04-15 19:25 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-04-15 19:25 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-04-15 19:25 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-04-15 19:25 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-04-15 19:25 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-04-15 19:25 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-04-15 19:25 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-04-15 19:25 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-04-15 19:25 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-04-15 19:25 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-04-15 19:25 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-15 19:25 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-04-15 19:25 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-04-15 19:25 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-04-15 19:25 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-04-15 19:25 200,192 --------- C:\WINDOWS\system32\ir50_qc.dll
2007-04-15 19:25 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-04-15 19:25 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2007-04-15 19:25 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-04-15 19:25 183,808 --------- C:\WINDOWS\system32\ir50_qcx.dll
2007-04-15 19:25 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-04-15 19:25 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-04-15 19:25 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-04-15 19:25 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-04-15 19:25 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-04-15 19:25 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-04-15 19:25 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-15 19:25 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-04-15 19:25 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-04-15 19:25 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-04-15 19:25 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-04-15 19:25 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-04-15 19:25 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-04-15 19:25 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-04-15 19:25 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-04-15 19:25 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-04-15 19:25 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-04-15 19:25 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-04-15 19:25 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-04-15 19:25 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-04-15 19:25 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-04-15 19:25 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-04-15 19:25 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-04-15 19:25 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-15 19:25 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-04-15 19:25 120,320 --------- C:\WINDOWS\system32\ir41_qc.dll
2007-04-15 19:25 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-04-15 19:25 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-04-15 19:25 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-04-15 19:25 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2007-04-15 19:25 116,224 --------- C:\WINDOWS\system32\p2p.dll
2007-04-15 19:25 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-04-15 19:25 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-04-15 19:25 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-04-15 19:25 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-04-15 19:25 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-04-15 19:25 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-04-15 19:25 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-04-15 19:25 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-04-15 19:25 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-04-15 19:25 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-04-15 19:25 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-15 19:25 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-04-15 19:25 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-04-15 19:25 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-15 19:25 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-04-15 19:25 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-04-15 19:25 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-04-15 19:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-15 19:22 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-04-15 18:55 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-15 18:40 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-04-15 18:39 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-04-15 18:39 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-04-15 18:39 <DIR> d--h----- C:\Program Files\Creative Installation Information
2007-04-15 18:39 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-04-15 18:38 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-15 18:38 <DIR> d-------- C:\WINDOWS\peernet
2007-04-15 18:37 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-04-15 18:37 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-15 18:37 8,704 -ra------ C:\WINDOWS\system32\drivers\Pfmodnt.sys
2007-04-15 18:37 65,536 -ra------ C:\WINDOWS\system32\A3d.dll
2007-04-15 18:37 64,512 -ra------ C:\WINDOWS\system32\P17.dll
2007-04-15 18:37 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-15 18:37 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-15 18:37 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-15 18:37 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-15 18:37 53,248 -ra------ C:\WINDOWS\system32\P17CPI.dll
2007-04-15 18:37 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-04-15 18:37 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-15 18:37 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-15 18:37 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-15 18:37 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-15 18:37 138,752 -ra------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
2007-04-15 18:37 137,728 -ra------ C:\WINDOWS\system32\P17res.dll
2007-04-15 18:37 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll
2007-04-15 18:37 115,200 -ra------ C:\WINDOWS\system32\sfms32.dll
2007-04-15 18:37 106,496 -ra------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2007-04-15 18:37 1,389,056 -ra------ C:\WINDOWS\system32\drivers\P17.sys
2007-04-15 18:36 11,264 --a------ C:\WINDOWS\INRES.DLL
2007-04-15 18:36 <DIR> d-------- C:\WINDOWS\system32\Data
2007-04-15 18:34 <DIR> d-------- C:\Program Files\Creative
2007-04-15 18:32 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-15 18:26 97,280 --a------ C:\WINDOWS\system32\dpcdll.dll
2007-04-15 18:26 937,984 --a------ C:\WINDOWS\system32\winbrand.dll
2007-04-15 18:26 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2007-04-15 18:26 4,096 --a------ C:\WINDOWS\system32\dsprpres.dll
2007-04-15 18:26 37,376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-04-15 18:26 270,848 --a------ C:\WINDOWS\system32\sbe.dll
2007-04-15 18:26 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-04-15 18:26 24,064 --a------ C:\WINDOWS\system32\pidgen.dll
2007-04-15 18:26 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-15 18:26 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2007-04-15 18:26 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-04-15 18:26 186,368 --a------ C:\WINDOWS\system32\encdec.dll
2007-04-15 18:26 159,232 --a------ C:\WINDOWS\system32\sbeio.dll
2007-04-15 18:26 134,656 --a------ C:\WINDOWS\system32\mssap.dll
2007-04-15 18:26 12,416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-04-15 18:26 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2007-04-15 18:26 1,501,537 ---hs---- C:\WINDOWS\system32\bdeeg.bak2
2007-04-15 18:25 994,304 --a------ C:\WINDOWS\system32\msgina.dll
2007-04-15 18:25 99,328 --a------ C:\WINDOWS\system32\winscard.dll
2007-04-15 18:25 984,576 --a------ C:\WINDOWS\system32\syssetup.dll
2007-04-15 18:25 983,552 --a------ C:\WINDOWS\system32\setupapi.dll
2007-04-15 18:25 981,760 --a------ C:\WINDOWS\system32\mfc42u.dll
2007-04-15 18:25 98,304 --a------ C:\WINDOWS\system32\slbiop.dll
2007-04-15 18:25 98,304 --a------ C:\WINDOWS\system32\cscript.exe
2007-04-15 18:25 98,304 --a------ C:\WINDOWS\system32\ahui.exe
2007-04-15 18:25 97,280 --a------ C:\WINDOWS\system32\loadperf.dll
2007-04-15 18:25 96,768 --a------ C:\WINDOWS\system32\srvsvc.dll
2007-04-15 18:25 96,768 --a------ C:\WINDOWS\system32\psbase.dll
2007-04-15 18:25 96,256 --a------ C:\WINDOWS\system32\drivers\scsiport.sys
2007-04-15 18:25 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-15 18:25 95,744 --a------ C:\WINDOWS\system32\scardsvr.exe
2007-04-15 18:25 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2007-04-15 18:25 94,208 --a------ C:\WINDOWS\system32\odbcint.dll
2007-04-15 18:25 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-15 18:25 92,672 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-04-15 18:25 92,672 --a------ C:\WINDOWS\system32\dskquota.dll
2007-04-15 18:25 92,224 --a------ C:\WINDOWS\system32\krnl386.exe
2007-04-15 18:25 92,168 --a------ C:\WINDOWS\system32\rdpdd.dll
2007-04-15 18:25 92,032 --a------ C:\WINDOWS\system32\drivers\ksecdd.sys
2007-04-15 18:25 91,776 --a------ C:\WINDOWS\system32\drivers\ndiswan.sys
2007-04-15 18:25 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-04-15 18:25 91,136 --a------ C:\WINDOWS\system32\ntprint.dll
2007-04-15 18:25 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-15 18:25 90,624 --a------ C:\WINDOWS\system32\trkwks.dll
2007-04-15 18:25 90,624 --a------ C:\WINDOWS\system32\mydocs.dll
2007-04-15 18:25 9,728 --a------ C:\WINDOWS\system32\gpkrsrc.dll
2007-04-15 18:25 9,344 --a------ C:\WINDOWS\system32\framebuf.dll
2007-04-15 18:25 9,216 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-04-15 18:25 89,600 --a------ C:\WINDOWS\system32\smlogsvc.exe
2007-04-15 18:25 89,088 --a------ C:\WINDOWS\system32\rasauto.dll
2007-04-15 18:25 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-04-15 18:25 88,448 --a------ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2007-04-15 18:25 875,008 --a------ C:\WINDOWS\system32\netplwiz.dll
2007-04-15 18:25 87,552 --a------ C:\WINDOWS\system32\fldrclnr.dll
2007-04-15 18:25 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-15 18:25 87,040 --a------ C:\WINDOWS\system32\mprapi.dll
2007-04-15 18:25 86,016 --a------ C:\WINDOWS\system32\netsh.exe
2007-04-15 18:25 86,016 --a------ C:\WINDOWS\system32\msapsspc.dll
2007-04-15 18:25 858,624 --a------ C:\WINDOWS\system32\tapi3.dll
2007-04-15 18:25 85,504 --a------ C:\WINDOWS\system32\makecab.exe
2007-04-15 18:25 85,504 --a------ C:\WINDOWS\system32\diantz.exe
2007-04-15 18:25 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-15 18:25 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-04-15 18:25 84,992 --a------ C:\WINDOWS\system32\avifil32.dll
2007-04-15 18:25 84,480 --a------ C:\WINDOWS\system32\mciavi32.dll
2007-04-15 18:25 84,480 --a------ C:\WINDOWS\system32\cabview.dll
2007-04-15 18:25 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2007-04-15 18:25 83,456 --a------ C:\WINDOWS\system32\olepro32.dll
2007-04-15 18:25 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-04-15 18:25 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-04-15 18:25 82,944 --a------ C:\WINDOWS\system32\ws2_32.dll
2007-04-15 18:25 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2007-04-15 18:25 82,432 --a------ C:\WINDOWS\system32\dfrgfat.exe
2007-04-15 18:25 815,104 --a------ C:\WINDOWS\system32\mmc.exe
2007-04-15 18:25 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-15 18:25 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-15 18:25 80,896 --a------ C:\WINDOWS\system32\netui0.dll
2007-04-15 18:25 80,384 --a------ C:\WINDOWS\system32\iccvid.dll
2007-04-15 18:25 80,384 --a------ C:\WINDOWS\system32\faultrep.dll
2007-04-15 18:25 80,128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2007-04-15 18:25 8,704 --a------ C:\WINDOWS\system32\dciman32.dll
2007-04-15 18:25 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-15 18:25 8,192 --a------ C:\WINDOWS\system32\ntlsapi.dll
2007-04-15 18:25 8,192 --a------ C:\WINDOWS\system32\igmpagnt.dll
2007-04-15 18:25 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-04-15 18:25 799,744 --a------ C:\WINDOWS\system32\drivers\dmboot.sys
2007-04-15 18:25 792,064 --a------ C:\WINDOWS\system32\comres.dll
2007-04-15 18:25 79,744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2007-04-15 18:25 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-04-15 18:25 78,336 --a------ C:\WINDOWS\system32\browsewm.dll
2007-04-15 18:25 77,824 --a------ C:\WINDOWS\system32\shrpubw.exe
2007-04-15 18:25 77,824 --a------ C:\WINDOWS\system32\cliconfg.dll
2007-04-15 18:25 77,312 --a------ C:\WINDOWS\system32\sdbinst.exe
2007-04-15 18:25 77,312 --a------ C:\WINDOWS\system32\rtcshare.exe
2007-04-15 18:25 77,312 --a------ C:\WINDOWS\system32\browser.dll
2007-04-15 18:25 764,928 --a------ C:\WINDOWS\system32\winntbbu.dll
2007-04-15 18:25 76,800 --a------ C:\WINDOWS\system32\nslookup.exe
2007-04-15 18:25 75,776 --a------ C:\WINDOWS\system32\wiascr.dll
2007-04-15 18:25 75,776 --a------ C:\WINDOWS\system32\telnet.exe
2007-04-15 18:25 75,264 --a------ C:\WINDOWS\system32\locator.exe
2007-04-15 18:25 75,264 --a------ C:\WINDOWS\system32\inetpp.dll
2007-04-15 18:25 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-15 18:25 74,752 --a------ C:\WINDOWS\system32\spoolss.dll
2007-04-15 18:25 74,752 --a------ C:\WINDOWS\system32\drivers\ipsec.sys
2007-04-15 18:25 74,752 --a------ C:\WINDOWS\system32\cryptdlg.dll
2007-04-15 18:25 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-15 18:25 74,240 --a------ C:\WINDOWS\system32\unimdmat.dll
2007-04-15 18:25 74,240 --a------ C:\WINDOWS\system32\mscms.dll
2007-04-15 18:25 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-15 18:25 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-15 18:25 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-15 18:25 723,456 --a------ C:\WINDOWS\system32\userenv.dll
2007-04-15 18:25 721,920 --a------ C:\WINDOWS\system32\lsasrv.dll
2007-04-15 18:25 72,704 --a------ C:\WINDOWS\system32\msw3prt.dll
2007-04-15 18:25 72,704 --a------ C:\WINDOWS\system32\magnify.exe
2007-04-15 18:25 713,728 --a------ C:\WINDOWS\system32\opengl32.dll
2007-04-15 18:25 713,216 --a------ C:\WINDOWS\system32\sxs.dll
2007-04-15 18:25 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2007-04-15 18:25 71,680 --a------ C:\WINDOWS\system32\msacm32.dll
2007-04-15 18:25 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-04-15 18:25 71,552 --a------ C:\WINDOWS\system32\drivers\bridge.sys
2007-04-15 18:25 71,040 --a------ C:\WINDOWS\system32\drivers\dxg.sys
2007-04-15 18:25 708,096 --a------ C:\WINDOWS\system32\ntdll.dll
2007-04-15 18:25 704,512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-04-15 18:25 701,440 --a------ C:\WINDOWS\system32\msxml2.dll
2007-04-15 18:25 70,656 --a------ C:\WINDOWS\system32\mmcbase.dll
2007-04-15 18:25 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2007-04-15 18:25 70,144 --a------ C:\WINDOWS\system32\sigverif.exe
2007-04-15 18:25 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-15 18:25 7,424 --a------ C:\WINDOWS\system32\kd1394.dll
2007-04-15 18:25 69,632 --a------ C:\WINDOWS\system32\scarddlg.dll
2007-04-15 18:25 69,632 --a------ C:\WINDOWS\system32\raschap.dll
2007-04-15 18:25 69,632 --a------ C:\WINDOWS\system32\odbcconf.exe
2007-04-15 18:25 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-15 18:25 69,120 --a------ C:\WINDOWS\system32\notepad.exe
2007-04-15 18:25 69,120 --a------ C:\WINDOWS\system32\msctfp.dll
2007-04-15 18:25 69,120 --a------ C:\WINDOWS\system32\drivers\psched.sys
2007-04-15 18:25 69,120 --a------ C:\WINDOWS\system32\ciodm.dll
2007-04-15 18:25 69,120 --a------ C:\WINDOWS\notepad.exe
2007-04-15 18:25 68,768 --a------ C:\WINDOWS\system32\mmsystem.dll
2007-04-15 18:25 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-04-15 18:25 68,608 --a------ C:\WINDOWS\system32\digest.dll
2007-04-15 18:25 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2007-04-15 18:25 68,096 --a------ C:\WINDOWS\system32\webclnt.dll
2007-04-15 18:25 68,096 --a------ C:\WINDOWS\system32\shgina.dll
2007-04-15 18:25 68,096 --a------ C:\WINDOWS\system32\adsmsext.dll
2007-04-15 18:25 679,936 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-04-15 18:25 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-15 18:25 67,584 --a------ C:\WINDOWS\system32\sti.dll
2007-04-15 18:25 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-15 18:25 67,584 --a------ C:\WINDOWS\system32\osuninst.dll
2007-04-15 18:25 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-15 18:25 67,072 --a------ C:\WINDOWS\system32\ntdsapi.dll
2007-04-15 18:25 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-04-15 18:25 66,176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2007-04-15 18:25 657,920 --a------ C:\WINDOWS\system32\rasdlg.dll
2007-04-15 18:25 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-15 18:25 65,536 --a------ C:\WINDOWS\system32\wshext.dll
2007-04-15 18:25 65,536 --a------ C:\WINDOWS\system32\wextract.exe
2007-04-15 18:25 65,536 --a------ C:\WINDOWS\system32\shimeng.dll
2007-04-15 18:25 65,536 --a------ C:\WINDOWS\system32\odbccu32.dll
2007-04-15 18:25 65,536 --a------ C:\WINDOWS\system32\odbccr32.dll
2007-04-15 18:25 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-15 18:25 65,024 --a------ C:\WINDOWS\system32\asycfilt.dll
2007-04-15 18:25 640,000 --a------ C:\WINDOWS\system32\dbghelp.dll
2007-04-15 18:25 64,896 --a------ C:\WINDOWS\system32\drivers\serial.sys
2007-04-15 18:25 64,000 --a------ C:\WINDOWS\system32\samlib.dll
2007-04-15 18:25 64,000 --a------ C:\WINDOWS\system32\cleanmgr.exe
2007-04-15 18:25 63,744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2007-04-15 18:25 63,744 --a------ C:\WINDOWS\system32\drivers\cdfs.sys
2007-04-15 18:25 63,488 --a------ C:\WINDOWS\system32\cryptnet.dll
2007-04-15 18:25 63,488 --a------ C:\WINDOWS\system32\cmstp.exe
2007-04-15 18:25 63,488 --a------ C:\WINDOWS\system32\browselc.dll
2007-04-15 18:25 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-15 18:25 622,080 --a------ C:\WINDOWS\system32\netcfgx.dll
2007-04-15 18:25 62,976 --a------ C:\WINDOWS\system32\pautoenr.dll
2007-04-15 18:25 62,976 --a------ C:\WINDOWS\system32\iesetup.dll
2007-04-15 18:25 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-15 18:25 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-04-15 18:25 617,472 --a------ C:\WINDOWS\system32\comctl32.dll
2007-04-15 18:25 616,960 --a------ C:\WINDOWS\system32\advapi32.dll
2007-04-15 18:25 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-15 18:25 614,429 --a------ C:\WINDOWS\system32\mswstr10.dll
2007-04-15 18:25 610,304 --a------ C:\WINDOWS\system32\sspipes.scr
2007-04-15 18:25 61,824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2007-04-15 18:25 61,440 --a------ C:\WINDOWS\system32\rasman.dll
2007-04-15 18:25 61,440 --a------ C:\WINDOWS\system32\msvcrt40.dll
2007-04-15 18:25 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-04-15 18:25 61,440 --a------ C:\WINDOWS\system32\admparse.dll
2007-04-15 18:25 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2007-04-15 18:25 602,624 --a------ C:\WINDOWS\system32\autoconv.exe
2007-04-15 18:25 60,928 --a------ C:\WINDOWS\system32\miglibnt.dll
2007-04-15 18:25 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-04-15 18:25 60,800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2007-04-15 18:25 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-15 18:25 60,416 --a------ C:\WINDOWS\system32\cryptsvc.dll
2007-04-15 18:25 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-15 18:25 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-15 18:25 6,656 --a------ C:\WINDOWS\system32\sensapi.dll
2007-04-15 18:25 6,656 --a------ C:\WINDOWS\system32\msidle.dll
2007-04-15 18:25 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-15 18:25 597,504 --a------ C:\WINDOWS\system32\crypt32.dll
2007-04-15 18:25 59,904 --a------ C:\WINDOWS\system32\regsvc.dll
2007-04-15 18:25 59,904 --a------ C:\WINDOWS\system32\mpr.dll
2007-04-15 18:25 59,904 --a------ C:\WINDOWS\system32\ipv6mon.dll
2007-04-15 18:25 59,904 --a------ C:\WINDOWS\system32\drivers\atmarpc.sys
2007-04-15 18:25 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2007-04-15 18:25 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2007-04-15 18:25 589,312 --a------ C:\WINDOWS\system32\wiashext.dll
2007-04-15 18:25 588,800 --a------ C:\WINDOWS\system32\autochk.exe
2007-04-15 18:25 586,240 --a------ C:\WINDOWS\system32\mlang.dll
2007-04-15 18:25 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-15 18:25 580,608 --a------ C:\WINDOWS\system32\autofmt.exe
2007-04-15 18:25 58,880 --a------ C:\WINDOWS\system32\resutils.dll
2007-04-15 18:25 58,880 --a------ C:\WINDOWS\system32\rastapi.dll
2007-04-15 18:25 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-15 18:25 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-15 18:25 58,880 --a------ C:\WINDOWS\system32\atl.dll
2007-04-15 18:25 58,368 --a------ C:\WINDOWS\system32\packager.exe
2007-04-15 18:25 577,536 --a------ C:\WINDOWS\system32\user32.dll
2007-04-15 18:25 574,592 --a------ C:\WINDOWS\system32\drivers\ntfs.sys
2007-04-15 18:25 57,856 --a------ C:\WINDOWS\system32\synceng.dll
2007-04-15 18:25 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-04-15 18:25 57,856 --a------ C:\WINDOWS\system32\clusapi.dll
2007-04-15 18:25 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-04-15 18:25 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-15 18:25 57,344 --a------ C:\WINDOWS\system32\msasn1.dll
2007-04-15 18:25 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-04-15 18:25 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2007-04-15 18:25 560,640 --a------ C:\WINDOWS\system32\printui.dll
2007-04-15 18:25 56,832 --a------ C:\WINDOWS\system32\rasphone.exe
2007-04-15 18:25 56,832 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-04-15 18:25 56,832 --a------ C:\WINDOWS\system32\authz.dll
2007-04-15 18:25 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-15 18:25 553,472 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-04-15 18:25 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2007-04-15 18:25 55,936 --a------ C:\WINDOWS\system32\drivers\atmlane.sys
2007-04-15 18:25 55,808 --a------ C:\WINDOWS\system32\secur32.dll
2007-04-15 18:25 55,808 --a------ C:\WINDOWS\system32\ipconfig.exe
2007-04-15 18:25 55,808 --a------ C:\WINDOWS\system32\eventlog.dll
2007-04-15 18:25 55,296 --a------ C:\WINDOWS\system32\sendmail.dll
2007-04-15 18:25 549,376 --a------ C:\WINDOWS\system32\shdoclc.dll
2007-04-15 18:25 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-15 18:25 54,784 --a------ C:\WINDOWS\system32\npptools.dll
2007-04-15 18:25 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll
2007-04-15 18:25 54,272 --a------ C:\WINDOWS\system32\ixsso.dll
2007-04-15 18:25 54,272 --a------ C:\WINDOWS\system32\dataclen.dll
2007-04-15 18:25 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-15 18:25 53,840 --a------ C:\WINDOWS\system32\dosx.exe
2007-04-15 18:25 53,760 --a------ C:\WINDOWS\system32\winsta.dll
2007-04-15 18:25 53,760 --a------ C:\WINDOWS\system32\narrator.exe
2007-04-15 18:25 53,760 --a------ C:\WINDOWS\system32\cryptext.dll
2007-04-15 18:25 53,279 --a------ C:\WINDOWS\system32\odbcji32.dll
2007-04-15 18:25 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2007-04-15 18:25 53,248 --a------ C:\WINDOWS\system32\ipv6.exe
2007-04-15 18:25 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2007-04-15 18:25 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-04-15 18:25 52,736 --a------ C:\WINDOWS\system32\basesrv.dll
2007-04-15 18:25 52,352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2007-04-15 18:25 52,224 --a------ C:\WINDOWS\system32\dmutil.dll
2007-04-15 18:25 514,560 --a------ C:\WINDOWS\system32\logonui.exe
2007-04-15 18:25 512,512 --a------ C:\WINDOWS\system32\cryptui.dll
2007-04-15 18:25 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2007-04-15 18:25 51,712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-04-15 18:25 51,712 --a------ C:\WINDOWS\system32\vdmredir.dll
2007-04-15 18:25 51,712 --a------ C:\WINDOWS\system32\msident.dll
2007-04-15 18:25 51,328 --a------ C:\WINDOWS\system32\drivers\rasl2tp.sys
2007-04-15 18:25 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-04-15 18:25 51,200 --a------ C:\WINDOWS\system32\dssec.dll
2007-04-15 18:25 506,368 --a------ C:\WINDOWS\system32\msxml.dll
2007-04-15 18:25 502,272 --a------ C:\WINDOWS\system32\winlogon.exe
2007-04-15 18:25 50,688 --a------ C:\WINDOWS\twain_32.dll
2007-04-15 18:25 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-04-15 18:25 50,688 --a------ C:\WINDOWS\system32\smss.exe
2007-04-15 18:25 50,688 --a------ C:\WINDOWS\system32\mmcshext.dll
2007-04-15 18:25 50,688 --a------ C:\WINDOWS\system32\camocx.dll
2007-04-15 18:25 50,176 --a------ C:\WINDOWS\system32\utilman.exe
2007-04-15 18:25 50,176 --a------ C:\WINDOWS\system32\reg.exe
2007-04-15 18:25 50,176 --a------ C:\WINDOWS\system32\proquota.exe
2007-04-15 18:25 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2007-04-15 18:25 5,632 --a------ C:\WINDOWS\system32\winver.exe
2007-04-15 18:25 5,632 --a------ C:\WINDOWS\system32\security.dll
2007-04-15 18:25 5,632 --a------ C:\WINDOWS\system32\cisvc.exe
2007-04-15 18:25 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-04-15 18:25 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-15 18:25 5,120 --a------ C:\WINDOWS\system32\sfc.dll
2007-04-15 18:25 498,742 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-04-15 18:25 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-15 18:25 49,664 --a------ C:\WINDOWS\system32\regapi.dll
2007-04-15 18:25 49,664 --a------ C:\WINDOWS\system32\drivers\classpnp.sys
2007-04-15 18:25 49,536 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2007-04-15 18:25 49,152 --a------ C:\WINDOWS\system32\wdigest.dll
2007-04-15 18:25 488,448 --a------ C:\WINDOWS\system32\ntmsmgr.dll
2007-04-15 18:25 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-15 18:25 48,384 --a------ C:\WINDOWS\system32\drivers\raspptp.sys
2007-04-15 18:25 48,128 --a------ C:\WINDOWS\system32\msprivs.dll
2007-04-15 18:25 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-15 18:25 48,128 --a------ C:\WINDOWS\system32\docprop2.dll
2007-04-15 18:25 47,616 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-04-15 18:25 47,104 --a------ C:\WINDOWS\system32\ssmypics.scr
2007-04-15 18:25 47,104 --a------ C:\WINDOWS\system32\cnbjmon.dll
2007-04-15 18:25 47,104 --a------ C:\WINDOWS\system32\cmdl32.exe
2007-04-15 18:25 463,360 --a------ C:\WINDOWS\system32\wiadefui.dll
2007-04-15 18:25 457,728 --a------ C:\WINDOWS\system32\certmgr.dll
2007-04-15 18:25 453,120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-04-15 18:25 45,568 --a------ C:\WINDOWS\system32\tcpmonui.dll
2007-04-15 18:25 45,568 --a------ C:\WINDOWS\system32\tcpmon.dll
2007-04-15 18:25 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-15 18:25 45,568 --a------ C:\WINDOWS\system32\extrac32.exe
2007-04-15 18:25 45,568 --a------ C:\WINDOWS\system32\dnsrslvr.dll
2007-04-15 18:25 442,368 --------- C:\WINDOWS\system32\sqlsrv32.dll
2007-04-15 18:25 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-15 18:25 44,544 --a------ C:\WINDOWS\system32\alg.exe
2007-04-15 18:25 44,032 --a------ C:\WINDOWS\system32\rtutils.dll
2007-04-15 18:25 438,272 --a------ C:\WINDOWS\system32\shimgvw.dll
2007-04-15 18:25 435,200 --a------ C:\WINDOWS\system32\ntmssvc.dll
2007-04-15 18:25 433,664 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2007-04-15 18:25 430,592 --a------ C:\WINDOWS\system32\vssapi.dll
2007-04-15 18:25 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-15 18:25 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-15 18:25 43,520 --a------ C:\WINDOWS\system32\pstorec.dll
2007-04-15 18:25 43,520 --a------ C:\WINDOWS\system32\ntlanman.dll
2007-04-15 18:25 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-15 18:25 423,936 --a------ C:\WINDOWS\system32\licdll.dll
2007-04-15 18:25 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2007-04-15 18:25 42,496 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-04-15 18:25 42,496 --a------ C:\WINDOWS\system32\shmgrate.exe
2007-04-15 18:25 42,496 --a------ C:\WINDOWS\system32\net.exe
2007-04-15 18:25 42,496 --a------ C:\WINDOWS\system32\ftp.exe
2007-04-15 18:25 42,496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2007-04-15 18:25 42,496 --a------ C:\WINDOWS\system32\audiosrv.dll
2007-04-15 18:25 42,240 --a------ C:\WINDOWS\system32\drivers\mountmgr.sys
2007-04-15 18:25 419,840 --a------ C:\WINDOWS\system32\ntvdm.exe
2007-04-15 18:25 417,792 --a------ C:\WINDOWS\system32\vbscript.dll
2007-04-15 18:25 415,744 --a------ C:\WINDOWS\system32\samsrv.dll
2007-04-15 18:25 413,696 --a------ C:\WINDOWS\system32\msvcp60.dll
2007-04-15 18:25 41,984 --a------ C:\WINDOWS\system32\htui.dll
2007-04-15 18:25 41,856 --a------ C:\WINDOWS\system32\drivers\imapi.sys
2007-04-15 18:25 41,472 --a------ C:\WINDOWS\system32\hhsetup.dll
2007-04-15 18:25 41,472 --a------ C:\WINDOWS\system32\drivers\raspppoe.sys
2007-04-15 18:25 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-15 18:25 407,040 --a------ C:\WINDOWS\system32\netlogon.dll
2007-04-15 18:25 406,528 --a------ C:\WINDOWS\system32\usp10.dll
2007-04-15 18:25 40,960 --a------ C:\WINDOWS\system32\ntmsapi.dll
2007-04-15 18:25 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-04-15 18:25 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-15 18:25 40,320 --a------ C:\WINDOWS\system32\drivers\nmnt.sys
2007-04-15 18:25 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-15 18:25 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2007-04-15 18:25 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-04-15 18:25 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2007-04-15 18:25 4,096 --a------ C:\WINDOWS\system32\nddeapir.exe
2007-04-15 18:25 4,096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2007-04-15 18:25 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-15 18:25 4,096 --a------ C:\WINDOWS\system32\actmovie.exe
2007-04-15 18:25 399,872 --a------ C:\WINDOWS\system32&

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 07 May 2007 - 02:13 AM

Download KillBox,unzip/extract it to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.zip
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:

C:\WINDOWS\system32\bdeeg.ini2

Then press the red button with the white cross.
It will then provide a window for you to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

Post a new Hijackthis log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users