Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

google browser redirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

google browser redirection

Unread postby ard » August 25th, 2009, 7:28 am

hi,

i have been having browser redirect problems on my computer. attached is the hijackthis log. i tried norton 360, spybot, kaspersky, noadware, and microsoft antimalware. many things were removed, but the redirect remains.

thank you ard



Logfile of HijackThis v1.99.1
Scan saved at 7:00:24 AM, on 8/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" -r (file missing)
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am
Advertisement
Register to Remove

Re: google browser redirection

Unread postby MWR 3 day Mod » August 28th, 2009, 2:56 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: google browser redirection

Unread postby Wingman » August 29th, 2009, 1:59 pm

Hello... Welcome to the forum.
My name is Wingman, and I'll be helping you with any malware problems.
HijackThis logs can take a while to research, so please be patient.

I am currently under the guidance of the MRU teachers, everything I post to you, has been reviewed by them.
This additional review process can add some extra time to my responses...but not too much
.
;)

Before we begin...please note the following important guidelines.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. DO NOT run any other fix or removal tools unless instructed to do so!
  3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  4. Please, if you have questions about something...ASK, don't guess or assume.
  5. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  7. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"

If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.
In the meantime... please perform the following steps.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Double click on RSIT.exe to run it... read the disclaimer... click on Continue.
  2. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", will be maximized ... the second one, "info.txt", will be minimized.
  3. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Step 2.
Rooter
Please download Rooter.exe... Copyrighted © Eric_71. Save it to your desktop.
SCAN
  1. Double-click on Rooter.exe icon on your desktop, to execute.
    If you receive the "Open File" security warning, press Run. The Rooter interface will appear, with a variety of options displayed.
  2. To run the Scan... press the Scan...button.
  3. Notepad will open with a file created called "Rooter#.txt" ... located at %systemdrive%\Rooter$\Rooter#.txt. (# is the number assigned to the report)
    The location of the report file is shown in the bottom display window.
  4. Press the Close button, to close the Rooter window.
Please copy and paste the contents of Rooter#.txt in you next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. RSIT log and info text file contents
  3. Rooter#.txt file contents
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » August 31st, 2009, 2:33 am

wingman -
part 1 of 3
- al
Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2009-08-31 02:21:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 68 GB (45%) free of 149 GB
Total RAM: 510 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:15 AM, on 8/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\admin\Desktop\RSIT.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

--
End of file - 5112 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\$~$Sys0$.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - admin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-08-28 264720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16 []
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"cdloader"=C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-29 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bneyibe]
C:\WINDOWS\oxemimesu.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
C:\Program Files\Brownie\BrstsWnd.exe [2007-07-31 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]
C:\Program Files\ClocX\ClocX.exe [2005-01-26 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe [2005-01-18 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-04-25 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-23 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PolderbitS Audio Driver Monitor.lnk]
C:\PROGRA~1\POLDER~1\Recorder\Driver\PBDRIV~1.EXE [2009-08-01 157728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=3
"LiveUpdate Notice Ex"=3
"LiveUpdate"=3
"Automatic LiveUpdate Scheduler"=2
"ose"=3
"odserv"=3
"MotoConnect Service"=2
"idsvc"=3
"IDriverT"=3
"gusvc"=3
"gupdate1ca105c13ac1bc4"=2
"DSBrokerService"=3
"Ati HotKey Poller"=3
"sprtsvc_dellsupportcenter"=2
"WMPNetworkSvc"=3
"getPlus(R) Helper"=3
"FontCache3.0.0.0"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoDispAppearancePage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideShutdownScripts"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=4
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDeletePrinter"=
"NoAddPrinter"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dlbxcoms.exe"="C:\WINDOWS\system32\dlbxcoms.exe:*:Enabled:Dell Communication System"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Demo\Compass6EInterface.exe"="C:\Program Files\Demo\Compass6EInterface.exe:*:Disabled: "
"C:\Program Files\Demo\Compass6E.exe"="C:\Program Files\Demo\Compass6E.exe:*:Disabled: "
"C:\Compass6E\WSInterface\Compass.WSInterface.GUI.exe"="C:\Compass6E\WSInterface\Compass.WSInterface.GUI.exe:*:Disabled: "
"C:\Compass6E\Compass.Module.Console.exe"="C:\Compass6E\Compass.Module.Console.exe:*:Disabled: "
"C:\WINDOWS\LMI19.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI19.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Owldell#zznewton]
shell\AutoRun\command - Z:\newton.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\autorun.exe
shell\phone\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc308496-5362-11db-b943-00123f6f9464}]
shell\AutoRun\command - F:\system\viewer\Viewer.exe
shell\View your videos\command - F:\system\viewer\Viewer.exe


======List of files/folders created in the last 1 months======

2010-03-12 13:09:10 ----D---- C:\Documents and Settings\All Users\Application Data\PKWARE
2010-03-12 13:09:10 ----D---- C:\Documents and Settings\admin\Application Data\PKWARE
2010-03-12 12:27:09 ----D---- C:\WINDOWS\ZipItFree
2010-03-12 12:27:09 ----D---- C:\Program Files\ZipItFree
2010-03-12 12:26:37 ----A---- C:\WINDOWS\ZipItFree Setup Log.txt
2009-08-31 02:21:57 ----D---- C:\Program Files\trend micro
2009-08-31 02:21:55 ----D---- C:\rsit
2009-08-25 06:58:28 ----D---- C:\Program Files\Hijackthis
2009-08-25 01:31:02 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-24 17:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-08-24 17:04:00 ----D---- C:\Program Files\Security Task Manager
2009-08-24 10:45:46 ----A---- C:\WINDOWS\wininit.ini
2009-08-24 10:18:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-24 10:18:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 13:48:06 ----D---- C:\Program Files\NoAdware
2009-08-18 12:49:42 ----D---- C:\Program Files\Panda Security
2009-08-17 15:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-17 15:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-17 15:37:18 ----D---- C:\WINDOWS\ie8updates
2009-08-17 15:36:20 ----HDC---- C:\WINDOWS\ie8
2009-08-17 15:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-08-17 15:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-08-17 09:29:28 ----D---- C:\Program Files\Kaspersky Lab
2009-08-17 09:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-08-17 08:53:56 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-15 15:36:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-15 14:45:13 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-15 10:57:45 ----D---- C:\install
2009-08-15 03:42:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-15 03:40:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-15 03:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-15 03:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-15 03:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-15 03:35:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-15 03:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-15 03:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-15 03:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-15 03:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-15 03:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-15 03:27:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-15 03:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-15 03:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-15 03:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-15 03:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-15 03:20:44 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-15 03:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-15 03:18:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-08-15 03:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-15 03:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-08-15 03:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-15 03:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-15 03:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-15 03:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-15 03:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-15 03:07:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-08-15 03:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-15 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-08-15 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-15 03:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-15 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-08-15 02:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-15 02:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-08-15 02:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-15 02:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-08-15 02:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-15 02:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-08-15 02:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-15 02:47:56 ----A---- C:\WINDOWS\setuplog.txt
2009-08-15 02:44:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-08-15 02:44:27 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-08-15 02:44:26 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-08-15 02:44:25 ----N---- C:\WINDOWS\system32\azroles.dll
2009-08-15 02:44:25 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-08-15 02:44:24 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-08-15 02:44:23 ----N---- C:\WINDOWS\system32\credssp.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-08-15 02:44:19 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-08-15 02:44:18 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-08-15 02:44:15 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-08-15 02:44:15 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-08-15 02:44:14 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-08-15 02:44:14 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-08-15 02:44:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-08-15 02:44:13 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-08-15 02:44:12 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-08-15 02:44:09 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-08-15 02:44:09 ----N---- C:\WINDOWS\system32\mssha.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napstat.exe
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-08-15 02:44:05 ----N---- C:\WINDOWS\system32\onex.dll
2009-08-15 02:44:01 ----N---- C:\WINDOWS\system32\qagent.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qutil.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-08-15 02:43:59 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-08-15 02:43:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-08-15 02:43:58 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-08-15 02:43:58 ----N---- C:\WINDOWS\system32\setupn.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slserv.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slgen.dll
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-08-15 02:43:56 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-08-15 02:43:56 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-08-15 02:43:54 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-08-15 02:43:51 ----N---- C:\WINDOWS\slrundll.exe
2009-08-15 02:35:16 ----A---- C:\WINDOWS\000001_.tmp
2009-08-15 00:48:43 ----D---- C:\WINDOWS\system32\scripting
2009-08-15 00:48:43 ----D---- C:\WINDOWS\l2schemas
2009-08-15 00:48:42 ----D---- C:\WINDOWS\system32\en
2009-08-15 00:48:41 ----D---- C:\WINDOWS\system32\bits
2009-08-15 00:42:38 ----A---- C:\WINDOWS\system32\sprecovr.exe
2009-08-15 00:41:55 ----A---- C:\WINDOWS\002956_.tmp
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\proxycfg.exe
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\logman.exe
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bthci.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\encdec.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\encapi.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2p.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mssap.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wshbth.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wscntfy.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wmphoto.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\w3ssl.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\verclsid.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\twext.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\spnpinst.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\smbinst.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sbe.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmlprov.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-15 00:40:41 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-08-15 00:40:41 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-08-15 00:40:40 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-08-15 00:40:39 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-08-15 00:40:36 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-08-15 00:40:36 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-08-15 00:40:35 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-08-15 00:40:35 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\winhlp32.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\twain_32.dll
2009-08-15 00:40:20 ----A---- C:\WINDOWS\regedit.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\hh.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\explorer.exe
2009-08-15 00:40:12 ----A---- C:\WINDOWS\system32\6to4svc.dll
2009-08-15 00:40:11 ----A---- C:\WINDOWS\system32\aclui.dll
2009-08-15 00:40:11 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\activeds.dll
2009-08-15 00:40:09 ----A---- C:\WINDOWS\system32\adsldpc.dll
2009-08-15 00:40:09 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-08-15 00:40:08 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-08-15 00:40:08 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-08-15 00:40:07 ----A---- C:\WINDOWS\system32\alg.exe
2009-08-15 00:40:07 ----A---- C:\WINDOWS\system32\ahui.exe
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\amstream.dll
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\attrib.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\at.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\capesnpn.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\camocx.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cabview.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browseui.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browser.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browselc.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\batt.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\authz.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cisvc.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cic.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\certcli.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\confmsp.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comres.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\compstui.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\compatui.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\csrss.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscript.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptnet.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\credui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\conime.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\datime.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\danim.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\diskcopy.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dinput.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\digest.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\diantz.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\devenum.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\defrag.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmime.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmband.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmadmin.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dllhost.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dispex.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\drprov.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsound.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dskquoui.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\duser.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dswave.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dssec.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\eventlog.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\esent.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\es.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\els.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dxmasf.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\forcedos.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontview.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontext.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\findstr.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\feclient.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\exts.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-08-15 00:39:51 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\htui.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hlink.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hid.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hhsetup.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\help.exe
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\glu32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\input.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\initpki.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imm32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imapi.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iexpress.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\idq.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icmp.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icm32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\jgpl400.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\jgdw400.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\itss.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\itircl.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipxwan.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipmontr.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\linkinfo.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\licdll.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kbdnec.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mfc40u.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\makecab.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\magnify.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lsass.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lpk.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\logonui.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\localui.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\localsec.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\loadperf.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\more.com
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\modemui.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcshext.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmc.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mlang.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mimefilt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\miglibnt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\midimap.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdart.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msctfp.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msctf.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscms.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msafd.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mprdim.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mpr.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\moricons.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msgina.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msexcl40.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msexch40.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msidle.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msident.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msi.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msltus40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjtes40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjter40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjint40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjet40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msisip.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimtf.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrepl40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspbde40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mswdat10.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcrt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msutb.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstext40.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\narrator.exe
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxml.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxbde40.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mswstr10.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mswsock.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netman.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netlogon.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netid.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netdde.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\net1.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\net.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\npptools.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\notepad.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\newdev.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netui1.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netui0.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netstat.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netshell.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netsh.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netrap.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\notepad.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcji32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\ocmanage.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\objsel.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\oakley.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\packager.exe
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\osk.exe
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oledlg.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\olecli32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\ole32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\psbase.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\psapi.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\proquota.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\progman.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\profmap.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\polstore.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\ping.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pid.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfos.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfnet.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pdh.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\raschap.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\query.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\quartz.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qedit.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qdv.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qcap.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rexec.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\resutils.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regsvr32.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regsvc.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regapi.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\reg.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcp.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rastls.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scecli.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\runonce.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rundll32.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsh.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\riched20.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sfc.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\setup.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sethc.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sens.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\security.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\secur32.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-08-15 00:39:25 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shrpubw.exe
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shmgrate.exe
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shmedia.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shgina.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shell32.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\slbiop.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\slayerxp.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\skeys.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\sigverif.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\sigtab.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shutdown.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shsvcs.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spoolsv.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spoolss.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sort.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\snmpapi.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\syncui.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\synceng.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sxs.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\svchost.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stobject.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stimon.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sti_ci.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sti.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\trkwks.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tree.com
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tracert.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tourstart.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\themeui.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\termmgr.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\telnet.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tcpmon.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tcpmib.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\taskmgr.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapisrv.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapi32.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapi3.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\usbmon.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\ups.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnpui.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnphost.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnpcont.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnp.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\uniplat.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\unimdmat.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\umandlg.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\udhisapi.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\txflog.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\tsddd.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vssvc.exe
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vssapi.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\version.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\verifier.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vdmredir.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\utilman.exe
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\usp10.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\userenv.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\user32.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\winlogon.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\winipsec.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiavideo.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiaservc.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiascr.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiadss.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiadefui.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wextract.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\webvw.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\webclnt.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wavemsp.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\w32time.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmstream.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmi.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wlnotify.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wldap32.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winver.exe
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wintrust.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winsta.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winscard.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winrnr.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winntbbu.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winmm.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshrm.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wship6.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshext.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshcon.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wscript.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\ws2help.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\ws2_32.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wpabaln.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wow32.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\zipfldr.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xcopy.exe
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xactsrv.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wsock32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\format.com
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\cmd.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\cacls.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\autochk.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\locator.exe
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\localspl.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\ftp.exe
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\samlib.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasman.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\printui.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\userinit.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\untfs.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\ulib.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\smss.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\services.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\schannel.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\savedump.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-08-15 00:39:08 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-08-15 00:39:04 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-15 00:39:04 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-08-15 00:39:04 ----A---- C:\WINDOWS\system32\HAL.DLL
2009-08-15 00:36:47 ----D---- C:\WINDOWS\EHome
2009-08-13 21:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-08-13 21:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-08-13 21:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-08-13 21:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-08-13 21:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-08-13 21:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-08-13 21:54:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-08-13 21:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-13 21:53:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-08-13 21:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-08-13 21:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-08-13 21:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-08-13 21:50:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-13 21:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-08-13 21:47:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-08-13 21:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-08-13 21:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-08-13 21:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-08-13 21:43:43 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-13 21:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-13 21:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-08-13 21:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-08-13 21:41:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-08-13 21:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-08-13 20:25:55 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-08-13 16:02:35 ----A---- C:\Support-LogMeInRescue.exe
2009-08-13 14:27:18 ----D---- C:\N360_BACKUP
2009-08-13 13:50:52 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-08-13 13:50:40 ----D---- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-13 13:31:11 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2009-08-13 13:31:04 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-08-13 13:30:50 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-08-13 12:06:57 ----A---- C:\WINDOWS\pocufoxun.dll
2009-08-13 12:06:57 ----A---- C:\Program Files\Common Files\lywep.bat
2009-08-13 12:06:56 ----A---- C:\Documents and Settings\All Users\Application Data\ubuly.bat
2009-08-12 23:40:20 ----A---- C:\WINDOWS\cdplayer.ini
2009-08-07 12:47:20 ----D---- C:\audio book
2009-08-01 13:17:06 ----A---- C:\WINDOWS\system32\PbsAuDrvPropPage_uk.dll
2009-08-01 13:17:05 ----D---- C:\Program Files\PolderbitS

======List of files/folders modified in the last 1 months======

2009-08-31 02:21:57 ----D---- C:\Program Files
2009-08-28 13:22:43 ----D---- C:\WINDOWS\Temp
2009-08-28 13:20:06 ----D---- C:\Documents and Settings\admin\Application Data\mjusbsp
2009-08-28 10:46:21 ----ASH---- C:\boot.ini
2009-08-28 10:46:21 ----A---- C:\WINDOWS\win.ini
2009-08-28 10:46:21 ----A---- C:\WINDOWS\system.ini
2009-08-28 04:36:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-28 03:22:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-28 03:12:55 ----D---- C:\WINDOWS
2009-08-26 17:30:46 ----D---- C:\@
2009-08-26 14:31:23 ----HD---- C:\WINDOWS\inf
2009-08-25 06:20:08 ----SHD---- C:\WINDOWS\Installer
2009-08-25 01:31:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-25 01:08:04 ----SHD---- C:\Config.Msi
2009-08-25 01:05:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-25 01:02:58 ----D---- C:\WINDOWS\Fonts
2009-08-25 01:02:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-25 01:02:37 ----D---- C:\WINDOWS\system32
2009-08-25 01:01:56 ----D---- C:\Program Files\Microsoft Works
2009-08-24 10:45:46 ----SD---- C:\WINDOWS\Tasks
2009-08-23 11:11:43 ----A---- C:\WINDOWS\BRWMARK.INI
2009-08-21 12:19:24 ----D---- C:\WINDOWS\system32\drivers
2009-08-21 12:15:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-20 08:45:57 ----D---- C:\Program Files\Google
2009-08-18 14:15:11 ----D---- C:\Program Files\Common Files
2009-08-18 13:43:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-18 08:42:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-18 07:55:54 ----SHD---- C:\RECYCLER
2009-08-18 07:37:30 ----D---- C:\Documents and Settings
2009-08-17 16:22:01 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-17 15:42:45 ----D---- C:\WINDOWS\system32\en-US
2009-08-17 15:42:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-17 15:42:44 ----D---- C:\WINDOWS\Media
2009-08-17 15:42:44 ----D---- C:\WINDOWS\Help
2009-08-17 15:42:44 ----D---- C:\Program Files\Internet Explorer
2009-08-17 15:38:34 ----A---- C:\WINDOWS\imsins.BAK
2009-08-17 14:58:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-17 09:20:54 ----SHD---- C:\System Volume Information
2009-08-17 09:19:11 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-15 16:26:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-15 16:26:52 ----D---- C:\WINDOWS\addins
2009-08-15 15:36:52 ----D---- C:\WINDOWS\WinSxS
2009-08-15 14:57:20 ----RSD---- C:\WINDOWS\assembly
2009-08-15 14:13:32 ----D---- C:\fuse
2009-08-15 11:49:32 ----D---- C:\JW info
2009-08-15 11:45:26 ----D---- C:\readers
2009-08-15 11:02:10 ----D---- C:\PDF'S
2009-08-15 10:57:34 ----D---- C:\phone
2009-08-15 10:56:53 ----D---- C:\Point & Shoot Videos
2009-08-15 10:55:44 ----D---- C:\pix
2009-08-15 10:47:14 ----D---- C:\av
2009-08-15 10:39:57 ----D---- C:\WINDOWS\Registration
2009-08-15 10:33:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-15 10:33:23 ----D---- C:\Program Files\egames
2009-08-15 10:19:59 ----D---- C:\Program Files\Real
2009-08-15 10:16:36 ----D---- C:\Program Files\Common Files\Real
2009-08-15 10:13:03 ----D---- C:\Documents and Settings\admin\Application Data\Real
2009-08-15 10:11:06 ----D---- C:\Program Files\ReadPlease 2003
2009-08-15 09:56:23 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2009-08-15 09:54:04 ----D---- C:\Program Files\ContMedia
2009-08-15 09:54:04 ----A---- C:\WINDOWS\GKM303DS.ini
2009-08-15 09:17:07 ----D---- C:\Program Files\Coupons
2009-08-15 09:04:26 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-08-15 04:50:05 ----D---- C:\WINDOWS\system32\wbem
2009-08-15 04:50:05 ----D---- C:\WINDOWS\AppPatch
2009-08-15 03:38:49 ----D---- C:\Program Files\Outlook Express
2009-08-15 02:56:25 ----D---- C:\WINDOWS\security
2009-08-15 02:54:53 ----D---- C:\Program Files\Messenger
2009-08-15 02:44:43 ----D---- C:\WINDOWS\system32\Setup
2009-08-15 02:44:41 ----D---- C:\WINDOWS\network diagnostic
2009-08-15 02:44:40 ----D---- C:\WINDOWS\ime
2009-08-15 02:43:51 ----D---- C:\WINDOWS\system32\usmt
2009-08-15 02:43:40 ----D---- C:\WINDOWS\PeerNet
2009-08-15 02:43:40 ----D---- C:\Program Files\Movie Maker
2009-08-15 02:38:01 ----D---- C:\WINDOWS\system32\Restore
2009-08-15 02:38:00 ----D---- C:\WINDOWS\system32\npp
2009-08-15 02:37:59 ----D---- C:\WINDOWS\msagent
2009-08-15 02:37:57 ----D---- C:\WINDOWS\srchasst
2009-08-15 02:37:55 ----D---- C:\Program Files\NetMeeting
2009-08-15 02:37:54 ----D---- C:\WINDOWS\system32\Com
2009-08-15 02:37:53 ----D---- C:\Program Files\Windows NT
2009-08-15 02:37:53 ----D---- C:\Program Files\Windows Media Player
2009-08-15 02:37:51 ----D---- C:\Program Files\Common Files\System
2009-08-15 02:37:41 ----D---- C:\WINDOWS\system32\oobe
2009-08-15 02:37:39 ----D---- C:\WINDOWS\system
2009-08-15 00:41:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-13 21:48:17 ----D---- C:\WINDOWS\ie7updates
2009-08-13 20:07:39 ----A---- C:\WINDOWS\Brownie.ini
2009-08-13 17:49:56 ----D---- C:\WINDOWS\pss
2009-08-13 16:45:14 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-08-13 13:50:52 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-30 1035264]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 PbsAuDrv;PolderbitS Audio Driver; C:\WINDOWS\system32\drivers\pbsaudrv.sys [2009-08-01 110752]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-03-31 180096]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 CAM1690;USB PC Camera; C:\WINDOWS\System32\Drivers\cam1690.sys [2007-11-21 181888]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 ionwpvvc;Watchport/V2 USB Camera; C:\WINDOWS\system32\DRIVERS\ionwpvvc.sys [2008-02-14 38656]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-01-29 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 U2SP;OEM USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;MOTOROLA Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avp;avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 86142]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dlbx_device;dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe [2004-12-16 462848]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-30 360448]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S4 gupdate1ca105c13ac1bc4;Google Update Service (gupdate1ca105c13ac1bc4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-19 137200]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby ard » August 31st, 2009, 2:35 am

wingman -
part 2 of 3
- al

info.txt logfile of random's system information tool 1.06 2009-08-31 02:22:24

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3003 Crystal Mazes-->"C:\Program Files\Selectsoft\3003 Crystal Mazes\uninstall.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Audacity\unins000.exe"
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Brother HL-2140-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09789D9D-CBBE-43C8-A4C9-69DB2C79BF1F}\SETUP.exe" -l0x9 -removeonly /uninst
ClocX (1.5b1)-->"C:\Program Files\ClocX\Uninstall.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Photo AIO Printer 962-->C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUNST.EXE -NOLICENSE
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Direct MIDI to MP3 Converter version 6.0.0.27-->"C:\Program Files\Direct MIDI to MP3 Converter\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Detective-->MsiExec.exe /X{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}
dvdSanta 4.50-->"C:\Program Files\dvdSanta\unins000.exe"
DVDStyler v1.7.1-->"C:\Program Files\DVDStyler\unins000.exe"
Encyclopædia Britannica Profiles : World Religions CD-ROM-->"C:\Program Files\Britannica Profiles\World Religions\Uninstaller.exe"
Free Natural Text to Speech Reader 2008-->MsiExec.exe /I{3E5DA526-F420-45A6-9F27-D2B5246D6823}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Inside Out Networks Watchport/V Drivers (Remove only)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836997E1-7C7D-11D6-BE73-00065B4930CB}\Setup.exe" -l0x9 -uninst
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) PRO Network Connections Software v9.2.4.11-->C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qr /le C:\DOCUME~1\Owner\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
IrfanView (remove only)-->C:\IrfanView\iv_uninstall.exe
ISA 2 basic-->C:\PROGRA~1\ISA2\Setup.exe /remove /q0
ISA 2.0 - CLV module 1.1.5-->C:\PROGRA~1\ISA2\Setup.exe /remove /q0
ISA 2.0 - YLT module 1.1.2-->C:\PROGRA~1\ISA2\Setup.exe /remove /q0
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
LADSPA_plugins-win-0.4.15-->"C:\Audacity\Plug-Ins\unins000.exe"
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Mahjongg Master Special Edition-->C:\PROGRA~1\egames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\egames\MAHJON~1\INSTALL.LOG
MAZE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7140685C-9274-4DEF-94B5-2B1AA8A094DC}\Setup.exe" -l0x9
MDB Browser and Editor (C:\Program Files\PrjGenericMDB\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\PrjGenericMDB\ST6UNST.000"
MDB Browser and Editor-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\PrjGenericMDB\ST6UNST.LOG"
Medical Dictionary M7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41A3E90A-F944-4ED0-9A84-D64EBADDA0D3}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Picture It! Express 2000-->MsiExec.exe /I{A586D09E-1D2C-11D3-9A6B-00105A98B681}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 2000 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
Microsoft Works 2000-->MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
MID Converter 4.2-->C:\Program Files\MID Converter 4.2\uninst.exe
Motorola Driver Installation 3.9.0-->MsiExec.exe /I{FB068BA4-C6EA-4D47-A491-C40E23E77F89}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multimedia Samples-->MsiExec.exe /I{A918DE8A-98C8-0900-0001-000000000000}
Naevius GVI Converter 1.3-->"C:\Program Files\Naevius GVI Converter\unins000.exe"
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Nic's XviD Decoder-->"C:\WINDOWS\system32\UninstXviDDec.exe"
NoAdware v5.0-->"C:\Program Files\NoAdware\unins000.exe"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pistonsoft MP3 Tags Editor-->"C:\Program Files\Pistonsoft MP3 Tags Editor\Uninstall.exe" "C:\Program Files\Pistonsoft MP3 Tags Editor\install.log"
Pistonsoft Text to Speech Converter 1.11.0-->"C:\Program Files\Pistonsoft Text to Speech Converter\unins000.exe"
PolderbitS Sound Recorder and Editor-->"C:\Program Files\PolderbitS\Recorder\Recorder.exe" /uninstall
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
PS-Utility-->C:\WINDOWS\uninst.exe -f"C:\Program Files\PS Utility\DeIsL2.isu"
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Standard Edition-->"C:\Program Files\Britannica 7.0\Standard Edition\UninstallerData\Uninstall Standard Edition.exe"
SyncCell 3.0-->C:\Program Files\SyncCell\uninstall.exe C:\Program Files\SyncCell\uninstall.log
TaxACT 2006-->C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta06.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
TaxACT 2007-->C:\PROGRA~1\2NDSTO~1\TAXACT~2\Unta07.exe C:\PROGRA~1\2NDSTO~1\TAXACT~2\Install.log
TaxACT 2008 Pennsylvania-->C:\PROGRA~1\2NDSTO~1\TAXACT~2\\UnStTax.exe C:\PROGRA~1\2NDSTO~1\TAXACT~2\\PA.log
TaxACT 2008-->C:\PROGRA~1\2NDSTO~1\TAXACT~2\Unta08.exe C:\PROGRA~1\2NDSTO~1\TAXACT~2\Install.log
TMS Explorer-->"C:\Program Files\TMSExplorer\UnInstall.exe"
TTS-->MsiExec.exe /X{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}
TVPCElite-->"C:\Program Files\TVPCElite\unins000.exe"
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe
Uniblue PowerSuite 2009-->"C:\Documents and Settings\All Users\Application Data\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}\PowerSuite2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue PowerSuite 2009-->C:\Documents and Settings\All Users\Application Data\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}\PowerSuite2009.exe
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{F19A02B4-1684-448C-B152-43B554F2E722}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{F19A02B4-1684-448C-B152-43B554F2E722}\SpeedUpMyPC.exe
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb972691)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {AA020E6E-E2FB-45EF-B732-2400E2296742}
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB Video Camera-->MsiExec.exe /I{8527C3D5-BA1D-46E9-88D2-AF25544311A3}
Watchtower Library 2008 - English-->C:\Program Files\Watchtower\Watchtower Library 2008\E\uninst.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Word in Works Suite add-in-->MsiExec.exe /I{0DB93918-2A77-11D3-805A-00C04FA329AA}
ZipItFree 1.80-->"C:\WINDOWS\ZipItFree\uninstall.exe" "/U:C:\Program Files\ZipItFree\irunin.xml"

======Security center information======

AV: Kaspersky Internet Security (disabled) (outdated)
FW: Kaspersky Internet Security (disabled)

======System event log======

Computer Name: OWLDELL
Event Code: 7000
Message: The MotoConnect Service service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 62180
Source Name: Service Control Manager
Time Written: 20090813211014.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7034
Message: The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

Record Number: 62168
Source Name: Service Control Manager
Time Written: 20090813205712.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Beep

Record Number: 62151
Source Name: Service Control Manager
Time Written: 20090813205407.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7000
Message: The MotoConnect Service service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 62150
Source Name: Service Control Manager
Time Written: 20090813205358.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7034
Message: The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

Record Number: 62140
Source Name: Service Control Manager
Time Written: 20090813204314.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: OWLDELL
Event Code: 1517
Message: Windows saved user OWLDELL\admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 50336
Source Name: Userenv
Time Written: 20090512174350.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWLDELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 50168
Source Name: crypt32
Time Written: 20090510100154.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 1517
Message: Windows saved user OWLDELL\admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49864
Source Name: Userenv
Time Written: 20090506092227.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWLDELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 49574
Source Name: crypt32
Time Written: 20090502132545.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 1517
Message: Windows saved user OWLDELL\admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49572
Source Name: Userenv
Time Written: 20090502132057.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby ard » August 31st, 2009, 2:38 am

wingman -

part 3 of 3

i still get redirects from any search engine and i have had several system locks while online

- al

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:145 Go - Free:65 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [CD_Rom]
K:\ [Removable]
.
Scan : 02:25.33
Path : C:\Documents and Settings\admin\Desktop\Rooter.exe
User : admin ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (580)
______ \??\C:\WINDOWS\system32\csrss.exe (648)
______ \??\C:\WINDOWS\system32\winlogon.exe (672)
______ C:\WINDOWS\system32\services.exe (724)
______ C:\WINDOWS\system32\lsass.exe (736)
______ C:\WINDOWS\system32\svchost.exe (900)
______ C:\WINDOWS\system32\svchost.exe (1084)
______ C:\WINDOWS\System32\svchost.exe (1192)
______ C:\WINDOWS\system32\svchost.exe (1252)
______ C:\WINDOWS\system32\svchost.exe (1372)
______ C:\WINDOWS\system32\spoolsv.exe (1480)
______ C:\WINDOWS\Explorer.EXE (1752)
______ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (256)
______ C:\WINDOWS\system32\ctfmon.exe (300)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (420)
______ C:\WINDOWS\system32\taskmgr.exe (508)
______ C:\WINDOWS\system32\svchost.exe (1152)
______ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (1400)
______ C:\WINDOWS\system32\svchost.exe (1608)
______ C:\WINDOWS\System32\alg.exe (1932)
______ C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe (3020)
______ C:\WINDOWS\system32\wuauclt.exe (3296)
______ C:\Program Files\Internet Explorer\iexplore.exe (2516)
______ C:\Program Files\Internet Explorer\iexplore.exe (3872)
______ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (2288)
______ C:\Documents and Settings\admin\Desktop\Rooter.exe (4092)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:57544704)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:57576960 | Length:156222743040)
\Device\Harddisk0\Partition3 (Start_Offset:156280320000 | Length:3717826560)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\$~$Sys0$.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - admin.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 02:25.48
.
C:\Rooter$\Rooter_1.txt - (31/08/2009 | 02:25.48)
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby Wingman » September 3rd, 2009, 4:34 pm

Hello ard,
I'm sorry for the delay getting back to you, the forum is extremely busy..
As you know my replies have to be reviewed by teachers first, which adds additional time before I can respond.
While it may seem inconvenient, this is done, in order to provide you with the best and safest actions to take, to resolve your malware problems.
I will continue to respond to this topic, until you are clean. No need to PM me. :)

I have reviewed the various logs you provided. Is this a business or corporate machine?

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
Add/Remove Programs
I need you to uninstall some programs from your computer.
  1. Click Start...then click Run.
  2. In the open text entry box...please copy/paste the following:
    appwiz.cpl
  3. Click the OK...button. It takes a few seconds for the program list to be "populated'.
  4. Locate the following program(s):
    NoAdware v5.0
  5. Press the "Remove" or "Change/Remove"...button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  6. When finished...close/exit Add/Remove Programs.

Step 2.
Malwarebytes' Anti-Malware
Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.
  1. Make sure you are connected to the Internet.
  2. Double-click on Download_mbam-setup.exe to install the application.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
  1. Make sure the "Perform Quick Scan" option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  6. Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Step 3.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
  1. Double click on RSIT.exe to run it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  3. Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Business or corporate machine?
  3. NoAdware v5.0 uninstalled successfully?
  4. MBAM log
  5. New RSIT log.txt file contents.
  6. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » September 4th, 2009, 10:58 am

wingman -
part 1 of 2

1. Any problem executing the instructions? no
2. Business or corporate machine? no
3. NoAdware v5.0 uninstalled successfully? yes i think so
4. MBAM log in part 2
5. New RSIT log.txt file contents. below
6. How is the computer behaving? same as before
browser redirect continues - norton 360 can not completely install - kaspersky can not completely install
kaspersky is partly installed spybot was installed but is not running ( i think )


Malwarebytes' Anti-Malware 1.40
Database version: 2740
Windows 5.1.2600 Service Pack 3

9/4/2009 10:14:45 AM
mbam-log-2009-09-04 (10-14-45).txt

Scan type: Quick Scan
Objects scanned: 106717
Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\admin\Desktop\noadware.exe (Rogue.NoAdware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ESQULqurvutdyodjeddlomlqnlwhlijctpoux.dll (Trojan.Alureon) -> Not selected for removal.
C:\WINDOWS\system32\drivers\ESQULewvyejtlsuvpuonotxeapxxlrxnwjogw.sys (Trojan.TDSS) -> Not selected for removal.
C:\WINDOWS\010112010146120114.fx (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464949.fx (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby ard » September 4th, 2009, 10:59 am

wingman -

part 2 of 2

Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2009-09-04 10:35:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 68 GB (45%) free of 149 GB
Total RAM: 510 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:34 AM, on 9/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\admin\Desktop\RSIT.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

--
End of file - 5201 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\$~$Sys0$.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - admin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-08-28 264720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16 []
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"cdloader"=C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-29 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bneyibe]
C:\WINDOWS\oxemimesu.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
C:\Program Files\Brownie\BrstsWnd.exe [2007-07-31 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]
C:\Program Files\ClocX\ClocX.exe [2005-01-26 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe [2005-01-18 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-04-25 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-23 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PolderbitS Audio Driver Monitor.lnk]
C:\PROGRA~1\POLDER~1\Recorder\Driver\PBDRIV~1.EXE [2009-08-01 157728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=3
"LiveUpdate Notice Ex"=3
"LiveUpdate"=3
"Automatic LiveUpdate Scheduler"=2
"ose"=3
"odserv"=3
"MotoConnect Service"=2
"idsvc"=3
"IDriverT"=3
"gusvc"=3
"gupdate1ca105c13ac1bc4"=2
"DSBrokerService"=3
"Ati HotKey Poller"=3
"sprtsvc_dellsupportcenter"=2
"WMPNetworkSvc"=3
"getPlus(R) Helper"=3
"FontCache3.0.0.0"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoDispAppearancePage"=0
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideShutdownScripts"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=4
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDeletePrinter"=
"NoAddPrinter"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dlbxcoms.exe"="C:\WINDOWS\system32\dlbxcoms.exe:*:Enabled:Dell Communication System"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Demo\Compass6EInterface.exe"="C:\Program Files\Demo\Compass6EInterface.exe:*:Disabled: "
"C:\Program Files\Demo\Compass6E.exe"="C:\Program Files\Demo\Compass6E.exe:*:Disabled: "
"C:\Compass6E\WSInterface\Compass.WSInterface.GUI.exe"="C:\Compass6E\WSInterface\Compass.WSInterface.GUI.exe:*:Disabled: "
"C:\Compass6E\Compass.Module.Console.exe"="C:\Compass6E\Compass.Module.Console.exe:*:Disabled: "
"C:\WINDOWS\LMI19.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI19.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Owldell#zznewton]
shell\AutoRun\command - Z:\newton.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\autorun.exe
shell\phone\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc308496-5362-11db-b943-00123f6f9464}]
shell\AutoRun\command - F:\system\viewer\Viewer.exe
shell\View your videos\command - F:\system\viewer\Viewer.exe


======List of files/folders created in the last 1 months======

2010-03-12 13:09:10 ----D---- C:\Documents and Settings\All Users\Application Data\PKWARE
2010-03-12 13:09:10 ----D---- C:\Documents and Settings\admin\Application Data\PKWARE
2010-03-12 12:27:09 ----D---- C:\WINDOWS\ZipItFree
2010-03-12 12:27:09 ----D---- C:\Program Files\ZipItFree
2010-03-12 12:26:37 ----A---- C:\WINDOWS\ZipItFree Setup Log.txt
2009-09-04 09:59:17 ----D---- C:\Documents and Settings\admin\Application Data\Malwarebytes
2009-09-04 09:59:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-04 09:59:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-03 10:45:30 ----D---- C:\Program Files\Watchtower
2009-08-31 02:26:11 ----A---- C:\Rooter_1.txt
2009-08-31 02:25:48 ----D---- C:\Rooter$
2009-08-31 02:21:57 ----D---- C:\Program Files\trend micro
2009-08-31 02:21:55 ----D---- C:\rsit
2009-08-25 06:58:28 ----D---- C:\Program Files\Hijackthis
2009-08-25 01:31:02 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-24 17:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-08-24 17:04:00 ----D---- C:\Program Files\Security Task Manager
2009-08-24 10:45:46 ----A---- C:\WINDOWS\wininit.ini
2009-08-24 10:18:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-24 10:18:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 13:48:06 ----D---- C:\Program Files\NoAdware
2009-08-18 12:49:42 ----D---- C:\Program Files\Panda Security
2009-08-17 15:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-17 15:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-17 15:37:18 ----D---- C:\WINDOWS\ie8updates
2009-08-17 15:36:20 ----HDC---- C:\WINDOWS\ie8
2009-08-17 15:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-08-17 15:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-08-17 09:29:28 ----D---- C:\Program Files\Kaspersky Lab
2009-08-17 09:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-08-17 08:53:56 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-15 15:36:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-15 14:45:13 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-15 10:57:45 ----D---- C:\install
2009-08-15 03:42:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-15 03:40:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-15 03:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-15 03:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-15 03:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-15 03:35:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-15 03:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-15 03:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-15 03:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-15 03:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-15 03:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-15 03:27:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-15 03:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-15 03:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-15 03:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-15 03:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-15 03:20:44 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-15 03:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-15 03:18:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-08-15 03:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-15 03:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-08-15 03:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-15 03:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-15 03:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-15 03:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-15 03:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-15 03:07:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-08-15 03:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-15 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-08-15 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-15 03:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-15 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-08-15 02:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-15 02:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-08-15 02:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-15 02:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-08-15 02:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-15 02:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-08-15 02:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-15 02:47:56 ----A---- C:\WINDOWS\setuplog.txt
2009-08-15 02:44:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-08-15 02:44:27 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-08-15 02:44:26 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-08-15 02:44:25 ----N---- C:\WINDOWS\system32\azroles.dll
2009-08-15 02:44:25 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-08-15 02:44:24 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-08-15 02:44:23 ----N---- C:\WINDOWS\system32\credssp.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-08-15 02:44:19 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-08-15 02:44:18 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-08-15 02:44:15 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-08-15 02:44:15 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-08-15 02:44:14 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-08-15 02:44:14 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-08-15 02:44:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-08-15 02:44:13 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-08-15 02:44:12 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-08-15 02:44:09 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-08-15 02:44:09 ----N---- C:\WINDOWS\system32\mssha.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napstat.exe
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-08-15 02:44:05 ----N---- C:\WINDOWS\system32\onex.dll
2009-08-15 02:44:01 ----N---- C:\WINDOWS\system32\qagent.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qutil.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-08-15 02:43:59 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-08-15 02:43:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-08-15 02:43:58 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-08-15 02:43:58 ----N---- C:\WINDOWS\system32\setupn.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slserv.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slgen.dll
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-08-15 02:43:56 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-08-15 02:43:56 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-08-15 02:43:54 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-08-15 02:43:51 ----N---- C:\WINDOWS\slrundll.exe
2009-08-15 02:35:16 ----A---- C:\WINDOWS\000001_.tmp
2009-08-15 00:48:43 ----D---- C:\WINDOWS\system32\scripting
2009-08-15 00:48:43 ----D---- C:\WINDOWS\l2schemas
2009-08-15 00:48:42 ----D---- C:\WINDOWS\system32\en
2009-08-15 00:48:41 ----D---- C:\WINDOWS\system32\bits
2009-08-15 00:42:38 ----A---- C:\WINDOWS\system32\sprecovr.exe
2009-08-15 00:41:55 ----A---- C:\WINDOWS\002956_.tmp
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\proxycfg.exe
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\logman.exe
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bthci.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\encdec.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\encapi.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2p.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mssap.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wshbth.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wscntfy.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wmphoto.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\w3ssl.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\verclsid.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\twext.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\spnpinst.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\smbinst.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sbe.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmlprov.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-15 00:40:41 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-08-15 00:40:41 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-08-15 00:40:40 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-08-15 00:40:39 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-08-15 00:40:36 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-08-15 00:40:36 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-08-15 00:40:35 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-08-15 00:40:35 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\winhlp32.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\twain_32.dll
2009-08-15 00:40:20 ----A---- C:\WINDOWS\regedit.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\hh.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\explorer.exe
2009-08-15 00:40:12 ----A---- C:\WINDOWS\system32\6to4svc.dll
2009-08-15 00:40:11 ----A---- C:\WINDOWS\system32\aclui.dll
2009-08-15 00:40:11 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\activeds.dll
2009-08-15 00:40:09 ----A---- C:\WINDOWS\system32\adsldpc.dll
2009-08-15 00:40:09 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-08-15 00:40:08 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-08-15 00:40:08 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-08-15 00:40:07 ----A---- C:\WINDOWS\system32\alg.exe
2009-08-15 00:40:07 ----A---- C:\WINDOWS\system32\ahui.exe
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\amstream.dll
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\attrib.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\at.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\capesnpn.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\camocx.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cabview.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browseui.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browser.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browselc.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\batt.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\authz.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cisvc.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cic.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\certcli.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\confmsp.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comres.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\compstui.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\compatui.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\csrss.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscript.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptnet.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\credui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\conime.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\datime.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\danim.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\diskcopy.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dinput.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\digest.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\diantz.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\devenum.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\defrag.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmime.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmband.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmadmin.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dllhost.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dispex.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\drprov.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsound.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dskquoui.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\duser.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dswave.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dssec.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\eventlog.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\esent.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\es.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\els.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dxmasf.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\forcedos.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontview.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontext.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\findstr.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\feclient.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\exts.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-08-15 00:39:51 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\htui.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hlink.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hid.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hhsetup.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\help.exe
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\glu32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\input.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\initpki.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imm32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imapi.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iexpress.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\idq.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icmp.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icm32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\jgpl400.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\jgdw400.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\itss.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\itircl.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipxwan.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipmontr.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\linkinfo.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\licdll.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kbdnec.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mfc40u.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\makecab.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\magnify.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lsass.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lpk.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\logonui.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\localui.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\localsec.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\loadperf.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\more.com
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\modemui.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcshext.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmc.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mlang.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mimefilt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\miglibnt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\midimap.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdart.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msctfp.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msctf.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscms.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msafd.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mprdim.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mpr.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\moricons.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msgina.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msexcl40.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msexch40.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msidle.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msident.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msi.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msltus40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjtes40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjter40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjint40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjet40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msisip.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimtf.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrepl40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspbde40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mswdat10.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcrt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msutb.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstext40.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\narrator.exe
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxml.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxbde40.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mswstr10.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mswsock.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netman.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netlogon.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netid.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netdde.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\net1.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\net.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\npptools.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\notepad.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\newdev.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netui1.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netui0.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netstat.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netshell.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netsh.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netrap.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\notepad.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcji32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\ocmanage.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\objsel.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\oakley.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\packager.exe
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\osk.exe
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oledlg.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\olecli32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\ole32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\psbase.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\psapi.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\proquota.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\progman.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\profmap.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\polstore.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\ping.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pid.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfos.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfnet.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pdh.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\raschap.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\query.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\quartz.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qedit.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qdv.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qcap.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rexec.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\resutils.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regsvr32.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regsvc.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regapi.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\reg.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcp.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rastls.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scecli.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\runonce.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rundll32.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsh.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\riched20.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sfc.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\setup.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sethc.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sens.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\security.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\secur32.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-08-15 00:39:25 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shrpubw.exe
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shmgrate.exe
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shmedia.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shgina.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shell32.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\slbiop.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\slayerxp.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\skeys.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\sigverif.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\sigtab.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shutdown.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shsvcs.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spoolsv.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spoolss.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sort.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\snmpapi.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\syncui.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\synceng.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sxs.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\svchost.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stobject.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stimon.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sti_ci.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sti.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\trkwks.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tree.com
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tracert.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tourstart.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\themeui.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\termmgr.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\telnet.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tcpmon.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tcpmib.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\taskmgr.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapisrv.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapi32.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapi3.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\usbmon.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\ups.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnpui.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnphost.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnpcont.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnp.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\uniplat.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\unimdmat.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\umandlg.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\udhisapi.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\txflog.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\tsddd.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vssvc.exe
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vssapi.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\version.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\verifier.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vdmredir.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\utilman.exe
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\usp10.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\userenv.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\user32.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\winlogon.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\winipsec.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiavideo.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiaservc.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiascr.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiadss.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiadefui.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wextract.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\webvw.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\webclnt.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wavemsp.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\w32time.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmstream.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmi.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wlnotify.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wldap32.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winver.exe
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wintrust.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winsta.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winscard.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winrnr.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winntbbu.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winmm.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshrm.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wship6.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshext.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshcon.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wscript.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\ws2help.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\ws2_32.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wpabaln.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wow32.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\zipfldr.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xcopy.exe
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xactsrv.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wsock32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\format.com
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\cmd.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\cacls.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\autochk.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\locator.exe
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\localspl.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\ftp.exe
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\samlib.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasman.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\printui.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\userinit.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\untfs.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\ulib.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\smss.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\services.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\schannel.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\savedump.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-08-15 00:39:08 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-08-15 00:39:04 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-15 00:39:04 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-08-15 00:39:04 ----A---- C:\WINDOWS\system32\HAL.DLL
2009-08-15 00:36:47 ----D---- C:\WINDOWS\EHome
2009-08-13 21:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-08-13 21:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-08-13 21:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-08-13 21:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-08-13 21:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-08-13 21:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-08-13 21:54:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-08-13 21:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-13 21:53:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-08-13 21:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-08-13 21:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-08-13 21:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-08-13 21:50:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-13 21:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-08-13 21:47:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-08-13 21:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-08-13 21:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-08-13 21:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-08-13 21:43:43 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-13 21:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-13 21:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-08-13 21:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-08-13 21:41:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-08-13 21:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-08-13 20:25:55 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-08-13 16:02:35 ----A---- C:\Support-LogMeInRescue.exe
2009-08-13 14:27:18 ----D---- C:\N360_BACKUP
2009-08-13 13:50:52 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-08-13 13:50:40 ----D---- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-13 13:31:11 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2009-08-13 13:31:04 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-08-13 13:30:50 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-08-13 12:06:57 ----A---- C:\WINDOWS\pocufoxun.dll
2009-08-13 12:06:57 ----A---- C:\Program Files\Common Files\lywep.bat
2009-08-13 12:06:56 ----A---- C:\Documents and Settings\All Users\Application Data\ubuly.bat
2009-08-12 23:40:20 ----A---- C:\WINDOWS\cdplayer.ini
2009-08-07 12:47:20 ----D---- C:\audio book

======List of files/folders modified in the last 1 months======

2009-09-04 10:22:31 ----D---- C:\WINDOWS\Temp
2009-09-04 10:21:43 ----D---- C:\Documents and Settings\admin\Application Data\mjusbsp
2009-09-04 10:18:01 ----D---- C:\Program Files
2009-09-04 10:15:57 ----D---- C:\WINDOWS\system32\drivers
2009-09-04 10:14:43 ----D---- C:\WINDOWS
2009-09-01 11:38:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-28 10:46:21 ----ASH---- C:\boot.ini
2009-08-28 10:46:21 ----A---- C:\WINDOWS\win.ini
2009-08-28 10:46:21 ----A---- C:\WINDOWS\system.ini
2009-08-28 03:22:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-26 17:30:46 ----D---- C:\@
2009-08-26 14:31:23 ----HD---- C:\WINDOWS\inf
2009-08-25 06:20:08 ----SHD---- C:\WINDOWS\Installer
2009-08-25 01:31:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-25 01:08:04 ----SHD---- C:\Config.Msi
2009-08-25 01:05:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-25 01:02:58 ----D---- C:\WINDOWS\Fonts
2009-08-25 01:02:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-25 01:02:37 ----D---- C:\WINDOWS\system32
2009-08-25 01:01:56 ----D---- C:\Program Files\Microsoft Works
2009-08-24 10:45:46 ----SD---- C:\WINDOWS\Tasks
2009-08-23 11:11:43 ----A---- C:\WINDOWS\BRWMARK.INI
2009-08-21 12:15:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-20 08:45:57 ----D---- C:\Program Files\Google
2009-08-18 14:15:11 ----D---- C:\Program Files\Common Files
2009-08-18 13:43:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-18 08:42:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-18 07:55:54 ----SHD---- C:\RECYCLER
2009-08-18 07:37:30 ----D---- C:\Documents and Settings
2009-08-17 16:22:01 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-17 15:42:45 ----D---- C:\WINDOWS\system32\en-US
2009-08-17 15:42:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-17 15:42:44 ----D---- C:\WINDOWS\Media
2009-08-17 15:42:44 ----D---- C:\WINDOWS\Help
2009-08-17 15:42:44 ----D---- C:\Program Files\Internet Explorer
2009-08-17 15:38:34 ----A---- C:\WINDOWS\imsins.BAK
2009-08-17 14:58:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-17 09:20:54 ----SHD---- C:\System Volume Information
2009-08-17 09:19:11 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-15 16:26:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-15 16:26:52 ----D---- C:\WINDOWS\addins
2009-08-15 15:36:52 ----D---- C:\WINDOWS\WinSxS
2009-08-15 14:57:20 ----RSD---- C:\WINDOWS\assembly
2009-08-15 14:13:32 ----D---- C:\fuse
2009-08-15 11:49:32 ----D---- C:\JW info
2009-08-15 11:45:26 ----D---- C:\readers
2009-08-15 11:02:10 ----D---- C:\PDF'S
2009-08-15 10:57:34 ----D---- C:\phone
2009-08-15 10:56:53 ----D---- C:\Point & Shoot Videos
2009-08-15 10:55:44 ----D---- C:\pix
2009-08-15 10:47:14 ----D---- C:\av
2009-08-15 10:39:57 ----D---- C:\WINDOWS\Registration
2009-08-15 10:33:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-15 10:33:23 ----D---- C:\Program Files\egames
2009-08-15 10:19:59 ----D---- C:\Program Files\Real
2009-08-15 10:16:36 ----D---- C:\Program Files\Common Files\Real
2009-08-15 10:13:03 ----D---- C:\Documents and Settings\admin\Application Data\Real
2009-08-15 10:11:06 ----D---- C:\Program Files\ReadPlease 2003
2009-08-15 09:56:23 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2009-08-15 09:54:04 ----D---- C:\Program Files\ContMedia
2009-08-15 09:54:04 ----A---- C:\WINDOWS\GKM303DS.ini
2009-08-15 09:17:07 ----D---- C:\Program Files\Coupons
2009-08-15 09:04:26 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-08-15 04:50:05 ----D---- C:\WINDOWS\system32\wbem
2009-08-15 04:50:05 ----D---- C:\WINDOWS\AppPatch
2009-08-15 03:38:49 ----D---- C:\Program Files\Outlook Express
2009-08-15 02:56:25 ----D---- C:\WINDOWS\security
2009-08-15 02:54:53 ----D---- C:\Program Files\Messenger
2009-08-15 02:44:43 ----D---- C:\WINDOWS\system32\Setup
2009-08-15 02:44:41 ----D---- C:\WINDOWS\network diagnostic
2009-08-15 02:44:40 ----D---- C:\WINDOWS\ime
2009-08-15 02:43:51 ----D---- C:\WINDOWS\system32\usmt
2009-08-15 02:43:40 ----D---- C:\WINDOWS\PeerNet
2009-08-15 02:43:40 ----D---- C:\Program Files\Movie Maker
2009-08-15 02:38:01 ----D---- C:\WINDOWS\system32\Restore
2009-08-15 02:38:00 ----D---- C:\WINDOWS\system32\npp
2009-08-15 02:37:59 ----D---- C:\WINDOWS\msagent
2009-08-15 02:37:57 ----D---- C:\WINDOWS\srchasst
2009-08-15 02:37:55 ----D---- C:\Program Files\NetMeeting
2009-08-15 02:37:54 ----D---- C:\WINDOWS\system32\Com
2009-08-15 02:37:53 ----D---- C:\Program Files\Windows NT
2009-08-15 02:37:53 ----D---- C:\Program Files\Windows Media Player
2009-08-15 02:37:51 ----D---- C:\Program Files\Common Files\System
2009-08-15 02:37:41 ----D---- C:\WINDOWS\system32\oobe
2009-08-15 02:37:39 ----D---- C:\WINDOWS\system
2009-08-15 00:41:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-13 21:48:17 ----D---- C:\WINDOWS\ie7updates
2009-08-13 20:07:39 ----A---- C:\WINDOWS\Brownie.ini
2009-08-13 17:49:56 ----D---- C:\WINDOWS\pss
2009-08-13 16:45:14 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-08-13 13:50:52 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-30 1035264]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 PbsAuDrv;PolderbitS Audio Driver; C:\WINDOWS\system32\drivers\pbsaudrv.sys [2009-08-01 110752]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-03-31 180096]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 CAM1690;USB PC Camera; C:\WINDOWS\System32\Drivers\cam1690.sys [2007-11-21 181888]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 ionwpvvc;Watchport/V2 USB Camera; C:\WINDOWS\system32\DRIVERS\ionwpvvc.sys [2008-02-14 38656]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-01-29 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 U2SP;OEM USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;MOTOROLA Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avp;avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 86142]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dlbx_device;dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe [2004-12-16 462848]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-30 360448]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S4 gupdate1ca105c13ac1bc4;Google Update Service (gupdate1ca105c13ac1bc4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-19 137200]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby Wingman » September 5th, 2009, 6:48 pm

Hi ard,
Thanks for the logs... :)
There were 2 entries found by MBAM, that should have been removed but were not selected
for removal. These definitely need to be removed.
I would like to know about the scheduled task \$~$Sys0$.job ... is this a job that you setup?
There are also some files that I can't find any information on... so I would like to take a look at them.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
Malwarebytes' Anti-Malware Rerun
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
  2. Press the Update tab.. then press the Check for Updates...button.
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check everything to be removed.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
  7. Press the LOG... tab. Locate the most current log file.
Please copy and paste the most recent log (from this new run) in your next reply.

Step 2.
Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    @echo off
    copy "C:\WINDOWS\tasks\$~$Sys0$.job" "%userprofile%\desktop\job.txt"
    echo ========== end of job.txt file ========== >> "%userprofile%\desktop\job.txt"
    copy "C:\Program Files\Common Files\lywep.bat" "%userprofile%\desktop\lywep.txt"
    echo ========== end of lywep.txt file ========== >> "%userprofile%\desktop\lywep.txt"
    copy "C:\Documents and Settings\All Users\Application Data\ubuly.bat" "%userprofile%\desktop\ubuly.txt"
    echo ========== end of ubuly.txt file ========== >> "%userprofile%\desktop\ubuly.txt"
    del %0
  3. Save the file as look.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file look.bat to execute.
    A black window will open and close quickly... 3 files will appear on your desktop, "job.txt" "lywep.txt" and "ubuly.txt".
  5. Double click the above files (one at a time) to open them in Notepad...
  6. Please copy and paste the contents of job.txt, lywep.txt and ubuly.txt, into your next reply.

Step 3.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
  1. Double click on RSIT.exe to run it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  3. Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Did you set up the $~$Sys0$.job ?
  3. MBAM log
  4. Contents of (3) files: job.txt, lywep.txt and ubuly.txt
  5. New RSIT log.txt file contents.
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » September 6th, 2009, 5:38 pm

wingman -

1. Any problem executing the instructions?
the only problem was with the .txt files in #4

2. Did you set up the $~$Sys0$.job ?
i did not set this up

3. MBAM log

Malwarebytes' Anti-Malware 1.40
Database version: 2748
Windows 5.1.2600 Service Pack 3

9/6/2009 3:56:36 PM
mbam-log-2009-09-06 (15-56-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 216457
Time elapsed: 53 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ESQULqurvutdyodjeddlomlqnlwhlijctpoux.dll (Trojan.Alureon) -> Delete on reboot.
C:\WINDOWS\system32\drivers\ESQULewvyejtlsuvpuonotxeapxxlrxnwjogw.sys (Trojan.TDSS) -> Delete on reboot.




4. Contents of (3) files: job.txt, lywep.txt and ubuly.txt
all 3 .txt files are binaries. they will not copy as .txt files

job.txt is a binary file - size 374 bytes
c:windows\tasks\$~$Sys0$.job wants to run c;\windows\system32\SchedSvc.dll",SPUninstallCallback

lywep.bat is a binary file - size 18,534 bytes

ubuly.bat is a binary file - size 19,416 bytes
5. New RSIT log.txt file contents.


Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2009-09-06 16:25:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 68 GB (46%) free of 149 GB
Total RAM: 510 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:42 PM, on 9/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\admin\Desktop\RSIT.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

--
End of file - 5024 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\$~$Sys0$.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - admin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-08-28 264720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16 []
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"cdloader"=C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-29 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bneyibe]
C:\WINDOWS\oxemimesu.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
C:\Program Files\Brownie\BrstsWnd.exe [2007-07-31 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]
C:\Program Files\ClocX\ClocX.exe [2005-01-26 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe [2005-01-18 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-04-25 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-23 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PolderbitS Audio Driver Monitor.lnk]
C:\PROGRA~1\POLDER~1\Recorder\Driver\PBDRIV~1.EXE [2009-08-01 157728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=3
"LiveUpdate Notice Ex"=3
"LiveUpdate"=3
"Automatic LiveUpdate Scheduler"=2
"ose"=3
"odserv"=3
"MotoConnect Service"=2
"idsvc"=3
"IDriverT"=3
"gusvc"=3
"gupdate1ca105c13ac1bc4"=2
"DSBrokerService"=3
"Ati HotKey Poller"=3
"sprtsvc_dellsupportcenter"=2
"WMPNetworkSvc"=3
"getPlus(R) Helper"=3
"FontCache3.0.0.0"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoDispAppearancePage"=0
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideShutdownScripts"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=4
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDeletePrinter"=
"NoAddPrinter"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dlbxcoms.exe"="C:\WINDOWS\system32\dlbxcoms.exe:*:Enabled:Dell Communication System"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Demo\Compass6EInterface.exe"="C:\Program Files\Demo\Compass6EInterface.exe:*:Disabled: "
"C:\Program Files\Demo\Compass6E.exe"="C:\Program Files\Demo\Compass6E.exe:*:Disabled: "
"C:\Compass6E\WSInterface\Compass.WSInterface.GUI.exe"="C:\Compass6E\WSInterface\Compass.WSInterface.GUI.exe:*:Disabled: "
"C:\Compass6E\Compass.Module.Console.exe"="C:\Compass6E\Compass.Module.Console.exe:*:Disabled: "
"C:\WINDOWS\LMI19.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI19.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Owldell#zznewton]
shell\AutoRun\command - Z:\newton.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\autorun.exe
shell\phone\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc308496-5362-11db-b943-00123f6f9464}]
shell\AutoRun\command - F:\system\viewer\Viewer.exe
shell\View your videos\command - F:\system\viewer\Viewer.exe


======List of files/folders created in the last 1 months======

2010-03-12 13:09:10 ----D---- C:\Documents and Settings\All Users\Application Data\PKWARE
2010-03-12 13:09:10 ----D---- C:\Documents and Settings\admin\Application Data\PKWARE
2010-03-12 12:27:09 ----D---- C:\WINDOWS\ZipItFree
2010-03-12 12:27:09 ----D---- C:\Program Files\ZipItFree
2010-03-12 12:26:37 ----A---- C:\WINDOWS\ZipItFree Setup Log.txt
2009-09-04 14:40:08 ----D---- C:\Documents and Settings\admin\Application Data\Free Spider TreeCardGames
2009-09-04 14:39:50 ----D---- C:\Program Files\Free Spider
2009-09-04 09:59:17 ----D---- C:\Documents and Settings\admin\Application Data\Malwarebytes
2009-09-04 09:59:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-04 09:59:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-03 10:45:30 ----D---- C:\Program Files\Watchtower
2009-08-31 02:26:11 ----A---- C:\Rooter_1.txt
2009-08-31 02:25:48 ----D---- C:\Rooter$
2009-08-31 02:21:57 ----D---- C:\Program Files\trend micro
2009-08-31 02:21:55 ----D---- C:\rsit
2009-08-25 06:58:28 ----D---- C:\Program Files\Hijackthis
2009-08-25 01:31:02 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-24 17:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-08-24 17:04:00 ----D---- C:\Program Files\Security Task Manager
2009-08-24 10:45:46 ----A---- C:\WINDOWS\wininit.ini
2009-08-24 10:18:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-24 10:18:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 12:49:42 ----D---- C:\Program Files\Panda Security
2009-08-17 15:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-17 15:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-17 15:37:18 ----D---- C:\WINDOWS\ie8updates
2009-08-17 15:36:20 ----HDC---- C:\WINDOWS\ie8
2009-08-17 15:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-08-17 15:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-08-17 09:29:28 ----D---- C:\Program Files\Kaspersky Lab
2009-08-17 09:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-08-17 08:53:56 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-15 15:36:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-15 14:45:13 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-15 10:57:45 ----D---- C:\install
2009-08-15 03:42:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-15 03:40:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-15 03:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-15 03:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-15 03:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-15 03:35:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-15 03:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-15 03:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-15 03:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-15 03:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-15 03:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-15 03:27:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-15 03:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-15 03:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-15 03:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-15 03:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-15 03:20:44 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-15 03:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-15 03:18:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-08-15 03:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-15 03:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-08-15 03:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-15 03:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-15 03:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-15 03:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-15 03:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-15 03:07:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-08-15 03:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-15 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-08-15 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-15 03:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-15 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-08-15 02:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-15 02:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-08-15 02:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-15 02:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-08-15 02:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-15 02:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-08-15 02:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-15 02:47:56 ----A---- C:\WINDOWS\setuplog.txt
2009-08-15 02:44:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-08-15 02:44:27 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-08-15 02:44:26 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-08-15 02:44:25 ----N---- C:\WINDOWS\system32\azroles.dll
2009-08-15 02:44:25 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-08-15 02:44:24 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-08-15 02:44:23 ----N---- C:\WINDOWS\system32\credssp.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-08-15 02:44:19 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-08-15 02:44:18 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-08-15 02:44:15 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-08-15 02:44:15 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-08-15 02:44:14 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-08-15 02:44:14 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-08-15 02:44:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-08-15 02:44:13 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-08-15 02:44:12 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-08-15 02:44:09 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-08-15 02:44:09 ----N---- C:\WINDOWS\system32\mssha.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napstat.exe
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-08-15 02:44:05 ----N---- C:\WINDOWS\system32\onex.dll
2009-08-15 02:44:01 ----N---- C:\WINDOWS\system32\qagent.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qutil.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-08-15 02:43:59 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-08-15 02:43:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-08-15 02:43:58 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-08-15 02:43:58 ----N---- C:\WINDOWS\system32\setupn.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slserv.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slgen.dll
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-08-15 02:43:56 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-08-15 02:43:56 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-08-15 02:43:54 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-08-15 02:43:51 ----N---- C:\WINDOWS\slrundll.exe
2009-08-15 02:35:16 ----A---- C:\WINDOWS\000001_.tmp
2009-08-15 00:48:43 ----D---- C:\WINDOWS\system32\scripting
2009-08-15 00:48:43 ----D---- C:\WINDOWS\l2schemas
2009-08-15 00:48:42 ----D---- C:\WINDOWS\system32\en
2009-08-15 00:48:41 ----D---- C:\WINDOWS\system32\bits
2009-08-15 00:42:38 ----A---- C:\WINDOWS\system32\sprecovr.exe
2009-08-15 00:41:55 ----A---- C:\WINDOWS\002956_.tmp
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\proxycfg.exe
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\logman.exe
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bthci.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\encdec.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\encapi.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2p.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mssap.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wshbth.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wscntfy.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wmphoto.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\w3ssl.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\verclsid.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\twext.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\spnpinst.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\smbinst.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sbe.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmlprov.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-15 00:40:41 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-08-15 00:40:41 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-08-15 00:40:40 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-08-15 00:40:39 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-08-15 00:40:36 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-08-15 00:40:36 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-08-15 00:40:35 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-08-15 00:40:35 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\winhlp32.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\twain_32.dll
2009-08-15 00:40:20 ----A---- C:\WINDOWS\regedit.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\hh.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\explorer.exe
2009-08-15 00:40:12 ----A---- C:\WINDOWS\system32\6to4svc.dll
2009-08-15 00:40:11 ----A---- C:\WINDOWS\system32\aclui.dll
2009-08-15 00:40:11 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\activeds.dll
2009-08-15 00:40:09 ----A---- C:\WINDOWS\system32\adsldpc.dll
2009-08-15 00:40:09 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-08-15 00:40:08 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-08-15 00:40:08 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-08-15 00:40:07 ----A---- C:\WINDOWS\system32\alg.exe
2009-08-15 00:40:07 ----A---- C:\WINDOWS\system32\ahui.exe
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\amstream.dll
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\attrib.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\at.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\capesnpn.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\camocx.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cabview.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browseui.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browser.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browselc.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\batt.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\authz.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cisvc.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cic.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\certcli.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\confmsp.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comres.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\compstui.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\compatui.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\csrss.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscript.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptnet.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\credui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\conime.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\datime.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\danim.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\diskcopy.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dinput.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\digest.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\diantz.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\devenum.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\defrag.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmime.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmband.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmadmin.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dllhost.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dispex.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\drprov.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsound.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dskquoui.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\duser.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dswave.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dssec.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\eventlog.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\esent.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\es.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\els.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dxmasf.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\forcedos.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontview.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontext.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\findstr.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\feclient.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\exts.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-08-15 00:39:51 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\htui.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hlink.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hid.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hhsetup.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\help.exe
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\glu32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\input.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\initpki.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imm32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imapi.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iexpress.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\idq.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icmp.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icm32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\jgpl400.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\jgdw400.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\itss.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\itircl.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipxwan.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipmontr.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\linkinfo.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\licdll.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kbdnec.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mfc40u.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\makecab.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\magnify.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lsass.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lpk.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\logonui.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\localui.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\localsec.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\loadperf.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\more.com
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\modemui.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcshext.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmc.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mlang.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mimefilt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\miglibnt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\midimap.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdart.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msctfp.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msctf.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscms.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msafd.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mprdim.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mpr.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\moricons.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msgina.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msexcl40.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msexch40.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msidle.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msident.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msi.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msltus40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjtes40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjter40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjint40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjet40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msisip.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimtf.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrepl40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspbde40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mswdat10.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcrt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msutb.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstext40.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\narrator.exe
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxml.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxbde40.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mswstr10.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mswsock.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netman.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netlogon.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netid.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netdde.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\net1.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\net.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\npptools.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\notepad.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\newdev.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netui1.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netui0.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netstat.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netshell.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netsh.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netrap.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\notepad.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcji32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\ocmanage.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\objsel.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\oakley.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\packager.exe
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\osk.exe
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oledlg.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\olecli32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\ole32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\psbase.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\psapi.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\proquota.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\progman.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\profmap.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\polstore.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\ping.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pid.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfos.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfnet.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pdh.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\raschap.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\query.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\quartz.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qedit.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qdv.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qcap.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rexec.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\resutils.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regsvr32.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regsvc.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regapi.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\reg.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcp.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rastls.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scecli.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\runonce.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rundll32.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsh.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\riched20.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sfc.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\setup.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sethc.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sens.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\security.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\secur32.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-08-15 00:39:25 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shrpubw.exe
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shmgrate.exe
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shmedia.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shgina.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shell32.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\slbiop.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\slayerxp.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\skeys.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\sigverif.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\sigtab.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shutdown.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shsvcs.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spoolsv.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spoolss.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sort.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\snmpapi.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\syncui.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\synceng.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sxs.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\svchost.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stobject.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stimon.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sti_ci.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sti.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\trkwks.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tree.com
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tracert.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tourstart.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\themeui.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\termmgr.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\telnet.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tcpmon.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tcpmib.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\taskmgr.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapisrv.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapi32.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapi3.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\usbmon.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\ups.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnpui.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnphost.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnpcont.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnp.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\uniplat.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\unimdmat.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\umandlg.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\udhisapi.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\txflog.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\tsddd.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vssvc.exe
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vssapi.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\version.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\verifier.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vdmredir.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\utilman.exe
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\usp10.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\userenv.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\user32.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\winlogon.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\winipsec.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiavideo.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiaservc.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiascr.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiadss.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiadefui.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wextract.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\webvw.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\webclnt.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wavemsp.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\w32time.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmstream.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmi.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wlnotify.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wldap32.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winver.exe
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wintrust.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winsta.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winscard.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winrnr.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winntbbu.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winmm.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshrm.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wship6.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshext.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshcon.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wscript.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\ws2help.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\ws2_32.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wpabaln.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wow32.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\zipfldr.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xcopy.exe
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xactsrv.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wsock32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\format.com
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\cmd.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\cacls.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\autochk.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\locator.exe
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\localspl.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\ftp.exe
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\samlib.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasman.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\printui.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\userinit.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\untfs.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\ulib.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\smss.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\services.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\schannel.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\savedump.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-08-15 00:39:08 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-08-15 00:39:04 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-15 00:39:04 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-08-15 00:39:04 ----A---- C:\WINDOWS\system32\HAL.DLL
2009-08-15 00:36:47 ----D---- C:\WINDOWS\EHome
2009-08-13 21:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-08-13 21:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-08-13 21:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-08-13 21:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-08-13 21:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-08-13 21:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-08-13 21:54:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-08-13 21:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-13 21:53:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-08-13 21:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-08-13 21:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-08-13 21:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-08-13 21:50:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-13 21:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-08-13 21:47:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-08-13 21:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-08-13 21:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-08-13 21:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-08-13 21:43:43 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-13 21:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-13 21:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-08-13 21:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-08-13 21:41:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-08-13 21:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-08-13 20:25:55 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-08-13 16:02:35 ----A---- C:\Support-LogMeInRescue.exe
2009-08-13 14:27:18 ----D---- C:\N360_BACKUP
2009-08-13 13:50:52 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-08-13 13:50:40 ----D---- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-13 13:31:11 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2009-08-13 13:31:04 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-08-13 13:30:50 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-08-13 12:06:57 ----A---- C:\WINDOWS\pocufoxun.dll
2009-08-13 12:06:57 ----A---- C:\Program Files\Common Files\lywep.bat
2009-08-13 12:06:56 ----A---- C:\Documents and Settings\All Users\Application Data\ubuly.bat
2009-08-13 10:05:02 ----N---- C:\WINDOWS\system32\ESQULifsrapmtaumiwciufohakmikbprhylsp.dll
2009-08-12 23:40:20 ----A---- C:\WINDOWS\cdplayer.ini
2009-08-07 12:47:20 ----D---- C:\audio book

======List of files/folders modified in the last 1 months======

2009-09-06 16:21:18 ----A---- C:\WINDOWS\WORDPAD.INI
2009-09-06 16:03:48 ----D---- C:\WINDOWS\Temp
2009-09-06 16:03:16 ----D---- C:\Documents and Settings\admin\Application Data\mjusbsp
2009-09-06 15:59:06 ----D---- C:\WINDOWS
2009-09-06 15:58:39 ----D---- C:\WINDOWS\system32
2009-09-06 15:57:21 ----D---- C:\WINDOWS\system32\drivers
2009-09-05 12:01:06 ----A---- C:\WINDOWS\BRWMARK.INI
2009-09-04 14:39:50 ----D---- C:\Program Files
2009-09-04 12:06:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-28 10:46:21 ----ASH---- C:\boot.ini
2009-08-28 10:46:21 ----A---- C:\WINDOWS\win.ini
2009-08-28 10:46:21 ----A---- C:\WINDOWS\system.ini
2009-08-28 03:22:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-26 17:30:46 ----D---- C:\@
2009-08-26 14:31:23 ----HD---- C:\WINDOWS\inf
2009-08-25 06:20:08 ----SHD---- C:\WINDOWS\Installer
2009-08-25 01:31:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-25 01:08:04 ----SHD---- C:\Config.Msi
2009-08-25 01:05:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-25 01:02:58 ----D---- C:\WINDOWS\Fonts
2009-08-25 01:02:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-25 01:01:56 ----D---- C:\Program Files\Microsoft Works
2009-08-24 10:45:46 ----SD---- C:\WINDOWS\Tasks
2009-08-21 12:15:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-20 08:45:57 ----D---- C:\Program Files\Google
2009-08-18 14:15:11 ----D---- C:\Program Files\Common Files
2009-08-18 13:43:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-18 08:42:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-18 07:55:54 ----SHD---- C:\RECYCLER
2009-08-18 07:37:30 ----D---- C:\Documents and Settings
2009-08-17 16:22:01 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-17 15:42:45 ----D---- C:\WINDOWS\system32\en-US
2009-08-17 15:42:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-17 15:42:44 ----D---- C:\WINDOWS\Media
2009-08-17 15:42:44 ----D---- C:\WINDOWS\Help
2009-08-17 15:42:44 ----D---- C:\Program Files\Internet Explorer
2009-08-17 15:38:34 ----A---- C:\WINDOWS\imsins.BAK
2009-08-17 14:58:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-17 09:20:54 ----SHD---- C:\System Volume Information
2009-08-17 09:19:11 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-15 16:26:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-15 16:26:52 ----D---- C:\WINDOWS\addins
2009-08-15 15:36:52 ----D---- C:\WINDOWS\WinSxS
2009-08-15 14:57:20 ----RSD---- C:\WINDOWS\assembly
2009-08-15 14:13:32 ----D---- C:\fuse
2009-08-15 11:49:32 ----D---- C:\JW info
2009-08-15 11:45:26 ----D---- C:\readers
2009-08-15 11:02:10 ----D---- C:\PDF'S
2009-08-15 10:57:34 ----D---- C:\phone
2009-08-15 10:56:53 ----D---- C:\Point & Shoot Videos
2009-08-15 10:55:44 ----D---- C:\pix
2009-08-15 10:47:14 ----D---- C:\av
2009-08-15 10:39:57 ----D---- C:\WINDOWS\Registration
2009-08-15 10:33:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-15 10:33:23 ----D---- C:\Program Files\egames
2009-08-15 10:19:59 ----D---- C:\Program Files\Real
2009-08-15 10:16:36 ----D---- C:\Program Files\Common Files\Real
2009-08-15 10:13:03 ----D---- C:\Documents and Settings\admin\Application Data\Real
2009-08-15 10:11:06 ----D---- C:\Program Files\ReadPlease 2003
2009-08-15 09:56:23 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2009-08-15 09:54:04 ----D---- C:\Program Files\ContMedia
2009-08-15 09:54:04 ----A---- C:\WINDOWS\GKM303DS.ini
2009-08-15 09:17:07 ----D---- C:\Program Files\Coupons
2009-08-15 09:04:26 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-08-15 04:50:05 ----D---- C:\WINDOWS\system32\wbem
2009-08-15 04:50:05 ----D---- C:\WINDOWS\AppPatch
2009-08-15 03:38:49 ----D---- C:\Program Files\Outlook Express
2009-08-15 02:56:25 ----D---- C:\WINDOWS\security
2009-08-15 02:54:53 ----D---- C:\Program Files\Messenger
2009-08-15 02:44:43 ----D---- C:\WINDOWS\system32\Setup
2009-08-15 02:44:41 ----D---- C:\WINDOWS\network diagnostic
2009-08-15 02:44:40 ----D---- C:\WINDOWS\ime
2009-08-15 02:43:51 ----D---- C:\WINDOWS\system32\usmt
2009-08-15 02:43:40 ----D---- C:\WINDOWS\PeerNet
2009-08-15 02:43:40 ----D---- C:\Program Files\Movie Maker
2009-08-15 02:38:01 ----D---- C:\WINDOWS\system32\Restore
2009-08-15 02:38:00 ----D---- C:\WINDOWS\system32\npp
2009-08-15 02:37:59 ----D---- C:\WINDOWS\msagent
2009-08-15 02:37:57 ----D---- C:\WINDOWS\srchasst
2009-08-15 02:37:55 ----D---- C:\Program Files\NetMeeting
2009-08-15 02:37:54 ----D---- C:\WINDOWS\system32\Com
2009-08-15 02:37:53 ----D---- C:\Program Files\Windows NT
2009-08-15 02:37:53 ----D---- C:\Program Files\Windows Media Player
2009-08-15 02:37:51 ----D---- C:\Program Files\Common Files\System
2009-08-15 02:37:41 ----D---- C:\WINDOWS\system32\oobe
2009-08-15 02:37:39 ----D---- C:\WINDOWS\system
2009-08-15 00:41:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-13 21:48:17 ----D---- C:\WINDOWS\ie7updates
2009-08-13 20:07:39 ----A---- C:\WINDOWS\Brownie.ini
2009-08-13 17:49:56 ----D---- C:\WINDOWS\pss
2009-08-13 16:45:14 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-08-13 13:50:52 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-30 1035264]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 PbsAuDrv;PolderbitS Audio Driver; C:\WINDOWS\system32\drivers\pbsaudrv.sys [2009-08-01 110752]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-03-31 180096]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 CAM1690;USB PC Camera; C:\WINDOWS\System32\Drivers\cam1690.sys [2007-11-21 181888]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 ionwpvvc;Watchport/V2 USB Camera; C:\WINDOWS\system32\DRIVERS\ionwpvvc.sys [2008-02-14 38656]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-01-29 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 U2SP;OEM USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;MOTOROLA Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avp;avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 86142]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dlbx_device;dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe [2004-12-16 462848]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-30 360448]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S4 gupdate1ca105c13ac1bc4;Google Update Service (gupdate1ca105c13ac1bc4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-19 137200]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby Wingman » September 8th, 2009, 7:25 am

Hi ard,
MBAM needs the computer to be rebooted in order to finalize removing some infected files... please make sure your reboot your machine,
normally now.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Backdoor Warning
I'm sorry to give bad news but your computer has multiple infections, including a Backdoor.
A backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
Typically it's installed without user interaction through security exploits, and can severely compromise system security.
Such infections may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware.
These backdoor infections may also collect and transmit personally identifiable information, without your consent and severely degrade the performance and stability of your computer.
A backdoor infection can give intruders complete control of your computer, logs your keystrokes, obtain passwords, steal personal information, etc.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft
    and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords
    (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password).
    Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...

We can attempt to clean this machine but we can not guarantee that it won't still be compromised, afterwards.

To help you understand more, please take some time to read the following articles:
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Please let me know how you would like to proceed.
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » September 8th, 2009, 6:48 pm

wingman -

i have removed
C:\WINDOWS\tasks\$~$Sys0$.job
C:\Program Files\Common Files\lywep.bat
C:\Documents and Settings\All Users\Application Data\ubuly.bat

i have restarted several times
i have run spybot and kaspersky finding no problem

i ran netstat -a no strange ports open

my browser is nolonger redirecting
tomorrow i will try to install norton360

why do you now think i have an active trojan?

- al
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby Wingman » September 9th, 2009, 10:44 am

Hi ard,
I understand your eagerness to resolve the issues you have with your computer. You were specifically asked not to run any fix or scan programs and not to install any additional software while we were in the cleaning process.
These requests are not made lightly but to insure that I see everything that goes on and control the removal of files and other entries.
Some infections require specific sequences to be removed correctly and going off on your own, can complicate matters or even make matters worse.

If you want me to continue helping you, then these actions, deleting files, running scans, installing new security software, all these actions have to stop.
Otherwise I will assume you no longer need our help, want to fix things yourself and ask for this thread to be closed.

As far as why I think you have and active trojan:
I hesitate to divulge specific file names or entries that indicate a certain kind of infection, as there is a tendency to focus on that file and manually deleting it to resolve an infection issue... while one file may point to an infection, that infection may hide, create or drop other files in it's course of action.

As indicated in my last post, regarding the backdoor type of infection... you were given information and options. If you decide you want to reformat and reinstall your OS, please let me know and I can have this thread closed.
Otherwise, if you would like us to continue, then you must abide by my requests to cease and desist any further attempts to fix or clean your computer, unless specifically requested by me.

Please let me know how you want to proceed.
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » September 9th, 2009, 2:09 pm

wingman -

sorry for my confusion, i thought you were basicly done and recomended the format as the only option. i have not installed norton360 or any thing else. the only thing i did was the file removals and scans. i would like to NOT format the hard drive if possible. i await your next instructions

- al
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware