Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help. Think i must be infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help. Think i must be infected

Unread postby quazzer » September 5th, 2008, 8:48 am

Hi,

Got a feeling my computers infected. I have tried detecting it myself but have not found anything. The reason i need to find out whether I am infected is because my system restore points don't work, and this is probably due to each one being infected. I need to clean my system to then set new restore points.

I would be very grateful for any help given.

here is my Hi-jack this log:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:31, on 05/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Oli\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Oli\My Documents\Programs\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Oli\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17] resdef.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17] resdef.exe (User 'Default user')
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://oli-quarry.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8840273062
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B362AF29-CDCD-4F94-B295-4419DFF75298}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 12312 bytes
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West
Advertisement
Register to Remove

Re: Please help. Think i must be infected

Unread postby Shaba » September 13th, 2008, 5:00 am

Hi quazzer

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help. Think i must be infected

Unread postby quazzer » September 13th, 2008, 5:43 am

Hi, and thanks for helping. Since I started the topic, i have changed my virus sofware from avg 8 to avast. Avast did find a trojan, but if you would still be able to check for anything else, I would be most grateful.

here is my uninstall list...

ABBYY FineReader 6.0 Sprint
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
ASAPI Update
ASIO4ALL
Audacity 1.2.6
avast! Antivirus
Bonjour
Cantabile 1.2 Lite
CCleaner (remove only)
ConvertXtoDVD 2.99.13.900
Cover Art Downloader v1.2
Creative Audio Console
Creative MediaSource 5
Creative Software AutoUpdate
Digimax Master
Disc2Phone
eBay Toolbar
Enigma
filehippo.com Update Checker
FreeRIP v3.03
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
hp deskjet 5550 series (Remove only)
hp print screen utility
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 4.18.2
MA_CMIDI
MediaShow 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Movie Joiner
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Music Cleaning Studio
MyPhoneExplorer
Nero 7
NVIDIA Drivers
PeerGuardian 2.0
PhotoNow! 1.0
Power2Go 4.0
PowerBackup 1.0
PowerCinema 4.0
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
PowerStarter
QuickTime
Rail Simulator
RealPlayer
Reason 3.0
Reason 4.0
Recover My Photos
reFX Nexus Demo
Registry Clean Expert
Registry Mechanic 7.0
rgc:audio sfz VSTi v1.96
rgcAudio z3ta Plus v1.40
Samsung USB Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Sony Ericsson PC Suite
Sound Blaster X-Fi Xtreme Audio
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
Sunbelt Personal Firewall
TagScanner 5.0 build 515b
Thoosje Quick Xp Optimizer Installer V2
TomTom HOME
Unity Web Player
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC_MergeModuleToMSI
Viewpoint Media Player
Vista Icon Pack v3 System Patch
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
Zune Desktop Theme
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: Please help. Think i must be infected

Unread postby Shaba » September 13th, 2008, 5:54 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.18.2

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post back a fresh HijackThis log here along with a fresh uninstall list.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help. Think i must be infected

Unread postby quazzer » September 13th, 2008, 6:08 am

Hi I have Uninstalled Limewire now, and once done so I searched any more limewire files and delted them. Hope thats ok to do.

Any how heres my Hijackthis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:44, on 13/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Propellerhead\Reason 4\Reason.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Oli\My Documents\Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17] resdef.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17] resdef.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://oli-quarry.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8840273062
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B362AF29-CDCD-4F94-B295-4419DFF75298}: NameServer = 192.168.2.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 11676 bytes
______________________________________________________________________________________________________________________

Heres My uninstall list...

ABBYY FineReader 6.0 Sprint
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
ASAPI Update
ASIO4ALL
Audacity 1.2.6
avast! Antivirus
Bonjour
Cantabile 1.2 Lite
CCleaner (remove only)
ConvertXtoDVD 2.99.13.900
Cover Art Downloader v1.2
Creative Audio Console
Creative MediaSource 5
Creative Software AutoUpdate
Digimax Master
Disc2Phone
eBay Toolbar
Enigma
filehippo.com Update Checker
FreeRIP v3.03
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
hp deskjet 5550 series (Remove only)
hp print screen utility
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
MA_CMIDI
MediaShow 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Movie Joiner
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Music Cleaning Studio
MyPhoneExplorer
Nero 7
NVIDIA Drivers
PeerGuardian 2.0
PhotoNow! 1.0
Power2Go 4.0
PowerBackup 1.0
PowerCinema 4.0
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
PowerStarter
QuickTime
Rail Simulator
RealPlayer
Reason 3.0
Reason 4.0
Recover My Photos
reFX Nexus Demo
Registry Clean Expert
Registry Mechanic 7.0
rgc:audio sfz VSTi v1.96
rgcAudio z3ta Plus v1.40
Samsung USB Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Sony Ericsson PC Suite
Sound Blaster X-Fi Xtreme Audio
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
Sunbelt Personal Firewall
TagScanner 5.0 build 515b
Thoosje Quick Xp Optimizer Installer V2
TomTom HOME
Unity Web Player
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC_MergeModuleToMSI
Viewpoint Media Player
Vista Icon Pack v3 System Patch
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
Zune Desktop Theme
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: Please help. Think i must be infected

Unread postby Shaba » September 13th, 2008, 6:19 am

You have also BitTorrent installed.

Open HijackThis, click do a system scan only and checkmark these:


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"


Close all windows including browser and press fix checked.

Reboot.

Delete this:

C:\Program Files\BitTorrent

Empty Recycle Bin.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help. Think i must be infected

Unread postby quazzer » September 13th, 2008, 7:12 am

do I uninstall bittorrent or do I just delete the file at your given location?
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: Please help. Think i must be infected

Unread postby Shaba » September 13th, 2008, 7:24 am

You can uninstall BitTorrent first if possible :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help. Think i must be infected

Unread postby quazzer » September 13th, 2008, 8:46 pm

Hiya. Sorry I've taken so long to reply. I installed a new program and it spread a shed load of virus's onto my computer. Never experienced it so bad. it was putting up porn icons on my desktop and tried to install a virus checker. Spent the whole day scanning my computer with avast numerous times. But whats worse, is that I still don't think my computers clean, as when I open windows explorer now it just freezes every time.
Will you be able to help me on this as well?

anyhow, I've uninstalled bit torrent and have ran the program. here are my logs....

Logfile of random's system information tool (written by random/random)
Run by Oli at 2008-09-14 01:40:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 155 GB (66%) free of 234 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:40:20, on 14/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Oli\Desktop\RSIT.exe
C:\Documents and Settings\Oli\My Documents\Programs\Oli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17] resdef.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17] resdef.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://oli-quarry.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8840273062
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B362AF29-CDCD-4F94-B295-4419DFF75298}: NameServer = 192.168.2.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 11053 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{61ABF9F6-61AE-4516-A68C-97ADD15E1DFB}.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]
eBay Toolbar Helper - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2008-08-08 562416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-12 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-30 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-12-14 392240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} - eBay Toolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2008-08-08 562416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"=C:\WINDOWS\system32\ptipbmf.dll [2003-06-20 118784]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-07-28 122880]
"P17Helper"=Rundll32 SPIRun.dll []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-12 185896]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2008-05-16 1630208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Power2GoExpress"= []
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2007-07-02 219008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe [2008-08-08 652528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\WINDOWS\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2005-01-14 110744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
C:\Program Files\Registry Clean Expert\RCHelper.exe [2008-01-31 604920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-12 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe [2004-06-08 69721]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Oli^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Oli^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
C:\PROGRA~1\THOOSJ~1.3\THOOSJ~1.EXE [2007-10-22 524288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe:*:Enabled:Job Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\Documents and Settings\Oli\Local Settings\Temp\lxde\wireless\ENGLISH\lxdewpss.exe"="C:\Documents and Settings\Oli\Local Settings\Temp\lxde\wireless\ENGLISH\lxdewpss.exe:*:Enabled: "
"C:\WINDOWS\system32\lxdeih.exe"="C:\WINDOWS\system32\lxdeih.exe:*:Enabled:Printer Communication System"
"C:\WINDOWS\system32\lxdecoms.exe"="C:\WINDOWS\system32\lxdecoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"="C:\Program Files\Lexmark 4800 Series\lxdeamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 4800 Series\FRun.exe"="C:\Program Files\Lexmark 4800 Series\FRun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\Lexmark Fax Solutions\faxctr.exe"="C:\Program Files\Lexmark Fax Solutions\faxctr.exe:*:Enabled:Fax software"
"C:\Program Files\Lexmark 4800 Series\lxdemon.exe"="C:\Program Files\Lexmark 4800 Series\lxdemon.exe:*:Enabled:Printer Device Monitor"
"C:\Program Files\Lexmark 4800 Series\Wireless\lxdewpss.exe"="C:\Program Files\Lexmark 4800 Series\Wireless\lxdewpss.exe:*:Enabled: "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Oli\Local Settings\Temp\IXP000.TMP\cubase.exe"="C:\Documents and Settings\Oli\Local Settings\Temp\IXP000.TMP\cubase.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Oli\Local Settings\Temp\IXP001.TMP\cubase.exe"="C:\Documents and Settings\Oli\Local Settings\Temp\IXP001.TMP\cubase.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Oli\Local Settings\Temp\IXP002.TMP\cubase.exe"="C:\Documents and Settings\Oli\Local Settings\Temp\IXP002.TMP\cubase.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Oli\Local Settings\Temp\IXP003.TMP\cubase.exe"="C:\Documents and Settings\Oli\Local Settings\Temp\IXP003.TMP\cubase.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Oli\Local Settings\Temp\IXP005.TMP\cubase.exe"="C:\Documents and Settings\Oli\Local Settings\Temp\IXP005.TMP\cubase.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Oli\Local Settings\Temp\IXP004.TMP\cubase.exe"="C:\Documents and Settings\Oli\Local Settings\Temp\IXP004.TMP\cubase.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Oli\Local Settings\Temp\IXP006.TMP\cubase.exe"="C:\Documents and Settings\Oli\Local Settings\Temp\IXP006.TMP\cubase.exe:*:Enabled:Windows Messanger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d7f5dba-70ff-11dc-90d5-54484d000031}]
shell\AutoRun\command - J:\InstallTomTomHOME.exe


List of files/folders created in the last three months

2019-03-07 18:57:37 ----SH---- C:\boot.ini
2019-03-07 18:57:21 ----A---- C:\WINDOWS\system32\ptipbmf.dll
2019-03-07 18:57:20 ----A---- C:\WINDOWS\system32\oeminfo.ini
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmvcore.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmstream.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\WMSPDMOE.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\WMSPDMOD.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmpui.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmpshell.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmpasf.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\wmp.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\winshfhc.dll
2019-03-07 18:57:18 ----A---- C:\WINDOWS\system32\blastcln.exe
2019-03-07 18:57:17 ----A---- C:\WINDOWS\system32\wmploc.dll
2019-03-07 18:57:17 ----A---- C:\WINDOWS\system32\wmpcore.dll
2019-03-07 18:57:17 ----A---- C:\WINDOWS\system32\wmpcd.dll
2019-03-07 18:57:17 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2019-03-07 18:57:17 ----A---- C:\WINDOWS\system32\wmidx.dll
2019-03-07 18:57:17 ----A---- C:\WINDOWS\system32\wmerror.dll
2019-03-07 18:57:17 ----A---- C:\WINDOWS\system32\wmdmps.dll
2019-03-07 18:57:17 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\wmasf.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\WMADMOE.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\WMADMOD.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\strmdll.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\shmedia.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\mswmdm.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\msscp.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\mspmsp.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\msnetobj.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\MPG4DMOD.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\MP4SDMOD.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\MP43DMOD.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\logagent.exe
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\LAPRXY.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\dxmasf.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\drmstor.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\drmclien.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\cewmdm.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\blackbox.dll
2019-03-07 18:57:16 ----A---- C:\WINDOWS\system32\asferror.dll
2019-03-07 18:57:13 ----RASH---- C:\NTDETECT.COM
2019-03-07 18:57:13 ----A---- C:\WINDOWS\vmmreg32.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\vga64k.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\vga256.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\spnpinst.exe
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\pentnt.exe
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\osuninst.exe
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\odtext32.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\odpdx32.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\odfox32.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\odexl32.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\oddbse32.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msxbde40.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msvcrt20.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\mstext40.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msrepl40.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msrecr40.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msrclr40.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msr2cenu.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msr2c.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\mspbde40.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msltus40.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msexcl40.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\msexch40.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\migpwd.exe
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\lnkstub.exe
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\krnl386.exe
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\ir50_32.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2019-03-07 18:57:13 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2019-03-07 18:57:12 ----A---- C:\WINDOWS\system32\wmerrenu.dll
2019-03-07 18:57:12 ----A---- C:\WINDOWS\system32\d3dramp.dll
2019-03-07 18:57:12 ----A---- C:\WINDOWS\system32\ctl3d32.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\xpob2res.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbdycl.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbdycc.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbduzb.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbdtuq.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbdtuf.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbdtat.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbdsl.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbdru1.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbdru.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\kbdro.dll
2019-03-07 18:57:11 ----A---- C:\WINDOWS\system32\edit.com
2019-03-07 18:57:01 ----A---- C:\WINDOWS\system32\msutb.dll
2019-03-07 18:57:01 ----A---- C:\WINDOWS\system32\mslbui.dll
2019-03-07 18:57:01 ----A---- C:\WINDOWS\system32\msimtf.dll
2019-03-07 18:57:01 ----A---- C:\WINDOWS\system32\msctfp.dll
2019-03-07 18:57:01 ----A---- C:\WINDOWS\system32\msctf.dll
2019-03-07 18:57:01 ----A---- C:\WINDOWS\system32\ctfmon.exe
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\zipfldr.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\xmlprov.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\xenroll.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\xcopy.exe
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\xactsrv.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wstdecod.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wsock32.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wshrm.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wshnetbs.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wshisn.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wship6.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wshext.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wshcon.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wshatm.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wsecedit.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wscsvc.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wscript.exe
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wscntfy.exe
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\ws2help.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\ws2_32.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wpabaln.exe
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wowexec.exe
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wowdeb.exe
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\wow32.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\kbdinben.dll
2019-03-07 18:57:00 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\winhlp32.exe
2019-03-07 18:56:59 ----A---- C:\WINDOWS\winhelp.exe
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wmiscmgr.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wmiprop.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wmi.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wlnotify.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wldap32.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winver.exe
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wintrust.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winstrm.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winsta.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winsrv.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winspool.exe
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winsock.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winscard.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winrnr.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winntbbu.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winnls.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winmsd.exe
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winmm.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winlogon.exe
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winipsec.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wininet.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winhttp.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winhlp32.exe
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winfax.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\winbrand.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\win87em.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\win.com
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wifeman.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wiavusd.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wiavideo.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wiashext.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wiaservc.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wiascr.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wiadss.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wiadefui.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\wextract.exe
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\webvw.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\webhits.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\webclnt.dll
2019-03-07 18:56:59 ----A---- C:\WINDOWS\system32\webcheck.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\twunk_32.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\twunk_16.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\twain_32.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\twain.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\wdigest.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\wavemsp.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\w3ssl.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\w32topl.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\w32tm.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\w32time.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vwipxspx.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vwipxspx.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vssvc.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vssapi.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vssadmin.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vss_ps.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vjoy.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vga.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vfpodbc.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\version.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\verifier.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\verifier.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\ver.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vdmredir.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vcdex.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vbscript.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\vbajet32.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\uxtheme.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\utilman.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\utildll.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\usp10.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\userenv.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\user32.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\user.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\usbmon.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\urlmon.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\url.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\ureg.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\ups.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\upnpui.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\upnphost.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\upnpcont.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\upnp.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\unlodctr.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\uniplat.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\unimdmat.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\umdmxfrm.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\umandlg.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\ufat.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\udhisapi.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\typeperf.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\typelib.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\txflog.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\twext.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tsddd.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tsd32.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tsappcmp.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\trkwks.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tree.com
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\traffic.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tracert6.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tracert.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tracerpt.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\toolhelp.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tlntsess.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\themeui.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tftp.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\termmgr.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\telnet.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tcpmon.ini
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tcpmon.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tcpmib.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\taskmgr.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\taskman.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tasklist.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\taskkill.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tapiui.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tapisrv.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tapiperf.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tapi32.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tapi3.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\tapi.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\t2embed.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\systray.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\syskey.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\sysinv.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\sysedit.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\syncui.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\synceng.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\syncapp.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\sxs.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\swprv.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\svcpack.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\svchost.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\subst.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\strmfilt.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\storage.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\stobject.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\stimon.exe
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\sti_ci.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\sti.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system32\osuninst.dll
2019-03-07 18:56:58 ----A---- C:\WINDOWS\system.ini
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\sqlwoa.dll
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\sqlwid.dll
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\sprestrt.exe
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\spoolsv.exe
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\spoolss.dll
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\spiisupd.exe
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\sort.exe
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\softpub.dll
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\snmpapi.dll
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2019-03-07 18:56:57 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2019-03-07 18:56:56 ----R---- C:\WINDOWS\system32\rsop.msc
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\smbinst.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\slbiop.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\slbcsp.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\slayerxp.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\skeys.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\skdll.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sisbkup.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sigverif.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sigtab.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shutdown.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shsvcs.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shscrap.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shrpubw.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shmgrate.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shlwapi.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shimgvw.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shimeng.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shgina.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shfolder.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shell32.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shell.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shdocvw.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\shdoclc.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\share.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sfmapi.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sfc_os.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sfc.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sfc.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\setver.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\setupdll.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\setup.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sethc.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\serwvdrv.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\services.msc
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\serialui.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\senscfg.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sensapi.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sens.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sendmail.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\security.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\secur32.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\secpol.msc
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\seclogon.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\secedit.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sdpblb.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sdbinst.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\scrrun.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\scrobj.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\scriptpw.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\scredir.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\schtasks.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\scesrv.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\scecli.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sccsccp.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sccbase.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\scardssp.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\scarddlg.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sc.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sbeio.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\sbe.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\runonce.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rundll32.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\runas.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rtutils.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rtm.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rtcshare.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsvpperf.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsvpmsg.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsvp.ini
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsvp.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsopprov.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsnotify.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsmui.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsmsink.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsmps.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsm.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsh.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsfsaps.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rsaenh.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rpcss.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rpcns4.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\routetab.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\routemon.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\route.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rnr20.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\riched32.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\riched20.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rexec.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\resutils.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\replace.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rend.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\relog.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\regwizc.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\regwiz.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\regsvr32.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\regsvc.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\regedt32.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\regapi.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\reg.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\redir.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\recover.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rdpdd.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rcp.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rcimlby.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rastls.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasser.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rassapi.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasrad.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasppp.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasphone.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasmxs.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasmontr.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasmans.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasdial.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasctrs.ini
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasctrs.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\raschap.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasautou.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\query.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\quartz.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\qosname.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\qedwipes.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\qedit.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\qdvd.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\qdv.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\qcap.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\qasf.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\pubprn.vbs
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\pstorec.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\psnppagn.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\pschdprf.ini
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\pschdprf.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\psbase.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\psapi.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\proxycfg.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\proquota.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\progman.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\profmap.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\prodspec.ini
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\prnqctl.vbs
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\prnport.vbs
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\prnmngr.vbs
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\prnjobs.vbs
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\prndrvr.vbs
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\prncnfg.vbs
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\print.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\prflbmsg.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\powrprof.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\powercfg.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\polstore.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\msftedit.dll
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\gpupdate.exe
2019-03-07 18:56:56 ----A---- C:\WINDOWS\system32\drprov.dll
2019-03-07 18:56:55 ----R---- C:\WINDOWS\system32\perfmon.msc
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\pngfilt.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\pmspl.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\plustab.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ping6.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ping.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\pifmgr.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\pidgen.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\photowiz.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\perfwci.ini
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\perfts.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\perfproc.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\perfos.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\perfnw.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\perfnet.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\perfmon.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\perffilt.ini
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\perfdisk.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\perfci.ini
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\pdh.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\pautoenr.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\pathping.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\panmap.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\packager.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\p2psvc.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\p2p.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\osk.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\opengl32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\olethk32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\olesvr32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\olesvr.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\olepro32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\oleprn.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\oledlg.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\olecli32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\olecli.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\oleacc.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ole32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ole2nls.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ole2disp.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ole2.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\offfilt.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbctrac.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbcji32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbcint.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbccu32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbccr32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbccp32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbcconf.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbcconf.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbcad32.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbc32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\odbc16gt.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ocmanage.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\occache.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\objsel.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\oakley.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\nwwks.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\nwscript.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\nwevent.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\nwcfg.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\nwapi32.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\nwapi16.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\nw16.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntshrui.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntsdexts.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntsd.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntmsoprq.msc
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntmsmgr.msc
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntmsevt.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntmarta.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntlanui.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntlanman.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntdsbcli.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\ntbackup.exe
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\npptools.dll
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\notepad.tmp
2019-03-07 18:56:55 ----A---- C:\WINDOWS\system32\notepad.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\nlhtml.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\newdev.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netui2.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netui1.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netui0.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netstat.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netshell.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netsh.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netrap.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netplwiz.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netmsg.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netman.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netlogon.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netid.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\neth.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netevent.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netdde.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netcfgx.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netapi32.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\netapi.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\net1.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\net.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\nddenb32.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\nddeapir.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\nddeapi.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\ncxpnt.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\nbtstat.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\narrhook.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\narrator.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mydocs.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mycomput.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mtxclu.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msxmlr.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msxml3r.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msxml3.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msxml2r.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msxml2.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msxml.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mswstr10.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mswsock.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mswdat10.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msw3prt.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvideo.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvidctl.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvidc32.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvfw32.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvcrt.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvcp60.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvcp50.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvcirt.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msvbvm50.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mstime.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msswchx.exe
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msswch.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mssip32.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mssign32.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mssap.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msrle32.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msrating.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msratelc.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msprivs.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msports.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\mspatcha.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msorcl32.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msorc32r.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msobjs.dll
2019-03-07 18:56:54 ----A---- C:\WINDOWS\system32\msnsspc.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msls31.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msjtes40.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msjter40.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msjint40.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msjet40.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msisip.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msimsg.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msimg32.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msihnd.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msiexec.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msieftp.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msidntld.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msidle.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msident.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msi.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mshtmler.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mshtmled.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mshtml.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mshta.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msgina.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msencode.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msdmo.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msdart.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msdadiag.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mscms.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mscat32.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msaudite.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msasn1.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msapsspc.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msafd.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msacm32.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msacm.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\msaatext.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mrinfo.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqutil.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqtrig.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqsvc.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqsnap.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqsec.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqrt.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqqm.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqperf.ini
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqperf.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqoa.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqise.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqgentr.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqdscli.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqcertui.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqbkup.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mqad.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mprui.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mprmsg.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mprdim.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mprddm.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mprapi.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mpr.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mpnotify.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mountvol.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\moricons.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\more.com
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\modex.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\modemui.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mode.com
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mobsync.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mobsync.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mmutilse.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mmsystem.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mmdrv.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mmcshext.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mmcbase.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mmc.exe
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mll_qic.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mll_mtf.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mll_hp.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mlang.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mimefilt.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\miglibnt.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\midimap.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mfc42u.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mfc42.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mfc40u.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mfc40.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\system32\mf3216.dll
2019-03-07 18:56:53 ----A---- C:\WINDOWS\msdfmap.ini
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mem.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mdminst.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mdhcp.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mciwave.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mciseq.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mciole32.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mciole16.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mcicda.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mciavi32.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mchgrcoi.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mcdsrv32.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mcd32.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mcastmib.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mapistub.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\makecab.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\magnify.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\mag_hook.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lzexpand.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lz32.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lusrmgr.msc
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lsass.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lprmonui.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lprhelp.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lpr.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lpq.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lpk.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\logonuiX.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\logonui.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\logman.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\login.cmd
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\loghours.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lodctr.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\localui.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\localsec.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\loadperf.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\loadfix.com
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lmrt.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\linkinfo.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\lights.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\licmgr10.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\licdll.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\langwrbk.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\label.exe
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\keymgr.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\kerberos.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\kdcom.dll
2019-03-07 18:56:52 ----A---- C:\WINDOWS\system32\kd1394.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\netsetup.exe
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdusx.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdusr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdusl.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdus.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdur.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdukx.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbduk.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdsw.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdsp.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdsg.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdsf.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdpo.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdpl.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdno1.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdno.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdnec.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdne.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdmon.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdmac.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdlv1.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdlv.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdlt1.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdlt.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdla.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdkyr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdkaz.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdit142.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdit.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdir.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdic.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdhu.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdhept.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdhela3.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdhela2.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdhe319.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdhe220.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdhe.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdgr1.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdgr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdgkl.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdgae.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdfr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdfo.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdfi.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdfc.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdest.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdes.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbddv.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdda.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdcz2.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdcz1.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdcz.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdcr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdcan.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdca.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdbu.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdbr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdblr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdbene.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdbe.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdazel.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kbdaze.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\kb16.com
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\jsproxy.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\jscript.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\jobexec.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\jgsh400.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\jgsd400.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\jgpl400.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\jgmd400.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\jgdw400.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\jgaw400.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\jet500.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ixsso.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iuengine.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\itss.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\itircl.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ir32_32.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipxwan.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipxsap.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipxroute.exe
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipxrip.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipxpromn.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipxmontr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipv6.exe
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipsec6.exe
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iprtprio.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iprop.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ippromon.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipmontr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ipconfig.exe
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iologmsg.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\inseng.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\input.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\initpki.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\infosoft.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\inetppui.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\inetpp.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\inetmib1.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\inetcplc.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\imm32.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\imgutil.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\imeshare.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\imapi.exe
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iissuba.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ifsutil.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ifmon.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iexpress.exe
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iesetup.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iernonce.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iepeers.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ieencode.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ieakui.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ieaksie.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ieakeng.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\idq.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\icmui.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\icmp.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\icm32.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iccvid.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iassvcs.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iassdo.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iassam.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iasrecst.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iasrad.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iaspolcy.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iasnap.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iashlpr.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iasads.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\iasacct.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\htui.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\httpapi.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\hotplug.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\hostname.exe
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\hnetmon.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\hlink.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\hhsetup.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\help.exe
2019-03-07 18:56:51 ----A---- C:\WINDOWS\system32\h323msp.dll
2019-03-07 18:56:51 ----A---- C:\WINDOWS\hh.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\grpconv.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\graphics.com
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\graftabl.com
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\gptext.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\gpresult.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\gpedit.msc
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\gpedit.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\glu32.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\glmf32.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\getmac.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\gdi32.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\gdi.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\gcdef.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fwcfg.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\ftsrch.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fsutil.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fsusd.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fsmgmt.msc
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\framebuf.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\forcedos.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fontview.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fontsub.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fontext.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fmifs.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fixmapi.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\finger.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\findstr.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\find.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\filemgmt.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\feclient.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fdeploy.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fde.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fc.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\faultrep.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\fastopen.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\exts.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\extrac32.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\extmgr.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\expsrv.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\expand.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\exe2bin.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\eventvwr.msc
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\eventvwr.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\eventlog.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\eventcls.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\eula.txt
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\eudcedit.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\esentutl.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\esentprf.ini
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\esentprf.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\esent97.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\esent.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\es.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\ersvc.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\encdec.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\encapi.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\els.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\efsadu.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\edlin.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dxtrans.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dxdiag.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dx8vb.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dx7vb.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dwwin.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\duser.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dumprep.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dswave.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dsuiext.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dssenh.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dssec.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dsquery.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dsprpres.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dsprop.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dsound3d.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dsound.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dskquoui.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dskquota.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dsdmo.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\dsauth.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\ds32gt.dll
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\ds16gt.dLL
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\system32\drwatson.exe
2019-03-07 18:56:50 ----A---- C:\WINDOWS\explorer.exe
2019-03-07 18:56:47 ----RA---- C:\WINDOWS\system32\ctl3dv2.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\tourstart.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\systeminfo.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\shellstyle.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\pagefileconfig.vbs
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\openfiles.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\eventquery.vbs
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\eventcreate.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\driverquery.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpwsock.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpvvox.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpvoice.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpvacm.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpserial.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpnet.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dplayx.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dplay.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dpcdll.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dosx.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\doskey.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\docprop2.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\docprop.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dnsapi.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmusic.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmsynth.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmstyle.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmserver.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmscript.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmremote.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmocx.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmloader.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmintf.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmime.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmdskres.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmconfig.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmcompos.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmband.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dmadmin.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dllhost.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dispex.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\diskperf.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\diskpart.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\diskcopy.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\diskcopy.com
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\diskcomp.com
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dinput8.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dinput.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dimap.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\digest.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\diantz.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\diactfrm.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dgnet.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dfrgui.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dfrgres.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dfrg.msc
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\devmgr.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\devmgmt.msc
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\devenum.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\deskperf.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\deskmon.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\deskadp.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\defrag.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\debug.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\ddrawex.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\ddraw.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\ddeshare.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\ddeml.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dciman32.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dbghelp.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dbgeng.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\davclnt.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\datime.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\dataclen.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\danim.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\d3dxof.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\d3drm.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\d3dim700.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\d3dim.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\d3d9.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\d3d8.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\csseqchk.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\csrss.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cscui.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cscript.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cscdll.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cryptui.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cryptnet.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cryptext.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cryptdll.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\crypt32.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\crtdll.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\credui.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\corpol.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\convert.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\control.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\console.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\conime.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\confmsp.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\comres.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\compstui.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\compobj.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\compmgmt.msc
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\compatui.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\compact.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\comp.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\commdlg.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\command.com
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\comcat.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cnvfat.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cnetcfg.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cmutil.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cmstp.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cmpbk32.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cmmon32.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cmdl32.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cmdial32.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\clusapi.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\clipsrv.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cliconfg.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cliconfg.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\clb.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\ckcnv.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cisvc.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cipher.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\ciodm.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cidaemon.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cic.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\ciadv.msc
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\ciadmin.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\chkntfs.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\chkdsk.exe
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\chcp.com
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\certmgr.msc
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\certmgr.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\certcli.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cdosys.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cdm.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cdfview.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\ccfgnt.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cards.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\capesnpn.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\camocx.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cabview.dll
2019-03-07 18:56:47 ----A---- C:\WINDOWS\system32\cabinet.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wpdtrace.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wpdsp.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wpdmtpus.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wpdmtpdr.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wpdmtp.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wpdconns.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wpd_ci.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\WMVADVE.DLL
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\WMVADVD.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wmpsrcwp.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wmpencen.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wmdrmnet.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wmdrmdev.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\wdfapi.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\uwdf.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\btpanui.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\browsewm.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\browseui.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\browser.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\browselc.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\bootvid.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\bootok.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\bootcfg.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\bidispl.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\batmeter.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\basesrv.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\avifile.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\avifil32.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\avicap32.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\avicap.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\autolfn.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\autofmt.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\autodisc.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\authz.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\auditusr.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\audiosrv.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\audiodev.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\attrib.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\atmpvcno.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\atmlib.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\atmfd.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\atmadm.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\atl.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\atkctrs.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\at.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\asycfilt.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\asr_ldm.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\arp.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\appmgr.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\appmgmts.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\apphelp.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\append.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\apcups.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\amstream.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\alrsvc.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\alg.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\ahui.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\advpack.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\adsnw.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\adsnt.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\adsnds.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\adsmsext.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\adsldpc.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\adsldp.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\adptif.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\admparse.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\actxprxy.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\actmovie.exe
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\activeds.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\aclui.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\acledit.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\aaaamon.dll
2019-03-07 18:56:46 ----A---- C:\WINDOWS\system32\6to4svc.dll
2019-03-07 18:54:21 ----D---- C:\i386
2019-03-07 18:53:51 ----D---- C:\cmpnents
2019-03-07 18:53:28 ----SHD---- C:\System Volume Information
2008-09-14 01:40:10 ----D---- C:\rsit
2008-09-13 12:39:22 ----D---- C:\Program Files\MicroAV
2008-09-13 12:38:45 ----A---- C:\WINDOWS\system32\tdsspopup.dll
2008-09-13 12:38:39 ----A---- C:\WINDOWS\system32\tdssinit.dll
2008-09-13 12:38:37 ----A---- C:\WINDOWS\system32\tdssadw.dll
2008-09-13 12:30:40 ----D---- C:\Program Files\PCHealthCenter
2008-09-13 12:29:43 ----A---- C:\WINDOWS\system32\SYNSOACC.dll
2008-09-13 12:28:06 ----D---- C:\Program Files\Common Files\Steinberg
2008-09-13 12:28:06 ----D---- C:\Documents and Settings\All Users\Application Data\Steinberg
2008-09-13 12:19:52 ----D---- C:\Program Files\Steinberg
2008-09-10 20:00:04 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-10 11:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 11:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-07 20:59:54 ----A---- C:\WINDOWS\win.ini
2008-09-07 18:42:09 ----D---- C:\WINDOWS\Prefetch
2008-09-07 18:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-07 18:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-07 18:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-07 18:33:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-07 18:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$
2008-09-07 18:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-07 18:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-07 18:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-07 18:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-07 18:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-07 18:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-07 18:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-09-07 18:26:03 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-07 18:19:50 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-05 20:36:42 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-05 20:36:40 ----D---- C:\Program Files\Alwil Software
2008-09-05 11:56:12 ----D---- C:\Program Files\VisualTaskTips
2008-09-05 11:55:44 ----D---- C:\Program Files\Common Files\stardock
2008-09-05 11:54:58 ----D---- C:\WINDOWS\system32\en
2008-09-05 11:54:58 ----D---- C:\WINDOWS\system32\bits
2008-09-05 11:52:51 ----D---- C:\Documents and Settings\Oli\Application Data\Windows Search
2008-09-05 11:52:21 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-09-04 20:48:12 ----A---- C:\WINDOWS\system32\VIPuninstall.bat
2008-09-04 20:29:02 ----A---- C:\WINDOWS\docs.ini
2008-09-04 20:28:59 ----D---- C:\WINDOWS\VIPv3
2008-09-04 13:03:13 ----A---- C:\WINDOWS\LogonStudio.ini
2008-09-04 13:02:29 ----A---- C:\WINDOWS\system32\JPGUtils.dll
2008-09-04 13:02:27 ----D---- C:\Program Files\WinCustomize
2008-09-04 11:58:33 ----D---- C:\VistaPerfectionX4
2008-09-04 11:23:31 ----A---- C:\WINDOWS\system32\(uxtheme Old).dll
2008-09-04 11:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-04 00:22:54 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-09-04 00:22:47 ----D---- C:\Program Files\Stardock
2008-09-04 00:03:50 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-03 23:49:25 ----A---- C:\WINDOWS\setuplog.txt
2008-09-03 23:48:01 ----D---- C:\WINDOWS\system32\scripting
2008-09-03 23:48:00 ----D---- C:\WINDOWS\l2schemas
2008-09-03 23:48:00 ----D---- C:\Program Files\msn
2008-09-03 23:38:19 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-09-03 23:38:19 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\locator.exe
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\localspl.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\ftp.exe
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\format.com
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\cmd.exe
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\cacls.exe
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\autochk.exe
2008-09-03 23:37:59 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\userinit.exe
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\untfs.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\ulib.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\smss.exe
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\services.exe
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\schannel.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\savedump.exe
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\samlib.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\rasman.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\printui.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-09-03 23:37:58 ----A---- C:\WINDOWS\system32\HAL.DLL
2008-09-03 22:59:15 ----D---- C:\Program Files\Windows Desktop Search
2008-09-03 22:58:55 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4_0$
2008-09-03 22:56:23 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-09-03 19:16:06 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-03 19:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2_0$
2008-09-03 19:14:55 ----D---- C:\Program Files\MSBuild
2008-09-03 19:13:34 ----D---- C:\WINDOWS\system32\XPSViewer
2008-09-03 19:12:57 ----D---- C:\Program Files\Reference Assemblies
2008-09-03 19:12:13 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-09-03 19:12:07 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-09-03 19:12:03 ----D---- C:\Program Files\MSXML 6.0
2008-09-03 19:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925876$
2008-09-03 19:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB912024$
2008-09-03 19:06:23 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-09-03 19:06:23 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-03 19:06:23 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-08-31 13:37:10 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-08-31 13:37:10 ----A---- C:\WINDOWS\system32\drv43260.dll
2008-08-31 13:37:10 ----A---- C:\WINDOWS\system32\drv33260.dll
2008-08-31 13:37:10 ----A---- C:\WINDOWS\system32\drv23260.dll
2008-08-31 13:37:10 ----A---- C:\WINDOWS\system32\cook3260.dll
2008-08-31 13:37:09 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2008-08-31 13:37:09 ----A---- C:\WINDOWS\gdiplus.dll
2008-08-31 13:37:08 ----D---- C:\Program Files\VSO
2008-08-28 18:22:55 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-28 18:22:53 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-28 18:22:51 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-28 18:22:51 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-28 18:22:50 ----N---- C:\WINDOWS\system32\slserv.exe
2008-08-28 18:22:49 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-28 18:22:49 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-28 18:22:49 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-28 18:22:49 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-28 18:22:49 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-28 18:22:49 ----N---- C:\WINDOWS\slrundll.exe
2008-08-28 18:22:48 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-28 18:22:47 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-28 18:22:47 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-28 18:22:47 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-28 18:22:47 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-28 18:22:47 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-28 18:22:45 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-28 18:22:43 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-28 18:22:43 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-28 18:22:43 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-28 18:22:43 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-28 18:22:43 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-08-28 18:22:42 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-28 18:22:42 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-28 18:22:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-28 18:22:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-28 18:22:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-28 18:22:37 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-28 18:22:37 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-28 18:22:34 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-28 18:22:28 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-28 18:22:27 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-28 18:22:27 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-28 18:22:27 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-28 18:22:27 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-28 18:22:16 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-08-28 18:22:14 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-28 18:22:13 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-28 18:22:13 ----A---- C:\WINDOWS\003563_.tmp
2008-08-28 18:22:13 ----A---- C:\WINDOWS\003561_.tmp
2008-08-28 18:22:12 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-28 18:22:12 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-28 18:22:12 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-28 18:22:12 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-28 18:22:12 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-28 18:22:12 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-28 18:22:12 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-28 18:22:12 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-28 18:22:11 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-28 18:22:11 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-28 18:22:11 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-28 18:22:11 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-28 18:22:11 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-28 18:22:10 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-28 18:22:10 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-28 18:22:10 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-28 18:22:10 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-28 18:22:10 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-28 18:22:09 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-28 18:22:06 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-28 18:22:06 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-28 18:22:05 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-28 18:22:05 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-28 18:22:05 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-08-28 18:22:05 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-28 18:22:05 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-28 18:22:05 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-28 18:22:05 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-26 17:10:33 ----D---- C:\Program Files\Movie Joiner
2008-08-24 15:42:08 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-08-24 14:56:13 ----N---- C:\Documents and Settings\Oli\Application Data\inst.exe
2008-08-24 14:56:12 ----D---- C:\Documents and Settings\Oli\Application Data\Vso
2008-08-20 19:40:16 ----D---- C:\Program Files\Unity
2008-08-17 00:18:45 ----D---- C:\Documents and Settings\Oli\Application Data\Apple Computer
2008-08-17 00:18:30 ----D---- C:\Program Files\iPod
2008-08-17 00:18:25 ----D---- C:\Program Files\iTunes
2008-08-17 00:18:13 ----D---- C:\Program Files\Bonjour
2008-08-17 00:17:45 ----D---- C:\Program Files\QuickTime
2008-08-17 00:17:42 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-17 00:17:30 ----D---- C:\Program Files\Apple Software Update
2008-08-17 00:17:12 ----D---- C:\Program Files\Common Files\Apple
2008-08-17 00:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-14 20:45:38 ----HD---- C:\Program Files\Uninstall Information
2008-08-14 19:17:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-14 19:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-14 19:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 19:17:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-14 19:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 19:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-14 19:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-12 20:43:24 ----A---- C:\WINDOWS\system32\AppSetup.exe
2008-08-12 18:10:22 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-12 18:10:22 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-12 18:10:22 ----A---- C:\WINDOWS\system32\java.exe
2008-08-12 17:57:39 ----D---- C:\Program Files\Common Files\xing shared
2008-08-12 17:51:51 ----D---- C:\Program Files\filehippo.com
2008-07-31 20:33:29 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-07-31 20:33:23 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-07-31 20:33:23 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-07-31 20:33:22 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-07-25 00:40:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-19 18:46:21 ----A---- C:\WINDOWS\system32\results.txt
2008-07-19 18:46:08 ----D---- C:\Program Files\Belkin
2008-06-30 19:20:46 ----D---- C:\Program Files\Thoosje
2008-06-29 19:10:26 ----D---- C:\Documents and Settings\Oli\Application Data\IconTweaker
2008-06-29 19:10:26 ----D---- C:\Documents and Settings\All Users\Application Data\IconTweaker
2008-06-29 19:10:25 ----D---- C:\Program Files\IconTweaker
2008-06-29 18:59:02 ----D---- C:\Program Files\Thoosje Sidebar V2.3
2008-06-29 15:57:29 ----A---- C:\WINDOWS\ReplacerUndo.txt
2008-06-20 23:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-15 14:42:56 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink

List of drivers

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10240]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\system32\drivers\fwdrv.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\system32\drivers\khips.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-19 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2006-08-07 162176]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio; C:\WINDOWS\system32\drivers\P17xfi.sys [2007-11-21 1174528]
R3 p17xfilt;p17xfilt; C:\WINDOWS\system32\drivers\p17xfilt.sys [2007-10-10 1664384]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-31 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 a3s283lr;a3s283lr; C:\WINDOWS\system32\drivers\a3s283lr.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 avyoxpk0;avyoxpk0; C:\WINDOWS\system32\drivers\avyoxpk0.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Oli\LOCALS~1\Temp\catchme.sys []
S3 D500U;D500U; C:\WINDOWS\system32\DRIVERS\D500U.sys [2005-01-10 50389]
S3 ggsemc;Sony Ericsson USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2006-03-01 8704]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 21888]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 RDID1027;EDIROL PCR; C:\WINDOWS\System32\Drivers\rdwm1027.sys [2002-07-30 43932]
S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE26bus.sys [2006-08-28 61600]
S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys [2006-08-28 9360]
S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE26mdm.sys [2006-08-28 97184]
S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys [2006-08-28 88688]
S3 se26nd5;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS); C:\WINDOWS\system32\DRIVERS\se26nd5.sys [2006-08-28 18704]
S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE26obex.sys [2006-08-28 86560]
S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM); C:\WINDOWS\system32\DRIVERS\se26unic.sys [2006-08-28 90768]
S3 ST330;ST330; C:\WINDOWS\system32\drivers\st330.sys [2007-02-13 30464]
S3 STBUS;STBUS; C:\WINDOWS\system32\drivers\stbus.sys [2007-02-13 12672]
S3 stppp;Speedtouch PPP Adapter Adapter; C:\WINDOWS\system32\DRIVERS\stppp.sys [2007-02-13 32000]
S3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-06-13 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-06-13 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-06-13 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-06-13 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-06-13 85664]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\system32\DRIVERS\cbidf2k.sys []
S4 fasttx2k;fasttx2k; C:\WINDOWS\system32\system32\DRIVERS\fasttx2k.sys []
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\system32\DRIVERS\iaStor.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\system32\DRIVERS\intelide.sys []
S4 m5287;m5287; C:\WINDOWS\system32\system32\DRIVERS\m5287.sys []
S4 m5289;m5289; C:\WINDOWS\system32\system32\DRIVERS\m5289.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\viaagp.sys []
S4 viamraid;viamraid; C:\WINDOWS\system32\system32\DRIVERS\viamraid.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-01-14 172153]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-01-14 110711]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-01-14 24576]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 MA_CMIDI_InstallerService;M-Audio CMIDI Installer; C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe [2005-09-28 94208]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-10-20 96256]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
________________________________________________________________________________________________________________________
The second.....

info.txt logfile of random's system information tool 2008-09-14 01:40:25

Uninstall list

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASAPI Update-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\VOB\ASAPI Update\ASAPI.isu"
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Cantabile 1.2 Lite-->C:\Program Files\Topten Software\Cantabile 1.2 Lite\Uninstall\unsnap0.exe /uninstall:"C:\Program Files\Topten Software\Cantabile 1.2 Lite\Uninstall\unsnap0.log"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 2.99.13.900-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Cover Art Downloader v1.2-->"C:\Program Files\Cover Art Downloader\unins000.exe"
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
eBay Toolbar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}\setup.exe" -l0x9 /z"Uninstall eBay Toolbar"
Enigma-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F145099-1224-4C5B-84F2-7AE6DC699F1A}\setup.exe" -l0x9 -removeonly
filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
FreeRIP v3.03-->"C:\Program Files\FreeRIP3\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 5550 series (Remove only)-->C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=5550 -huninstall
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
MA_CMIDI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly
MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Movie Joiner-->C:\Program Files\Movie Joiner\uninst.exe -c
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Cleaning Studio-->"C:\Program Files\eJay\Music Cleaning Studio\Unwise.exe" C:\PROGRA~1\eJay\MUSICC~1\install.log
MyPhoneExplorer-->C:\Program Files\MyPhoneExplorer\uninstall.exe
Nero 7-->MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerCinema 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD Copy 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PowerStarter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rail Simulator-->MsiExec.exe /X{0824EE6D-137F-4B83-9628-8E7B000BEBA6}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason 3.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Reason 4.0-->"C:\Program Files\Propellerhead\Reason 4\Uninstall Reason\unins000.exe"
Recover My Photos-->"C:\Program Files\GetData\Recover My Photos\unins000.exe"
reFX Nexus Demo-->"C:\Program Files\Vstplugins\unins001.exe"
Registry Clean Expert-->"C:\Program Files\Registry Clean Expert\unins000.exe"
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
rgc:audio sfz VSTi v1.96-->"C:\Program Files\Vstplugins\unins000.exe"
rgcAudio z3ta Plus v1.40-->C:\PROGRA~1\RGCAUD~1\Z3TA_~1\Z3TA_U~1\UNWISE.EXE C:\PROGRA~1\RGCAUD~1\Z3TA_~1\Z3TA_U~1\INSTALL.LOG
Samsung USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}\Setup.exe" anything
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sony Ericsson PC Suite-->MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Sound Blaster X-Fi Xtreme Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{822A8730-86A7-4CAA-BDE1-7337169BFF2B}\setup.exe" -l0x9 /remove
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Sunbelt Personal Firewall-->MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
TagScanner 5.0 build 515b-->"C:\Program Files\TagScanner\unins000.exe"
Thoosje Quick Xp Optimizer Installer V2-->MsiExec.exe /I{D21B65C4-F7ED-4805-8781-BB835AC85D14}
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vista Icon Pack v3 System Patch-->VIPuninstall.bat
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB905589-->"C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

Hosts File

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com

Security center information

AV: avast! antivirus 4.8.1229 [VPS 080912-1]
FW: Sunbelt Personal Firewall

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: Please help. Think i must be infected

Unread postby Shaba » September 14th, 2008, 4:54 am

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help. Think i must be infected

Unread postby quazzer » September 14th, 2008, 7:59 am

Hi, I donwloaded SDFix.exe, and extracted the files. I was just about to reboot in safe mode, until an avast warning came up displaying that malware was found in C:\WINDOWS\SYSTEM32\TDSSADW.DLL. I was wondering whether what I had just extracted could of been this or if it was actually coincidental and malicious. what should I do with the warning? I have the options 'Move\rename', 'Delete', 'Move To Chest' and 'No Action'?
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: Please help. Think i must be infected

Unread postby Shaba » September 14th, 2008, 8:08 am

You can choose Move To Chest.

File is malicious and part of certain rootkit.

That's why we use SDFix :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help. Think i must be infected

Unread postby quazzer » September 14th, 2008, 8:58 am

Ive tried booting in safe mode, but when I press the f8 key after the beep and before the windows loading icon, it simply displays a screen with the title 'boot menu', and gives me an option of both my internal hard drives and my cd rw. When I select it just boots up as normal. Nothing about safe mode though?
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: Please help. Think i must be infected

Unread postby Shaba » September 14th, 2008, 9:19 am

Then you press it too early :)

Press it a bit later (not immediately after beep) and you should be able to see menu where safe mode is one option.

It might take few tries but it is needed as SDFix will work in safe mode only.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help. Think i must be infected

Unread postby quazzer » September 14th, 2008, 9:58 am

Thankyou, I did what you said and all was fine. I rebooted into safe mode, and then ran the 'RunThis.bat' It said to click ok to reboot, and once I did that it rebooted in normal mode but nothing it else happended. i logged in and I am just left with a zip file called 'catchme.zip' with 'tdssserv.sys'

Is this right?
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware