View Full Version : My system is infected, plz help.
deepak4490
2008-10-13, 07:58
Hello Spybot members
My system is infected, whenever i open a webpage the status bar shows "opening page http://ads.vk987.info/"
and thn the AVG detects virus, i did complete full computer scan but the same problem plz help me.
http://img517.imageshack.us/img517/7466/virus1sq5.jpg (http://imageshack.us)
http://img517.imageshack.us/img517/virus1sq5.jpg/1/w778.png (http://g.imageshack.us/img517/virus1sq5.jpg/1/)
http://img374.imageshack.us/img374/5559/virus2qy8.jpg (http://imageshack.us)
http://img374.imageshack.us/img374/virus2qy8.jpg/1/w604.png (http://g.imageshack.us/img374/virus2qy8.jpg/1/)
deepak4490
2008-10-13, 15:12
please help - am in great trouble.
Thanks in advance.
Baabiouz
2008-10-13, 18:07
Hello :)
Please download the latest copy of HijackThis from Trend Micro (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) and save it to your desktop.
Double click on HJTInstall.exe to install it. Click on Install. By default, it will install to C:\Program Files\Trend Micro\HijackThis.
Read through the License Agreement presented to you on the next screen and click on I Accept.
Once installed, HijackThis will start automatically. If it doesn't, please go to your desktop and double click on the HijackThis shortcut created there.
Select Do a system scan and save a logfile.
Close HijackThis.
Note: Do not click on the AnalyzeThis button.
Do not fix any lines you see in HijackThis as most entries are harmless and needed for the normal functioning of Windows.
Post the HijackThis log here :)
deepak4490
2008-10-13, 20:05
HijackThis Log File
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:01 PM, on 10/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{63CBB1D0-8630-41EB-8B65-13EE9C7AE0B1}: NameServer = 202.88.149.25,202.88.149.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 4231 bytes
Baabiouz
2008-10-14, 16:04
Hello :)
Step #1
Click Start | My Computer | Local Disk (C: ) .
In the menu bar at the top, go to File | New | Folder.
That will create a folder named "New Folder", which you can rename to "HijackThis". You have now created C:\HijackThis.
Now get your HijackThis.exe file and place it in your folder.
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Step #2
Please download ATF-cleaner (http://www.atribune.org/ccount/click.php?id=1) and save it to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Step #3
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here (http://www.besttechie.net/tools/mbam-setup.exe) and save to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Step #4
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
(At installing Zonealarm, please uncheck this option "include a ZoneAlarm Spy Blocker...". The Toolbar is not recommended... You can read more about it here (http://sunbeltblog.blogspot.com/2007/12/another-security-company-succumbs-to.html).)
2) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Comodo (http://www.personalfirewall.comodo.com/)
(at installing Comodo, please uncheck these options: "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage")
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Step #4
Please post Mbam report and a fresh HijackThis log back here :)
deepak4490
2008-10-14, 23:00
HijackThis logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:13 AM, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
O4 - HKLM\..\Run: "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{63CBB1D0-8630-41EB-8B65-13EE9C7AE0B1}: NameServer = 202.88.149.25,202.88.149.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 4013 bytes
[B]MalwareBytes Logfile
Malwarebytes' Anti-Malware 1.28
Database version: 1270
Windows 5.1.2600 Service Pack 2
10/15/2008 2:26:00 AM
mbam-log-2008-10-15 (02-26-00).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 65229
Time elapsed: 23 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Baabiouz
2008-10-15, 06:13
Hello
Did you install firewall?
YouR hijackThis isn't in right path. Please make new folder like I istructed and move HijackThis.exe there. :)
deepak4490
2008-10-20, 09:09
Problem is resolved :D
thanks a lot buddy.
But now am facing problem with my another PC. The net is slow like hell - when i download something the speed is only 1kbps.
M sure my system is infected.
deepak4490
2008-10-20, 09:14
Buddy now my another pc is creating problems like first one.
whenever i open a webpage the status bar shows "opening page http://web.hyj008.info/"
and thn the AVG detects virus, i did complete full computer scan but the same problem plz help me.
First pc is now working fine, i didnt use any pen drive between these 2 pcs.
deepak4490
2008-10-20, 09:48
HijackThis Log File
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:09 PM, on 1/1/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D56A5525-6B17-4A95-A765-E6FB5EFF99B9}: NameServer = 172.16.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--
End of file - 2788 bytes
Baabiouz
2008-10-20, 14:36
Hello
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here (http://www.besttechie.net/tools/mbam-setup.exe) and save to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Please post Mbam results and Rsit logs back here :)
deepak4490
2008-10-22, 07:01
MalwareBytes Log
Malwarebytes' Anti-Malware 1.29
Database version: 1300
Windows 5.1.2600 Service Pack 2
10/21/2008 10:35:26 PM
mbam-log-2008-10-21 (22-35-21).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 255301
Time elapsed: 1 hour(s), 33 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\7ADC2AB1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\HBmhly.dll (Spyware.OnlineGames) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6d4c7e08-e021-414c-a42d-ab15a2302196} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{deef6582-9927-4cbd-897c-6a1f9e8c47de} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7adc2ab1-5c6a-4178-82da-94863354af7c} (Spyware.OnlineGames) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{da191de0-aa86-4ed0-4b87-293d48b2ae99} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hbkernel32 (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hbkernel32 (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hbkernel32 (Backdoor.Bot) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7adc2ab1-5c6a-4178-82da-94863354af7c} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\msnmsg (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBService32 (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\7ADC2AB1.dll (Spyware.OnlineGames) -> No action taken.
C:\Program Files\Messenger\msgmr.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temp\24.cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\8EDV4ZAG\19[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\8EDV4ZAG\24[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\A6HXBV76\18[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\A6HXBV76\23[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\FVTWQWL2\02[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\FVTWQWL2\17[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\FVTWQWL2\20[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\FVTWQWL2\21[1].cab (Spyware.OnlineGames) -> No action taken.
D:\fdrive\Warez\Goldfish_Aquarium\patch.exe (Trojan.Downloader) -> No action taken.
D:\fdrive\Warez\Goldfish_Aquarium\Goldfish_Aquarium\patch.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\System.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\HBKernel32.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\HBmhly.dll (Spyware.OnlineGames) -> No action taken.
RSIT Log
Logfile of random's system information tool 1.04 (written by random/random)
Run by Deepak at 2002-01-01 20:44:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (87%) free of 20 GB
Total RAM: 503 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:24 PM, on 1/1/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Deepak\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Deepak\Desktop\Deepak.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 127.1 localhost
O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
O1 - Hosts: 127.1 61.134.37.12
O1 - Hosts: 127.1 ko.ssa387.cn
O1 - Hosts: 127.1 www.ndxrr.cn
O1 - Hosts: 127.1 12345.ssa387.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 wwwwhf.cn
O1 - Hosts: 127.1 a89369093.sq.u9idc.com
O1 - Hosts: 127.1 www.mmd178.cn
O1 - Hosts: 127.1 www.178mmd.cn
O1 - Hosts: 127.1 www.wenzhuoyyy.cn
O1 - Hosts: 127.1 tw.lovechina.tw.cn
O1 - Hosts: 127.1 222.189.238.151
O1 - Hosts: 127.1 222.179.185.78
O1 - Hosts: 127.1 www.wq9q.cn
O1 - Hosts: 127.1 593ffcey.cn
O1 - Hosts: 127.1 set.yay520.cn
O1 - Hosts: 127.1 tenmoc999.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 121.kcuf-01.com
O1 - Hosts: 127.1 www.ew1q.cn
O1 - Hosts: 127.1 www.b3sk.cn
O1 - Hosts: 127.1 up.bizmd.cn
O1 - Hosts: 127.1 www.ms2a.cn
O1 - Hosts: 127.1 www.wo9188.cn
O1 - Hosts: 127.1 www.fgetchr.cn
O1 - Hosts: 127.1 www.e6zx.cn
O1 - Hosts: 127.1 hai067.com
O1 - Hosts: 127.1 hai088.com
O1 - Hosts: 127.1 778899.jd8j.cn
O1 - Hosts: 127.1 sql.78-11.net
O1 - Hosts: 127.1 www.bbbirdy.com
O1 - Hosts: 127.1 www.s1na1.com.cn
O1 - Hosts: 127.1 www.dianyinjzd.cn
O1 - Hosts: 127.1 www.dj5201314dj.com
O1 - Hosts: 127.1 max-2.cn
O1 - Hosts: 127.1 a.asp-o.cn
O1 - Hosts: 127.1 b.asp-o.cn
O1 - Hosts: 127.1 c.asp-o.cn
O1 - Hosts: 127.1 x.kprobb.cn
O1 - Hosts: 127.1 js.php-k.cn
O1 - Hosts: 127.1 max-1.cn
O1 - Hosts: 127.1 max-3.cn
O1 - Hosts: 127.1 max-4.cn
O1 - Hosts: 127.1 max-5.cn
O1 - Hosts: 127.1 max-6.cn
O1 - Hosts: 127.1 max-7.cn
O1 - Hosts: 127.1 max-8.cn
O1 - Hosts: 127.1 max-9.cn
O1 - Hosts: 127.1 max-10.cn
O1 - Hosts: 127.1 max-11.cn
O1 - Hosts: 127.1 max-12.cn
O1 - Hosts: 127.1 twocannon250.com.cn
O1 - Hosts: 127.1 www.133mm.cn
O1 - Hosts: 127.1 www.51vmm.cn
O1 - Hosts: 127.1 www.7mmoo.cn
O1 - Hosts: 127.1 www.99mmm.org.cn
O1 - Hosts: 127.1 www.hdec.cn
O1 - Hosts: 127.1 www.picc18.com
O1 - Hosts: 127.1 www.kissdh.com
O1 - Hosts: 127.1 www.x7v.cn
O1 - Hosts: 127.1 biqulu.cn
O1 - Hosts: 127.1 2008.qq2006.com.cn
O1 - Hosts: 127.1 giaitrisex.com
O1 - Hosts: 127.1 www.giaitrisex.com
O1 - Hosts: 127.1 www.giaitrituoitre.net
O1 - Hosts: 127.1 mekiep.com
O1 - Hosts: 127.1 www.1sex1day.com
O1 - Hosts: 127.1 a.9ymm.com
O1 - Hosts: 127.1 bobo.7wyt.com
O1 - Hosts: 127.1 www.591caobi.cn
O1 - Hosts: 127.1 www.hrz008.cn
O1 - Hosts: 127.1 asp-15.cn
O1 - Hosts: 127.1 asp-12.cn
O1 - Hosts: 127.1 www.jb88.net
O1 - Hosts: 127.1 6.a88a.com
O1 - Hosts: 127.1 w.b2c3.cn
O1 - Hosts: 127.1 m.c5x8.com
O1 - Hosts: 127.1 www.518sfw.cn
O1 - Hosts: 127.1 www.jjyyzmj.cn
O1 - Hosts: 127.1 u.cnmrx.net
O1 - Hosts: 127.1 duowan.czm.cn
O1 - Hosts: 127.1 xccxcxcxcxcx.cn
O1 - Hosts: 127.1 google-yahoo.org.cn
O1 - Hosts: 127.1 tudou-net.org.cn
O1 - Hosts: 127.1 downloads.zango.com
O1 - Hosts: 127.1 ftp.surfnet.nl
O1 - Hosts: 127.1 bis.180solutions.com
O1 - Hosts: 127.1 installs.hotbar.com
O1 - Hosts: 127.1 www.hbdownloads.com
O1 - Hosts: 127.1 static.zangocash.com
O1 - Hosts: 127.1 www.qq-songli.cn
O1 - Hosts: 127.1 aa.9234.net
O1 - Hosts: 127.1 www.97love.info
O1 - Hosts: 127.1 97love.info
O1 - Hosts: 127.1 www.zyzhuiku.cn
O1 - Hosts: 127.1 zyzhuiku.cn
O1 - Hosts: 127.1 www.lang18.com
O1 - Hosts: 127.1 lang18.com
O1 - Hosts: 127.1 sao6666.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D56A5525-6B17-4A95-A765-E6FB5EFF99B9}: NameServer = 172.16.0.1
O20 - AppInit_DLLs: HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll
--
End of file - 6792 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
ThunderHlpObj Class - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [2008-10-21 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HBService32"=C:\WINDOWS\system32\SYSTEM.EXE [2008-10-21 3572]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-05-23 3031040]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
24Online Client.lnk - C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll [2008-10-21 15872]
Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll [2004-08-04 20480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DE02F764-C51A-4788-9597-D78ECC2AC08F}"=C:\WINDOWS\system32\DE02F764.dll [2008-10-21 217178]
"{43ACDCC5-9009-4AF4-B80A-93BC656EF298}"=C:\WINDOWS\system32\43ACDCC5.dll [2008-10-21 13419]
"{58FF3024-8A83-4B1A-88E9-302F47646EEE}"=C:\WINDOWS\system32\58FF3024.dll [2008-10-21 12972]
"{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B}"=C:\WINDOWS\system32\D91BC61E.dll [2008-10-21 12005]
"{82710040-F86E-42E0-B1F8-04EDF75856F8}"=C:\WINDOWS\system32\82710040.dll [2008-10-21 11379]
"{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}"=C:\WINDOWS\system32\4D023DE9.dll [2008-10-21 11698]
"{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}"=C:\WINDOWS\system32\08223B03.dll [2008-10-21 12213]
"{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}"=C:\WINDOWS\system32\7ADC2AB1.dll [2008-10-21 11261]
"{DA63E650-537C-4042-87BB-9D19D844680B}"=C:\WINDOWS\system32\DA63E650.dll [2008-10-21 12770]
"{C250CF20-5F89-4310-9854-4BC261FB14FB}"=C:\WINDOWS\system32\C250CF20.dll [2008-10-21 11657]
"{9CA963CA-107C-4089-B0AB-31380F90D7E3}"=C:\WINDOWS\system32\9CA963CA.dll [2008-10-21 11951]
"{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}"=C:\WINDOWS\system32\122B901E.dll [2008-10-21 12532]
"{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}"=C:\WINDOWS\system32\495271CA.dll [2008-10-21 11971]
"{4F34C688-FD49-42FC-97F7-87D2F5791612}"=C:\WINDOWS\system32\4F34C688.dll [2008-10-21 11717]
"{C56BCC10-503E-43AB-B208-3CD37FCFCE40}"=C:\WINDOWS\system32\C56BCC10.dll [2008-10-21 216485]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eb7e5a9-fef4-11d5-a6c0-806d6172696f}]
shell\AutoRun\command - E:\ASUSACPI.exe
======List of files/folders created in the last 1 months======
2008-10-22 00:35:59 ----SHD---- C:\RECYCLER
2008-10-21 22:49:51 ----D---- C:\rsit
2008-10-21 19:38:21 ----A---- C:\WINDOWS\system32\HBSO2.dll
2008-10-21 19:37:55 ----D---- C:\WINDOWS\Minidump
2008-10-21 19:08:17 ----D---- C:\Documents and Settings\Deepak\Application Data\Malwarebytes
2008-10-21 19:08:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-21 19:08:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 19:05:36 ----ASH---- C:\WINDOWS\system32\4BF9CBA3.dll
2008-10-21 19:05:26 ----ASH---- C:\WINDOWS\system32\C56BCC10.dll
2008-10-21 19:05:21 ----ASH---- C:\WINDOWS\system32\4F34C688.dll
2008-10-21 18:52:10 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-21 18:49:32 ----A---- C:\WINDOWS\system32\HBZG.dll
2008-10-21 18:49:28 ----A---- C:\WINDOWS\system32\HBZHUXIAN.dll
2008-10-21 18:49:22 ----A---- C:\WINDOWS\system32\HBBO.dll
2008-10-21 18:49:20 ----A---- C:\WINDOWS\system32\HBCHIBI.dll
2008-10-21 18:49:19 ----A---- C:\WINDOWS\system32\System.exe
2008-10-21 18:49:19 ----A---- C:\WINDOWS\system32\HBQQSG.dll
2008-10-21 18:49:12 ----ASH---- C:\WINDOWS\system32\495271CA.dll
2008-10-21 18:49:05 ----ASH---- C:\WINDOWS\system32\122B901E.dll
2008-10-21 18:48:57 ----ASH---- C:\WINDOWS\system32\9CA963CA.dll
2008-10-21 18:48:50 ----ASH---- C:\WINDOWS\system32\C250CF20.dll
2008-10-21 18:48:42 ----ASH---- C:\WINDOWS\system32\DA63E650.dll
2008-10-21 18:48:36 ----ASH---- C:\WINDOWS\system32\7ADC2AB1.dll
2008-10-21 18:48:27 ----ASH---- C:\WINDOWS\system32\08223B03.dll
2008-10-21 18:48:19 ----ASH---- C:\WINDOWS\system32\4D023DE9.dll
2008-10-21 18:48:10 ----ASH---- C:\WINDOWS\system32\82710040.dll
2008-10-21 18:48:03 ----ASH---- C:\WINDOWS\system32\D91BC61E.dll
2008-10-21 18:47:55 ----ASH---- C:\WINDOWS\system32\58FF3024.dll
2008-10-21 18:47:47 ----ASH---- C:\WINDOWS\system32\43ACDCC5.dll
2008-10-21 18:47:38 ----ASH---- C:\WINDOWS\system32\DE02F764.dll
2008-10-21 18:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-21 18:47:33 ----A---- C:\WINDOWS\system32\HBmhly.dll
2008-10-21 18:47:28 ----A---- C:\WINDOWS\Update.dll
2008-10-21 18:42:57 ----D---- C:\Program Files\WinRAR
2005-09-23 07:28:56 ----A---- C:\WINDOWS\system32\netfxperf.dll
2005-09-23 07:28:52 ----A---- C:\WINDOWS\system32\mscories.dll
2005-09-23 07:28:52 ----A---- C:\WINDOWS\system32\mscorier.dll
2005-09-23 07:28:52 ----A---- C:\WINDOWS\system32\mscoree.dll
2005-09-23 07:28:38 ----A---- C:\WINDOWS\system32\dfshim.dll
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wshnetbs.dll
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wshisn.dll
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wshatm.dll
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wowexec.exe
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wowdeb.exe
2004-10-13 23:39:34 ----A---- C:\WINDOWS\winhelp.exe
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\wmiscmgr.dll
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\wmiprop.dll
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\wmerrenu.dll
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winstrm.dll
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winspool.exe
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winsock.dll
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winmsd.exe
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winhlp32.exe
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winfax.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\win.ini
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\win87em.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\win.com
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\wifeman.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\wiavusd.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\webhits.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\wavemsp.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\w32topl.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\w32tm.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\vmmreg32.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\twunk_32.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\twunk_16.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\twain.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vwipxspx.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vwipxspx.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vssadmin.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vss_ps.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vjoy.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vga64k.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vga256.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vga.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vfpodbc.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\verifier.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\verifier.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\ver.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vcdex.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\utildll.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\user.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\ureg.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\unlodctr.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\umdmxfrm.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\ufat.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\typeperf.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\typelib.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\tsd32.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\tsappcmp.dll
2004-10-13 23:39:28 ----A---- C:\WINDOWS\system32\tree.com
2004-10-13 23:39:28 ----A---- C:\WINDOWS\system32\traffic.dll
2004-10-13 23:39:28 ----A---- C:\WINDOWS\system32\tracert6.exe
2004-10-13 23:39:28 ----A---- C:\WINDOWS\system32\toolhelp.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tftp.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\taskman.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tasklist.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\taskkill.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tapiui.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tapiperf.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tapi.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\systray.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\systeminfo.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\syskey.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\sysinv.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\sysedit.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\syncapp.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\swprv.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\svcpack.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\subst.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\storage.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system.ini
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\sqlwoa.dll
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\sqlwid.dll
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\sprestrt.exe
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\sort.exe
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\softpub.dll
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\skdll.dll
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\sisbkup.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\shell.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\share.exe
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\sfmapi.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\sfc.exe
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\setver.exe
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\setupdll.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\serwvdrv.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\services.msc
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\serialui.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\senscfg.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\secpol.msc
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\sdpblb.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\scriptpw.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\scredir.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\scardssp.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\sc.exe
2004-10-13 23:39:20 ----R---- C:\WINDOWS\system32\rsop.msc
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\runas.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rtm.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsvpperf.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsvpmsg.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsvp.ini
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsvp.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsopprov.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsmui.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsmsink.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsm.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsfsaps.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rpcns4.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\routetab.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\routemon.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\route.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rnr20.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\riched32.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\replace.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rend.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\relog.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\regwiz.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\regedt32.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\recover.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasser.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasrad.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasmxs.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasmontr.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasdial.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasctrs.ini
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasctrs.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasautou.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\qosname.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\pubprn.vbs
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\psnppagn.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\pschdprf.ini
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\pschdprf.dll
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prodspec.ini
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prnqctl.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prnport.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prnmngr.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prnjobs.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prndrvr.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prncnfg.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\print.exe
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prflbmsg.dll
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\pmspl.dll
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\plustab.dll
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\ping6.exe
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\pifmgr.dll
2004-10-13 23:39:16 ----R---- C:\WINDOWS\system32\perfmon.msc
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perfwci.ini
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perfts.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perfnw.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perfnet.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perffilt.ini
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perfci.ini
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\pentnt.exe
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\pathping.exe
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\panmap.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\pagefileconfig.vbs
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\osuninst.exe
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olethk32.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olesvr32.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olesvr.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\oledlg.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olecnv32.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olecli32.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olecli.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\oleacc.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\ole2nls.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\ole2disp.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\ole2.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ocmanage.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nwscript.exe
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nwevent.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nwcfg.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nwapi32.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nwapi16.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nw16.exe
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntsdexts.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntsd.exe
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntmsoprq.msc
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntmsmgr.msc
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntmsevt.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntlanui.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\ntdsbcli.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\netui2.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\netmsg.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\neth.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\netevent.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\netapi.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\ncxpnt.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\nbtstat.exe
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\narrhook.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\mycomput.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msxmlr.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msxml3r.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msxml2r.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msvideo.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msvidc32.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msvcrt20.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msvcp50.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msvbvm50.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msswchx.exe
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msswch.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\mssip32.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\mssign32.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msrecr40.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msrclr40.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msratelc.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msr2cenu.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msr2c.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msports.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msobjs.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msls31.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msidntld.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\msencode.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mscat32.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\msaudite.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\msacm.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\msaatext.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mrinfo.exe
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mqperf.ini
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mqperf.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mqgentr.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mqcertui.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mprui.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mprmsg.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mprdim.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mprddm.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mpnotify.exe
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mountvol.exe
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\more.com
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\modex.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\msdfmap.ini
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mode.com
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mmutilse.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mmdrv.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mll_qic.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mll_mtf.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mll_hp.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mimefilt.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\migpwd.exe
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mfc40u.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mfc40.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mem.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mdhcp.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mciole32.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mciole16.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mcicda.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mchgrcoi.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mcdsrv32.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mcd32.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mapistub.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mag_hook.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lzexpand.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lz32.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lusrmgr.msc
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lprmonui.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lpr.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lpq.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\loghours.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lodctr.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\loadfix.com
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lnkstub.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lights.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\langwrbk.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\label.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kdcom.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdusx.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdusr.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdusl.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdus.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbduk.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdsw.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdsp.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdsg.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdsf.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdpo.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdno.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdnec.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdne.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdmac.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdla.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdit142.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdit.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdir.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdic.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdgr1.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdgr.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdgae.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdfr.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdfo.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdfi.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdfc.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdes.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbddv.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdda.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdcan.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdca.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdbr.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdbene.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdbe.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kb16.com
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\jobexec.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgsh400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgsd400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgpl400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgmd400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgdw400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgaw400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jet500.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ir32_32.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxwan.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxsap.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxrip.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxpromn.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxmontr.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipsec6.exe
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\iprtprio.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\iprop.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipmontr.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\iologmsg.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\infosoft.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\inetcplc.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\iissuba.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\ifsutil.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\ieakui.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\icmui.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iassvcs.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iassdo.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iassam.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iasrecst.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iaspolcy.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iasnap.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iashlpr.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iasads.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iasacct.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\hostname.exe
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\hnetmon.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\hlink.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\help.exe
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\graphics.com
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\graftabl.com
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\gpupdate.exe
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\gpedit.msc
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\glmf32.dll
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\getmac.exe
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\gdi.exe
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\gcdef.dll
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\ftsrch.dll
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\fsutil.exe
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\fsusd.dll
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\fsmgmt.msc
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\format.com
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\forcedos.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fontsub.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fmifs.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fixmapi.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\finger.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\find.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fde.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fc.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fastopen.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\exts.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\expand.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\exe2bin.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eventvwr.msc
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eventvwr.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eventquery.vbs
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eventcls.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eula.txt
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\esentutl.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\esentprf.ini
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\esentprf.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\esent97.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\edlin.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\edit.com
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\dskquoui.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\dsauth.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\drwatson.exe
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\driverquery.exe
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dpwsock.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dpserial.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dplay.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\doskey.exe
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\docprop.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dmocx.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dmintf.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dmdskres.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dmconfig.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dispex.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diskperf.exe
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diskcopy.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diskcopy.com
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diskcomp.com
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dimap.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diactfrm.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\dfrgres.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\dfrg.msc
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\devmgmt.msc
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\deskperf.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\deskmon.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\deskadp.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\debug.exe
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\ddeml.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\dbgeng.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\datime.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\d3dxof.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\d3drm.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\d3dramp.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\d3dim.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\ctl3dv2.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\ctl3d32.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\csseqchk.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\crtdll.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\convert.exe
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\control.exe
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\console.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\confmsp.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\compobj.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\compmgmt.msc
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\compact.exe
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\comp.exe
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\commdlg.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\command.com
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\comcat.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\cnvfat.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\cnetcfg.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\shellstyle.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\cmpbk32.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\clb.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\ckcnv.exe
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\cidaemon.exe
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\cic.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\ciadv.msc
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\ciadmin.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\chkntfs.exe
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\chkdsk.exe
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\chcp.com
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\certmgr.msc
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\ccfgnt.dll
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\cards.dll
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\capesnpn.dll
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\cacls.exe
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\bootvid.dll
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\bootok.exe
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\bootcfg.exe
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\avifile.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\avicap32.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\avicap.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\autodisc.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\attrib.exe
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\atmpvcno.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\atkctrs.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\asr_ldm.exe
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\arp.exe
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\append.exe
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\apcups.dll
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\adsnw.dll
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\adsnds.dll
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\adptif.dll
2004-10-13 23:38:30 ----A---- C:\WINDOWS\system32\acledit.dll
2004-10-13 23:38:30 ----A---- C:\WINDOWS\system32\aaaamon.dll
2004-08-04 06:32:46 ----A---- C:\WINDOWS\system32\netsetup.exe
2004-08-04 06:31:08 ----A---- C:\WINDOWS\system32\tsddd.dll
2004-08-04 06:31:08 ----A---- C:\WINDOWS\system32\rdpdd.dll
2004-08-04 06:27:06 ----A---- C:\WINDOWS\system32\drmclien.dll
2004-08-04 06:27:04 ----A---- C:\WINDOWS\system32\wmvcore.dll
2004-08-04 06:27:04 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2004-08-04 06:27:02 ----A---- C:\WINDOWS\system32\msscp.dll
2004-08-04 06:27:02 ----A---- C:\WINDOWS\system32\msnetobj.dll
2004-08-04 06:26:58 ----A---- C:\WINDOWS\winhlp32.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\xcopy.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wscript.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wscntfy.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wpabaln.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\winver.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\winlogon.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wextract.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\vssvc.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\utilman.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\userinit.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\ups.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\upnpcont.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tracert.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tracerpt.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tourstart.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tlntsess.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\telnet.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\taskmgr.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\svchost.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\stimon.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\spoolsv.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\spnpinst.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\smss.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\smbinst.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\skeys.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\sigverif.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\shutdown.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\shrpubw.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\shmgrate.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\setup.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\sethc.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\services.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\secedit.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\sdbinst.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\schtasks.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\scardsvr.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\savedump.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\runonce.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rundll32.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rtcshare.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rsnotify.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rsh.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rexec.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\regsvr32.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\reg.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rcp.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rcimlby.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rasphone.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\proxycfg.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\proquota.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\progman.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\powercfg.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\ping.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\perfmon.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\packager.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\osk.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\openfiles.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\odbcconf.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\odbcad32.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\ntvdm.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\ntbackup.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\nslookup.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\notepad.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\netstat.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\netsh.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\netdde.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\net1.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\net.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\nddeapir.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\narrator.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\regedit.exe
2004-08-04 06:26:54 ----A---- C:\WINDOWS\system32\msiexec.exe
2004-08-04 06:26:54 ----A---- C:\WINDOWS\system32\mshta.exe
2004-08-04 06:26:54 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2004-08-04 06:26:54 ----A---- C:\WINDOWS\system32\mqsvc.exe
2004-08-04 06:26:54 ----A---- C:\WINDOWS\system32\mqbkup.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\mobsync.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\mmc.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\makecab.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\magnify.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\lsass.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\logonui.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\logman.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\logagent.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\locator.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\ipxroute.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\ipv6.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\ipconfig.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\imapi.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\iexpress.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\hh.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\grpconv.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\gpresult.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\ftp.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\fsquirt.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\fontview.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\findstr.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\extrac32.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\eventcreate.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\eudcedit.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dxdiag.exe
deepak4490
2008-10-22, 07:04
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dwwin.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dumprep.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dmremote.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dmadmin.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dllhost.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\diskpart.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\diantz.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\defrag.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\ddeshare.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\ctfmon.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\csrss.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\cscript.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\conime.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\cmstp.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\cmmon32.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\cmdl32.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\cmd.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\explorer.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\twain_32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\zipfldr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\xmlprov.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\xactsrv.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wstdecod.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wsock32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\WshRm.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wship6.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wshext.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wshcon.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wshbth.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wsecedit.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wscsvc.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\ws2help.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\ws2_32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wow32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmstream.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpshell.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpcore.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpcd.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpasf.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmp.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmidx.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmdmps.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmasf.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmadmoe.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmadmod.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wlnotify.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wldap32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wkssvc.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wintrust.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winsta.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winsrv.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winshfhc.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winscard.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winrnr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winmm.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winipsec.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wininet.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winhttp.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\win32spl.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiavideo.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiashext.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiaservc.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiascr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiadss.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiadefui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\webvw.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\webclnt.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wdigest.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\w3ssl.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\w32time.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\vssapi.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\version.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\vdmredir.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\vbscript.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\vbajet32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\uxtheme.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\usp10.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\userenv.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\user32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\usbmon.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\urlmon.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\url.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\upnpui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\upnphost.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\upnp.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\untfs.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\uniplat.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\unimdmat.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\umandlg.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\ulib.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\udhisapi.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\txflog.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\twext.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\trkwks.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\themeui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\termmgr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tcpmon.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tcpmib.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tapisrv.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tapi32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tapi3.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\t2embed.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\syssetup.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\syncui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\synceng.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\sxs.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\clipsrv.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\cliconfg.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\cisvc.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\cipher.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\blastcln.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\autolfn.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\autofmt.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\autoconv.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\autochk.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\auditusr.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\atmadm.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\at.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\alg.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\ahui.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\actmovie.exe
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\strmfilt.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\strmdll.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\stobject.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sti_ci.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sti.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\srvsvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\spoolss.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\snmpapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\slbiop.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\slayerxp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sigtab.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shsvcs.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shscrap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shmedia.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shlwapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shimgvw.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shimeng.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shgina.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shfolder.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shell32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shdocvw.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sfc_os.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sfc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\setupapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sensapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sens.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sendmail.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\security.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\secur32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\seclogon.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\scrrun.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\scrobj.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\schannel.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\scesrv.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\scecli.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sccsccp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\scarddlg.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sbeio.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sbe.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\samsrv.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\samlib.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rtutils.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rsmps.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rshx32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rpcss.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\riched20.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\resutils.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\regwizc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\regsvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\regapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rastls.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rastapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rassapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasppp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasmans.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasman.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasdlg.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\raschap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasauto.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasapi32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\query.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\quartz.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\qedit.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\qdvd.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\qdv.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\qcap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\qasf.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pstorec.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\psbase.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\psapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\profmap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\printui.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\powrprof.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\polstore.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pngfilt.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pjlmon.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pid.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\photowiz.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\perfproc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\perfos.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\perfdisk.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\perfctrs.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pdh.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pautoenr.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\p2psvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\p2p.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\osuninst.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\opengl32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\olepro32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\oleprn.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\oleaut32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ole32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\offfilt.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odtext32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odpdx32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odfox32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odexl32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\oddbse32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbctrac.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbccu32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbccr32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbccp32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbcconf.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbc32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\occache.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\objsel.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\oakley.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\nwwks.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\nwprovau.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntshrui.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntprint.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntmarta.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntlanman.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\npptools.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\nlhtml.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\newdev.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netui1.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netui0.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netshell.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netrap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netplwiz.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netman.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netlogon.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netid.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netcfgx.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netapi32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\nddenb32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\nddeapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mydocs.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mtxclu.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\msyuv.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\msxml3.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\msxml2.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\msxml.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\msxbde40.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mswstr10.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mswsock.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mswmdm.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mswdat10.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\upnpsrv.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msw3prt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvidctl.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvfw32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvcrt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvcp60.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvcirt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msv1_0.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msutb.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mstime.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mstext40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mssap.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msrle32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msrepl40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msrating.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mspmsp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mspbde40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mspatcha.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msorcl32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msnsspc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msltus40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mslbui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msjtes40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msjter40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msjint40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msjet40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msisip.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\MSIMTF.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msimg32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msihnd.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msieftp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msidle.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msident.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mshtmled.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msgsvc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msgina.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msftedit.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msexcl40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msexch40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msdmo.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msdart.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msdadiag.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\MSCTFP.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\MSCTF.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mscpxl32.dLL
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mscms.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msasn1.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msapsspc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msacm32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqutil.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqtrig.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqsnap.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqsec.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqrt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqqm.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqoa.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqise.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqdscli.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqad.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mprapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mpr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\modemui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mobsync.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mmcshext.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mmcbase.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mlang.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\miglibnt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\midimap.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mfc42u.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mfc42.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mf3216.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mdminst.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mciwave.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mciseq.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mciavi32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mcastmib.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\lsasrv.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\lprhelp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\lpk.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\localui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\localspl.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\localsec.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\loadperf.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\lmrt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\linkinfo.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\licmgr10.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\licdll.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\laprxy.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\keymgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\kernel32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\kerberos.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\jsproxy.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\jscript.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ixsso.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iuengine.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\itss.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\itircl.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ir50_32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ippromon.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\inseng.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\input.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\initpki.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\inetppui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\inetpp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\inetmib1.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\imm32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\imgutil.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\imeshare.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\imagehlp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ifmon.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iesetup.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iernonce.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iepeers.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ieencode.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ieaksie.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ieakeng.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\idq.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\icm32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iccvid.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iasrad.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\htui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\httpapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hotplug.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hid.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hhsetup.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hccoin.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\h323msp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\gptext.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\glu32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\gdi32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\fwcfg.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\fontext.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\filemgmt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\feclient.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\fdeploy.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\faultrep.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\extmgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\expsrv.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\eventlog.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\esent.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\es.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ersvc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\encdec.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\encapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\els.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\efsadu.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dxtrans.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dxmasf.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dx8vb.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dx7vb.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\duser.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dswave.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsuiext.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dssec.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsquery.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsprop.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsound3d.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsound.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dskquota.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsdmo.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ds32gt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\drprov.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\drmstor.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpvvox.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpvoice.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpvacm.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpnet.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dplayx.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\docprop2.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dnsapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmutil.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmusic.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmsynth.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmstyle.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmserver.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmscript.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmloader.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmime.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmcompos.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmband.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dinput8.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dinput.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\digest.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dgnet.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dfrgui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\devmgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\devenum.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ddrawex.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ddraw.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dciman32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dbghelp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\davclnt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dataclen.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\danim.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\d3dim700.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\d3d9.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\d3d8.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\csrsrv.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cscui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cscdll.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptnet.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptext.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptdll.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\crypt32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\credui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\corpol.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\comres.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\compstui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\compatUI.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\comdlg32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\comctl32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cmutil.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cmsetACL.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cmdial32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\clusapi.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cliconfg.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\ciodm.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cewmdm.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\certmgr.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\certcli.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cdosys.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cdm.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cdfview.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\camocx.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cabview.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cabinet.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\btpanui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\bthserv.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\bthci.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\browsewm.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\browseui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\browser.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\blackbox.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\bidispl.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\batmeter.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\basesrv.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\avifil32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\authz.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\audiosrv.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\atmlib.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\atl.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\asycfilt.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\appmgr.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\appmgmts.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\apphelp.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\amstream.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\alrsvc.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\advpack.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\advapi32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\adsnt.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\adsmsext.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\adsldpc.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\adsldp.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\admparse.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\actxprxy.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\activeds.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\aclui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\6to4svc.dll
2004-08-04 06:26:38 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2004-08-04 06:26:38 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2004-08-04 06:26:38 ----A---- C:\WINDOWS\system32\xpob2res.dll
2004-08-04 06:26:38 ----A---- C:\WINDOWS\system32\wmploc.dll
2004-08-04 06:26:38 ----A---- C:\WINDOWS\system32\ntdll.dll
2004-08-04 06:26:36 ----A---- C:\WINDOWS\system32\wmi.dll
2004-08-04 06:26:36 ----A---- C:\WINDOWS\system32\wmerror.dll
2004-08-04 06:26:36 ----A---- C:\WINDOWS\system32\winntbbu.dll
2004-08-04 06:26:36 ----A---- C:\WINDOWS\system32\winbrand.dll
2004-08-04 06:26:28 ----A---- C:\WINDOWS\system32\shdoclc.dll
2004-08-04 06:26:28 ----A---- C:\WINDOWS\system32\dpcdll.dll
2004-08-04 06:26:26 ----A---- C:\WINDOWS\system32\qedwipes.dll
2004-08-04 06:26:24 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2004-08-04 06:26:24 ----A---- C:\WINDOWS\system32\odbcji32.dll
2004-08-04 06:26:24 ----A---- C:\WINDOWS\system32\odbcint.dll
2004-08-04 06:26:20 ----A---- C:\WINDOWS\system32\msprivs.dll
2004-08-04 06:26:20 ----A---- C:\WINDOWS\system32\msorc32r.dll
2004-08-04 06:26:18 ----A---- C:\WINDOWS\system32\msimsg.dll
2004-08-04 06:26:16 ----A---- C:\WINDOWS\system32\mshtmler.dll
2004-08-04 06:26:14 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2004-08-04 06:26:14 ----A---- C:\WINDOWS\system32\mscpx32r.dLL
2004-08-04 06:26:14 ----A---- C:\WINDOWS\system32\msafd.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\moricons.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdukx.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdno1.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdinben.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2004-08-04 06:26:08 ----A---- C:\WINDOWS\system32\icmp.dll
2004-08-04 06:26:08 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2004-08-04 06:26:08 ----A---- C:\WINDOWS\system32\gpedit.dll
2004-08-04 06:26:08 ----A---- C:\WINDOWS\system32\framebuf.dll
2004-08-04 06:26:06 ----A---- C:\WINDOWS\system32\pidgen.dll
2004-08-04 06:26:06 ----A---- C:\WINDOWS\system32\dsprpres.dll
2004-08-04 06:26:04 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2004-08-04 06:26:04 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2004-08-04 06:26:02 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2004-08-04 06:26:00 ----A---- C:\WINDOWS\system32\browselc.dll
2004-08-04 06:26:00 ----A---- C:\WINDOWS\system32\atmfd.dll
2004-08-04 06:26:00 ----A---- C:\WINDOWS\system32\asferror.dll
2004-08-04 04:50:00 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2004-08-04 04:29:36 ----A---- C:\WINDOWS\system32\spiisupd.exe
2004-08-04 04:29:24 ----A---- C:\WINDOWS\system32\kd1394.dll
2004-08-04 04:29:10 ----A---- C:\WINDOWS\system32\hal.dll
2004-08-04 04:29:00 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-04 04:28:26 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2004-08-04 04:21:22 ----A---- C:\WINDOWS\system32\dosx.exe
2004-08-04 04:21:20 ----A---- C:\WINDOWS\system32\winnls.dll
2004-08-04 04:21:12 ----A---- C:\WINDOWS\system32\mmsystem.dll
2004-08-04 04:19:34 ----A---- C:\WINDOWS\system32\krnl386.exe
2004-08-04 04:18:46 ----A---- C:\WINDOWS\system32\redir.exe
2004-08-04 04:08:34 ----RASH---- C:\NTDETECT.COM
2004-08-04 04:01:44 ----A---- C:\WINDOWS\system32\slbcsp.dll
2004-08-04 04:01:44 ----A---- C:\WINDOWS\system32\sccbase.dll
2004-08-04 04:01:44 ----A---- C:\WINDOWS\system32\rsaenh.dll
2004-08-04 04:01:44 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2004-08-04 04:01:44 ----A---- C:\WINDOWS\system32\dssenh.dll
2004-07-17 17:16:14 ----A---- C:\WINDOWS\system32\tcpmon.ini
2004-07-17 17:12:38 ----A---- C:\WINDOWS\system32\login.cmd
2004-07-17 17:09:16 ----A---- C:\WINDOWS\system32\xenroll.dll
2004-07-17 17:06:44 ----A---- C:\WINDOWS\system32\odbc16gt.dll
2004-07-17 17:06:44 ----A---- C:\WINDOWS\system32\ds16gt.dLL
2004-07-17 17:04:48 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2004-01-21 17:36:24 ----A---- C:\WINDOWS\system32\NetDiagnosis.dll
2002-01-02 02:20:58 ----A---- C:\WINDOWS\system32\h323log.txt
2002-01-02 02:18:32 ----A---- C:\WINDOWS\system32\usbui.dll
2002-01-02 02:17:37 ----A---- C:\WINDOWS\imsins.BAK
2002-01-02 02:17:34 ----SHD---- C:\WINDOWS\Installer
2002-01-02 02:17:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2002-01-02 02:17:33 ----D---- C:\Program Files\Common Files\ODBC
2002-01-02 02:17:33 ----A---- C:\WINDOWS\ODBCINST.INI
2002-01-02 02:17:30 ----RD---- C:\Program Files
2002-01-02 02:17:30 ----D---- C:\Program Files\Common Files\SpeechEngines
2002-01-02 02:17:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2002-01-02 02:17:30 ----D---- C:\Program Files\Common Files
2002-01-02 02:17:27 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2002-01-02 02:17:27 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2002-01-02 02:17:27 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdur.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdru.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2002-01-02 02:17:21 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2002-01-02 02:17:21 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2002-01-02 02:17:21 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2002-01-02 02:17:21 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2002-01-02 02:17:21 ----RA---- C:\WINDOWS\system32\kbdest.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdro.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2002-01-02 02:17:15 ----A---- C:\WINDOWS\system32\spxcoins.dll
2002-01-02 02:17:15 ----A---- C:\WINDOWS\system32\irclass.dll
2002-01-02 02:17:15 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2002-01-02 02:17:15 ----A---- C:\WINDOWS\system32\dgsetup.dll
2002-01-02 02:17:15 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2002-01-02 02:17:12 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2002-01-02 02:17:12 ----A---- C:\WINDOWS\TASKMAN.EXE
2002-01-02 02:17:11 ----A---- C:\WINDOWS\system32\batt.dll
2002-01-02 02:17:10 ----A---- C:\WINDOWS\NOTEPAD.EXE
2002-01-02 02:17:09 ----A---- C:\WINDOWS\system32\storprop.dll
2002-01-02 02:17:01 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2002-01-02 02:15:20 ----RA---- C:\WINDOWS\SET8.tmp
2002-01-02 02:15:17 ----RA---- C:\WINDOWS\SET4.tmp
2002-01-02 02:15:16 ----RA---- C:\WINDOWS\SET3.tmp
2002-01-02 02:15:11 ----D---- C:\WINDOWS\system32\CatRoot2
2002-01-02 02:15:11 ----D---- C:\WINDOWS\system32\CatRoot
2002-01-02 02:15:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2002-01-02 02:14:52 ----A---- C:\WINDOWS\setuplog.txt
2002-01-02 02:14:48 ----SHD---- C:\System Volume Information
2002-01-02 02:14:48 ----D---- C:\Documents and Settings
2002-01-02 02:14:13 ----SH---- C:\boot.ini
2002-01-02 02:10:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2002-01-02 02:10:55 ----RSD---- C:\WINDOWS\Fonts
2002-01-02 02:10:55 ----RD---- C:\WINDOWS\Web
2002-01-02 02:10:55 ----HD---- C:\WINDOWS\inf
2002-01-02 02:10:55 ----D---- C:\WINDOWS\WinSxS
2002-01-02 02:10:55 ----D---- C:\WINDOWS\twain_32
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Temp
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\wins
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\wbem
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\usmt
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\spool
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\ShellExt
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\Setup
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\ras
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\oobe
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\npp
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\mui
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\inetsrv
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\IME
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\icsxml
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\ias
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\export
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\drivers
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\dhcp
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\config
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\3com_dmi
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\3076
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\2052
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1054
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1042
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1041
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1037
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1033
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1031
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1028
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1025
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system
2002-01-02 02:10:55 ----D---- C:\WINDOWS\security
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Resources
2002-01-02 02:10:55 ----D---- C:\WINDOWS\repair
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Provisioning
2002-01-02 02:10:55 ----D---- C:\WINDOWS\PeerNet
2002-01-02 02:10:55 ----D---- C:\WINDOWS\pchealth
2002-01-02 02:10:55 ----D---- C:\WINDOWS\mui
2002-01-02 02:10:55 ----D---- C:\WINDOWS\msapps
2002-01-02 02:10:55 ----D---- C:\WINDOWS\msagent
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Media
2002-01-02 02:10:55 ----D---- C:\WINDOWS\java
2002-01-02 02:10:55 ----D---- C:\WINDOWS\ime
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Help
2002-01-02 02:10:55 ----D---- C:\WINDOWS\ehome
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Driver Cache
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Debug
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Cursors
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Connection Wizard
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Config
2002-01-02 02:10:55 ----D---- C:\WINDOWS\AppPatch
2002-01-02 02:10:55 ----D---- C:\WINDOWS\addins
2002-01-02 02:10:55 ----D---- C:\WINDOWS
2002-01-01 23:03:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2002-01-01 23:03:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2002-01-01 22:08:11 ----D---- C:\Documents and Settings\Deepak\Application Data\Macromedia
2002-01-01 22:06:59 ----D---- C:\Program Files\Yahoo!
2002-01-01 21:58:17 ----D---- C:\Program Files\Maxotek
2002-01-01 21:55:42 ----RSD---- C:\WINDOWS\assembly
2002-01-01 21:55:20 ----D---- C:\WINDOWS\Microsoft.NET
2002-01-01 21:54:42 ----N---- C:\WINDOWS\system32\spmsg.dll
2002-01-01 21:54:32 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
deepak4490
2008-10-22, 07:05
2002-01-01 21:11:31 ----D---- C:\Program Files\Marvell
2002-01-01 21:11:21 ----D---- C:\Program Files\Common Files\InstallShield
2002-01-01 21:07:01 ----A---- C:\WINDOWS\UnGins.exe
2002-01-01 21:07:00 ----D---- C:\Program Files\eLitecore
2002-01-01 21:05:34 ----D---- C:\Documents and Settings\Deepak\Application Data\Identities
2002-01-01 21:05:33 ----HD---- C:\Program Files\Uninstall Information
2002-01-01 21:05:21 ----SD---- C:\Documents and Settings\Deepak\Application Data\Microsoft
2002-01-01 21:05:21 ----ASH---- C:\Documents and Settings\Deepak\Application Data\desktop.ini
2002-01-01 21:00:17 ----D---- C:\WINDOWS\SoftwareDistribution
2002-01-01 21:00:15 ----SD---- C:\WINDOWS\system32\Microsoft
2002-01-01 21:00:15 ----D---- C:\WINDOWS\Prefetch
2002-01-01 21:00:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2002-01-01 20:56:43 ----D---- C:\WINDOWS\system32\xircom
2002-01-01 20:56:43 ----D---- C:\Program Files\xerox
2002-01-01 20:56:43 ----D---- C:\Program Files\microsoft frontpage
2002-01-01 20:56:17 ----A---- C:\WINDOWS\control.ini
2002-01-01 20:56:17 ----A---- C:\AUTOEXEC.BAT
2002-01-01 20:55:55 ----A---- C:\WINDOWS\OEWABLog.txt
2002-01-01 20:55:51 ----A---- C:\WINDOWS\system32\mapi32.dll
2002-01-01 20:54:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2002-01-01 20:54:58 ----RD---- C:\WINDOWS\Offline Web Pages
2002-01-01 20:54:58 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2002-01-01 20:54:52 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2002-01-01 20:54:48 ----HD---- C:\Program Files\WindowsUpdate
2002-01-01 20:54:31 ----D---- C:\WINDOWS\system32\DirectX
2002-01-01 20:54:16 ----A---- C:\WINDOWS\system32\atrace.dll
2002-01-01 20:54:14 ----A---- C:\WINDOWS\system32\desktop.ini
2002-01-01 20:54:14 ----A---- C:\WINDOWS\desktop.ini
2002-01-01 20:54:09 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2002-01-01 20:54:08 ----D---- C:\Program Files\Common Files\Services
2002-01-01 20:54:08 ----A---- C:\WINDOWS\system32\acctres.dll
2002-01-01 20:54:06 ----SD---- C:\WINDOWS\Tasks
2002-01-01 20:54:06 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2002-01-01 20:54:05 ----D---- C:\Program Files\Common Files\MSSoap
2002-01-01 20:54:02 ----D---- C:\WINDOWS\system32\Macromed
2002-01-01 20:54:02 ----D---- C:\WINDOWS\srchasst
2002-01-01 20:54:00 ----A---- C:\WINDOWS\system32\wuweb.dll
2002-01-01 20:54:00 ----A---- C:\WINDOWS\system32\wucltui.dll
2002-01-01 20:54:00 ----A---- C:\WINDOWS\system32\wuauserv.dll
2002-01-01 20:54:00 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\wups.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\wuaueng.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\wuauclt.exe
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\wuapi.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\qmgr.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2002-01-01 20:53:56 ----D---- C:\Program Files\Movie Maker
2002-01-01 20:53:53 ----A---- C:\WINDOWS\system32\safrslv.dll
2002-01-01 20:53:53 ----A---- C:\WINDOWS\system32\safrdm.dll
2002-01-01 20:53:53 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2002-01-01 20:53:53 ----A---- C:\WINDOWS\system32\racpldlg.dll
2002-01-01 20:53:50 ----D---- C:\WINDOWS\system32\Restore
2002-01-01 20:53:50 ----A---- C:\WINDOWS\system32\srsvc.dll
2002-01-01 20:53:50 ----A---- C:\WINDOWS\system32\srrstr.dll
2002-01-01 20:53:50 ----A---- C:\WINDOWS\system32\srclient.dll
2002-01-01 20:53:50 ----A---- C:\WINDOWS\system32\fltMc.exe
2002-01-01 20:53:50 ----A---- C:\WINDOWS\system32\fltlib.dll
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\msconf.dll
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\mnmdd.dll
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\ils.dll
2002-01-01 20:53:47 ----D---- C:\Program Files\NetMeeting
2002-01-01 20:53:47 ----A---- C:\WINDOWS\system32\msoert2.dll
2002-01-01 20:53:47 ----A---- C:\WINDOWS\system32\msoeacct.dll
2002-01-01 20:53:46 ----A---- C:\WINDOWS\system32\inetres.dll
2002-01-01 20:53:46 ----A---- C:\WINDOWS\system32\inetcomm.dll
2002-01-01 20:53:44 ----D---- C:\Program Files\Outlook Express
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\schedsvc.dll
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\mstinit.exe
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\mstask.dll
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\isign32.dll
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\inetcfg.dll
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\icwphbk.dll
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\icwdial.dll
2002-01-01 20:53:40 ----D---- C:\Program Files\Common Files\System
2002-01-01 20:53:39 ----D---- C:\Program Files\Internet Explorer
2002-01-01 20:53:08 ----D---- C:\Program Files\ComPlus Applications
2002-01-01 20:53:06 ----A---- C:\WINDOWS\vbaddin.ini
2002-01-01 20:53:06 ----A---- C:\WINDOWS\vb.ini
2002-01-01 20:53:02 ----D---- C:\WINDOWS\Registration
2002-01-01 20:52:55 ----D---- C:\Program Files\Online Services
2002-01-01 20:52:54 ----D---- C:\Program Files\Windows Media Player
2002-01-01 20:52:49 ----D---- C:\Program Files\Messenger
2002-01-01 20:52:46 ----D---- C:\Program Files\MSN Gaming Zone
2002-01-01 20:52:46 ----A---- C:\WINDOWS\system32\write.exe
2002-01-01 20:52:40 ----A---- C:\WINDOWS\system32\sndvol32.exe
2002-01-01 20:52:40 ----A---- C:\WINDOWS\system32\hticons.dll
2002-01-01 20:52:39 ----A---- C:\WINDOWS\system32\winchat.exe
2002-01-01 20:52:39 ----A---- C:\WINDOWS\system32\avwav.dll
2002-01-01 20:52:39 ----A---- C:\WINDOWS\system32\avtapi.dll
2002-01-01 20:52:39 ----A---- C:\WINDOWS\system32\avmeter.dll
2002-01-01 20:52:35 ----A---- C:\WINDOWS\system32\getuname.dll
2002-01-01 20:52:34 ----A---- C:\WINDOWS\system32\winmine.exe
2002-01-01 20:52:34 ----A---- C:\WINDOWS\system32\sol.exe
2002-01-01 20:52:34 ----A---- C:\WINDOWS\system32\mshearts.exe
2002-01-01 20:52:34 ----A---- C:\WINDOWS\system32\charmap.exe
2002-01-01 20:52:34 ----A---- C:\WINDOWS\system32\calc.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\tslabels.ini
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\tskill.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\tscon.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\shadow.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\rwinsta.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\reset.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\regini.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\qwinsta.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\qappsrv.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\msg.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\logoff.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\freecell.exe
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\mtxex.dll
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\mtxdm.dll
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\cdmodem.dll
2002-01-01 20:52:31 ----A---- C:\WINDOWS\system32\stclient.dll
2002-01-01 20:52:31 ----A---- C:\WINDOWS\system32\comsnap.dll
2002-01-01 20:52:31 ----A---- C:\WINDOWS\system32\comrepl.dll
2002-01-01 20:52:31 ----A---- C:\WINDOWS\system32\comaddin.dll
2002-01-01 20:52:28 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2002-01-01 20:52:18 ----D---- C:\Program Files\MSN
2002-01-01 20:52:18 ----A---- C:\WINDOWS\system32\accwiz.exe
2002-01-01 20:52:17 ----D---- C:\Program Files\Windows NT
2002-01-01 20:52:17 ----A---- C:\WINDOWS\system32\sndrec32.exe
2002-01-01 20:52:17 ----A---- C:\WINDOWS\system32\mspaint.exe
2002-01-01 20:52:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2002-01-01 20:52:17 ----A---- C:\WINDOWS\system32\hypertrm.dll
2002-01-01 20:52:17 ----A---- C:\WINDOWS\system32\clipbrd.exe
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\spider.exe
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\remotepg.dll
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\rdshost.exe
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\mstscax.dll
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\mstsc.exe
2002-01-01 20:52:15 ----D---- C:\WINDOWS\system32\MsDtc
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\termsrv.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\sessmgr.exe
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\rdpclip.exe
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\rdchost.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\qprocess.exe
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\icaapi.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\xolehlp.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\mtxoci.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\msdtctm.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\msdtclog.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\msdtc.exe
2002-01-01 20:52:13 ----D---- C:\WINDOWS\system32\Com
2002-01-01 20:52:13 ----A---- C:\WINDOWS\system32\colbact.dll
2002-01-01 20:52:13 ----A---- C:\WINDOWS\system32\clbcatex.dll
2002-01-01 20:52:13 ----A---- C:\WINDOWS\system32\catsrvut.dll
2002-01-01 20:52:13 ----A---- C:\WINDOWS\system32\catsrvps.dll
2002-01-01 20:52:13 ----A---- C:\WINDOWS\system32\catsrv.dll
2002-01-01 20:52:12 ----A---- C:\WINDOWS\system32\comuid.dll
2002-01-01 20:52:12 ----A---- C:\WINDOWS\system32\comsvcs.dll
2002-01-01 20:52:12 ----A---- C:\WINDOWS\system32\clbcatq.dll
2002-01-01 20:52:06 ----A---- C:\WINDOWS\system32\servdeps.dll
2002-01-01 20:52:06 ----A---- C:\WINDOWS\system32\mmfutil.dll
2002-01-01 20:52:06 ----A---- C:\WINDOWS\system32\licwmi.dll
2002-01-01 20:52:06 ----A---- C:\WINDOWS\system32\cmprops.dll
======List of files/folders modified in the last 1 months======
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\wowfaxui.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\wowfax.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrvpa.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrvoica.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrv80a.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrv42a.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrsvpia.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrshuta.exe
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrsdpia.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrrtosa.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrprbda.exe
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrlbva.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrfaxa.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrdtea.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrdpa.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrcoina.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrcntra.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\streamci.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\sprio800.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\sprio600.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\spnike.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\paqsp.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\mdwmdmsp.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\dvdplay.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R3 4c70249;4c70249; \??\C:\WINDOWS\system32\4c70249.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-04-01 230272]
S3 4901228;4901228; \??\C:\WINDOWS\system32\4901228.sys []
S3 8b52f47;8b52f47; \??\C:\WINDOWS\system32\8b52f47.sys []
S3 c551839;c551839; \??\C:\WINDOWS\system32\c551839.sys []
S3 eth8023;eth8023; C:\WINDOWS\system32\drivers\eth8023.sys [2008-10-21 18048]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
-----------------EOF-----------------
Baabiouz
2008-10-22, 14:22
Hello :)
Let's run Combofix.
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
deepak4490
2008-10-23, 11:36
Hello
Bro yesterday my AVG corrupted and my ISP blocked my internet access, he told me that he blocked my net coz of suspicious activities.
I formatted my C: and installed windows xp again.
Now i installed Kaspersky - it is detecting file flash.ocx as virus but now deleting it.
HijackThis Log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:07 PM, on 10/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viruslist.com/en/advisories/29321
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DEFE24-3973-444A-8971-2DF474663929}: NameServer = 172.16.0.1
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 2930 bytes
ComboFix Logfile
ComboFix 08-10-22.05 - Deepak 2008-10-23 14:56:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.312 [GMT 5.5:30]
Running from: C:\Documents and Settings\Deepak\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Deepak\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Messenger\msgmr.dll
C:\WINDOWS\AppPatch\AcSpecf.dll
C:\WINDOWS\AppPatch\AcXtrnel.sdb
C:\WINDOWS\Fonts\Framdee.ttf
C:\WINDOWS\system32\drivers\eth8023.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ETH8023
-------\Service_eth8023
((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.
2008-10-23 13:12 . 2008-10-23 13:12 <DIR> d-------- C:\Program Files\Maxotek
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 09:27 7,150,112 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-23 09:27 61,132 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-23 09:27 3,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-23 09:27 131,104 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-23 09:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-22 17:40 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-29 14:51 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
24Online Client.lnk - C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe [2004-05-31 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 ENO;ENO;C:\WINDOWS\system32\drivers\ENO.sys [2004-05-27 51564]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.viruslist.com/en/advisories/29321
O17 -: HKLM\CCS\Interface\{93DEFE24-3973-444A-8971-2DF474663929}: NameServer = 172.16.0.1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 14:58:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-23 14:59:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-23 09:29:38
Pre-Run: 18,379,968,512 bytes free
Post-Run: 18,366,046,208 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
90
deepak4490
2008-10-23, 12:19
Thumbnail view of message i did get from kaspersky whenever i open a webpage.
http://img222.imageshack.us/img222/5913/virusgd6.jpg (http://imageshack.us)
http://img222.imageshack.us/img222/virusgd6.jpg/1/w364.png (http://g.imageshack.us/img222/virusgd6.jpg/1/)
Baabiouz
2008-10-23, 12:28
Hello
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
(At installing Zonealarm, please uncheck this option "include a ZoneAlarm Spy Blocker...". The Toolbar is not recommended... You can read more about it here (http://sunbeltblog.blogspot.com/2007/12/another-security-company-succumbs-to.html).)
2) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Comodo (http://www.personalfirewall.comodo.com/)
(at installing Comodo, please uncheck these options: "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage")
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Let's scan your computer with Mbam:
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here (http://www.besttechie.net/tools/mbam-setup.exe) and save to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Post a fresh HijackThis log and Mbam's results here :)
deepak4490
2008-10-24, 06:49
MalwareByte Anti Malware Logfile
Malwarebytes' Anti-Malware 1.30
Database version: 1310
Windows 5.1.2600 Service Pack 2
10/24/2008 10:15:52 AM
mbam-log-2008-10-24 (10-15-52).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 254146
Time elapsed: 1 hour(s), 58 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\System Volume Information\_restore{4D5EAD28-9447-467A-811E-8B5354A073DB}\RP6\A0002396.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{4D5EAD28-9447-467A-811E-8B5354A073DB}\RP6\A0002398.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Hijackthis Log File
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:55 AM, on 10/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viruslist.com/en/advisories/29321
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DEFE24-3973-444A-8971-2DF474663929}: NameServer = 172.16.0.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 3445 bytes
deepak4490
2008-10-24, 06:56
Bro Comodo notified me this, and i denied the request - Is this trojan or normal activity ?
http://img404.imageshack.us/img404/4197/comodogq4.jpg (http://imageshack.us)
Baabiouz
2008-10-24, 09:33
It's ok.
HijackThis log looks fine.
Do you have any problems or questions? :)
deepak4490
2008-10-24, 10:53
Thanks a lot buddy:present:, now when i open a webpage - it is now showing that link in status bar.
What i have to do if the same problem again occurs in the future ?
Baabiouz
2008-10-24, 11:06
You're welcome.
Update and run Mbam first. If that doesn't help, post HijackThis log here forum :)
deepak4490
2008-10-24, 21:33
Thanks a lot, now am not facing any problem.
Bro what i have to do if i wanna donate some money to Spybot.info
Baabiouz
2008-10-25, 10:01
Hi :)
You're Welcome.
Here is link to Donate to Spybot:
http://www.spybot.info/en/donate/index.html
deepak4490
2008-10-27, 21:08
Bro i didnt use any pendrive, now i download any file from internet. Same problem occured again.
after seing last Hijachthis log u said the system is lookin ok, then from where this trojan comes again.
http://img201.imageshack.us/img201/7308/viruswx9.jpg (http://imageshack.us)
http://img201.imageshack.us/img201/viruswx9.jpg/1/w361.png (http://g.imageshack.us/img201/viruswx9.jpg/1/)
HijackThis Log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:49 AM, on 10/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viruslist.com/en/advisories/29321
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DEFE24-3973-444A-8971-2DF474663929}: NameServer = 172.16.0.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 3479 bytes
Baabiouz
2008-10-28, 06:29
Kaspersky is warning you about that website. What you did that this notice came up?
deepak4490
2008-10-28, 08:41
kaspersky automatically deny it.
deepak4490
2008-10-28, 08:42
I dont open any porn or warez site, next time i'll check which sites show this message and will tell u, u check at ur pc that these sites contain malicious script or not.
Baabiouz
2008-10-28, 13:35
Okay :)
deepak4490
2008-10-31, 13:49
I get this message from kaspersky everytime when i open a website like yahoo, spybot.info and others.
"Internet Explorer:Loading object http://y.ads009.info/14.htm,containing trojan program Exploit.JS.RealPlr.nl. Detected."
Please bro help me in removing this trojan.
Baabiouz
2008-11-01, 14:18
Hi
It may be False Positive, so you don't need to be worried :)
Installing MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) may help to fix the problem :)
deepak4490
2008-11-01, 14:22
What is this false positive, can u plz describe it.
Also my other pc is working fine, but the net is very slow, take years to download even a 1mb file.
Downloads freezes in between - is there any virus or trojan responsible for that.
Baabiouz
2008-11-01, 14:26
Hi
Here (http://service1.symantec.com/sarc/sarc.nsf/info/html/what.false.positive.html) is good text about False Positive.
Post HijackThis log of your other computer here so we can try fix the problem :)
deepak4490
2008-11-01, 20:24
HiJackThis Log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:10 AM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A08531EC-97A6-4CF6-9E7A-C2ECD31E6A5E}: NameServer = 192.168.222.4,202.88.149.6
--
End of file - 1553 bytes
Baabiouz
2008-11-01, 20:32
Hi
Click Start | My Computer | Local Disk (C: ) .
In the menu bar at the top, go to File | New | Folder.
That will create a folder named "New Folder", which you can rename to "HijackThis". You have now created C:\HijackThis.
Now get your HijackThis.exe file and place it in your folder.
Rename HiJackThis
There may be some infection hiding in your log.
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right-click on HijackThis.exe & select Rename to
Rename to something like deepak.exe
Double click on deepak.exe to run the program then post back a new Hijackthis log.
Post a fresh HijackThis log (deepak.exe) back here :)
deepak4490
2008-11-01, 20:59
HiJackThis Log - fresh
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:22 AM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\deepak.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A08531EC-97A6-4CF6-9E7A-C2ECD31E6A5E}: NameServer = 192.168.222.4,202.88.149.6
--
End of file - 1514 bytes
Baabiouz
2008-11-02, 13:29
Hi
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here (http://www.besttechie.net/tools/mbam-setup.exe) and save to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Please post Mbam results and Rsit logs back here :)
deepak4490
2008-11-03, 18:52
MalwareBytes Logfile
Malwarebytes' Anti-Malware 1.30
Database version: 1358
Windows 5.1.2600 Service Pack 2
11/3/2008 10:54:46 PM
mbam-log-2008-11-03 (22-54-46).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 69009
Time elapsed: 15 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-03 23:13:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (82%) free of 19 GB
Total RAM: 1015 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:41 PM, on 11/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Documents and Settings\Administrator\Desktop\Administrator.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A08531EC-97A6-4CF6-9E7A-C2ECD31E6A5E}: NameServer = 192.168.222.4,202.88.149.6
--
End of file - 1536 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-03-11 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-03-11 114688]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
24Online Client.lnk - C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2008-11-03 23:13:33 ----D---- C:\rsit
2008-11-02 01:26:36 ----D---- C:\HijackThis
2008-11-01 20:07:21 ----RA---- C:\WINDOWS\system32\igfxres.dll
2008-11-01 20:05:22 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-01 20:05:17 ----D---- C:\Program Files\Realtek Sound Manager
2008-11-01 20:05:14 ----N---- C:\WINDOWS\avrack.ini
2008-11-01 20:05:14 ----D---- C:\Program Files\AvRack
2008-11-01 20:05:13 ----A---- C:\WINDOWS\system32\Audio3D.dll
2008-11-01 20:05:13 ----A---- C:\WINDOWS\system32\a3d.dll
2008-11-01 20:05:11 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2008-11-01 20:05:07 ----N---- C:\WINDOWS\alcupd.exe
2008-11-01 20:05:07 ----N---- C:\WINDOWS\alcrmv.exe
2008-11-01 20:05:03 ----D---- C:\WINDOWS\OPTIONS
2008-11-01 20:04:57 ----D---- C:\Program Files\Gigabyte
2008-11-01 20:04:55 ----A---- C:\WINDOWS\IsUninst.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxtray.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxress.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxpph.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxhk.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxext.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxexps.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxeud.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxdo.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxdiag.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxdgps.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxdev.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmrnt5.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmrem.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmgicd.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmgdev.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmdnt5.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmdev5.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmdd5.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\iAlmCoIn_v13.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\hkcmd.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\hccutils.dll
2008-11-01 20:04:08 ----D---- C:\WINDOWS\Drivers
2008-11-01 20:03:48 ----A---- C:\WINDOWS\system32\IPrtCnst.dll
2008-11-01 20:02:12 ----D---- C:\Program Files\Intel
2008-11-01 20:01:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-01 20:01:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-01 20:01:31 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-31 22:50:12 ----SHD---- C:\RECYCLER
2008-10-31 18:06:16 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-25 02:46:28 ----A---- C:\IPList.txt
2008-10-24 14:21:32 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-24 14:21:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 14:21:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-24 14:03:35 ----SHD---- C:\WINDOWS\CSC
2008-10-24 14:03:28 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-23 12:56:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-10-23 12:56:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-10-16 19:49:33 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-16 19:46:35 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-16 19:45:30 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 19:45:27 ----SHD---- C:\WINDOWS\Installer
2008-10-16 19:45:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-16 19:45:26 ----D---- C:\Program Files\Common Files\ODBC
2008-10-16 19:45:26 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-16 19:45:23 ----RD---- C:\Program Files
2008-10-16 19:45:23 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-16 19:45:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-16 19:45:23 ----D---- C:\Program Files\Common Files
2008-10-16 19:45:21 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-16 19:45:21 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-16 19:45:21 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-16 19:45:17 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-16 19:45:17 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-16 19:45:17 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-16 19:45:17 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-16 19:45:17 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-16 19:45:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-16 19:45:13 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-16 19:45:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-16 19:45:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-16 19:45:12 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-16 19:45:11 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-16 19:45:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-16 19:45:11 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-16 19:45:10 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-16 19:45:07 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-16 19:44:59 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-16 19:43:17 ----RA---- C:\WINDOWS\SET8.tmp
2008-10-16 19:43:14 ----RA---- C:\WINDOWS\SET4.tmp
2008-10-16 19:43:13 ----RA---- C:\WINDOWS\SET3.tmp
2008-10-16 19:43:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-16 19:43:07 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-16 19:43:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-16 19:40:51 ----A---- C:\WINDOWS\setuplog.txt
2008-10-16 19:40:48 ----D---- C:\Documents and Settings
2008-10-16 19:40:47 ----SHD---- C:\System Volume Information
2008-10-16 19:37:16 ----SH---- C:\boot.ini
2008-10-16 19:33:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-16 19:33:35 ----RSD---- C:\WINDOWS\Fonts
2008-10-16 19:33:35 ----RD---- C:\WINDOWS\Web
2008-10-16 19:33:35 ----HD---- C:\WINDOWS\inf
2008-10-16 19:33:35 ----D---- C:\WINDOWS\WinSxS
2008-10-16 19:33:35 ----D---- C:\WINDOWS\twain_32
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Temp
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\wins
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\wbem
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\usmt
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\spool
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\ShellExt
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\Setup
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\ras
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\oobe
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\npp
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\mui
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\IME
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\icsxml
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\ias
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\export
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\drivers
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\dhcp
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\config
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\3com_dmi
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\3076
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\2052
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1054
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1042
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1041
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1037
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1033
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1031
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1028
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1025
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system
2008-10-16 19:33:35 ----D---- C:\WINDOWS\security
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Resources
2008-10-16 19:33:35 ----D---- C:\WINDOWS\repair
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Provisioning
2008-10-16 19:33:35 ----D---- C:\WINDOWS\PeerNet
2008-10-16 19:33:35 ----D---- C:\WINDOWS\pchealth
2008-10-16 19:33:35 ----D---- C:\WINDOWS\mui
2008-10-16 19:33:35 ----D---- C:\WINDOWS\msapps
2008-10-16 19:33:35 ----D---- C:\WINDOWS\msagent
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Media
2008-10-16 19:33:35 ----D---- C:\WINDOWS\java
2008-10-16 19:33:35 ----D---- C:\WINDOWS\ime
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Help
2008-10-16 19:33:35 ----D---- C:\WINDOWS\ehome
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Driver Cache
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Debug
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Cursors
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Connection Wizard
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Config
2008-10-16 19:33:35 ----D---- C:\WINDOWS\AppPatch
2008-10-16 19:33:35 ----D---- C:\WINDOWS\addins
2008-10-16 19:33:35 ----D---- C:\WINDOWS
2008-10-16 16:07:35 ----D---- C:\Program Files\Maxotek
2008-10-16 16:04:56 ----RSD---- C:\WINDOWS\assembly
2008-10-16 16:04:28 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-16 16:03:47 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-16 16:03:37 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-16 14:39:58 ----A---- C:\WINDOWS\UnGins.exe
2008-10-16 14:39:57 ----D---- C:\Program Files\eLitecore
2008-10-16 14:35:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2008-10-16 14:35:33 ----HD---- C:\Program Files\Uninstall Information
2008-10-16 14:35:15 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-10-16 14:35:14 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-10-16 14:35:05 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-16 14:35:04 ----SD---- C:\WINDOWS\system32\Microsoft
2008-10-16 14:35:04 ----D---- C:\WINDOWS\Prefetch
2008-10-16 14:35:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-16 14:28:24 ----D---- C:\WINDOWS\system32\xircom
2008-10-16 14:28:24 ----D---- C:\Program Files\xerox
2008-10-16 14:28:24 ----D---- C:\Program Files\microsoft frontpage
2008-10-16 14:27:56 ----A---- C:\WINDOWS\control.ini
2008-10-16 14:27:56 ----A---- C:\AUTOEXEC.BAT
2008-10-16 14:27:39 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-16 14:27:34 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-16 14:26:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-16 14:26:33 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-16 14:26:33 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-16 14:26:25 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-16 14:26:20 ----HD---- C:\Program Files\WindowsUpdate
2008-10-16 14:26:01 ----D---- C:\WINDOWS\system32\DirectX
2008-10-16 14:25:45 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-16 14:25:43 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-16 14:25:43 ----A---- C:\WINDOWS\desktop.ini
2008-10-16 14:25:38 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-16 14:25:37 ----D---- C:\Program Files\Common Files\Services
2008-10-16 14:25:37 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-16 14:25:35 ----SD---- C:\WINDOWS\Tasks
2008-10-16 14:25:35 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-16 14:25:34 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-16 14:25:31 ----D---- C:\WINDOWS\srchasst
2008-10-16 14:25:30 ----D---- C:\WINDOWS\system32\Macromed
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:25:27 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-16 14:25:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-16 14:25:27 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-16 14:25:27 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-16 14:25:24 ----D---- C:\Program Files\Movie Maker
2008-10-16 14:25:21 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-16 14:25:21 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-16 14:25:21 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-16 14:25:21 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-16 14:25:18 ----D---- C:\WINDOWS\system32\Restore
2008-10-16 14:25:18 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-16 14:25:18 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-16 14:25:18 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-16 14:25:18 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-16 14:25:18 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-16 14:25:15 ----D---- C:\Program Files\NetMeeting
2008-10-16 14:25:15 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-16 14:25:15 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-16 14:25:14 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-16 14:25:14 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-16 14:25:12 ----D---- C:\Program Files\Outlook Express
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-16 14:25:07 ----D---- C:\Program Files\Internet Explorer
2008-10-16 14:25:07 ----D---- C:\Program Files\Common Files\System
2008-10-16 14:24:28 ----D---- C:\Program Files\ComPlus Applications
2008-10-16 14:24:26 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-16 14:24:26 ----A---- C:\WINDOWS\vb.ini
2008-10-16 14:24:22 ----D---- C:\WINDOWS\Registration
2008-10-16 14:24:14 ----D---- C:\Program Files\Windows Media Player
2008-10-16 14:24:14 ----D---- C:\Program Files\Online Services
2008-10-16 14:24:08 ----D---- C:\Program Files\Messenger
2008-10-16 14:24:05 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-16 14:24:05 ----A---- C:\WINDOWS\system32\write.exe
2008-10-16 14:23:58 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-16 14:23:57 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-16 14:23:57 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-16 14:23:57 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-16 14:23:57 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-16 14:23:57 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-16 14:23:52 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-16 14:23:52 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-16 14:23:51 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-16 14:23:51 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-16 14:23:51 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-16 14:23:51 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-16 14:23:51 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-16 14:23:48 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-16 14:23:48 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-16 14:23:44 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-16 14:23:36 ----D---- C:\Program Files\MSN
2008-10-16 14:23:35 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-16 14:23:35 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-16 14:23:35 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-16 14:23:35 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-16 14:23:34 ----D---- C:\Program Files\Windows NT
2008-10-16 14:23:34 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-16 14:23:34 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-16 14:23:34 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-16 14:23:32 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-16 14:23:31 ----D---- C:\WINDOWS\system32\Com
2008-10-16 14:23:31 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-16 14:23:31 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-16 14:23:31 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-16 14:23:31 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-16 14:23:31 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-16 14:23:30 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-16 14:23:30 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-16 14:23:30 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-16 14:23:30 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-16 14:23:30 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-16 14:23:29 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-16 14:23:25 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-16 14:23:24 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-16 14:23:24 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-16 14:23:24 ----A---- C:\WINDOWS\system32\cmprops.dll
======List of files/folders modified in the last 1 months======
2008-10-16 19:45:22 ----A---- C:\WINDOWS\system.ini
2008-10-16 14:27:56 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-13 112288]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-13 78496]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-03-13 90395]
R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2001-08-23 25434]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
-----------------EOF-----------------
Info.txt
info.txt logfile of random's system information tool 1.04 2008-11-03 23:13:43
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Cyberoam Client for 24Online-->C:\WINDOWS\UnGins.exe "C:\Program Files\eLitecore\Cyberoam Client for 24Online\install.log"
Enable S3 for USB Device-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
HijackThis 2.0.2-->"C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Pika Bot-->MsiExec.exe /I{D7383415-2CD0-4C0A-A239-28D1A43E10F2}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RTLSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
=====HijackThis Backups=====
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Baabiouz
2008-11-03, 19:27
Hello
Rsit logs are fine.
You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:
Antivir (http://www.free-av.com/)
Avast Free (http://www.avast.com/eng/download-avast-home.html)
AVG Free (http://www.majorgeeks.com/download886.html)
Bitdefender Free (http://www.bitdefender.com/)
Install it and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
(At installing Zonealarm, please uncheck this option "include a ZoneAlarm Spy Blocker...". The Toolbar is not recommended... You can read more about it here (http://sunbeltblog.blogspot.com/2007/12/another-security-company-succumbs-to.html).)
2) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Comodo (http://www.personalfirewall.comodo.com/)
(at installing Comodo, please uncheck these options: "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage")
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Post a fresh HijackThis log here :)