Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

searchbar.html hijack (home page changing) my hjt log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

searchbar.html hijack (home page changing) my hjt log

Unread postby gmg » October 5th, 2008, 6:59 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:41 PM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2054700125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2057333890
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7615 bytes
gmg
Regular Member
 
Posts: 15
Joined: September 19th, 2008, 9:05 pm
Advertisement
Register to Remove

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby Katana » October 10th, 2008, 7:02 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby gmg » October 11th, 2008, 8:59 pm

info.txt logfile of random's system information tool 1.04 2008-10-11 17:57:18

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\2.bin\AskSBar.dll,O
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DISCover-->"C:\Program Files\DISC\uninstall.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Accounting 2008 Equifax Addin-->MsiExec.exe /X{0C2AF762-0565-4C91-9F55-B8B53BB82A38}
Microsoft Office Accounting 2008 Fixed Asset Manager-->MsiExec.exe /X{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}
Microsoft Office Accounting 2008 PayPal Addin-->MsiExec.exe /X{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}
Microsoft Office Accounting 2008-->"C:\Program Files\Microsoft Small Business\Office Accounting 2008\SetupBootstrap\Setup.exe" /remove {270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting 2008-->MsiExec.exe /X{270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting ADP Payroll Addin-->MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
Opera 9.60-->MsiExec.exe /X{D0C04904-ED13-4DB3-ACCA-A41079EBA23C}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Revo Uninstaller 1.75-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Webroot AntiVirus with AntiSpyware-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Webroot Desktop Firewall-->MsiExec.exe /X{7F2EAC76-8BC7-473F-9E2D-3373FD693797}
Window Washer-->C:\WINDOWS\Unwash6.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WOT for Internet Explorer-->MsiExec.exe /X{5AC2D321-11E2-47E7-A1CA-61A34C2057AB}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Webroot AntiVirus with AntiSpyware
FW: Webroot Desktop Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-10-11 17:57:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 160 GB (89%) free of 180 GB
Total RAM: 958 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:12 PM, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [DISCover] "C:\Program Files\DISC\DISCover.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] "C:\WINDOWS\ARPWRMSG.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "HP_Administrator"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2054700125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2057333890
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9329 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\wrSpySweeperFullSweep.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL [2008-10-06 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2008-09-15 1421984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL [2008-10-06 267592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2008-09-15 1421984]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL [2008-10-06 267592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-05-09 86016]
"Webroot Desktop Firewall"=C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe [2008-07-31 2401672]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2006-03-15 1077248]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 5418864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-04-17 9117696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe [2007-11-26 55624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WDFNet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-11 17:57:02 ----D---- C:\rsit
2008-10-11 17:41:50 ----D---- C:\Program Files\Opera
2008-10-10 08:31:13 ----D---- C:\Program Files\Common Files\Webroot Shared
2008-10-10 08:31:07 ----A---- C:\WINDOWS\Unwash6.exe
2008-10-08 13:38:25 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-07 18:08:29 ----A---- C:\WINDOWS\system32\E3TL.DLL
2008-10-07 18:08:21 ----D---- C:\Program Files\Zenturi
2008-10-07 18:08:21 ----D---- C:\Documents and Settings\All Users\Application Data\Zenturi
2008-10-07 17:41:35 ----D---- C:\Program Files\VS Revo Group
2008-10-07 16:43:13 ----D---- C:\Program Files\TweakNow RegCleaner Std
2008-10-07 07:54:42 ----D---- C:\Program Files\Webroot
2008-10-07 07:54:42 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Webroot
2008-10-07 07:54:42 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-10-07 07:54:42 ----A---- C:\WINDOWS\WRSetup.dll
2008-10-06 23:56:05 ----D---- C:\WINDOWS\CAVTemp
2008-10-06 23:46:21 ----A---- C:\caavsetupLog.txt
2008-10-06 23:45:57 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2008-10-06 23:45:00 ----A---- C:\caisslog.txt
2008-10-06 23:06:53 ----AD---- C:\Program Files\AskSBar
2008-10-05 08:38:16 ----D---- C:\Program Files\Trend Micro
2008-10-03 10:17:53 ----D---- C:\WINDOWS\Sun
2008-10-02 16:02:09 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-10-02 15:52:39 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-10-02 15:52:24 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-02 15:52:24 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-02 15:52:24 ----A---- C:\WINDOWS\system32\java.exe
2008-10-01 17:39:43 ----D---- C:\Program Files\MSBuild
2008-10-01 17:36:30 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-01 17:35:09 ----D---- C:\Program Files\Reference Assemblies
2008-10-01 17:33:39 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-10-01 17:31:48 ----D---- C:\Program Files\Windows Desktop Search
2008-10-01 15:22:44 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-01 14:56:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-01 14:56:48 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-01 14:56:16 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-01 14:55:57 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-01 14:54:27 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-01 14:52:52 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-01 14:52:40 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-09-29 17:33:23 ----D---- C:\Program Files\WOT
2008-09-29 17:15:55 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2008-09-29 17:15:49 ----D---- C:\Program Files\Mozilla Firefox
2008-09-29 16:00:52 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-27 11:13:20 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-27 11:10:34 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-27 11:10:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 11:07:01 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\WinPatrol
2008-09-27 11:06:56 ----D---- C:\Program Files\BillP Studios
2008-09-27 10:52:19 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Sun
2008-09-25 17:00:39 ----A---- C:\WINDOWS\system32\XceedZip.dll
2008-09-25 15:21:27 ----D---- C:\Program Files\CCleaner
2008-09-25 15:14:37 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-09-25 12:35:37 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Image Zone Express
2008-09-25 11:31:29 ----D---- C:\WINDOWS\pss
2008-09-23 15:10:51 ----D---- C:\WINDOWS\Minidump
2008-09-22 17:06:42 ----D---- C:\WINDOWS\Downloaded Installations
2008-09-22 16:41:01 ----D---- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-09-22 16:38:26 ----D---- C:\WINDOWS\SQL9_KB948109_ENU
2008-09-22 16:11:59 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-22 16:11:59 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-22 00:59:46 ----D---- C:\WINDOWS\Prefetch
2008-09-22 00:47:57 ----D---- C:\WINDOWS\system32\scripting
2008-09-22 00:47:56 ----D---- C:\WINDOWS\system32\en
2008-09-22 00:47:56 ----D---- C:\WINDOWS\l2schemas
2008-09-22 00:47:55 ----D---- C:\WINDOWS\system32\bits
2008-09-22 00:44:40 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-22 00:39:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-22 00:24:10 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-22 00:19:39 ----D---- C:\WINDOWS\SHELLNEW
2008-09-22 00:19:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-22 00:16:20 ----RHD---- C:\MSOCache
2008-09-22 00:15:48 ----A---- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-09-22 00:15:07 ----A---- C:\WINDOWS\system32\hpzll3xu.dll
2008-09-22 00:11:30 ----D---- C:\SystemRoot
2008-09-22 00:10:30 ----HD---- C:\Config.Msi
2008-09-22 00:09:32 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2008-09-22 00:08:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-09-22 00:05:47 ----D---- C:\temp
2008-09-22 00:01:01 ----D---- C:\Program Files\Microsoft Small Business
2008-09-21 23:57:25 ----D---- C:\Program Files\Microsoft.NET
2008-09-21 23:56:13 ----D---- C:\Program Files\MSXML 6.0
2008-09-21 23:55:04 ----D---- C:\Program Files\Microsoft SQL Server
2008-09-21 23:48:30 ----D---- C:\WINDOWS\system32\Adobe
2008-09-21 23:23:34 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\GetRightToGo
2008-09-21 23:17:05 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\MySpace
2008-09-21 23:16:42 ----D---- C:\Program Files\MySpace
2008-09-21 23:11:05 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-21 23:10:06 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-21 23:07:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-21 23:06:59 ----D---- C:\Program Files\Common Files\Adobe
2008-09-21 23:03:58 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-09-21 23:03:26 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-09-21 23:02:29 ----D---- C:\Program Files\iPod
2008-09-21 23:02:28 ----D---- C:\Program Files\iTunes
2008-09-21 23:02:28 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-21 23:02:03 ----D---- C:\Program Files\Bonjour
2008-09-21 23:00:37 ----D---- C:\Program Files\QuickTime
2008-09-21 23:00:34 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-21 22:59:57 ----D---- C:\Program Files\Apple Software Update
2008-09-21 22:59:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-21 22:58:24 ----D---- C:\Program Files\Common Files\Apple
2008-09-21 22:58:20 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-21 22:44:15 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-09-21 22:01:12 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Opera
2008-09-21 21:49:33 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-21 21:49:30 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-21 21:49:28 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-21 21:49:28 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-21 21:49:12 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-21 21:49:12 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-21 21:48:58 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-21 21:48:56 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-21 21:48:53 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-21 21:48:53 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-21 21:48:53 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-21 21:48:53 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-21 21:48:53 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-21 21:48:53 ----N---- C:\WINDOWS\slrundll.exe
2008-09-21 21:48:47 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-21 21:48:41 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-21 21:48:39 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-21 21:48:37 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-21 21:48:36 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-21 21:48:34 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-21 21:48:34 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-21 21:48:34 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-21 21:48:30 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-21 21:48:24 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-21 21:48:00 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-21 21:48:00 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-21 21:48:00 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-21 21:47:58 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-21 21:47:51 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-21 21:47:51 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-21 21:47:17 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-21 21:47:17 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-21 21:47:17 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-21 21:47:17 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-21 21:47:14 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-21 21:46:57 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-21 21:46:54 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-21 21:46:52 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-21 21:46:52 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-21 21:46:51 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-21 21:46:50 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-21 21:46:27 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-21 21:46:27 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-21 21:46:22 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-21 21:46:12 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-21 21:46:03 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-21 21:46:00 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-21 21:46:00 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-21 21:46:00 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-21 21:46:00 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-21 21:46:00 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-21 21:46:00 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-21 21:46:00 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-21 21:46:00 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-21 21:45:58 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-21 21:45:58 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-21 21:45:58 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-21 21:45:58 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-21 21:45:58 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-21 21:45:58 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-21 21:45:58 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-21 21:45:53 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-21 21:45:53 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-21 21:45:53 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-21 21:45:48 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-21 21:45:35 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-21 21:45:34 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-21 21:45:33 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-21 21:45:33 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-21 21:45:32 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-21 21:45:32 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-21 21:45:30 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-21 21:45:30 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-21 21:45:30 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-21 21:45:17 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-21 21:29:35 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-21 21:13:24 ----D---- C:\Program Files\MSXML 4.0
2008-09-21 21:11:58 ----D---- C:\WINDOWS\ie7updates
2008-09-21 21:11:10 ----D---- C:\WINDOWS\WBEM
2008-09-21 21:11:07 ----D---- C:\WINDOWS\system32\en-US
2008-09-21 21:09:45 ----HDC---- C:\WINDOWS\ie7
2008-09-21 21:09:35 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-09-21 21:09:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-09-21 21:08:57 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-09-21 21:07:50 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-21 21:07:45 ----D---- C:\WINDOWS\network diagnostic
2008-09-21 20:43:50 ----N---- C:\WINDOWS\kb913800.exe
2008-09-21 20:41:07 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-09-21 20:40:37 ----D---- C:\WINDOWS\system32\PreInstall
2008-09-21 20:38:49 ----A---- C:\WINDOWS\system32\wups2.dll
2008-09-21 20:38:48 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-09-21 20:38:48 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-21 20:38:47 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-09-21 20:38:47 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-09-21 20:26:27 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-09-21 19:43:46 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Google
2008-09-21 19:35:57 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-09-21 19:35:42 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2008-09-21 19:35:02 ----RASH---- C:\BOOT.BAK
2008-09-21 19:34:53 ----RSHD---- C:\cmdcons
2008-09-21 19:34:53 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-09-21 19:34:51 ----D---- C:\WINDOWS\setup.pss
2008-09-21 19:32:16 ----ASH---- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
2008-09-21 19:32:14 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-09-21 19:32:14 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-09-21 19:32:14 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-09-21 19:32:14 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2008-09-21 16:44:09 ----SHD---- C:\RECYCLER
2008-09-21 16:44:08 ----A---- C:\WINDOWS\smscfg.ini
2008-09-21 16:40:38 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-09-21 16:32:03 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-21 16:31:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-21 16:23:31 ----D---- C:\Program Files\PC-Doctor for DOS
2008-09-21 16:23:17 ----D---- C:\Program Files\PC-Doctor 5 for Windows
2008-09-21 16:20:11 ----D---- C:\WINDOWS\HPCPCUninstall-9972322
2008-09-21 16:20:03 ----RA---- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
2008-09-21 16:20:01 ----D---- C:\Program Files\Updates from HP
2008-09-21 16:19:38 ----AD---- C:\WINDOWS\system32\pcintro
2008-09-21 16:19:19 ----A---- C:\WINDOWS\system32\fpalsu.dll
2008-09-21 16:19:17 ----A---- C:\WINDOWS\system32\omano.dll
2008-09-21 16:19:12 ----A---- C:\WINDOWS\system32\hpreg.dll
2008-09-21 16:16:04 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2008-09-21 16:16:02 ----A---- C:\WINDOWS\QUICKEN.INI
2008-09-21 16:14:36 ----D---- C:\Program Files\muvee Technologies
2008-09-21 16:14:36 ----D---- C:\Program Files\Common Files\muvee Technologies
2008-09-21 16:13:39 ----A---- C:\WINDOWS\system32\ShellvRTF64.dll
2008-09-21 16:13:39 ----A---- C:\WINDOWS\system32\ShellvRTF.dll
2008-09-21 16:13:38 ----AD---- C:\WINDOWS\CREATOR
2008-09-21 16:13:10 ----A---- C:\WINDOWS\ODBC.INI
2008-09-21 16:13:04 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-09-21 16:12:18 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-21 16:11:23 ----D---- C:\Program Files\Microsoft Office
2008-09-21 16:11:07 ----D---- C:\Program Files\Microsoft Works
2008-09-21 16:09:30 ----D---- C:\Program Files\Microsoft Money 2006
2008-09-21 16:08:29 ----D---- C:\Program Files\Adobe
2008-09-21 16:08:13 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-21 16:08:07 ----A---- C:\WINDOWS\system32\msxml4a.dll
2008-09-21 16:07:55 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-21 16:07:38 ----D---- C:\Program Files\Hewlett-Packard
2008-09-21 16:07:03 ----AD---- C:\Program Files\Common Files\LightScribe
2008-09-21 16:06:14 ----D---- C:\Program Files\Common Files\TiVo Shared
2008-09-21 16:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-21 16:01:51 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-21 16:01:49 ----D---- C:\Program Files\Common Files\SureThing Shared
2008-09-21 16:01:25 ----D---- C:\Program Files\Sonic
2008-09-21 16:00:56 ----A---- C:\WINDOWS\WININIT.INI
2008-09-21 16:00:53 ----D---- C:\Program Files\HP DigitalMedia Archive
2008-09-21 16:00:17 ----A---- C:\WINDOWS\NSSetDefaultBrowser.ini
2008-09-21 16:00:17 ----A---- C:\WINDOWS\NSSetDefaultBrowser.EXE
2008-09-21 15:59:36 ----D---- C:\Program Files\Common Files\Real
2008-09-21 15:58:55 ----D---- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
2008-09-21 15:58:53 ----D---- C:\Program Files\DISC
2008-09-21 15:58:46 ----D---- C:\Program Files\MSN Encarta Standard
2008-09-21 15:50:21 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-09-21 15:48:59 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-09-21 15:48:35 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-09-21 15:48:35 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-09-21 15:48:35 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-09-21 15:48:35 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-09-21 15:48:35 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-09-21 15:48:35 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-09-21 15:46:45 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-09-21 15:46:45 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-09-21 15:46:22 ----D---- C:\Program Files\Common Files\HP
2008-09-21 15:46:09 ----D---- C:\Program Files\HP
2008-09-21 15:44:54 ----D---- C:\WINDOWS\system32\FxsTmp
2008-09-21 15:44:53 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI-SV92PP Soft Modem.txt
2008-09-21 15:44:48 ----A---- C:\WINDOWS\system32\fxssend.exe
2008-09-21 15:44:48 ----A---- C:\WINDOWS\system32\fxsroute.dll
2008-09-21 15:44:48 ----A---- C:\WINDOWS\system32\fxsperf.ini
2008-09-21 15:44:48 ----A---- C:\WINDOWS\system32\fxsclntR.dll
2008-09-21 15:44:48 ----A---- C:\WINDOWS\system32\fxscfgwz.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxsui.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxstiff.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxst30.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxssvc.exe
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxsst.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxsres.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxsperf.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxsmon.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxsext32.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxsevent.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxscover.exe
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxscomex.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxscom.dll
2008-09-21 15:44:47 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2008-09-21 15:44:46 ----A---- C:\WINDOWS\system32\fxsapi.dll
2008-09-21 15:44:40 ----D---- C:\WINDOWS\system32\Lang
2008-09-21 15:42:24 ----A---- C:\WINDOWS\agrsmdel.exe
2008-09-21 15:42:03 ----A---- C:\WINDOWS\system32\nvunrm.exe
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\nvconrm.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco1ins.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco1.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco_l2052.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco_l1046.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco_l1042.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco_l1041.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco_l1040.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco_l1036.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco_l1034.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco_l1031.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\fdco_l1028.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\bdco1ins.dll
2008-09-21 15:42:02 ----A---- C:\WINDOWS\system32\bdco1.dll
2008-09-21 15:41:39 ----D---- C:\WINDOWS\nview
2008-09-21 15:41:39 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrses.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvrszht.dll
2008-09-21 15:41:36 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrstr.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrssv.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrssl.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrssk.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsru.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrspt.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrspl.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsno.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsko.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsja.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsit.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrshu.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrshe.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrses.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrseng.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsel.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsde.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsda.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrscs.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvrsar.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nview.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvhwvid.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-21 15:41:35 ----A---- C:\WINDOWS\system32\keystone.exe
2008-09-21 15:41:14 ----D---- C:\Documents and Settings\All Users\Application Data\SBSI
2008-09-21 15:40:08 ----A---- C:\WINDOWS\orun32.ini
2008-09-21 15:40:06 ----A---- C:\WINDOWS\IsUninst.exe
2008-09-21 15:39:28 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-21 15:39:02 ----D---- C:\WINDOWS\system32\RTCOM
2008-09-21 15:38:59 ----N---- C:\WINDOWS\system32\ksuser.dll
2008-09-21 15:38:55 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2008-09-21 15:38:55 ----A---- C:\WINDOWS\RtlUpd.exe
2008-09-21 15:38:55 ----A---- C:\WINDOWS\RTLCPL.EXE
2008-09-21 15:38:54 ----A---- C:\WINDOWS\RTHDCPL.EXE
2008-09-21 15:38:54 ----A---- C:\WINDOWS\MicCal.exe
2008-09-21 15:38:54 ----A---- C:\WINDOWS\ALCWZRD.EXE
2008-09-21 15:38:54 ----A---- C:\WINDOWS\ALCMTR.EXE
2008-09-21 15:30:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-21 15:30:03 ----A---- C:\WINDOWS\system32\24wwxsp1.txt
2008-09-21 15:27:46 ----A---- C:\WINDOWS\system32\RDBios32.dll
2008-09-21 15:27:46 ----A---- C:\WINDOWS\system32\cPC_DMIRD.dll
2008-09-21 15:27:09 ----D---- C:\Program Files\Java
2008-09-21 15:27:08 ----D---- C:\Program Files\Common Files\Java
2008-09-21 15:24:14 ----D---- C:\WINDOWS\RegisteredPackages
2008-09-21 15:23:13 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-09-21 15:22:55 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-09-21 15:21:57 ----D---- C:\Program Files\GemMaster
2008-09-21 15:21:56 ----D---- C:\Program Files\EnglishOtto
2008-09-21 15:20:11 ----D---- C:\WINDOWS\system32\URTTemp
2008-09-21 15:15:01 ----SHD---- C:\System Volume Information
2008-09-21 15:12:35 ----D---- C:\WINDOWS\I386
2008-09-21 15:10:14 ----D---- C:\Program Files
2008-09-21 14:44:59 ----RSD---- C:\WINDOWS\assembly
2008-09-21 14:44:57 ----RD---- C:\WINDOWS\Offline Web Pages
2008-09-21 14:44:39 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-21 13:43:03 ----A---- C:\WINDOWS\system32\zipfldr.dll
2008-09-21 13:43:01 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-09-21 13:43:01 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2008-09-21 13:43:01 ----A---- C:\WINDOWS\system32\xpob2res.dll
2008-09-21 13:43:00 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-09-21 13:43:00 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2008-09-21 13:43:00 ----A---- C:\WINDOWS\system32\xmlprov.dll
2008-09-21 13:43:00 ----A---- C:\WINDOWS\system32\xenroll.dll
2008-09-21 13:43:00 ----A---- C:\WINDOWS\system32\xcopy.exe
2008-09-21 13:43:00 ----A---- C:\WINDOWS\system32\xactsrv.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wups.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wstdecod.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wsock32.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2008-09-21 13:42:55 ----A---- C:\WINDOWS\system32\wshrm.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wshnetbs.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wshisn.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wship6.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wshext.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wshcon.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wshbth.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wshatm.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wsecedit.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wscsvc.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wscript.exe
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\ws2help.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\ws2_32.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\write.exe
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wpdtrace.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wpdsp.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wpdmtpus.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wpdmtpdr.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wpdmtp.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wpdconns.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wpd_ci.dll
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wpabaln.exe
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wowexec.exe
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wowdeb.exe
2008-09-21 13:42:54 ----A---- C:\WINDOWS\system32\wow32.dll
2008-09-21 13:42:53 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2008-09-21 13:42:53 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2008-09-21 13:42:53 ----A---- C:\WINDOWS\system32\wmvcore.dll
2008-09-21 13:42:53 ----A---- C:\WINDOWS\system32\WMVADVE.DLL
2008-09-21 13:42:52 ----A---- C:\WINDOWS\system32\WMVADVD.dll
2008-09-21 13:42:52 ----A---- C:\WINDOWS\system32\wmstream.dll
2008-09-21 13:42:52 ----A---- C:\WINDOWS\system32\WMSPDMOE.dll
2008-09-21 13:42:52 ----A---- C:\WINDOWS\system32\WMSPDMOD.dll
2008-09-21 13:42:52 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2008-09-21 13:42:52 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2008-09-21 13:42:52 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2008-09-21 13:42:52 ----A---- C:\WINDOWS\system32\wmpui.dll
2008-09-21 13:42:52 ----A---- C:\WINDOWS\system32\wmpsrcwp.dll
2008-09-21 13:42:52 ----A---- C:\WINDOWS\system32\wmpshell.dll
2008-09-21 13:42:51 ----A---- C:\WINDOWS\system32\wmploc.dll
2008-09-21 13:42:50 ----A---- C:\WINDOWS\system32\wmpencen.dll
2008-09-21 13:42:50 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2008-09-21 13:42:50 ----A---- C:\WINDOWS\system32\wmpcore.dll
2008-09-21 13:42:50 ----A---- C:\WINDOWS\system32\wmpcd.dll
2008-09-21 13:42:50 ----A---- C:\WINDOWS\system32\wmpasf.dll
2008-09-21 13:42:49 ----A---- C:\WINDOWS\system32\wmp.dll
2008-09-21 13:42:49 ----A---- C:\WINDOWS\system32\WMNetMgr.dll
2008-09-21 13:42:48 ----A---- C:\WINDOWS\system32\wmiscmgr.dll
2008-09-21 13:42:48 ----A---- C:\WINDOWS\system32\wmiprop.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\wmidx.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\wmi.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\wmerror.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\wmerrenu.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\wmdrmnet.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\wmdrmdev.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\wmdmps.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\wmasf.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\WMADMOE.dll
2008-09-21 13:42:47 ----A---- C:\WINDOWS\system32\WMADMOD.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\wlnotify.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\wldap32.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\winver.exe
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\wintrust.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\winstrm.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\winsta.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\winsrv.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\winspool.exe
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\winsock.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\winshfhc.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\winscard.dll
2008-09-21 13:42:46 ----A---- C:\WINDOWS\system32\winrnr.dll
2008-09-21 13:42:44 ----A---- C:\WINDOWS\winhlp32.exe
2008-09-21 13:42:44 ----A---- C:\WINDOWS\winhelp.exe
2008-09-21 13:42:44 ----A---- C:\WINDOWS\system32\winnls.dll
2008-09-21 13:42:44 ----A---- C:\WINDOWS\system32\winmsd.exe
2008-09-21 13:42:44 ----A---- C:\WINDOWS\system32\winmm.dll
2008-09-21 13:42:44 ----A---- C:\WINDOWS\system32\winmine.exe
2008-09-21 13:42:44 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-09-21 13:42:44 ----A---- C:\WINDOWS\system32\winipsec.dll
2008-09-21 13:42:44 ----A---- C:\WINDOWS\system32\wininet.dll
2008-09-21 13:42:44 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-09-21 13:42:44 ----A---- C:\WINDOWS\system32\winfax.dll
2008-09-21 13:42:43 ----A---- C:\WINDOWS\system32\winchat.exe
2008-09-21 13:42:43 ----A---- C:\WINDOWS\system32\winbrand.dll
2008-09-21 13:42:43 ----A---- C:\WINDOWS\system32\win87em.dll
2008-09-21 13:42:43 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-09-21 13:42:43 ----A---- C:\WINDOWS\system32\win.com
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\wifeman.dll
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\wiavusd.dll
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\wiavideo.dll
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\wiashext.dll
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\wiaservc.dll
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\wiascr.dll
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\wiadss.dll
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\wiadefui.dll
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\wextract.exe
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\webvw.dll
2008-09-21 13:42:42 ----A---- C:\WINDOWS\system32\webhits.dll
2008-09-21 13:42:41 ----A---- C:\WINDOWS\system32\webclnt.dll
2008-09-21 13:42:41 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-09-21 13:42:41 ----A---- C:\WINDOWS\system32\wdigest.dll
2008-09-21 13:42:41 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2008-09-21 13:42:41 ----A---- C:\WINDOWS\system32\wdfapi.dll
2008-09-21 13:42:39 ----A---- C:\WINDOWS\system32\wavemsp.dll
2008-09-21 13:42:38 ----A---- C:\WINDOWS\vmmreg32.dll
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\w3ssl.dll
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\w32topl.dll
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\w32tm.exe
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\w32time.dll
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\vwipxspx.exe
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\vwipxspx.dll
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\vssvc.exe
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\vssapi.dll
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\vssadmin.exe
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\vss_ps.dll
2008-09-21 13:42:38 ----A---- C:\WINDOWS\system32\vjoy.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\vga64k.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\vga256.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\vga.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\vfpodbc.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\version.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\verifier.exe
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\verifier.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\ver.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\vdmredir.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\vcdex.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-09-21 13:42:37 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-09-21 13:42:36 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-09-21 13:42:36 ----A---- C:\WINDOWS\system32\uwdf.exe
2008-09-21 13:42:36 ----A---- C:\WINDOWS\system32\utilman.exe
2008-09-21 13:42:36 ----A---- C:\WINDOWS\system32\utildll.dll
2008-09-21 13:42:36 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-09-21 13:42:36 ----A---- C:\WINDOWS\system32\usp10.dll
2008-09-21 13:42:36 ----A---- C:\WINDOWS\system32\userinit.exe
2008-09-21 13:42:36 ----A---- C:\WINDOWS\system32\userenv.dll
2008-09-21 13:42:36 ----A---- C:\WINDOWS\system32\user32.dll
2008-09-21 13:42:36 ----A---- C:\WINDOWS\system32\user.exe
2008-09-21 13:42:35 ----A---- C:\WINDOWS\system32\usbmon.dll
2008-09-21 13:42:35 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-09-21 13:42:35 ----A---- C:\WINDOWS\system32\url.dll
2008-09-21 13:42:35 ----A---- C:\WINDOWS\system32\ureg.dll
2008-09-21 13:42:35 ----A---- C:\WINDOWS\system32\ups.exe
2008-09-21 13:42:35 ----A---- C:\WINDOWS\system32\upnpui.dll
2008-09-21 13:42:35 ----A---- C:\WINDOWS\system32\upnphost.dll
2008-09-21 13:42:35 ----A---- C:\WINDOWS\system32\upnpcont.exe
2008-09-21 13:42:35 ----A---- C:\WINDOWS\system32\upnp.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\twunk_32.exe
2008-09-21 13:42:34 ----A---- C:\WINDOWS\twunk_16.exe
2008-09-21 13:42:34 ----A---- C:\WINDOWS\twain_32.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\twain.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\untfs.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\unlodctr.exe
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\uniplat.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\unimdmat.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\umdmxfrm.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\umandlg.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\ulib.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\ufat.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\udhisapi.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\typeperf.exe
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\typelib.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\txflog.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\twext.dll
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-09-21 13:42:34 ----A---- C:\WINDOWS\system32\tskill.exe
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tsddd.dll
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tsd32.dll
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tscon.exe
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tsappcmp.dll
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\trkwks.dll
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tree.com
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\traffic.dll
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tracert6.exe
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tracert.exe
2008-09-21 13:42:33 ----A---- C:\WINDOWS\system32\tracerpt.exe
2008-09-21 13:42:32 ----A---- C:\WINDOWS\system32\toolhelp.dll
2008-09-21 13:42:32 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2008-09-21 13:42:32 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2008-09-21 13:42:32 ----A---- C:\WINDOWS\system32\tlntsess.exe
2008-09-21 13:42:32 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2008-09-21 13:42:30 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\themeui.dll
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\tftp.exe
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\termmgr.dll
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\tcpmon.dll
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\tcpmib.dll
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\taskmgr.exe
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\taskman.exe
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\tasklist.exe
2008-09-21 13:42:30 ----A---- C:\WINDOWS\system32\taskkill.exe
2008-09-21 13:42:29 ----A---- C:\WINDOWS\system32\tapiui.dll
2008-09-21 13:42:29 ----A---- C:\WINDOWS\system32\tapisrv.dll
2008-09-21 13:42:29 ----A---- C:\WINDOWS\system32\tapiperf.dll
2008-09-21 13:42:29 ----A---- C:\WINDOWS\system32\tapi32.dll
2008-09-21 13:42:29 ----A---- C:\WINDOWS\system32\tapi3.dll
2008-09-21 13:42:29 ----A---- C:\WINDOWS\system32\tapi.dll
2008-09-21 13:42:29 ----A---- C:\WINDOWS\system32\t2embed.dll
2008-09-21 13:42:29 ----A---- C:\WINDOWS\system32\systray.exe
2008-09-21 13:41:36 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-09-21 13:41:36 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2008-09-21 13:41:36 ----A---- C:\WINDOWS\system32\syskey.exe
2008-09-21 13:41:36 ----A---- C:\WINDOWS\system32\sysinv.dll
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\sysedit.exe
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\syncui.dll
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\synceng.dll
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\syncapp.exe
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\sxs.dll
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\swprv.dll
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\svcpack.dll
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\svchost.exe
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\subst.exe
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\strmfilt.dll
2008-09-21 13:41:35 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-09-21 13:41:34 ----A---- C:\WINDOWS\system32\storage.dll
2008-09-21 13:41:34 ----A---- C:\WINDOWS\system32\stobject.dll
2008-09-21 13:41:34 ----A---- C:\WINDOWS\system32\stimon.exe
2008-09-21 13:41:34 ----A---- C:\WINDOWS\system32\sti_ci.dll
2008-09-21 13:41:34 ----A---- C:\WINDOWS\system32\sti.dll
2008-09-21 13:41:34 ----A---- C:\WINDOWS\system32\stclient.dll
2008-09-21 13:41:34 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2008-09-21 13:41:34 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2008-09-21 13:41:33 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-09-21 13:41:33 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-09-21 13:41:33 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-09-21 13:41:33 ----A---- C:\WINDOWS\system32\srclient.dll
2008-09-21 13:41:33 ----A---- C:\WINDOWS\system32\sqlwoa.dll
2008-09-21 13:41:33 ----A---- C:\WINDOWS\system32\sqlwid.dll
2008-09-21 13:41:33 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2008-09-21 13:41:33 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2008-09-21 13:41:33 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-09-21 13:41:32 ----A---- C:\WINDOWS\system32\sprestrt.exe
2008-09-21 13:41:30 ----A---- C:\WINDOWS\system32\spoolsv.exe
2008-09-21 13:41:30 ----A---- C:\WINDOWS\system32\spoolss.dll
2008-09-21 13:41:30 ----A---- C:\WINDOWS\system32\spiisupd.exe
2008-09-21 13:41:30 ----A---- C:\WINDOWS\system32\spider.exe
2008-09-21 13:41:23 ----A---- C:\WINDOWS\system32\sort.exe
2008-09-21 13:41:23 ----A---- C:\WINDOWS\system32\sol.exe
2008-09-21 13:41:23 ----A---- C:\WINDOWS\system32\softpub.dll
2008-09-21 13:41:23 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2008-09-21 13:41:23 ----A---- C:\WINDOWS\system32\snmpapi.dll
2008-09-21 13:41:23 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-09-21 13:41:23 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-09-21 13:41:22 ----A---- C:\WINDOWS\system32\smss.exe
2008-09-21 13:41:22 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2008-09-21 13:41:22 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2008-09-21 13:41:22 ----A---- C:\WINDOWS\system32\smbinst.exe
2008-09-21 13:41:22 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2008-09-21 13:41:22 ----A---- C:\WINDOWS\system32\slbiop.dll
2008-09-21 13:41:22 ----A---- C:\WINDOWS\system32\slbcsp.dll
2008-09-21 13:41:22 ----A---- C:\WINDOWS\system32\slayerxp.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\skeys.exe
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\skdll.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\sisbkup.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\sigverif.exe
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\sigtab.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shutdown.exe
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shsvcs.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shscrap.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shrpubw.exe
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shmgrate.exe
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shmedia.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shimgvw.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shimeng.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shgina.dll
2008-09-21 13:41:21 ----A---- C:\WINDOWS\system32\shfolder.dll
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\shell32.dll
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\shell.dll
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\shdoclc.dll
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\share.exe
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\shadow.exe
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\sfmapi.dll
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\sfc_os.dll
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\sfc.exe
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\sfc.dll
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\setver.exe
2008-09-21 13:41:19 ----A---- C:\WINDOWS\system32\setupdll.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\setup.exe
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\sethc.exe
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\serwvdrv.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\services.msc
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\services.exe
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\serialui.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\senscfg.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\sensapi.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\sens.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\sendmail.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\security.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\secur32.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\secpol.msc
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\seclogon.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\secedit.exe
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\sdpblb.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2008-09-21 13:41:18 ----A---- C:\WINDOWS\system32\sdbinst.exe
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\scrrun.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\scrobj.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\scriptpw.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\scredir.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\schannel.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\scesrv.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\scecli.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\sccsccp.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\sccbase.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\scardssp.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\scarddlg.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\sc.exe
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\sbeio.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\sbe.dll
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\savedump.exe
2008-09-21 13:41:17 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-09-21 13:41:16 ----A---- C:\WINDOWS\system32\samlib.dll
2008-09-21 13:41:16 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-09-21 13:41:16 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-09-21 13:41:16 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-09-21 13:41:16 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-09-21 13:41:15 ----RA---- C:\WINDOWS\system32\rsop.msc
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\runonce.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\runas.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rtutils.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rtm.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rtcshare.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsvpperf.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsvpmsg.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsvp.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsopprov.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsnotify.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsmui.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsmsink.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsmps.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsm.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsh.exe
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsfsaps.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rsaenh.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rpcss.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-09-21 13:41:15 ----A---- C:\WINDOWS\system32\rpcns4.dll
2008-09-21 13:41:14 ----A---- C:\WINDOWS\system32\routetab.dll
2008-09-21 13:41:14 ----A---- C:\WINDOWS\system32\routemon.exe
2008-09-21 13:41:14 ----A---- C:\WINDOWS\system32\route.exe
2008-09-21 13:41:14 ----A---- C:\WINDOWS\system32\rnr20.dll
2008-09-21 13:41:14 ----A---- C:\WINDOWS\system32\riched32.dll
2008-09-21 13:41:14 ----A---- C:\WINDOWS\system32\riched20.dll
2008-09-21 13:41:14 ----A---- C:\WINDOWS\system32\rexec.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\resutils.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\reset.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\replace.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rend.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\relog.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\regwizc.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\regwiz.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\regsvr32.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\regsvc.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\regini.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\regedt32.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\regapi.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\reg.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\redir.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\recover.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rdpdd.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rcp.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rcimlby.exe
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rastls.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rasser.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rassapi.dll
2008-09-21 13:41:13 ----A---- C:\WINDOWS\system32\rasrad.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasppp.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasphone.exe
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasmxs.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasmontr.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasmans.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasman.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasdial.exe
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasctrs.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\raschap.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasautou.exe
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-09-21 13:41:12 ----A---- C:\WINDOWS\system32\query.dll
2008-09-21 13:41:11 ----N---- C:\WINDOWS\system32\quartz.dll
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qosname.dll
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qedwipes.dll
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qedit.dll
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qdvd.dll
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qdv.dll
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qcap.dll
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qasf.dll
2008-09-21 13:41:11 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-09-21 13:41:10 ----A---- C:\WINDOWS\system32\pubprn.vbs
2008-09-21 13:41:10 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2008-09-21 13:41:10 ----A---- C:\WINDOWS\system32\pstorec.dll
2008-09-21 13:41:10 ----A---- C:\WINDOWS\system32\psnppagn.dll
2008-09-21 13:41:10 ----A---- C:\WINDOWS\system32\pschdprf.dll
2008-09-21 13:41:10 ----A---- C:\WINDOWS\system32\psbase.dll
2008-09-21 13:41:10 ----A---- C:\WINDOWS\system32\psapi.dll
2008-09-21 13:41:05 ----N---- C:\WINDOWS\system32\pngfilt.dll
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\proxycfg.exe
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\proquota.exe
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\progman.exe
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\profmap.dll
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\prnqctl.vbs
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\prnport.vbs
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\prnmngr.vbs
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\prnjobs.vbs
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\prndrvr.vbs
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\prncnfg.vbs
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\printui.dll
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\print.exe
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\prflbmsg.dll
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\powrprof.dll
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\powercfg.exe
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\polstore.dll
2008-09-21 13:41:05 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2008-09-21 13:41:04 ----RA---- C:\WINDOWS\system32\perfmon.msc
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\pmspl.dll
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\plustab.dll
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\ping6.exe
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\ping.exe
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\pifmgr.dll
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\photowiz.dll
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\perfts.dll
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\perfproc.dll
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\perfos.dll
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\perfnw.dll
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\perfnet.dll
2008-09-21 13:41:04 ----A---- C:\WINDOWS\system32\perfmon.exe
2008-09-21 13:41:03 ----A---- C:\WINDOWS\system32\perfdisk.dll
2008-09-21 13:41:03 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-09-21 13:41:03 ----A---- C:\WINDOWS\system32\pentnt.exe
2008-09-21 13:41:03 ----A---- C:\WINDOWS\system32\pdh.dll
2008-09-21 13:41:02 ----A---- C:\WINDOWS\system32\pautoenr.dll
2008-09-21 13:41:02 ----A---- C:\WINDOWS\system32\pathping.exe
2008-09-21 13:41:02 ----A---- C:\WINDOWS\system32\panmap.dll
2008-09-21 13:41:01 ----A---- C:\WINDOWS\system32\packager.exe
2008-09-21 13:41:01 ----A---- C:\WINDOWS\system32\p2psvc.dll
2008-09-21 13:41:01 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2008-09-21 13:41:01 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2008-09-21 13:41:01 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2008-09-21 13:41:01 ----A---- C:\WINDOWS\system32\p2p.dll
2008-09-21 13:41:01 ----A---- C:\WINDOWS\system32\osuninst.exe
2008-09-21 13:41:01 ----A---- C:\WINDOWS\system32\osuninst.dll
2008-09-21 13:41:01 ----A---- C:\WINDOWS\system32\osk.exe
2008-09-21 13:41:01 ----A---- C:\WINDOWS\system32\opengl32.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\olethk32.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\olesvr32.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\olesvr.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\olepro32.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\oleprn.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\oledlg.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\olecli32.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\olecli.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\oleacc.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\ole32.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\ole2nls.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\ole2disp.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\ole2.dll
2008-09-21 13:41:00 ----A---- C:\WINDOWS\system32\offfilt.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odtext32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odpdx32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odfox32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odexl32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\oddbse32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbctrac.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbcji32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbcint.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbccu32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbccr32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbccp32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbcconf.exe
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbcconf.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbcad32.exe
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbc32.dll
2008-09-21 13:40:55 ----A---- C:\WINDOWS\system32\odbc16gt.dll
2008-09-21 13:40:54 ----N---- C:\WINDOWS\system32\occache.dll
2008-09-21 13:40:54 ----A---- C:\WINDOWS\system32\ocmanage.dll
2008-09-21 13:40:54 ----A---- C:\WINDOWS\system32\objsel.dll
2008-09-21 13:40:54 ----A---- C:\WINDOWS\system32\oakley.dll
2008-09-21 13:40:54 ----A---- C:\WINDOWS\system32\nwwks.dll
2008-09-21 13:40:53 ----A---- C:\WINDOWS\system32\nwscript.exe
2008-09-21 13:40:53 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-09-21 13:40:53 ----A---- C:\WINDOWS\system32\nwevent.dll
2008-09-21 13:40:53 ----A---- C:\WINDOWS\system32\nwcfg.dll
2008-09-21 13:40:53 ----A---- C:\WINDOWS\system32\nwapi32.dll
2008-09-21 13:40:53 ----A---- C:\WINDOWS\system32\nwapi16.dll
2008-09-21 13:40:53 ----A---- C:\WINDOWS\system32\nw16.exe
2008-09-21 13:40:53 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2008-09-21 13:40:53 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-09-21 13:40:53 ----A---- C:\WINDOWS\system32\ntshrui.dll
2008-09-21 13:40:52 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntmsoprq.msc
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntmsmgr.msc
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntmsevt.dll
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntmarta.dll
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntlanui.dll
2008-09-21 13:40:51 ----A---- C:\WINDOWS\system32\ntlanman.dll
2008-09-21 13:40:50 ----A---- C:\WINDOWS\system32\ntdsbcli.dll
2008-09-21 13:40:50 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2008-09-21 13:40:49 ----A---- C:\WINDOWS\system32\ntbackup.exe
2008-09-21 13:40:48 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-09-21 13:40:48 ----A---- C:\WINDOWS\system32\npptools.dll
2008-09-21 13:40:48 ----A---- C:\WINDOWS\system32\notepad.exe
2008-09-21 13:40:48 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-09-21 13:40:48 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-09-21 13:40:48 ----A---- C:\WINDOWS\notepad.exe
2008-09-21 13:40:47 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2008-09-21 13:40:47 ----A---- C:\WINDOWS\system32\nlhtml.dll
2008-09-21 13:40:46 ----A---- C:\WINDOWS\system32\newdev.dll
2008-09-21 13:40:46 ----A---- C:\WINDOWS\system32\netui2.dll
2008-09-21 13:40:46 ----A---- C:\WINDOWS\system32\netui1.dll
2008-09-21 13:40:46 ----A---- C:\WINDOWS\system32\netui0.dll
2008-09-21 13:40:46 ----A---- C:\WINDOWS\system32\netstat.exe
2008-09-21 13:40:46 ----A---- C:\WINDOWS\system32\netshell.dll
2008-09-21 13:40:46 ----A---- C:\WINDOWS\system32\netsh.exe
2008-09-21 13:40:45 ----A---- C:\WINDOWS\system32\netrap.dll
2008-09-21 13:40:45 ----A---- C:\WINDOWS\system32\netplwiz.dll
2008-09-21 13:40:45 ----A---- C:\WINDOWS\system32\netmsg.dll
2008-09-21 13:40:45 ----A---- C:\WINDOWS\system32\netman.dll
2008-09-21 13:40:45 ----A---- C:\WINDOWS\system32\netlogon.dll
2008-09-21 13:40:45 ----A---- C:\WINDOWS\system32\netid.dll
2008-09-21 13:40:45 ----A---- C:\WINDOWS\system32\neth.dll
2008-09-21 13:40:45 ----A---- C:\WINDOWS\system32\netevent.dll
2008-09-21 13:40:45 ----A---- C:\WINDOWS\system32\netdde.exe
2008-09-21 13:40:45 ----A---- C:\WINDOWS\system32\netcfgx.dll
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\netapi.dll
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\net1.exe
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\net.exe
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\nddenb32.dll
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\nddeapir.exe
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\nddeapi.dll
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\ncxpnt.dll
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\nbtstat.exe
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\narrhook.dll
2008-09-21 13:40:44 ----A---- C:\WINDOWS\system32\narrator.exe
2008-09-21 13:40:43 ----A---- C:\WINDOWS\system32\mydocs.dll
2008-09-21 13:40:43 ----A---- C:\WINDOWS\system32\mycomput.dll
2008-09-21 13:40:42 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-09-21 13:40:42 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-09-21 13:40:42 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-09-21 13:40:42 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-09-21 13:40:42 ----A---- C:\WINDOWS\system32\mtxclu.dll
2008-09-21 13:40:42 ----A---- C:\WINDOWS\system32\msxmlr.dll
2008-09-21 13:40:42 ----A---- C:\WINDOWS\system32\msxml3r.dll
2008-09-21 13:40:42 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\msxml2r.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\msxml2.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\msxml.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\msxbde40.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\mswstr10.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\mswsock.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\mswmdm.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\mswdat10.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-09-21 13:40:41 ----A---- C:\WINDOWS\system32\msvideo.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvidctl.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvidc32.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvfw32.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvcrt20.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvcrt.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvcp60.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvcp50.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvcirt.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msvbvm50.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\msutb.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-09-21 13:40:40 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-09-21 13:40:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-09-21 13:40:39 ----N---- C:\WINDOWS\system32\msrating.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\mstext40.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\mstask.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msswchx.exe
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msswch.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\mssip32.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\mssign32.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msscp.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\mssap.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msrle32.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msrepl40.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msrecr40.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msrclr40.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msratelc.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msr2cenu.dll
2008-09-21 13:40:39 ----A---- C:\WINDOWS\system32\msr2c.dll
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\msprivs.dll
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\msports.dll
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\mspmsp.dll
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\mspbde40.dll
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\mspatcha.dll
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\msorcl32.dll
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\msorc32r.dll
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-09-21 13:40:38 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-09-21 13:40:37 ----A---- C:\WINDOWS\system32\msobjs.dll
2008-09-21 13:40:37 ----A---- C:\WINDOWS\system32\msnsspc.dll
2008-09-21 13:40:35 ----A---- C:\WINDOWS\system32\msnetobj.dll
2008-09-21 13:40:31 ----A---- C:\WINDOWS\system32\msltus40.dll
2008-09-21 13:40:31 ----A---- C:\WINDOWS\system32\msls31.dll
2008-09-21 13:40:31 ----A---- C:\WINDOWS\system32\mslbui.dll
2008-09-21 13:40:31 ----A---- C:\WINDOWS\system32\msjtes40.dll
2008-09-21 13:40:31 ----A---- C:\WINDOWS\system32\msjter40.dll
2008-09-21 13:40:31 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-09-21 13:40:30 ----A---- C:\WINDOWS\system32\msjet40.dll
2008-09-21 13:40:30 ----A---- C:\WINDOWS\system32\msisip.dll
2008-09-21 13:40:30 ----A---- C:\WINDOWS\system32\msimtf.dll
2008-09-21 13:40:30 ----A---- C:\WINDOWS\system32\msimsg.dll
2008-09-21 13:40:30 ----A---- C:\WINDOWS\system32\msimg32.dll
2008-09-21 13:40:30 ----A---- C:\WINDOWS\system32\msihnd.dll
2008-09-21 13:40:30 ----A---- C:\WINDOWS\system32\msiexec.exe
2008-09-21 13:40:29 ----A---- C:\WINDOWS\system32\msieftp.dll
2008-09-21 13:40:29 ----A---- C:\WINDOWS\system32\msidntld.dll
2008-09-21 13:40:29 ----A---- C:\WINDOWS\system32\msidle.dll
2008-09-21 13:40:29 ----A---- C:\WINDOWS\system32\msident.dll
2008-09-21 13:40:29 ----A---- C:\WINDOWS\system32\msi.dll
2008-09-21 13:40:29 ----A---- C:\WINDOWS\system32\mshtmler.dll
2008-09-21 13:40:29 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-09-21 13:40:29 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-09-21 13:40:29 ----A---- C:\WINDOWS\system32\mshta.exe
2008-09-21 13:40:29 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-09-21 13:40:28 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-09-21 13:40:28 ----A---- C:\WINDOWS\system32\msgina.dll
2008-09-21 13:40:28 ----A---- C:\WINDOWS\system32\msg.exe
2008-09-21 13:40:28 ----A---- C:\WINDOWS\system32\msftedit.dll
2008-09-21 13:40:28 ----A---- C:\WINDOWS\system32\msexcl40.dll
2008-09-21 13:40:28 ----A---- C:\WINDOWS\system32\msexch40.dll
2008-09-21 13:40:28 ----A---- C:\WINDOWS\system32\msencode.dll
2008-09-21 13:40:28 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msdmo.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msdart.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msdadiag.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msctfp.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msctf.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msconf.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\mscms.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\mscat32.dll
2008-09-21 13:40:27 ----A---- C:\WINDOWS\system32\msaudite.dll
2008-09-21 13:40:26 ----A---- C:\WINDOWS\system32\msasn1.dll
2008-09-21 13:40:26 ----A---- C:\WINDOWS\system32\msapsspc.dll
2008-09-21 13:40:26 ----A---- C:\WINDOWS\system32\msafd.dll
2008-09-21 13:40:26 ----A---- C:\WINDOWS\system32\msacm32.dll
2008-09-21 13:40:26 ----A---- C:\WINDOWS\system32\msacm.dll
2008-09-21 13:40:26 ----A---- C:\WINDOWS\system32\msaatext.dll
2008-09-21 13:40:25 ----A---- C:\WINDOWS\system32\mrinfo.exe
2008-09-21 13:40:25 ----A---- C:\WINDOWS\system32\mqutil.dll
2008-09-21 13:40:25 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2008-09-21 13:40:25 ----A---- C:\WINDOWS\system32\mqtrig.dll
2008-09-21 13:40:25 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2008-09-21 13:40:25 ----A---- C:\WINDOWS\system32\mqsvc.exe
2008-09-21 13:40:25 ----A---- C:\WINDOWS\system32\mqsnap.dll
2008-09-21 13:40:25 ----A---- C:\WINDOWS\system32\mqsec.dll
2008-09-21 13:40:25 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2008-09-21 13:40:25 ----A---- C:\WINDOWS\system32\mqrt.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mqqm.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mqperf.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mqoa.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mqise.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mqgentr.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mqdscli.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mqcertui.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mqbkup.exe
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mqad.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mprui.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mprmsg.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mprdim.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mprddm.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mprapi.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mpr.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mpnotify.exe
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\MPG4DMOD.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\MP4SDMOD.dll
2008-09-21 13:40:24 ----A---- C:\WINDOWS\system32\MP43DMOD.dll
2008-09-21 13:40:23 ----A---- C:\WINDOWS\system32\mountvol.exe
2008-09-21 13:40:23 ----A---- C:\WINDOWS\system32\moricons.dll
2008-09-21 13:40:23 ----A---- C:\WINDOWS\system32\more.com
2008-09-21 13:40:23 ----A---- C:\WINDOWS\system32\modex.dll
2008-09-21 13:40:23 ----A---- C:\WINDOWS\system32\modemui.dll
2008-09-21 13:40:22 ----A---- C:\WINDOWS\system32\mode.com
2008-09-21 13:40:22 ----A---- C:\WINDOWS\system32\mobsync.exe
2008-09-21 13:40:22 ----A---- C:\WINDOWS\system32\mobsync.dll
2008-09-21 13:40:22 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-09-21 13:40:22 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-09-21 13:40:22 ----A---- C:\WINDOWS\system32\mmutilse.dll
2008-09-21 13:40:22 ----A---- C:\WINDOWS\system32\mmsystem.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mmdrv.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mmcshext.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mmcbase.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mmc.exe
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mll_qic.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mll_mtf.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mll_hp.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mlang.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\mimefilt.dll
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\migpwd.exe
2008-09-21 13:40:21 ----A---- C:\WINDOWS\system32\miglibnt.dll
2008-09-21 13:40:20 ----A---- C:\WINDOWS\system32\midimap.dll
2008-09-21 13:40:20 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-09-21 13:40:20 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2008-09-21 13:40:20 ----A---- C:\WINDOWS\system32\mfc42u.dll
2008-09-21 13:40:20 ----A---- C:\WINDOWS\system32\mfc42.dll
2008-09-21 13:40:20 ----A---- C:\WINDOWS\system32\mfc40u.dll
2008-09-21 13:40:19 ----A---- C:\WINDOWS\system32\mfc40.dll
2008-09-21 13:40:19 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-09-21 13:40:19 ----A---- C:\WINDOWS\system32\mem.exe
2008-09-21 13:40:18 ----A---- C:\WINDOWS\system32\mdminst.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mdhcp.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mciwave.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mciseq.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mciole32.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mciole16.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mcicda.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mciavi32.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mchgrcoi.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mcdsrv32.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mcd32.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mcastmib.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mapistub.dll
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\makecab.exe
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\magnify.exe
2008-09-21 13:40:17 ----A---- C:\WINDOWS\system32\mag_hook.dll
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\lzexpand.dll
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\lz32.dll
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\lusrmgr.msc
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\lsass.exe
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\lprmonui.dll
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\lprhelp.dll
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\lpr.exe
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\lpq.exe
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\lpk.dll
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\logonui.exe
2008-09-21 13:40:16 ----A---- C:\WINDOWS\system32\logoff.exe
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\logman.exe
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\login.cmd
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\loghours.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\logagent.exe
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\lodctr.exe
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\locator.exe
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\localui.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\localspl.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\localsec.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\loadperf.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\loadfix.com
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\lnkstub.exe
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\lmrt.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\linkinfo.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\lights.exe
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\licmgr10.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\licdll.dll
2008-09-21 13:40:15 ----A---- C:\WINDOWS\system32\LAPRXY.dll
2008-09-21 13:40:14 ----A---- C:\WINDOWS\system32\langwrbk.dll
2008-09-21 13:40:13 ----A---- C:\WINDOWS\system32\label.exe
2008-09-21 13:40:13 ----A---- C:\WINDOWS\system32\krnl386.exe
2008-09-21 13:40:13 ----A---- C:\WINDOWS\system32\keymgr.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kerberos.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kdcom.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kd1394.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdukx.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdno1.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdmac.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdinben.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdfo.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdcan.dll
2008-09-21 13:40:12 ----A---- C:\WINDOWS\system32\kbdbene.dll
2008-09-21 13:40:11 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\kb16.com
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\jscript.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\jobexec.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\jgsh400.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\jgsd400.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\jgpl400.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\jgmd400.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\jgdw400.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\jgaw400.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\jet500.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\ixsso.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\iuengine.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\itss.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\itircl.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\isign32.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\irclass.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2008-09-21 13:40:11 ----A---- C:\WINDOWS\system32\ir50_32.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ir32_32.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipxwan.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipxsap.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipxroute.exe
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipxrip.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipxpromn.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipxmontr.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipv6.exe
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipsec6.exe
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\iprtprio.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\iprop.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ippromon.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipmontr.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\ipconfig.exe
2008-09-21 13:40:10 ----A---- C:\WINDOWS\system32\iologmsg.dll
2008-09-21 13:40:09 ----A---- C:\WINDOWS\system32\inseng.dll
2008-09-21 13:40:09 ----A---- C:\WINDOWS\system32\input.dll
2008-09-21 13:40:09 ----A---- C:\WINDOWS\system32\initpki.dll
2008-09-21 13:40:09 ----A---- C:\WINDOWS\system32\infosoft.dll
2008-09-21 13:40:09 ----A---- C:\WINDOWS\system32\inetres.dll
2008-09-21 13:40:09 ----A---- C:\WINDOWS\system32\inetppui.dll
2008-09-21 13:40:09 ----A---- C:\WINDOWS\system32\inetpp.dll
2008-09-21 13:40:09 ----A---- C:\WINDOWS\system32\inetmib1.dll
2008-09-21 13:40:09 ----A---- C:\WINDOWS\system32\inetcplc.dll
2008-09-21 13:40:08 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-09-21 13:40:08 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-09-21 13:40:08 ----A---- C:\WINDOWS\system32\imm32.dll
2008-09-21 13:40:08 ----A---- C:\WINDOWS\system32\imgutil.dll
2008-09-21 13:40:08 ----A---- C:\WINDOWS\system32\imeshare.dll
2008-09-21 13:40:08 ----A---- C:\WINDOWS\system32\imapi.exe
2008-09-21 13:40:08 ----A---- C:\WINDOWS\system32\ils.dll
2008-09-21 13:40:08 ----A---- C:\WINDOWS\system32\iissuba.dll
2008-09-21 13:40:06 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-09-21 13:40:06 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-09-21 13:40:06 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-09-21 13:40:06 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-09-21 13:40:06 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-09-21 13:40:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\ifsutil.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\ifmon.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\iexpress.exe
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\iesetup.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\idq.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\icmui.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\icmp.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\icm32.dll
2008-09-21 13:40:06 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iccvid.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iassvcs.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iassdo.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iassam.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iasrecst.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iasrad.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iaspolcy.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iasnap.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iashlpr.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iasads.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\iasacct.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\htui.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\httpapi.dll
2008-09-21 13:40:05 ----A---- C:\WINDOWS\system32\hticons.dll
2008-09-21 13:40:04 ----A---- C:\WINDOWS\system32\hotplug.dll
2008-09-21 13:40:04 ----A---- C:\WINDOWS\system32\hostname.exe
2008-09-21 13:40:04 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2008-09-21 13:40:04 ----A---- C:\WINDOWS\system32\hnetmon.dll
2008-09-21 13:40:04 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2008-09-21 13:40:04 ----A---- C:\WINDOWS\system32\hlink.dll
2008-09-21 13:40:03 ----A---- C:\WINDOWS\system32\hhsetup.dll
2008-09-21 13:40:03 ----A---- C:\WINDOWS\system32\help.exe
2008-09-21 13:40:03 ----A---- C:\WINDOWS\hh.exe
2008-09-21 13:40:02 ----A---- C:\WINDOWS\system32\hccoin.dll
2008-09-21 13:40:02 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-09-21 13:40:01 ----A---- C:\WINDOWS\system32\grpconv.exe
2008-09-21 13:40:01 ----A---- C:\WINDOWS\system32\graphics.com
2008-09-21 13:40:01 ----A---- C:\WINDOWS\system32\graftabl.com
2008-09-21 13:40:01 ----A---- C:\WINDOWS\system32\gpupdate.exe
2008-09-21 13:40:01 ----A---- C:\WINDOWS\system32\gptext.dll
2008-09-21 13:40:01 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2008-09-21 13:40:01 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2008-09-21 13:40:01 ----A---- C:\WINDOWS\system32\gpedit.msc
2008-09-21 13:40:01 ----A---- C:\WINDOWS\system32\gpedit.dll
2008-09-21 13:40:00 ----A---- C:\WINDOWS\system32\glu32.dll
2008-09-21 13:39:59 ----A---- C:\WINDOWS\system32\glmf32.dll
2008-09-21 13:39:59 ----A---- C:\WINDOWS\system32\getuname.dll
2008-09-21 13:39:59 ----A---- C:\WINDOWS\system32\getmac.exe
2008-09-21 13:39:59 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-09-21 13:39:59 ----A---- C:\WINDOWS\system32\gdi.exe
2008-09-21 13:39:59 ----A---- C:\WINDOWS\system32\gcdef.dll
2008-09-21 13:39:48 ----A---- C:\WINDOWS\system32\fwcfg.dll
2008-09-21 13:39:48 ----A---- C:\WINDOWS\system32\ftsrch.dll
2008-09-21 13:39:48 ----A---- C:\WINDOWS\system32\ftp.exe
2008-09-21 13:39:48 ----A---- C:\WINDOWS\system32\fsutil.exe
2008-09-21 13:39:48 ----A---- C:\WINDOWS\system32\fsusd.dll
2008-09-21 13:39:48 ----A---- C:\WINDOWS\system32\fsquirt.exe
2008-09-21 13:39:48 ----A---- C:\WINDOWS\system32\fsmgmt.msc
2008-09-21 13:39:48 ----A---- C:\WINDOWS\system32\freecell.exe
2008-09-21 13:39:48 ----A---- C:\WINDOWS\system32\framebuf.dll
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\format.com
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fontview.exe
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fontsub.dll
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fontext.dll
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fmifs.dll
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fixmapi.exe
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\finger.exe
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\findstr.exe
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\find.exe
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\filemgmt.dll
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\feclient.dll
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fdeploy.dll
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fde.dll
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\fc.exe
2008-09-21 13:39:47 ----A---- C:\WINDOWS\system32\faultrep.dll
2008-09-21 13:39:46 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-09-21 13:39:46 ----A---- C:\WINDOWS\system32\fastopen.exe
2008-09-21 13:39:46 ----A---- C:\WINDOWS\system32\extrac32.exe
2008-09-21 13:39:46 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-09-21 13:39:46 ----A---- C:\WINDOWS\explorer.exe
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\exe2bin.exe
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\eventvwr.msc
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\eventvwr.exe
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\eventlog.dll
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\eventcls.dll
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\eudcedit.exe
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\esentutl.exe
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\esentprf.dll
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\esent97.dll
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\esent.dll
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\es.dll
2008-09-21 13:39:45 ----A---- C:\WINDOWS\system32\ersvc.dll
2008-09-21 13:39:44 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-09-21 13:39:44 ----A---- C:\WINDOWS\system32\encdec.dll
2008-09-21 13:39:44 ----A---- C:\WINDOWS\system32\encapi.dll
2008-09-21 13:39:44 ----A---- C:\WINDOWS\system32\els.dll
2008-09-21 13:39:44 ----A---- C:\WINDOWS\system32\efsadu.dll
2008-09-21 13:39:44 ----A---- C:\WINDOWS\system32\edlin.exe
2008-09-21 13:39:44 ----A---- C:\WINDOWS\system32\edit.com
2008-09-21 13:39:44 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-09-21 13:39:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-09-21 13:39:44 ----A---- C:\WINDOWS\system32\dxmasf.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dx8vb.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dx7vb.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\duser.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dumprep.exe
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dswave.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dsuiext.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dssenh.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dssec.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dsquery.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dsprpres.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dsprop.dll
2008-09-21 13:39:43 ----A---- C:\WINDOWS\system32\dsound3d.dll
2008-09-21 13:39:42 ----A---- C:\WINDOWS\system32\dsound.dll
2008-09-21 13:39:42 ----A---- C:\WINDOWS\system32\dskquoui.dll
2008-09-21 13:39:42 ----A---- C:\WINDOWS\system32\dskquota.dll
2008-09-21 13:39:42 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2008-09-21 13:39:42 ----A---- C:\WINDOWS\system32\dsdmo.dll
2008-09-21 13:39:42 ----A---- C:\WINDOWS\system32\dsauth.dll
2008-09-21 13:39:42 ----A---- C:\WINDOWS\system32\ds32gt.dll
2008-09-21 13:39:42 ----A---- C:\WINDOWS\system32\ds16gt.dLL
2008-09-21 13:39:42 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2008-09-21 13:39:42 ----A---- C:\WINDOWS\system32\drwatson.exe
2008-09-21 13:39:41 ----A---- C:\WINDOWS\system32\drprov.dll
2008-09-21 13:39:41 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2008-09-21 13:39:41 ----A---- C:\WINDOWS\system32\drmstor.dll
2008-09-21 13:39:41 ----A---- C:\WINDOWS\system32\drmclien.dll
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpwsock.dll
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpvvox.dll
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpvoice.dll
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpvacm.dll
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpserial.dll
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2008-09-21 13:39:19 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dpnet.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dplayx.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dplay.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dpcdll.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dosx.exe
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\doskey.exe
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\docprop2.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\docprop.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dnsapi.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmusic.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmsynth.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmstyle.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmserver.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmscript.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmremote.exe
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmocx.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmloader.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmintf.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmime.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmdskres.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmconfig.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmcompos.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmband.dll
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dmadmin.exe
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2008-09-21 13:39:18 ----A---- C:\WINDOWS\system32\dllhost.exe
2008-09-21 13:39:15 ----A---- C:\WINDOWS\system32\dispex.dll
2008-09-21 13:39:15 ----A---- C:\WINDOWS\system32\diskperf.exe
2008-09-21 13:39:15 ----A---- C:\WINDOWS\system32\diskpart.exe
2008-09-21 13:39:15 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2008-09-21 13:39:15 ----A---- C:\WINDOWS\system32\diskcopy.dll
2008-09-21 13:39:15 ----A---- C:\WINDOWS\system32\diskcopy.com
2008-09-21 13:39:15 ----A---- C:\WINDOWS\system32\diskcomp.com
2008-09-21 13:39:15 ----A---- C:\WINDOWS\system32\dinput8.dll
2008-09-21 13:39:15 ----A---- C:\WINDOWS\system32\dinput.dll
2008-09-21 13:39:15 ----A---- C:\WINDOWS\system32\dimap.dll
2008-09-21 13:39:14 ----A---- C:\WINDOWS\system32\digest.dll
2008-09-21 13:39:14 ----A---- C:\WINDOWS\system32\diantz.exe
2008-09-21 13:39:14 ----A---- C:\WINDOWS\system32\diactfrm.dll
2008-09-21 13:39:14 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2008-09-21 13:39:14 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dgnet.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dfrgui.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dfrgres.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dfrg.msc
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\devmgr.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\devmgmt.msc
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\devenum.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\deskperf.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\deskmon.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\deskadp.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\defrag.exe
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\debug.exe
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\ddrawex.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\ddraw.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\ddeshare.exe
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\ddeml.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dciman32.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2008-09-21 13:39:13 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\davclnt.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\datime.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\dataclen.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\danim.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\d3dxof.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\d3drm.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\d3dramp.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\d3dim700.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\d3dim.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\d3d9.dll
2008-09-21 13:39:12 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2008-09-21 13:39:11 ----A---- C:\WINDOWS\system32\d3d8.dll
2008-09-21 13:39:10 ----RA---- C:\WINDOWS\system32\ctl3dv2.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\ctl3d32.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\ctfmon.exe
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\csseqchk.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\csrss.exe
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\cscui.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\cscript.exe
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\cscdll.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\cryptui.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\cryptnet.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\cryptext.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\cryptdll.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\crtdll.dll
2008-09-21 13:39:10 ----A---- C:\WINDOWS\system32\credui.dll
2008-09-21 13:39:09 ----N---- C:\WINDOWS\system32\corpol.dll
2008-09-21 13:39:09 ----A---- C:\WINDOWS\system32\convert.exe
2008-09-21 13:39:09 ----A---- C:\WINDOWS\system32\control.exe
2008-09-21 13:39:09 ----A---- C:\WINDOWS\system32\console.dll
2008-09-21 13:39:09 ----A---- C:\WINDOWS\system32\conime.exe
2008-09-21 13:39:09 ----A---- C:\WINDOWS\system32\confmsp.dll
2008-09-21 13:39:08 ----A---- C:\WINDOWS\system32\comuid.dll
2008-09-21 13:39:08 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-09-21 13:39:08 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-09-21 13:39:08 ----A---- C:\WINDOWS\system32\comres.dll
2008-09-21 13:39:08 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-09-21 13:39:08 ----A---- C:\WINDOWS\system32\compstui.dll
2008-09-21 13:39:08 ----A---- C:\WINDOWS\system32\compobj.dll
2008-09-21 13:39:08 ----A---- C:\WINDOWS\system32\compmgmt.msc
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\compatui.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\compact.exe
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\comp.exe
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\commdlg.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\command.com
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\comcat.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\colbact.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\cnvfat.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\cnetcfg.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\cmutil.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\cmstp.exe
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-09-21 13:39:02 ----A---- C:\WINDOWS\system32\cmpbk32.dll
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cmmon32.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cmdl32.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cmdial32.dll
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cmd.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\clusapi.dll
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\clipsrv.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cliconfg.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cliconfg.dll
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\clb.dll
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\ckcnv.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cisvc.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cipher.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\ciodm.dll
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cidaemon.exe
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\cic.dll
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\ciadv.msc
2008-09-21 13:39:01 ----A---- C:\WINDOWS\system32\ciadmin.dll
2008-09-21 13:39:00 ----A---- C:\WINDOWS\system32\chkntfs.exe
2008-09-21 13:39:00 ----A---- C:\WINDOWS\system32\chkdsk.exe
2008-09-21 13:39:00 ----A---- C:\WINDOWS\system32\chcp.com
2008-09-21 13:39:00 ----A---- C:\WINDOWS\system32\charmap.exe
2008-09-21 13:39:00 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2008-09-21 13:39:00 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-09-21 13:39:00 ----A---- C:\WINDOWS\system32\cewmdm.dll
2008-09-21 13:39:00 ----A---- C:\WINDOWS\system32\certmgr.msc
2008-09-21 13:39:00 ----A---- C:\WINDOWS\system32\certmgr.dll
2008-09-21 13:39:00 ----A---- C:\WINDOWS\system32\certcli.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\cdosys.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\cdm.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\ccfgnt.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\cards.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\capesnpn.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\camocx.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\calc.exe
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\cacls.exe
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\cabview.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\btpanui.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\bthserv.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\bthci.dll
2008-09-21 13:38:59 ----A---- C:\WINDOWS\system32\browsewm.dll
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\browseui.dll
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\browser.dll
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\browselc.dll
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\bootvid.dll
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\bootok.exe
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\bootcfg.exe
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\blastcln.exe
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\blackbox.dll
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-09-21 13:38:58 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\bidispl.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\batt.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\batmeter.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\basesrv.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\avwav.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\avifile.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\avifil32.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\avicap32.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\avicap.dll
2008-09-21 13:38:57 ----A---- C:\WINDOWS\system32\autolfn.exe
2008-09-21 13:38:56 ----N---- C:\WINDOWS\system32\audiodev.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\autodisc.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\authz.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\auditusr.exe
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\audiosrv.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\attrib.exe
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\atrace.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\atmpvcno.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\atmlib.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\atmfd.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\atmadm.exe
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\atl.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\atkctrs.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\at.exe
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\asycfilt.dll
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\asr_ldm.exe
2008-09-21 13:38:56 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2008-09-21 13:38:43 ----A---- C:\WINDOWS\system32\asferror.dll
2008-09-21 13:38:42 ----A---- C:\WINDOWS\system32\arp.exe
2008-09-21 13:38:41 ----A---- C:\WINDOWS\system32\appmgr.dll
2008-09-21 13:38:41 ----A---- C:\WINDOWS\system32\appmgmts.dll
2008-09-21 13:38:40 ----A---- C:\WINDOWS\system32\apphelp.dll
2008-09-21 13:38:40 ----A---- C:\WINDOWS\system32\append.exe
2008-09-21 13:38:40 ----A---- C:\WINDOWS\system32\apcups.dll
2008-09-21 13:38:40 ----A---- C:\WINDOWS\system32\amstream.dll
2008-09-21 13:38:40 ----A---- C:\WINDOWS\system32\alrsvc.dll
2008-09-21 13:38:40 ----A---- C:\WINDOWS\system32\alg.exe
2008-09-21 13:38:40 ----A---- C:\WINDOWS\system32\ahui.exe
2008-09-21 13:38:40 ----A---- C:\WINDOWS\system32\advpack.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\adsnw.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\adsnt.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\adsnds.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\adsmsext.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\adsldpc.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\adsldp.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\adptif.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\admparse.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\actxprxy.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\actmovie.exe
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\activeds.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\aclui.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\acledit.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\acctres.dll
2008-09-21 13:38:39 ----A---- C:\WINDOWS\system32\aaaamon.dll
2008-09-21 13:38:38 ----A---- C:\WINDOWS\system32\6to4svc.dll

======List of files/folders modified in the last 1 months======

2008-10-11 17:57:06 ----D---- C:\WINDOWS\Temp
2008-10-11 17:41:53 ----SHD---- C:\WINDOWS\Installer
2008-10-11 17:34:16 ----AD---- C:\WINDOWS
2008-10-10 15:31:51 ----D---- C:\WINDOWS\system32
2008-10-10 08:31:13 ----D---- C:\Program Files\Common Files
2008-10-08 16:37:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-08 16:32:19 ----D---- C:\WINDOWS\Registration
2008-10-08 16:12:41 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 23:23:57 ----D---- C:\WINDOWS\Debug
2008-10-07 09:39:20 ----RASH---- C:\boot.ini
2008-10-07 09:39:20 ----A---- C:\WINDOWS\win.ini
2008-10-07 09:39:20 ----A---- C:\WINDOWS\SYSTEM.INI
2008-10-07 07:55:19 ----SD---- C:\WINDOWS\Tasks
2008-10-07 07:54:52 ----D---- C:\WINDOWS\system32\drivers
2008-10-06 23:31:23 ----HD---- C:\WINDOWS\inf
2008-10-06 23:31:23 ----D---- C:\WINDOWS\system32\wbem
2008-10-06 22:54:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-02 15:52:48 ----SD---- C:\WINDOWS\Fonts
2008-10-01 18:07:35 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-01 17:47:17 ----D---- C:\WINDOWS\Help
2008-10-01 17:47:17 ----AD---- C:\WINDOWS\ehome
2008-10-01 17:43:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-01 17:43:35 ----D---- C:\WINDOWS\WinSxS
2008-10-01 17:42:15 ----D---- C:\Program Files\Internet Explorer
2008-10-01 17:34:36 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-01 17:33:45 ----D---- C:\WINDOWS\system32\spool
2008-10-01 17:32:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-01 14:56:16 ----D---- C:\Program Files\Windows Media Player
2008-09-27 11:00:26 ----D---- C:\WINDOWS\system32\Restore
2008-09-25 12:05:52 ----D---- C:\WINDOWS\twain_32
2008-09-25 12:05:52 ----D---- C:\WINDOWS\security
2008-09-25 12:05:52 ----D---- C:\WINDOWS\repair
2008-09-22 16:44:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-22 00:59:22 ----D---- C:\WINDOWS\system32\Setup
2008-09-22 00:59:22 ----D---- C:\Program Files\Messenger
2008-09-22 00:59:21 ----D---- C:\WINDOWS\AppPatch
2008-09-22 00:48:15 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-22 00:48:14 ----D---- C:\WINDOWS\ime
2008-09-22 00:47:58 ----D---- C:\WINDOWS\system32\usmt
2008-09-22 00:47:55 ----D---- C:\WINDOWS\PeerNet
2008-09-22 00:47:55 ----D---- C:\Program Files\Movie Maker
2008-09-22 00:44:23 ----D---- C:\WINDOWS\system32\npp
2008-09-22 00:44:23 ----D---- C:\WINDOWS\mui
2008-09-22 00:44:21 ----D---- C:\WINDOWS\msagent
2008-09-22 00:44:20 ----D---- C:\WINDOWS\srchasst
2008-09-22 00:44:20 ----D---- C:\Program Files\NetMeeting
2008-09-22 00:44:17 ----D---- C:\WINDOWS\system32\Com
2008-09-22 00:44:16 ----D---- C:\Program Files\Windows NT
2008-09-22 00:44:15 ----D---- C:\Program Files\Outlook Express
2008-09-22 00:44:13 ----D---- C:\Program Files\Common Files\System
2008-09-22 00:44:03 ----D---- C:\WINDOWS\system32\oobe
2008-09-22 00:44:01 ----D---- C:\WINDOWS\system
2008-09-22 00:25:43 ----D---- C:\WINDOWS\system32\config
2008-09-22 00:06:29 ----HD---- C:\hp
2008-09-21 23:43:04 ----D---- C:\WINDOWS\pchealth
2008-09-21 22:05:51 ----D---- C:\Documents and Settings
2008-09-21 21:21:51 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-21 21:10:58 ----D---- C:\WINDOWS\Media
2008-09-21 17:14:38 ----HD---- C:\system.sav
2008-09-21 17:13:04 ----HD---- C:\Python22
2008-09-21 17:13:04 ----HD---- C:\Program Files\WindowsUpdate
2008-09-21 17:13:04 ----D---- C:\Program Files\xerox
2008-09-21 17:12:57 ----D---- C:\Program Files\Windows Plus
2008-09-21 17:12:37 ----HD---- C:\Program Files\Uninstall Information
2008-09-21 17:08:13 ----D---- C:\Program Files\MSN Gaming Zone
2008-09-21 17:06:27 ----D---- C:\Program Files\microsoft frontpage
2008-09-21 16:57:23 ----D---- C:\Program Files\ComPlus Applications
2008-09-21 16:57:19 ----D---- C:\Program Files\Common Files\Services
2008-09-21 16:56:43 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-09-21 16:56:32 ----D---- C:\Program Files\Common Files\ODBC
2008-09-21 16:56:14 ----D---- C:\Program Files\Common Files\MSSoap
2008-09-21 16:51:50 ----D---- C:\CMPNENTS
2008-09-21 16:51:29 ----D---- C:\WINDOWS\msapps
2008-09-21 16:50:25 ----D---- C:\WINDOWS\addins
2008-09-21 16:50:22 ----AD---- C:\WINDOWS\SMINST
2008-09-21 16:50:21 ----D---- C:\WINDOWS\Resources
2008-09-21 16:50:16 ----D---- C:\WINDOWS\Provisioning
2008-09-21 16:49:30 ----D---- C:\WINDOWS\Driver Cache
2008-09-21 16:49:29 ----D---- C:\WINDOWS\Cursors
2008-09-21 16:49:29 ----D---- C:\WINDOWS\Config
2008-09-21 16:49:28 ----D---- C:\WINDOWS\Connection Wizard
2008-09-21 16:48:56 ----RD---- C:\WINDOWS\Web
2008-09-21 16:48:56 ----D---- C:\WINDOWS\system32\xircom
2008-09-21 16:48:56 ----D---- C:\WINDOWS\system32\wins
2008-09-21 16:48:51 ----D---- C:\WINDOWS\system32\ras
2008-09-21 16:48:43 ----D---- C:\WINDOWS\system32\mui
2008-09-21 16:48:43 ----D---- C:\WINDOWS\system32\icsxml
2008-09-21 16:48:43 ----D---- C:\WINDOWS\system32\ias
2008-09-21 16:48:43 ----D---- C:\WINDOWS\system32\export
2008-09-21 16:48:05 ----D---- C:\WINDOWS\system32\dhcp
2008-09-21 16:48:00 ----D---- C:\WINDOWS\system32\ShellExt
2008-09-21 16:47:59 ----D---- C:\WINDOWS\system32\MsDtc
2008-09-21 16:47:58 ----SD---- C:\WINDOWS\system32\Microsoft
2008-09-21 16:47:58 ----D---- C:\WINDOWS\system32\Macromed
2008-09-21 16:47:58 ----D---- C:\WINDOWS\system32\IME
2008-09-21 16:47:57 ----D---- C:\WINDOWS\system32\DirectX
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\3com_dmi
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\3076
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\2052
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\1054
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\1042
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\1041
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\1037
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\1033
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\1031
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\1028
2008-09-21 16:47:53 ----D---- C:\WINDOWS\system32\1025
2008-09-21 16:47:06 ----D---- C:\WINDOWS\java
2008-09-21 16:15:38 ----A---- C:\AUTOEXEC.BAT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 pwipf6;pwipf6; C:\WINDOWS\system32\drivers\pwipf6.sys [2008-07-31 103304]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 WDFNet;Webroot Desktop Firewall network service; C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [2008-07-31 353672]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-08-09 3585384]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------
gmg
Regular Member
 
Posts: 15
Joined: September 19th, 2008, 9:05 pm

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby Katana » October 12th, 2008, 5:55 am

Do you know what these files relate to ?
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\nch.zip
C:\Documents and Settings\JL\My Documents\My Received Files\Refgen_for_bux.to.rar



Cracks, Keygens and Warez

C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack\Silent Hill 2 eng
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe
D:\My Documents\My Received Files\SteamKeycollection_1.1.rar
D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
D:\My Documents\My Received Files\torrent files\keygen.exe
D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack


In doing the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product.
The distribution and use of cracked copies is illegal in almost every developed country.
They are also one of the biggest causes of infection.

This applies to Cracks, Keygens and Warez

In the future I strongly suggest you stay away from using cracks and/or Keygens.

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    
    File::
    C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe
    C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe
    C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
    C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe
    D:\My Documents\My Received Files\SteamKeycollection_1.1.rar
    D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
    D:\My Documents\My Received Files\torrent files\keygen.exe
    D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar
    D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
    
    Folder::
    C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem
    C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack
    D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Have you recently reinstalled your OS ?



Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Please post the above, along with a fresh HJT log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby gmg » October 12th, 2008, 1:24 pm

here is my log file for malware bytes and hjt logMalwarebytes' Anti-Malware 1.28 and combofix logComboFix 08-10-11.04 - HP_Administrator 2008-10-12 9:04:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.398 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe
D:\My Documents\My Received Files\SteamKeycollection_1.1.rar
D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
D:\My Documents\My Received Files\torrent files\keygen.exe
D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

2008-10-11 17:57 . 2008-10-11 17:57 <DIR> d-------- C:\rsit
2008-10-10 08:31 . 2008-10-10 08:31 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-10-10 08:31 . 2007-11-26 14:47 194,888 --a------ C:\WINDOWS\Unwash6.exe
2008-10-08 13:38 . 2008-10-08 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-07 18:08 . 2008-10-07 18:08 <DIR> d-------- C:\Program Files\Zenturi
2008-10-07 18:08 . 2008-10-07 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zenturi
2008-10-07 18:08 . 2008-10-07 18:08 26,000 --a------ C:\WINDOWS\system32\E3TL.DLL
2008-10-07 17:41 . 2008-10-07 17:41 <DIR> d-------- C:\Program Files\VS Revo Group
2008-10-07 16:43 . 2008-10-07 16:45 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
2008-10-07 07:57 . 2008-10-07 07:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-10-07 07:54 . 2008-10-10 08:31 <DIR> d-------- C:\Program Files\Webroot
2008-10-07 07:54 . 2008-10-10 08:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Webroot
2008-10-07 07:54 . 2008-10-10 08:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-10-07 07:54 . 2008-08-09 16:04 1,538,928 --a------ C:\WINDOWS\WRSetup.dll
2008-10-06 23:56 . 2008-10-06 23:56 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-10-06 23:45 . 2008-10-07 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-10-06 23:06 . 2008-10-06 23:06 <DIR> d-a------ C:\Program Files\AskSBar
2008-10-06 11:09 . 2008-10-06 11:09 0 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2008-10-05 14:44 . 2008-10-05 14:46 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.SunDownloadManager
2008-10-05 08:38 . 2008-10-11 17:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-03 10:17 . 2008-10-03 10:17 <DIR> d-------- C:\WINDOWS\Sun
2008-10-02 16:02 . 2008-10-08 16:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-10-02 15:52 . 2008-10-02 15:52 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-10-01 17:39 . 2008-10-01 17:39 <DIR> d-------- C:\Program Files\MSBuild
2008-10-01 17:36 . 2008-10-01 17:36 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-10-01 17:35 . 2008-10-01 17:35 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-10-01 17:33 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-10-01 17:31 . 2008-10-06 23:38 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-10-01 17:31 . 2008-03-07 10:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-10-01 17:31 . 2008-03-07 10:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-10-01 17:31 . 2008-03-07 10:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-10-01 15:22 . 2008-10-01 15:22 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-10-01 14:56 . 2008-10-01 14:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-10-01 14:52 . 2008-10-04 09:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-01 14:52 . 2008-10-01 14:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-29 17:33 . 2008-09-29 17:33 <DIR> d-------- C:\Program Files\WOT
2008-09-29 17:15 . 2008-09-29 17:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-29 16:00 . 2008-09-29 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-27 11:13 . 2008-10-05 14:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-27 11:10 . 2008-09-27 11:10 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-27 11:10 . 2008-09-27 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 11:07 . 2008-09-27 11:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinPatrol
2008-09-27 11:06 . 2008-09-27 11:06 <DIR> d-------- C:\Program Files\BillP Studios
2008-09-27 10:53 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 17:00 . 2007-09-02 20:56 1,686,016 --a------ C:\WINDOWS\system32\clinetsuitex6.ocx
2008-09-25 17:00 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-09-25 17:00 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-09-25 15:21 . 2008-09-25 15:21 <DIR> d-------- C:\Program Files\CCleaner
2008-09-25 15:14 . 2008-09-25 15:14 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-25 12:35 . 2008-09-27 09:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Image Zone Express
2008-09-23 15:09 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-09-23 15:09 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-09-22 17:10 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-09-22 17:06 . 2008-09-22 17:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-22 16:41 . 2008-09-22 16:41 <DIR> d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-09-22 16:38 . 2008-09-22 16:38 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-09-22 16:11 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-22 16:11 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-22 00:47 . 2008-09-22 00:47 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-22 00:47 . 2008-09-22 00:47 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-22 00:47 . 2008-09-22 00:47 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-22 00:47 . 2008-09-22 00:47 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-22 00:44 . 2008-09-22 00:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-22 00:19 . 2008-09-22 00:24 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-22 00:19 . 2008-10-09 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-22 00:16 . 2008-09-22 00:16 <DIR> dr-h----- C:\MSOCache
2008-09-22 00:15 . 2005-04-08 19:44 45,056 --a------ C:\WINDOWS\system32\hpzll3xu.dll
2008-09-22 00:15 . 2008-09-22 00:15 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-09-22 00:14 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-22 00:11 . 2008-09-22 00:11 <DIR> d-------- C:\SystemRoot
2008-09-22 00:09 . 2008-09-22 00:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2008-09-22 00:08 . 2008-09-22 00:08 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-09-22 00:08 . 2008-09-22 00:18 79,024 --a------ C:\WINDOWS\hpfins05.dat
2008-09-22 00:08 . 2005-05-23 10:51 1,395 --------- C:\WINDOWS\hpfmdl05.dat
2008-09-22 00:05 . 2008-09-22 00:05 <DIR> d-------- C:\temp
2008-09-22 00:01 . 2008-09-22 00:09 <DIR> d-------- C:\Program Files\Microsoft Small Business
2008-09-21 23:57 . 2008-09-22 00:23 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-21 23:56 . 2008-09-21 23:56 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-21 23:55 . 2008-09-22 16:41 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-21 23:48 . 2008-09-21 23:48 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-09-21 23:23 . 2008-09-21 23:51 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\GetRightToGo
2008-09-21 23:17 . 2008-09-21 23:17 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MySpace
2008-09-21 23:16 . 2008-10-07 09:59 <DIR> d-------- C:\Program Files\MySpace
2008-09-21 23:11 . 2008-09-21 23:11 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-21 23:10 . 2008-09-21 23:10 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-21 23:06 . 2008-09-21 23:08 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-21 23:03 . 2008-09-21 23:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-09-21 23:03 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-21 23:03 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-21 23:02 . 2008-09-21 23:03 <DIR> d-------- C:\Program Files\iTunes
2008-09-21 23:02 . 2008-09-22 17:09 <DIR> d-------- C:\Program Files\iPod
2008-09-21 23:02 . 2008-09-21 23:02 <DIR> d-------- C:\Program Files\Bonjour
2008-09-21 23:02 . 2008-09-21 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-21 23:00 . 2008-09-21 23:01 <DIR> d-------- C:\Program Files\QuickTime
2008-09-21 23:00 . 2008-09-21 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-21 22:59 . 2008-09-21 23:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-21 22:59 . 2008-09-21 22:59 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-21 22:58 . 2008-09-21 23:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-21 22:58 . 2008-09-21 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-21 21:48 . 2008-04-13 17:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-21 21:47 . 2008-04-13 17:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-21 21:46 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-21 21:45 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-21 21:13 . 2008-09-21 21:13 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-21 20:52 . 2008-04-11 12:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-21 20:51 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-21 20:51 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-21 20:51 . 2008-05-08 07:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-21 20:43 . 2006-03-20 20:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-09-21 20:38 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-09-21 20:38 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-21 20:38 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-21 20:38 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-21 20:38 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-21 20:37 . 2008-09-21 20:37 <DIR> d--hs---- C:\Documents and Settings\HP_Administrator\UserData
2008-09-21 19:37 . 2008-10-07 07:53 164 --a------ C:\install.dat
2008-09-21 19:33 . 2008-09-21 19:33 1,815 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EX265AA-ABA a1510n_YC_0Pavi_QCNH621_E63NAemMPA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.4_#080922_N_Z11C10620_G10DE0241_OPHILIPS DVD8851_DACR000C.MRK
2008-09-21 19:32 . 2008-09-21 16:52 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-09-21 19:32 . 2008-09-21 16:52 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-09-21 19:32 . 2008-10-10 11:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator
2008-09-21 19:31 . 2008-09-21 16:52 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-09-21 19:31 . 2008-09-21 16:52 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-09-21 19:28 . 2008-10-08 16:32 182 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2008-09-21 16:44 . 2008-10-01 14:55 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2008-09-21 16:44 . 2008-09-21 16:44 333 --a------ C:\WINDOWS\system32\$ncsp$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 07:53 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-22 07:53 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-22 07:53 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-22 07:53 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-22 07:53 341,048 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2008-09-22 07:53 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-22 07:53 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-22 07:53 217,088 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2008-09-22 07:53 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-22 00:12 --------- d-----w C:\Program Files\Windows Plus
2008-09-22 00:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-07-31 22:19 173,448 ----a-w C:\WINDOWS\system32\wdfproc.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL" [2008-10-06 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-10-06 23:34 66912 --a------ C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 86016]
"Webroot Desktop Firewall"="C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe" [2008-07-31 2401672]
"RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [2007-10-25 16855552]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-15 1077248]
"AlwaysReady Power Message APP"="C:\WINDOWS\ARPWRMSG.EXE" [2005-08-02 77312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)

R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
R1 pwipf6;pwipf6;C:\WINDOWS\system32\drivers\pwipf6.sys [2008-07-31 103304]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 WDFNet;Webroot Desktop Firewall network service;C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [2008-07-31 353672]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]

*Newly Created Service* - PROCEXP90
*Newly Created Service* - WWENGINESVC
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

2008-10-10 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

2008-10-10 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
- C:\","D:\","E:\","F:\","G:\","H:\","I:\","J:\" []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 09:43:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-12 9:52:08
ComboFix-quarantined-files.txt 2008-10-12 16:51:46

Pre-Run: 167,587,594,240 bytes free
Post-Run: 167,581,605,888 bytes free

291 --- E O F --- 2008-09-22 23:58:50

Database version: 1261
Windows 5.1.2600 Service Pack 3

10/12/2008 10:21:17 AM
mbam-log-2008-10-12 (10-21-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 130289
Time elapsed: 22 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP64\A0018081.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:16 AM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [DISCover] "C:\Program Files\DISC\DISCover.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] "C:\WINDOWS\ARPWRMSG.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2054700125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2057333890
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (http://www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 8455 bytes
gmg
Regular Member
 
Posts: 15
Joined: September 19th, 2008, 9:05 pm

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby Katana » October 12th, 2008, 1:38 pm

Do you know what these files relate to ?
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\nch.zip
C:\Documents and Settings\JL\My Documents\My Received Files\Refgen_for_bux.to.rar



How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby gmg » October 12th, 2008, 1:50 pm

GOOD MORNING. THINGS SEEM TO BE JUST FINE. I HAVE NO IDEA WHAT THOSE FILE RELATE TO?
gmg
Regular Member
 
Posts: 15
Joined: September 19th, 2008, 9:05 pm

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby Katana » October 12th, 2008, 3:19 pm

OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe
D:\My Documents\My Received Files\SteamKeycollection_1.1.rar
D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
D:\My Documents\My Received Files\torrent files\keygen.exe
D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\nch.zip
C:\Documents and Settings\JL\My Documents\My Received Files\Refgen_for_bux.to.rar

  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby gmg » October 12th, 2008, 3:38 pm

here are the results========== FILES ==========
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar not found.
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe not found.
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe not found.
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe not found.
File/Folder D:\My Documents\My Received Files\SteamKeycollection_1.1.rar not found.
File/Folder D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip not found.
File/Folder D:\My Documents\My Received Files\torrent files\keygen.exe not found.
File/Folder D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar not found.
File/Folder D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar not found.
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\utility software\nch.zip not found.
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\Refgen_for_bux.to.rar not found.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10122008_123705
gmg
Regular Member
 
Posts: 15
Joined: September 19th, 2008, 9:05 pm

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby Katana » October 13th, 2008, 4:57 pm

Congratulations your logs look clean :D

Let's see if I can help you keep it that way

First lets tidy up :D


  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • Image
You can also delete any logs we have produced, and empty your Recycle bin.


Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.




The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby gmg » October 13th, 2008, 6:54 pm

THANK YOU FOR YOUR HELP. ALL IS GOOD. I REALLY APPRECIATE IT
gmg
Regular Member
 
Posts: 15
Joined: September 19th, 2008, 9:05 pm

Re: searchbar.html hijack (home page changing) my hjt log

Unread postby NonSuch » October 19th, 2008, 1:49 am

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware