Need Help Removing ZLOB.DNSChanger [Archive]

View Full Version : Need Help Removing ZLOB.DNSChanger

mvfisher

2008-11-16, 18:40

I have run Spy Bot, AVG etc and it keeps coming back, I have a Compaq Presario 6320us

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:36 AM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Curse\CurseClient.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cableone.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226637507078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226774174312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

--
End of file - 7306 bytes

peku006

2008-11-18, 11:19

Hello and Welcome to the forums!

My name is peku006 and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006

mvfisher

2008-11-18, 19:36

I am currently at work but will do this when I get home. Also, I connect through a router and have 2 other computers connecting wirelessly on my home network. Do I need to do anything with the router and I assume I need to do post the Hijak notes for each of the other computers if they are infected as they may require different solutions?

peku006

2008-11-18, 20:48

Hi mvfisher

Before I can answer the questions, I need see those logs........

mvfisher

2008-11-19, 03:00

Logfile of random's system information tool 1.04 (written by random/random)
Run at 2008-11-18 18:44:27
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 33 GB (57%) free of 57 GB
Total RAM: 511 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:57 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Curse\CurseClient.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Mike Fisher.FISHER\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mike Fisher.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cableone.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226637507078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226774174312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

--
End of file - 7402 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\Windows Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-13 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-13 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-13 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2002-05-15 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2002-05-15 114688]
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2002-07-16 106549]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-07-04 212992]
"WCOLOREAL"=C:\Program Files\COMPAQ\Coloreal\coloreal.exe [2002-02-20 143360]
"DDCM"=C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe [2002-06-08 122880]
"DDCActiveMenu"=C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe [2002-06-08 86016]
"srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe [2002-08-01 146432]
"CPQEASYACC"=C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [2001-12-14 32768]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-13 1234712]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-12-12 335872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2008-10-10 4789760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-28 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-05-15 307200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-11-18 18:44:27 ----D---- C:\rsit
2008-11-16 10:34:57 ----D---- C:\Program Files\Trend Micro
2008-11-16 00:39:17 ----D---- C:\Program Files\Curse
2008-11-15 23:07:09 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-15 19:59:29 ----D---- C:\Logs
2008-11-15 15:41:31 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-15 13:00:47 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-11-15 11:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-15 11:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-15 11:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-15 11:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-15 11:45:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-15 11:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-15 11:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-15 11:44:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-15 11:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-15 11:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-15 11:44:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-15 11:44:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-15 11:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-15 11:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-15 11:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-15 11:43:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-15 11:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-15 11:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-15 11:43:30 ----D---- C:\WINDOWS\ie7updates
2008-11-15 11:43:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-11-15 11:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-11-15 11:38:45 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-15 11:33:28 ----D---- C:\Program Files\MSBuild
2008-11-15 11:33:20 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-15 11:33:10 ----D---- C:\Program Files\Reference Assemblies
2008-11-15 11:32:33 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-11-14 15:33:05 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-14 15:32:53 ----D---- C:\Program Files\World of Warcraft
2008-11-14 14:44:05 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\Malwarebytes
2008-11-14 14:43:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-14 14:43:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-14 07:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2008-11-14 07:37:44 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-11-14 07:37:26 ----HDC---- C:\WINDOWS\$NtUninstallKB911565$
2008-11-14 07:30:27 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-11-14 07:30:19 ----D---- C:\Program Files\MSXML 6.0
2008-11-14 01:15:01 ----D---- C:\Program Files\PowerStrip
2008-11-14 00:55:41 ----D---- C:\WINDOWS\WBEM
2008-11-14 00:55:40 ----D---- C:\WINDOWS\system32\en-US
2008-11-14 00:54:22 ----HDC---- C:\WINDOWS\ie7
2008-11-14 00:53:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-14 00:53:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-14 00:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-14 00:52:28 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-14 00:05:36 ----HD---- C:\$AVG8.VAULT$
2008-11-13 23:56:16 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-13 23:56:03 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\AVGTOOLBAR
2008-11-13 23:55:53 ----D---- C:\Program Files\AVG
2008-11-13 23:55:53 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-13 23:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-13 23:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-11-13 23:46:19 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-11-13 23:46:13 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-11-13 23:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-11-13 23:46:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-11-13 23:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-11-13 23:45:48 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-13 23:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-11-13 23:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-13 23:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-13 23:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-13 23:45:17 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-11-13 23:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-13 23:45:06 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-13 23:45:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-13 23:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-13 23:44:48 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-11-13 23:44:41 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-11-13 23:43:05 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-13 23:42:55 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-11-13 23:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-13 23:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-13 23:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2008-11-13 23:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-11-13 23:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-13 23:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-13 23:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-11-13 23:41:03 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-11-13 23:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-13 23:40:51 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-11-13 23:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-13 23:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-11-13 23:40:35 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-13 23:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-13 23:40:22 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-11-13 23:40:17 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-11-13 23:40:08 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-13 23:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-11-13 23:39:38 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-13 23:39:23 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-13 23:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-13 23:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-13 23:38:57 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-13 23:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-13 23:38:42 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-13 23:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-13 23:37:23 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\ATI
2008-11-13 23:37:23 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-11-13 23:34:26 ----D---- C:\WINDOWS\Prefetch
2008-11-13 23:27:42 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-13 23:25:59 ----N---- C:\WINDOWS\system32\proxycfg.exe
2008-11-13 23:25:59 ----N---- C:\WINDOWS\system32\logman.exe
2008-11-13 23:25:43 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2008-11-13 23:25:43 ----N---- C:\WINDOWS\system32\btpanui.dll
2008-11-13 23:25:43 ----N---- C:\WINDOWS\system32\bthserv.dll
2008-11-13 23:25:43 ----N---- C:\WINDOWS\system32\bthci.dll
2008-11-13 23:25:43 ----N---- C:\WINDOWS\system32\blastcln.exe
2008-11-13 23:25:43 ----N---- C:\WINDOWS\system32\auditusr.exe
2008-11-13 23:25:43 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-13 23:25:42 ----N---- C:\WINDOWS\system32\httpapi.dll
2008-11-13 23:25:42 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-13 23:25:42 ----N---- C:\WINDOWS\system32\fwcfg.dll
2008-11-13 23:25:42 ----N---- C:\WINDOWS\system32\fsquirt.exe
2008-11-13 23:25:42 ----N---- C:\WINDOWS\system32\fltmc.exe
2008-11-13 23:25:42 ----N---- C:\WINDOWS\system32\fltlib.dll
2008-11-13 23:25:42 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-11-13 23:25:41 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdukx.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdno1.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdinben.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2008-11-13 23:25:40 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2008-11-13 23:25:39 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2008-11-13 23:25:39 ----N---- C:\WINDOWS\system32\msdadiag.dll
2008-11-13 23:25:39 ----N---- C:\WINDOWS\system32\mp4sdmod.dll
2008-11-13 23:25:39 ----N---- C:\WINDOWS\system32\mp43dmod.dll
2008-11-13 23:25:38 ----N---- C:\WINDOWS\system32\powercfg.exe
2008-11-13 23:25:38 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2008-11-13 23:25:38 ----N---- C:\WINDOWS\system32\p2psvc.dll
2008-11-13 23:25:38 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2008-11-13 23:25:38 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2008-11-13 23:25:38 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2008-11-13 23:25:38 ----N---- C:\WINDOWS\system32\p2p.dll
2008-11-13 23:25:38 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-13 23:25:37 ----N---- C:\WINDOWS\system32\smbinst.exe
2008-11-13 23:25:37 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-13 23:25:37 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-13 23:25:37 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-13 23:25:37 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-13 23:25:37 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-13 23:25:37 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2008-11-13 23:25:36 ----N---- C:\WINDOWS\system32\wmidx.dll
2008-11-13 23:25:36 ----N---- C:\WINDOWS\system32\wmerror.dll
2008-11-13 23:25:36 ----N---- C:\WINDOWS\system32\winshfhc.dll
2008-11-13 23:25:36 ----N---- C:\WINDOWS\system32\w3ssl.dll
2008-11-13 23:25:36 ----N---- C:\WINDOWS\system32\twext.dll
2008-11-13 23:25:36 ----N---- C:\WINDOWS\system32\strmfilt.dll
2008-11-13 23:25:35 ----N---- C:\WINDOWS\system32\wmspdmoe.dll
2008-11-13 23:25:35 ----N---- C:\WINDOWS\system32\wmspdmod.dll
2008-11-13 23:25:35 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll
2008-11-13 23:25:35 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2008-11-13 23:25:35 ----N---- C:\WINDOWS\system32\wmpasf.dll
2008-11-13 23:25:35 ----N---- C:\WINDOWS\system32\wmp.dll
2008-11-13 23:25:34 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2008-11-13 23:25:34 ----N---- C:\WINDOWS\system32\xmlprov.dll
2008-11-13 23:25:34 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-13 23:25:34 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-13 23:25:34 ----N---- C:\WINDOWS\system32\wshbth.dll
2008-11-13 23:25:34 ----N---- C:\WINDOWS\system32\wscsvc.dll
2008-11-13 23:25:34 ----N---- C:\WINDOWS\system32\wscntfy.exe
2008-11-13 23:25:34 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll
2008-11-13 23:25:33 ----N---- C:\WINDOWS\slrundll.exe
2008-11-13 23:25:32 ----D---- C:\WINDOWS\peernet
2008-11-13 23:25:30 ----D---- C:\WINDOWS\provisioning
2008-11-13 23:20:00 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2008-11-13 23:17:39 ----A---- C:\WINDOWS\002391_.tmp
2008-11-13 23:13:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-13 22:56:09 ----RSD---- C:\WINDOWS\assembly
2008-11-13 22:55:19 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-13 22:02:16 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-11-13 21:41:58 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-13 21:41:56 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-13 21:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-13 21:41:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 21:41:22 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-13 21:40:51 ----D---- C:\WINDOWS\system32\bits
2008-11-13 21:40:43 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-11-13 21:40:23 ----N---- C:\WINDOWS\system32\xpob2res.dll
2008-11-13 21:40:23 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-13 21:40:23 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-13 21:40:23 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-11-13 21:40:23 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-13 21:38:59 ----A---- C:\WINDOWS\system32\wups2.dll
2008-11-13 21:38:59 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-13 21:38:59 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-11-13 21:38:59 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-13 21:38:59 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-11-13 21:38:57 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-11-13 21:38:57 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-13 21:38:36 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-13 21:11:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-13 21:11:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-13 19:30:15 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\WinBatch
2008-11-13 19:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2008-11-13 19:16:41 ----D---- C:\Softpaq
2008-11-13 19:11:22 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-13 19:11:22 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-11-13 19:09:01 ----D---- C:\Program Files\S3
2008-11-13 19:05:49 ----N---- C:\WINDOWS\system32\RtlCPAPI.dll
2008-11-13 19:05:49 ----N---- C:\WINDOWS\system32\ChCfg.exe
2008-11-13 19:05:49 ----N---- C:\WINDOWS\soundman.exe
2008-11-13 19:05:49 ----A---- C:\WINDOWS\ALCXMNTR.EXE
2008-11-13 19:05:47 ----N---- C:\WINDOWS\system32\RTLCPL.exe
2008-11-13 19:05:47 ----N---- C:\WINDOWS\alcupd.exe
2008-11-13 19:05:47 ----N---- C:\WINDOWS\alcrmv.exe
2008-11-13 18:50:15 ----A---- C:\WINDOWS\system32\dpcdll.dll
2008-11-13 18:49:14 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-13 18:49:14 ----D---- C:\WINDOWS\ehome
2008-11-13 18:49:10 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-11-13 18:49:10 ----N---- C:\WINDOWS\system32\encdec.dll
2008-11-13 18:49:10 ----N---- C:\WINDOWS\system32\dsprpres.dll
2008-11-13 18:49:10 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-13 18:49:09 ----N---- C:\WINDOWS\system32\sbeio.dll
2008-11-13 18:49:09 ----N---- C:\WINDOWS\system32\sbe.dll
2008-11-13 18:49:09 ----N---- C:\WINDOWS\system32\mssap.dll
2008-11-13 18:49:09 ----N---- C:\WINDOWS\system32\msftedit.dll
2008-11-13 18:49:08 ----N---- C:\WINDOWS\system32\xpsp1res.dll
2008-11-13 18:49:08 ----N---- C:\WINDOWS\system32\wmvcore2.dll
2008-11-13 18:49:08 ----N---- C:\WINDOWS\system32\winbrand.dll
2008-11-13 18:48:38 ----A---- C:\WINDOWS\hh.exe
2008-11-13 18:48:38 ----A---- C:\WINDOWS\explorer.exe
2008-11-13 18:48:37 ----A---- C:\WINDOWS\winhlp32.exe
2008-11-13 18:48:34 ----A---- C:\WINDOWS\system32\alg.exe
2008-11-13 18:48:34 ----A---- C:\WINDOWS\system32\ahui.exe
2008-11-13 18:48:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-11-13 18:48:34 ----A---- C:\WINDOWS\system32\adsnt.dll
2008-11-13 18:48:34 ----A---- C:\WINDOWS\system32\adsmsext.dll
2008-11-13 18:48:34 ----A---- C:\WINDOWS\system32\adsldpc.dll
2008-11-13 18:48:34 ----A---- C:\WINDOWS\system32\adsldp.dll
2008-11-13 18:48:34 ----A---- C:\WINDOWS\system32\6to4svc.dll
2008-11-13 18:48:33 ----A---- C:\WINDOWS\system32\audiosrv.dll
2008-11-13 18:48:33 ----A---- C:\WINDOWS\system32\atl.dll
2008-11-13 18:48:33 ----A---- C:\WINDOWS\system32\at.exe
2008-11-13 18:48:33 ----A---- C:\WINDOWS\system32\asferror.dll
2008-11-13 18:48:33 ----A---- C:\WINDOWS\system32\apphelp.dll
2008-11-13 18:48:32 ----A---- C:\WINDOWS\system32\browsewm.dll
2008-11-13 18:48:32 ----A---- C:\WINDOWS\system32\browseui.dll
2008-11-13 18:48:32 ----A---- C:\WINDOWS\system32\browser.dll
2008-11-13 18:48:32 ----A---- C:\WINDOWS\system32\browselc.dll
2008-11-13 18:48:32 ----A---- C:\WINDOWS\system32\batt.dll
2008-11-13 18:48:32 ----A---- C:\WINDOWS\system32\avifil32.dll
2008-11-13 18:48:32 ----A---- C:\WINDOWS\system32\autolfn.exe
2008-11-13 18:48:31 ----A---- C:\WINDOWS\system32\ciodm.dll
2008-11-13 18:48:31 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-13 18:48:31 ----A---- C:\WINDOWS\system32\cewmdm.dll
2008-11-13 18:48:31 ----A---- C:\WINDOWS\system32\certcli.dll
2008-11-13 18:48:31 ----A---- C:\WINDOWS\system32\cdm.dll
2008-11-13 18:48:31 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-11-13 18:48:30 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-11-13 18:48:30 ----A---- C:\WINDOWS\system32\compatui.dll
2008-11-13 18:48:30 ----A---- C:\WINDOWS\system32\cmdl32.exe
2008-11-13 18:48:30 ----A---- C:\WINDOWS\system32\cmdial32.dll
2008-11-13 18:48:30 ----A---- C:\WINDOWS\system32\clusapi.dll
2008-11-13 18:48:30 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-13 18:48:29 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2008-11-13 18:48:29 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2008-11-13 18:48:29 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-11-13 18:48:29 ----A---- C:\WINDOWS\system32\credui.dll
2008-11-13 18:48:29 ----A---- C:\WINDOWS\system32\conime.exe
2008-11-13 18:48:28 ----A---- C:\WINDOWS\system32\dbmsadsn.dll
2008-11-13 18:48:28 ----A---- C:\WINDOWS\system32\danim.dll
2008-11-13 18:48:28 ----A---- C:\WINDOWS\system32\ctfmon.exe
2008-11-13 18:48:28 ----A---- C:\WINDOWS\system32\cscui.dll
2008-11-13 18:48:28 ----A---- C:\WINDOWS\system32\cryptui.dll
2008-11-13 18:48:27 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2008-11-13 18:48:27 ----A---- C:\WINDOWS\system32\devmgr.dll
2008-11-13 18:48:27 ----A---- C:\WINDOWS\system32\defrag.exe
2008-11-13 18:48:27 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2008-11-13 18:48:27 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2008-11-13 18:48:27 ----A---- C:\WINDOWS\system32\dbmsvinn.dll
2008-11-13 18:48:27 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2008-11-13 18:48:26 ----A---- C:\WINDOWS\system32\dnsapi.dll
2008-11-13 18:48:26 ----A---- C:\WINDOWS\system32\dinput8.dll
2008-11-13 18:48:26 ----A---- C:\WINDOWS\system32\dinput.dll
2008-11-13 18:48:26 ----A---- C:\WINDOWS\system32\digest.dll
2008-11-13 18:48:26 ----A---- C:\WINDOWS\system32\dgnet.dll
2008-11-13 18:48:26 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2008-11-13 18:48:26 ----A---- C:\WINDOWS\system32\dfrgui.dll
2008-11-13 18:48:26 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2008-11-13 18:48:26 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2008-11-13 18:48:25 ----A---- C:\WINDOWS\system32\dssenh.dll
2008-11-13 18:48:25 ----A---- C:\WINDOWS\system32\dsquery.dll
2008-11-13 18:48:25 ----A---- C:\WINDOWS\system32\dsprop.dll
2008-11-13 18:48:25 ----A---- C:\WINDOWS\system32\ds32gt.dll
2008-11-13 18:48:25 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2008-11-13 18:48:25 ----A---- C:\WINDOWS\system32\drmstor.dll
2008-11-13 18:48:25 ----A---- C:\WINDOWS\system32\drmclien.dll
2008-11-13 18:48:25 ----A---- C:\WINDOWS\system32\docprop2.dll
2008-11-13 18:48:24 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-11-13 18:48:24 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-11-13 18:48:24 ----A---- C:\WINDOWS\system32\dxmasf.dll
2008-11-13 18:48:24 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-11-13 18:48:24 ----A---- C:\WINDOWS\system32\duser.dll
2008-11-13 18:48:24 ----A---- C:\WINDOWS\system32\dumprep.exe
2008-11-13 18:48:23 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2008-11-13 18:48:23 ----A---- C:\WINDOWS\system32\faultrep.dll
2008-11-13 18:48:23 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-11-13 18:48:23 ----A---- C:\WINDOWS\system32\eventlog.dll
2008-11-13 18:48:23 ----A---- C:\WINDOWS\system32\eudcedit.exe
2008-11-13 18:48:23 ----A---- C:\WINDOWS\system32\es.dll
2008-11-13 18:48:23 ----A---- C:\WINDOWS\system32\ersvc.dll
2008-11-13 18:48:23 ----A---- C:\WINDOWS\system32\els.dll
2008-11-13 18:48:22 ----A---- C:\WINDOWS\system32\fxsext32.dll
2008-11-13 18:48:22 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2008-11-13 18:48:22 ----A---- C:\WINDOWS\system32\fxscover.exe
2008-11-13 18:48:22 ----A---- C:\WINDOWS\system32\fxscomex.dll
2008-11-13 18:48:22 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2008-11-13 18:48:22 ----A---- C:\WINDOWS\system32\fxsapi.dll
2008-11-13 18:48:22 ----A---- C:\WINDOWS\system32\framebuf.dll
2008-11-13 18:48:22 ----A---- C:\WINDOWS\system32\fontview.exe
2008-11-13 18:48:21 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2008-11-13 18:48:21 ----A---- C:\WINDOWS\system32\fxsui.dll
2008-11-13 18:48:21 ----A---- C:\WINDOWS\system32\fxstiff.dll
2008-11-13 18:48:21 ----A---- C:\WINDOWS\system32\fxst30.dll
2008-11-13 18:48:21 ----A---- C:\WINDOWS\system32\fxssvc.exe
2008-11-13 18:48:21 ----A---- C:\WINDOWS\system32\fxsst.dll
2008-11-13 18:48:21 ----A---- C:\WINDOWS\system32\fxsres.dll
2008-11-13 18:48:21 ----A---- C:\WINDOWS\system32\fxsperf.dll
2008-11-13 18:48:20 ----A---- C:\WINDOWS\system32\idq.dll
2008-11-13 18:48:20 ----A---- C:\WINDOWS\system32\icm32.dll
2008-11-13 18:48:20 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-13 18:48:20 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2008-11-13 18:48:20 ----A---- C:\WINDOWS\system32\hhsetup.dll
2008-11-13 18:48:20 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2008-11-13 18:48:19 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-13 18:48:19 ----A---- C:\WINDOWS\system32\iesetup.dll
2008-11-13 18:48:19 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-11-13 18:48:19 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-11-13 18:48:19 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-11-13 18:48:19 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-11-13 18:48:19 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-11-13 18:48:18 ----A---- C:\WINDOWS\system32\inseng.dll
2008-11-13 18:48:18 ----A---- C:\WINDOWS\system32\input.dll
2008-11-13 18:48:18 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-13 18:48:18 ----A---- C:\WINDOWS\system32\imm32.dll
2008-11-13 18:48:18 ----A---- C:\WINDOWS\system32\imgutil.dll
2008-11-13 18:48:18 ----A---- C:\WINDOWS\system32\imeshare.dll
2008-11-13 18:48:18 ----A---- C:\WINDOWS\system32\imapi.exe
2008-11-13 18:48:17 ----A---- C:\WINDOWS\system32\ipv6.exe
2008-11-13 18:48:17 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2008-11-13 18:48:17 ----A---- C:\WINDOWS\system32\ippromon.dll
2008-11-13 18:48:17 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-11-13 18:48:17 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2008-11-13 18:48:17 ----A---- C:\WINDOWS\system32\ipconfig.exe
2008-11-13 18:48:16 ----A---- C:\WINDOWS\system32\kerberos.dll
2008-11-13 18:48:16 ----A---- C:\WINDOWS\system32\kd1394.dll
2008-11-13 18:48:16 ----A---- C:\WINDOWS\system32\ixsso.dll
2008-11-13 18:48:16 ----A---- C:\WINDOWS\system32\iuengine.dll
2008-11-13 18:48:16 ----A---- C:\WINDOWS\system32\itss.dll
2008-11-13 18:48:16 ----A---- C:\WINDOWS\system32\itircl.dll
2008-11-13 18:48:16 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2008-11-13 18:48:15 ----A---- C:\WINDOWS\system32\logagent.exe
2008-11-13 18:48:15 ----A---- C:\WINDOWS\system32\localui.dll
2008-11-13 18:48:15 ----A---- C:\WINDOWS\system32\lmrt.dll
2008-11-13 18:48:15 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-13 18:48:15 ----A---- C:\WINDOWS\system32\licmgr10.dll
2008-11-13 18:48:15 ----A---- C:\WINDOWS\system32\laprxy.dll
2008-11-13 18:48:14 ----A---- C:\WINDOWS\system32\mobsync.dll
2008-11-13 18:48:14 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-13 18:48:14 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2008-11-13 18:48:14 ----A---- C:\WINDOWS\system32\mindex.dll
2008-11-13 18:48:14 ----A---- C:\WINDOWS\system32\logonui.exe
2008-11-13 18:48:13 ----A---- C:\WINDOWS\system32\mscms.dll
2008-11-13 18:48:13 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-13 18:48:13 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2008-11-13 18:48:13 ----A---- C:\WINDOWS\system32\moricons.dll
2008-11-13 18:48:12 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-13 18:48:12 ----A---- C:\WINDOWS\system32\msdart.dll
2008-11-13 18:48:12 ----A---- C:\WINDOWS\system32\msctfp.dll
2008-11-13 18:48:12 ----A---- C:\WINDOWS\system32\msctf.dll
2008-11-13 18:48:12 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2008-11-13 18:48:12 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-13 18:48:11 ----A---- C:\WINDOWS\system32\msexcl40.dll
2008-11-13 18:48:11 ----A---- C:\WINDOWS\system32\msexch40.dll
2008-11-13 18:48:11 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2008-11-13 18:48:10 ----A---- C:\WINDOWS\system32\mshtmler.dll
2008-11-13 18:48:10 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-11-13 18:48:10 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-11-13 18:48:09 ----A---- C:\WINDOWS\system32\msiexec.exe
2008-11-13 18:48:09 ----A---- C:\WINDOWS\system32\msieftp.dll
2008-11-13 18:48:09 ----A---- C:\WINDOWS\system32\msi.dll
2008-11-13 18:48:08 ----A---- C:\WINDOWS\system32\msisam11.dll
2008-11-13 18:48:08 ----A---- C:\WINDOWS\system32\msimtf.dll
2008-11-13 18:48:08 ----A---- C:\WINDOWS\system32\msimg32.dll
2008-11-13 18:48:08 ----A---- C:\WINDOWS\system32\msihnd.dll
2008-11-13 18:48:07 ----A---- C:\WINDOWS\system32\msnsspc.dll
2008-11-13 18:48:07 ----A---- C:\WINDOWS\system32\msnetobj.dll
2008-11-13 18:48:07 ----A---- C:\WINDOWS\system32\msltus40.dll
2008-11-13 18:48:07 ----A---- C:\WINDOWS\system32\mslbui.dll
2008-11-13 18:48:07 ----A---- C:\WINDOWS\system32\msjtes40.dll
2008-11-13 18:48:07 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2008-11-13 18:48:07 ----A---- C:\WINDOWS\system32\msjet40.dll
2008-11-13 18:48:06 ----A---- C:\WINDOWS\system32\msrating.dll
2008-11-13 18:48:06 ----A---- C:\WINDOWS\system32\mspmsp.dll
2008-11-13 18:48:06 ----A---- C:\WINDOWS\system32\mspbde40.dll
2008-11-13 18:48:06 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-13 18:48:06 ----A---- C:\WINDOWS\system32\msorcl32.dll
2008-11-13 18:48:06 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-13 18:48:06 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-13 18:48:05 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-13 18:48:05 ----A---- C:\WINDOWS\system32\msscp.dll
2008-11-13 18:48:05 ----A---- C:\WINDOWS\system32\msrle32.dll
2008-11-13 18:48:05 ----A---- C:\WINDOWS\system32\msrepl40.dll
2008-11-13 18:48:05 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2008-11-13 18:48:04 ----A---- C:\WINDOWS\system32\msutb.dll
2008-11-13 18:48:04 ----A---- C:\WINDOWS\system32\msuni11.dll
2008-11-13 18:48:04 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-13 18:48:04 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-13 18:48:04 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-13 18:48:04 ----A---- C:\WINDOWS\system32\mstime.dll
2008-11-13 18:48:04 ----A---- C:\WINDOWS\system32\mstext40.dll
2008-11-13 18:48:03 ----A---- C:\WINDOWS\system32\msxml2.dll
2008-11-13 18:48:03 ----A---- C:\WINDOWS\system32\msxbde40.dll
2008-11-13 18:48:03 ----A---- C:\WINDOWS\system32\msvfw32.dll
2008-11-13 18:48:03 ----A---- C:\WINDOWS\system32\msvcrt.dll
2008-11-13 18:48:03 ----A---- C:\WINDOWS\system32\msvcp60.dll
2008-11-13 18:48:02 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-11-13 18:48:02 ----A---- C:\WINDOWS\system32\net1.exe
2008-11-13 18:48:02 ----A---- C:\WINDOWS\system32\net.exe
2008-11-13 18:48:02 ----A---- C:\WINDOWS\system32\nddenb32.dll
2008-11-13 18:48:02 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2008-11-13 18:48:02 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-11-13 18:48:01 ----A---- C:\WINDOWS\system32\netman.dll
2008-11-13 18:48:01 ----A---- C:\WINDOWS\system32\netlogon.dll
2008-11-13 18:48:01 ----A---- C:\WINDOWS\system32\netdde.exe
2008-11-13 18:48:01 ----A---- C:\WINDOWS\system32\netcfgx.dll
2008-11-13 18:48:00 ----A---- C:\WINDOWS\system32\nlhtml.dll
2008-11-13 18:48:00 ----A---- C:\WINDOWS\system32\newdev.dll
2008-11-13 18:48:00 ----A---- C:\WINDOWS\system32\netshell.dll
2008-11-13 18:48:00 ----A---- C:\WINDOWS\system32\netplwiz.dll
2008-11-13 18:47:59 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2008-11-13 18:47:59 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2008-11-13 18:47:59 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2008-11-13 18:47:59 ----A---- C:\WINDOWS\system32\ntmarta.dll
2008-11-13 18:47:59 ----A---- C:\WINDOWS\system32\ntlanman.dll
2008-11-13 18:47:59 ----A---- C:\WINDOWS\system32\npptools.dll
2008-11-13 18:47:59 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-13 18:47:58 ----A---- C:\WINDOWS\system32\odbccp32.dll
2008-11-13 18:47:58 ----A---- C:\WINDOWS\system32\odbcconf.exe
2008-11-13 18:47:58 ----A---- C:\WINDOWS\system32\odbcconf.dll
2008-11-13 18:47:58 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2008-11-13 18:47:58 ----A---- C:\WINDOWS\system32\odbcad32.exe
2008-11-13 18:47:58 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2008-11-13 18:47:58 ----A---- C:\WINDOWS\system32\odbc32.dll
2008-11-13 18:47:58 ----A---- C:\WINDOWS\system32\oakley.dll
2008-11-13 18:47:58 ----A---- C:\WINDOWS\system32\ntshrui.dll
2008-11-13 18:47:57 ----A---- C:\WINDOWS\system32\oleprn.dll
2008-11-13 18:47:57 ----A---- C:\WINDOWS\system32\ole32.dll
2008-11-13 18:47:57 ----A---- C:\WINDOWS\system32\offfilt.dll
2008-11-13 18:47:57 ----A---- C:\WINDOWS\system32\odbctrac.dll
2008-11-13 18:47:57 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2008-11-13 18:47:57 ----A---- C:\WINDOWS\system32\odbccu32.dll
2008-11-13 18:47:57 ----A---- C:\WINDOWS\system32\odbccr32.dll
2008-11-13 18:47:56 ----A---- C:\WINDOWS\system32\psapi.dll
2008-11-13 18:47:56 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-11-13 18:47:56 ----A---- C:\WINDOWS\system32\ping.exe
2008-11-13 18:47:56 ----A---- C:\WINDOWS\system32\pdh.dll
2008-11-13 18:47:56 ----A---- C:\WINDOWS\system32\pautoenr.dll
2008-11-13 18:47:56 ----A---- C:\WINDOWS\system32\packager.exe
2008-11-13 18:47:56 ----A---- C:\WINDOWS\system32\osk.exe
2008-11-13 18:47:56 ----A---- C:\WINDOWS\system32\opengl32.dll
2008-11-13 18:47:55 ----A---- C:\WINDOWS\system32\rasmans.dll
2008-11-13 18:47:55 ----A---- C:\WINDOWS\system32\raschap.dll
2008-11-13 18:47:55 ----A---- C:\WINDOWS\system32\query.dll
2008-11-13 18:47:55 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-13 18:47:55 ----A---- C:\WINDOWS\system32\psbase.dll
2008-11-13 18:47:54 ----A---- C:\WINDOWS\system32\rdpdd.dll
2008-11-13 18:47:54 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-13 18:47:54 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-13 18:47:54 ----A---- C:\WINDOWS\system32\rcimlby.exe
2008-11-13 18:47:54 ----A---- C:\WINDOWS\system32\rastls.dll
2008-11-13 18:47:54 ----A---- C:\WINDOWS\system32\rassapi.dll
2008-11-13 18:47:54 ----A---- C:\WINDOWS\system32\rasppp.dll
2008-11-13 18:47:53 ----A---- C:\WINDOWS\system32\riched20.dll
2008-11-13 18:47:53 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-13 18:47:53 ----A---- C:\WINDOWS\system32\regapi.dll
2008-11-13 18:47:53 ----A---- C:\WINDOWS\system32\reg.exe
2008-11-13 18:47:53 ----A---- C:\WINDOWS\system32\redir.exe
2008-11-13 18:47:53 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-13 18:47:53 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-13 18:47:53 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-13 18:47:52 ----A---- C:\WINDOWS\system32\rsaenh.dll
2008-11-13 18:47:52 ----A---- C:\WINDOWS\system32\rpcss.dll
2008-11-13 18:47:52 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-11-13 18:47:51 ----A---- C:\WINDOWS\system32\scecli.dll
2008-11-13 18:47:51 ----A---- C:\WINDOWS\system32\sccsccp.dll
2008-11-13 18:47:51 ----A---- C:\WINDOWS\system32\sccbase.dll
2008-11-13 18:47:51 ----A---- C:\WINDOWS\system32\runonce.exe
2008-11-13 18:47:51 ----A---- C:\WINDOWS\system32\rtcshare.exe
2008-11-13 18:47:50 ----A---- C:\WINDOWS\system32\sensapi.dll
2008-11-13 18:47:50 ----A---- C:\WINDOWS\system32\sens.dll
2008-11-13 18:47:50 ----A---- C:\WINDOWS\system32\secur32.dll
2008-11-13 18:47:50 ----A---- C:\WINDOWS\system32\sdbinst.exe
2008-11-13 18:47:50 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-13 18:47:50 ----A---- C:\WINDOWS\system32\scesrv.dll
2008-11-13 18:47:49 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2008-11-13 18:47:49 ----A---- C:\WINDOWS\system32\sfc_os.dll
2008-11-13 18:47:49 ----A---- C:\WINDOWS\system32\setup.exe
2008-11-13 18:47:48 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-11-13 18:47:46 ----A---- C:\WINDOWS\system32\shimgvw.dll
2008-11-13 18:47:46 ----A---- C:\WINDOWS\system32\shimeng.dll
2008-11-13 18:47:46 ----A---- C:\WINDOWS\system32\shgina.dll
2008-11-13 18:47:46 ----A---- C:\WINDOWS\system32\shfolder.dll
2008-11-13 18:47:46 ----A---- C:\WINDOWS\system32\shell32.dll
2008-11-13 18:47:45 ----A---- C:\WINDOWS\system32\skeys.exe
2008-11-13 18:47:45 ----A---- C:\WINDOWS\system32\sigverif.exe
2008-11-13 18:47:45 ----A---- C:\WINDOWS\system32\sigtab.dll
2008-11-13 18:47:45 ----A---- C:\WINDOWS\system32\shsvcs.dll
2008-11-13 18:47:45 ----A---- C:\WINDOWS\system32\shmgrate.exe
2008-11-13 18:47:45 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-11-13 18:47:44 ----A---- C:\WINDOWS\system32\spoolss.dll
2008-11-13 18:47:44 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-13 18:47:44 ----A---- C:\WINDOWS\system32\snmpapi.dll
2008-11-13 18:47:44 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2008-11-13 18:47:44 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2008-11-13 18:47:44 ----A---- C:\WINDOWS\system32\slayerxp.dll
2008-11-13 18:47:43 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2008-11-13 18:47:43 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-13 18:47:43 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-13 18:47:43 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2008-11-13 18:47:42 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2008-11-13 18:47:41 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-11-13 18:47:41 ----A---- C:\WINDOWS\system32\stobject.dll
2008-11-13 18:47:41 ----A---- C:\WINDOWS\system32\sti_ci.dll
2008-11-13 18:47:41 ----A---- C:\WINDOWS\system32\sti.dll
2008-11-13 18:47:40 ----A---- C:\WINDOWS\system32\tapisrv.dll
2008-11-13 18:47:40 ----A---- C:\WINDOWS\system32\tapi32.dll
2008-11-13 18:47:40 ----A---- C:\WINDOWS\system32\sxs.dll
2008-11-13 18:47:39 ----A---- C:\WINDOWS\system32\trkwks.dll
2008-11-13 18:47:39 ----A---- C:\WINDOWS\system32\tracert.exe
2008-11-13 18:47:39 ----A---- C:\WINDOWS\system32\themeui.dll
2008-11-13 18:47:39 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-13 18:47:39 ----A---- C:\WINDOWS\system32\taskmgr.exe
2008-11-13 18:47:38 ----A---- C:\WINDOWS\system32\upnphost.dll
2008-11-13 18:47:38 ----A---- C:\WINDOWS\system32\upnp.dll
2008-11-13 18:47:38 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2008-11-13 18:47:38 ----A---- C:\WINDOWS\system32\umandlg.dll
2008-11-13 18:47:38 ----A---- C:\WINDOWS\system32\udhisapi.dll
2008-11-13 18:47:38 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-13 18:47:38 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-13 18:47:37 ----A---- C:\WINDOWS\system32\utilman.exe
2008-11-13 18:47:37 ----A---- C:\WINDOWS\system32\usp10.dll
2008-11-13 18:47:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-11-13 18:47:37 ----A---- C:\WINDOWS\system32\url.dll
2008-11-13 18:47:37 ----A---- C:\WINDOWS\system32\ups.exe
2008-11-13 18:47:37 ----A---- C:\WINDOWS\system32\upnpui.dll
2008-11-13 18:47:36 ----A---- C:\WINDOWS\system32\vssapi.dll
2008-11-13 18:47:36 ----A---- C:\WINDOWS\system32\vdmredir.dll
2008-11-13 18:47:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-11-13 18:47:36 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-11-13 18:47:35 ----A---- C:\WINDOWS\system32\webclnt.dll
2008-11-13 18:47:35 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-11-13 18:47:35 ----A---- C:\WINDOWS\system32\w32time.dll
2008-11-13 18:47:34 ----A---- C:\WINDOWS\system32\wiaservc.dll
2008-11-13 18:47:34 ----A---- C:\WINDOWS\system32\wiadss.dll
2008-11-13 18:47:34 ----A---- C:\WINDOWS\system32\wextract.exe
2008-11-13 18:47:34 ----A---- C:\WINDOWS\system32\webvw.dll
2008-11-13 18:47:33 ----A---- C:\WINDOWS\system32\wldap32.dll
2008-11-13 18:47:33 ----A---- C:\WINDOWS\system32\winsta.dll
2008-11-13 18:47:33 ----A---- C:\WINDOWS\system32\winmm.dll
2008-11-13 18:47:33 ----A---- C:\WINDOWS\system32\wininet.dll
2008-11-13 18:47:32 ----A---- C:\WINDOWS\system32\wmerrenu.dll
2008-11-13 18:47:32 ----A---- C:\WINDOWS\system32\wmasf.dll
2008-11-13 18:47:32 ----A---- C:\WINDOWS\system32\wmadmoe.dll
2008-11-13 18:47:32 ----A---- C:\WINDOWS\system32\wmadmod.dll
2008-11-13 18:47:32 ----A---- C:\WINDOWS\system32\wlnotify.dll
2008-11-13 18:47:31 ----A---- C:\WINDOWS\system32\wmpcore.dll
2008-11-13 18:47:31 ----A---- C:\WINDOWS\system32\wmpcd.dll
2008-11-13 18:47:31 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2008-11-13 18:47:30 ----A---- C:\WINDOWS\system32\wmpstub.exe
2008-11-13 18:47:30 ----A---- C:\WINDOWS\system32\wmpshell.dll
2008-11-13 18:47:30 ----A---- C:\WINDOWS\system32\wmploc.dll
2008-11-13 18:47:29 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2008-11-13 18:47:29 ----A---- C:\WINDOWS\system32\wmstream.dll
2008-11-13 18:47:29 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2008-11-13 18:47:29 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2008-11-13 18:47:29 ----A---- C:\WINDOWS\system32\wmpui.dll
2008-11-13 18:47:28 ----A---- C:\WINDOWS\system32\wmvdmoe.dll
2008-11-13 18:47:28 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2008-11-13 18:47:28 ----A---- C:\WINDOWS\system32\wmvcore.dll
2008-11-13 18:47:27 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-13 18:47:27 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2008-11-13 18:47:27 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2008-11-13 18:47:27 ----A---- C:\WINDOWS\system32\wship6.dll
2008-11-13 18:47:27 ----A---- C:\WINDOWS\system32\wow32.dll
2008-11-13 18:47:26 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2008-11-13 18:47:26 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-13 18:47:26 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-13 18:47:25 ----A---- C:\WINDOWS\system32\zipfldr.dll
2008-11-13 18:47:25 ----A---- C:\WINDOWS\system32\xenroll.dll
2008-11-13 18:47:25 ----A---- C:\WINDOWS\system32\xactsrv.dll
2008-11-13 18:47:25 ----A---- C:\WINDOWS\system32\HAL.DLL
2008-11-13 18:46:09 ----A---- C:\WINDOWS\000001_.tmp
2008-11-13 00:43:40 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\Macromedia
2008-11-13 00:16:11 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-12 23:38:44 ----D---- C:\WINDOWS\pss
2008-11-12 23:28:56 ----D---- C:\Program Files\CCleaner
2008-11-12 00:16:36 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\Help
2008-11-12 00:14:45 ----A---- C:\WINDOWS\system32\wstdecod.dll
2008-11-12 00:14:45 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-11-12 00:14:45 ----A---- C:\WINDOWS\system32\msyuv.dll
2008-11-12 00:14:45 ----A---- C:\WINDOWS\system32\msvidctl.dll
2008-11-12 00:14:43 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-12 00:14:42 ----A---- C:\WINDOWS\system32\qedwipes.dll
2008-11-12 00:14:42 ----A---- C:\WINDOWS\system32\qedit.dll
2008-11-12 00:14:42 ----A---- C:\WINDOWS\system32\qasf.dll
2008-11-12 00:14:42 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2008-11-12 00:14:42 ----A---- C:\WINDOWS\system32\msdmo.dll
2008-11-12 00:14:41 ----A---- C:\WINDOWS\system32\quartz.dll
2008-11-12 00:14:41 ----A---- C:\WINDOWS\system32\qdvd.dll
2008-11-12 00:14:41 ----A---- C:\WINDOWS\system32\qdv.dll
2008-11-12 00:14:41 ----A---- C:\WINDOWS\system32\qcap.dll
2008-11-12 00:14:41 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2008-11-12 00:14:41 ----A---- C:\WINDOWS\system32\encapi.dll
2008-11-12 00:14:41 ----A---- C:\WINDOWS\system32\devenum.dll
2008-11-12 00:14:41 ----A---- C:\WINDOWS\system32\d3dxof.dll
2008-11-12 00:14:41 ----A---- C:\WINDOWS\system32\amstream.dll
2008-11-12 00:14:40 ----A---- C:\WINDOWS\system32\dmusic.dll
2008-11-12 00:14:40 ----A---- C:\WINDOWS\system32\dmsynth.dll
2008-11-12 00:14:40 ----A---- C:\WINDOWS\system32\dmstyle.dll
2008-11-12 00:14:40 ----A---- C:\WINDOWS\system32\d3drm.dll
2008-11-12 00:14:40 ----A---- C:\WINDOWS\system32\d3dramp.dll
2008-11-12 00:14:40 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2008-11-12 00:14:40 ----A---- C:\WINDOWS\system32\d3dim.dll
2008-11-12 00:14:39 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2008-11-12 00:14:39 ----A---- C:\WINDOWS\system32\dswave.dll
2008-11-12 00:14:39 ----A---- C:\WINDOWS\system32\dmscript.dll
2008-11-12 00:14:39 ----A---- C:\WINDOWS\system32\dmloader.dll
2008-11-12 00:14:39 ----A---- C:\WINDOWS\system32\dmime.dll
2008-11-12 00:14:39 ----A---- C:\WINDOWS\system32\dmcompos.dll
2008-11-12 00:14:39 ----A---- C:\WINDOWS\system32\dmband.dll
2008-11-12 00:14:39 ----A---- C:\WINDOWS\system32\d3d9.dll
2008-11-12 00:14:39 ----A---- C:\WINDOWS\system32\d3d8.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\pid.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\gcdef.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dx8vb.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dx7vb.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dsound3d.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dsound.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dsdmo.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpvvox.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpvoice.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpvacm.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpnet.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dplayx.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\dimap.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\diactfrm.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\ddrawex.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\ddraw.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\d3dim700.dll
2008-11-12 00:14:38 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2008-11-12 00:13:27 ----D---- C:\Program Files\ATI Technologies
2008-11-11 01:54:51 ----ASH---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\desktop.ini
2008-11-11 01:54:44 ----SD---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\Microsoft
2008-11-11 01:54:44 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\VERITAS
2008-11-11 01:54:44 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\Symantec
2008-11-11 01:54:44 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\Real
2008-11-11 01:54:44 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\InterTrust
2008-11-11 01:54:44 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\Identities
2008-11-11 01:54:44 ----D---- C:\Documents and Settings\Mike Fisher.FISHER\Application Data\Adobe
2008-11-11 01:53:10 ----D---- C:\Documents and Settings\All Users\Application Data\America Online
2008-11-11 01:52:31 ----D---- C:\Program Files\Common Files\aolshare
2008-11-11 01:51:39 ----D---- C:\Program Files\Common Files\csshare
2008-11-11 01:50:56 ----D---- C:\Config.Msi
2008-11-11 01:10:24 ----D---- C:\WINDOWS\LastGood(2)
2008-11-11 01:01:03 ----D---- C:\ATI
2008-11-11 00:11:36 ----A---- C:\WINDOWS\system32\24WWXSP1.TXT
2008-11-10 23:52:24 ----D---- C:\Program Files\HP
2008-11-10 23:41:40 ----SHD---- C:\RECYCLER
2008-11-10 22:55:55 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-10 22:23:32 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2008-11-10 22:23:31 ----SHD---- C:\System Volume Information
2008-11-10 22:21:16 ----A---- C:\WINDOWS\system32\UNDO_GUIMODE.TXT
2008-11-10 22:12:46 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-10 21:47:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-10 21:46:53 ----RD---- C:\Program Files
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\xcopy.exe
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\wsock32.dll
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\wshrm.dll
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\wshnetbs.dll
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\wshisn.dll
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\wshext.dll
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\wshcon.dll
2008-11-10 21:46:49 ----A---- C:\WINDOWS\system32\wshatm.dll
2008-11-10 21:46:48 ----A---- C:\WINDOWS\system32\wscript.exe
2008-11-10 21:46:48 ----A---- C:\WINDOWS\system32\ws2help.dll
2008-11-10 21:46:48 ----A---- C:\WINDOWS\system32\ws2_32.dll
2008-11-10 21:46:48 ----A---- C:\WINDOWS\system32\write.exe
2008-11-10 21:46:48 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2008-11-10 21:46:48 ----A---- C:\WINDOWS\system32\wpabaln.exe
2008-11-10 21:46:48 ----A---- C:\WINDOWS\system32\wowexec.exe
2008-11-10 21:46:48 ----A---- C:\WINDOWS\system32\wowdeb.exe
2008-11-10 21:46:46 ----A---- C:\WINDOWS\system32\wmiprop.dll
2008-11-10 21:46:45 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-11-10 21:46:45 ----A---- C:\WINDOWS\system32\wmi.dll
2008-11-10 21:46:45 ----A---- C:\WINDOWS\system32\wmdmps.dll
2008-11-10 21:46:45 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2008-11-10 21:46:45 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-11-10 21:46:45 ----A---- C:\WINDOWS\system32\winver.exe
2008-11-10 21:46:45 ----A---- C:\WINDOWS\system32\wintrust.dll
2008-11-10 21:46:45 ----A---- C:\WINDOWS\system32\winstrm.dll
2008-11-10 21:46:44 ----A---- C:\WINDOWS\system32\winsrv.dll
2008-11-10 21:46:44 ----A---- C:\WINDOWS\system32\winspool.exe
2008-11-10 21:46:44 ----A---- C:\WINDOWS\system32\winsock.dll
2008-11-10 21:46:44 ----A---- C:\WINDOWS\system32\winscard.dll
2008-11-10 21:46:44 ----A---- C:\WINDOWS\system32\winrnr.dll
2008-11-10 21:46:44 ----A---- C:\WINDOWS\system32\winntbbu.dll
2008-11-10 21:46:43 ----A---- C:\WINDOWS\system32\winnls.dll
2008-11-10 21:46:43 ----A---- C:\WINDOWS\system32\winmsd.exe
2008-11-10 21:46:43 ----A---- C:\WINDOWS\system32\winmine.exe
2008-11-10 21:46:43 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-11-10 21:46:43 ----A---- C:\WINDOWS\system32\winipsec.dll
2008-11-10 21:46:42 ----A---- C:\WINDOWS\winhelp.exe
2008-11-10 21:46:42 ----A---- C:\WINDOWS\system32\winfax.dll
2008-11-10 21:46:42 ----A---- C:\WINDOWS\system32\winchat.exe
2008-11-10 21:46:42 ----A---- C:\WINDOWS\system32\win87em.dll
2008-11-10 21:46:42 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-11-10 21:46:41 ----A---- C:\WINDOWS\system32\win.com
2008-11-10 21:46:41 ----A---- C:\WINDOWS\system32\wifeman.dll
2008-11-10 21:46:41 ----A---- C:\WINDOWS\system32\wiavusd.dll
2008-11-10 21:46:41 ----A---- C:\WINDOWS\system32\wiavideo.dll
2008-11-10 21:46:41 ----A---- C:\WINDOWS\system32\wiashext.dll
2008-11-10 21:46:41 ----A---- C:\WINDOWS\system32\wiascr.dll
2008-11-10 21:46:41 ----A---- C:\WINDOWS\system32\wiadefui.dll
2008-11-10 21:46:41 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2008-11-10 21:46:41 ----A---- C:\WINDOWS\system32\webhits.dll
2008-11-10 21:46:40 ----A---- C:\WINDOWS\system32\wdigest.dll
2008-11-10 21:46:38 ----A---- C:\WINDOWS\system32\wavemsp.dll
2008-11-10 21:46:37 ----A---- C:\WINDOWS\vmmreg32.dll
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\w32topl.dll
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\w32tm.exe
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\vssvc.exe
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\vssadmin.exe
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\vss_ps.dll
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\vjoy.dll
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\vga64k.dll

mvfisher

2008-11-19, 03:02

2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\vga256.dll
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\vga.dll
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\vfpodbc.dll
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\version.dll
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\verifier.exe
2008-11-10 21:46:37 ----A---- C:\WINDOWS\system32\verifier.dll
2008-11-10 21:46:36 ----A---- C:\WINDOWS\system32\ver.dll
2008-11-10 21:46:36 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2008-11-10 21:46:36 ----A---- C:\WINDOWS\system32\vcdex.dll
2008-11-10 21:46:36 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-11-10 21:46:36 ----A---- C:\WINDOWS\system32\utildll.dll
2008-11-10 21:46:36 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-11-10 21:46:36 ----A---- C:\WINDOWS\system32\userinit.exe
2008-11-10 21:46:35 ----A---- C:\WINDOWS\system32\user32.dll
2008-11-10 21:46:35 ----A---- C:\WINDOWS\system32\user.exe
2008-11-10 21:46:35 ----A---- C:\WINDOWS\system32\usbmon.dll
2008-11-10 21:46:35 ----A---- C:\WINDOWS\system32\ureg.dll
2008-11-10 21:46:35 ----A---- C:\WINDOWS\system32\upnpcont.exe
2008-11-10 21:46:34 ----A---- C:\WINDOWS\system32\untfs.dll
2008-11-10 21:46:34 ----A---- C:\WINDOWS\system32\unlodctr.exe
2008-11-10 21:46:34 ----A---- C:\WINDOWS\system32\uniplat.dll
2008-11-10 21:46:34 ----A---- C:\WINDOWS\system32\unimdmat.dll
2008-11-10 21:46:34 ----A---- C:\WINDOWS\system32\umdmxfrm.dll
2008-11-10 21:46:34 ----A---- C:\WINDOWS\system32\ulib.dll
2008-11-10 21:46:34 ----A---- C:\WINDOWS\system32\ufat.dll
2008-11-10 21:46:34 ----A---- C:\WINDOWS\system32\typelib.dll
2008-11-10 21:46:33 ----A---- C:\WINDOWS\twunk_32.exe
2008-11-10 21:46:33 ----A---- C:\WINDOWS\twunk_16.exe
2008-11-10 21:46:33 ----A---- C:\WINDOWS\twain_32.dll
2008-11-10 21:46:33 ----A---- C:\WINDOWS\twain.dll
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\txflog.dll
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\tskill.exe
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\tsddd.dll
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\tsd32.dll
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\tscon.exe
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\tsappcmp.dll
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\tree.com
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\traffic.dll
2008-11-10 21:46:33 ----A---- C:\WINDOWS\system32\tracert6.exe
2008-11-10 21:46:31 ----A---- C:\WINDOWS\system32\toolhelp.dll
2008-11-10 21:46:29 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-11-10 21:46:29 ----A---- C:\WINDOWS\system32\tftp.exe
2008-11-10 21:46:29 ----A---- C:\WINDOWS\system32\termmgr.dll
2008-11-10 21:46:29 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2008-11-10 21:46:29 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-11-10 21:46:29 ----A---- C:\WINDOWS\system32\tcpmon.dll
2008-11-10 21:46:29 ----A---- C:\WINDOWS\system32\tcpmib.dll
2008-11-10 21:46:29 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2008-11-10 21:46:29 ----A---- C:\WINDOWS\system32\taskman.exe
2008-11-10 21:46:29 ----A---- C:\WINDOWS\system32\tapiui.dll
2008-11-10 21:46:29 ----A---- C:\WINDOWS\system32\tapiperf.dll
2008-11-10 21:46:28 ----A---- C:\WINDOWS\system32\tapi3.dll
2008-11-10 21:46:28 ----A---- C:\WINDOWS\system32\tapi.dll
2008-11-10 21:46:28 ----A---- C:\WINDOWS\system32\t2embed.dll
2008-11-10 21:46:28 ----A---- C:\WINDOWS\system32\systray.exe
2008-11-10 21:46:28 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-11-10 21:46:28 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2008-11-10 21:46:27 ----A---- C:\WINDOWS\system32\syskey.exe
2008-11-10 21:46:27 ----A---- C:\WINDOWS\system32\sysinv.dll
2008-11-10 21:46:27 ----A---- C:\WINDOWS\system32\sysedit.exe
2008-11-10 21:46:27 ----A---- C:\WINDOWS\system32\syncui.dll
2008-11-10 21:46:27 ----A---- C:\WINDOWS\system32\synceng.dll
2008-11-10 21:46:27 ----A---- C:\WINDOWS\system32\syncapp.exe
2008-11-10 21:46:27 ----A---- C:\WINDOWS\system32\swprv.dll
2008-11-10 21:46:27 ----A---- C:\WINDOWS\system32\svcpack.dll
2008-11-10 21:46:27 ----A---- C:\WINDOWS\system32\svchost.exe
2008-11-10 21:46:26 ----A---- C:\WINDOWS\system32\subst.exe
2008-11-10 21:46:26 ----A---- C:\WINDOWS\system32\storage.dll
2008-11-10 21:46:26 ----A---- C:\WINDOWS\system32\stimon.exe
2008-11-10 21:46:26 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-10 21:46:25 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-11-10 21:46:25 ----A---- C:\WINDOWS\system32\sqlwoa.dll
2008-11-10 21:46:25 ----A---- C:\WINDOWS\system32\sqlwid.dll
2008-11-10 21:46:25 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2008-11-10 21:46:24 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-10 21:46:24 ----A---- C:\WINDOWS\system32\sprestrt.exe
2008-11-10 21:46:24 ----A---- C:\WINDOWS\system32\spoolsv.exe
2008-11-10 21:46:23 ----A---- C:\WINDOWS\system32\sort.exe
2008-11-10 21:46:23 ----A---- C:\WINDOWS\system32\sol.exe
2008-11-10 21:46:23 ----A---- C:\WINDOWS\system32\softpub.dll
2008-11-10 21:46:23 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2008-11-10 21:46:23 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-11-10 21:46:22 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-10 21:46:22 ----A---- C:\WINDOWS\system32\smss.exe
2008-11-10 21:46:22 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2008-11-10 21:46:22 ----A---- C:\WINDOWS\system32\slbiop.dll
2008-11-10 21:46:22 ----A---- C:\WINDOWS\system32\slbcsp.dll
2008-11-10 21:46:22 ----A---- C:\WINDOWS\system32\skdll.dll
2008-11-10 21:46:21 ----A---- C:\WINDOWS\system32\sisbkup.dll
2008-11-10 21:46:21 ----A---- C:\WINDOWS\system32\shutdown.exe
2008-11-10 21:46:21 ----A---- C:\WINDOWS\system32\shscrap.dll
2008-11-10 21:46:21 ----A---- C:\WINDOWS\system32\shrpubw.exe
2008-11-10 21:46:21 ----A---- C:\WINDOWS\system32\shmedia.dll
2008-11-10 21:46:20 ----A---- C:\WINDOWS\system32\shell.dll
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\shdoclc.dll
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\share.exe
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\shadow.exe
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\sfmapi.dll
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\sfc.exe
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\sfc.dll
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\setver.exe
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\setupdll.dll
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\sethc.exe
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\serwvdrv.dll
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\services.msc
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\services.exe
2008-11-10 21:46:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\serialui.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\senscfg.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\sendmail.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\security.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\seclogon.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\sdpblb.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\scrrun.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\scrobj.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\scripto.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\scredir.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\schannel.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\scardssp.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\scarddlg.dll
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\sc.exe
2008-11-10 21:46:18 ----A---- C:\WINDOWS\system32\savedump.exe
2008-11-10 21:46:17 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-11-10 21:46:17 ----A---- C:\WINDOWS\system32\samlib.dll
2008-11-10 21:46:17 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\runas.exe
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rtutils.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rtm.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rsvpperf.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rsvpmsg.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rsvp.exe
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rsmui.exe
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rsmsink.exe
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rsmps.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rsm.exe
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rsh.exe
2008-11-10 21:46:16 ----A---- C:\WINDOWS\system32\rpcns4.dll
2008-11-10 21:46:15 ----A---- C:\WINDOWS\system32\routetab.dll
2008-11-10 21:46:15 ----A---- C:\WINDOWS\system32\routemon.exe
2008-11-10 21:46:15 ----A---- C:\WINDOWS\system32\route.exe
2008-11-10 21:46:15 ----A---- C:\WINDOWS\system32\rnr20.dll
2008-11-10 21:46:15 ----A---- C:\WINDOWS\system32\riched32.dll
2008-11-10 21:46:15 ----A---- C:\WINDOWS\system32\rexec.exe
2008-11-10 21:46:15 ----A---- C:\WINDOWS\system32\resutils.dll
2008-11-10 21:46:15 ----A---- C:\WINDOWS\system32\reset.exe
2008-11-10 21:46:15 ----A---- C:\WINDOWS\system32\replace.exe
2008-11-10 21:46:15 ----A---- C:\WINDOWS\system32\rend.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\regwizc.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\regwiz.exe
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\regsvr32.exe
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\regsvc.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\regini.exe
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\regedt32.exe
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\recover.exe
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rcp.exe
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rasser.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rasrad.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rasphone.exe
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rasmxs.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rasmontr.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rasman.dll
2008-11-10 21:46:14 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-11-10 21:46:13 ----A---- C:\WINDOWS\system32\rasdial.exe
2008-11-10 21:46:13 ----A---- C:\WINDOWS\system32\rasctrs.dll
2008-11-10 21:46:13 ----A---- C:\WINDOWS\system32\rasautou.exe
2008-11-10 21:46:13 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-11-10 21:46:13 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-11-10 21:46:13 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2008-11-10 21:46:13 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-10 21:46:13 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-11-10 21:46:13 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-10 21:46:13 ----A---- C:\WINDOWS\system32\qosname.dll
2008-11-10 21:46:12 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-11-10 21:46:12 ----A---- C:\WINDOWS\system32\pubprn.vbs
2008-11-10 21:46:12 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2008-11-10 21:46:12 ----A---- C:\WINDOWS\system32\pstorec.dll
2008-11-10 21:46:12 ----A---- C:\WINDOWS\system32\psnppagn.dll
2008-11-10 21:46:12 ----A---- C:\WINDOWS\system32\pschdprf.dll
2008-11-10 21:46:12 ----A---- C:\WINDOWS\system32\proquota.exe
2008-11-10 21:46:12 ----A---- C:\WINDOWS\system32\progman.exe
2008-11-10 21:46:11 ----A---- C:\WINDOWS\system32\profmap.dll
2008-11-10 21:46:11 ----A---- C:\WINDOWS\system32\printui.dll
2008-11-10 21:46:11 ----A---- C:\WINDOWS\system32\print.exe
2008-11-10 21:46:11 ----A---- C:\WINDOWS\system32\prflbmsg.dll
2008-11-10 21:46:11 ----A---- C:\WINDOWS\system32\powrprof.dll
2008-11-10 21:46:11 ----A---- C:\WINDOWS\system32\polstore.dll
2008-11-10 21:46:11 ----A---- C:\WINDOWS\system32\pmspl.dll
2008-11-10 21:46:11 ----A---- C:\WINDOWS\system32\plustab.dll
2008-11-10 21:46:11 ----A---- C:\WINDOWS\system32\ping6.exe
2008-11-10 21:46:10 ----A---- C:\WINDOWS\system32\pifmgr.dll
2008-11-10 21:46:10 ----A---- C:\WINDOWS\system32\photowiz.dll
2008-11-10 21:46:06 ----RA---- C:\WINDOWS\system32\perfmon.msc
2008-11-10 21:46:06 ----A---- C:\WINDOWS\system32\perfts.dll
2008-11-10 21:46:06 ----A---- C:\WINDOWS\system32\perfproc.dll
2008-11-10 21:46:06 ----A---- C:\WINDOWS\system32\perfos.dll
2008-11-10 21:46:06 ----A---- C:\WINDOWS\system32\perfnet.dll
2008-11-10 21:46:06 ----A---- C:\WINDOWS\system32\perfmon.exe
2008-11-10 21:46:06 ----A---- C:\WINDOWS\system32\perfdisk.dll
2008-11-10 21:46:06 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-11-10 21:46:06 ----A---- C:\WINDOWS\system32\pentnt.exe
2008-11-10 21:46:05 ----A---- C:\WINDOWS\system32\pathping.exe
2008-11-10 21:46:05 ----A---- C:\WINDOWS\system32\panmap.dll
2008-11-10 21:46:04 ----A---- C:\WINDOWS\system32\osuninst.exe
2008-11-10 21:46:04 ----A---- C:\WINDOWS\system32\osuninst.dll
2008-11-10 21:46:04 ----A---- C:\WINDOWS\system32\olethk32.dll
2008-11-10 21:46:04 ----A---- C:\WINDOWS\system32\olesvr32.dll
2008-11-10 21:46:04 ----A---- C:\WINDOWS\system32\olesvr.dll
2008-11-10 21:46:04 ----A---- C:\WINDOWS\system32\olepro32.dll
2008-11-10 21:46:04 ----A---- C:\WINDOWS\system32\oledlg.dll
2008-11-10 21:46:03 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-11-10 21:46:03 ----A---- C:\WINDOWS\system32\olecli32.dll
2008-11-10 21:46:03 ----A---- C:\WINDOWS\system32\olecli.dll
2008-11-10 21:46:03 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-11-10 21:46:03 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2008-11-10 21:46:03 ----A---- C:\WINDOWS\system32\oleacc.dll
2008-11-10 21:46:03 ----A---- C:\WINDOWS\system32\ole2nls.dll
2008-11-10 21:46:03 ----A---- C:\WINDOWS\system32\ole2disp.dll
2008-11-10 21:46:03 ----A---- C:\WINDOWS\system32\ole2.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\odtext32.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\odpdx32.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\odfox32.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\odexl32.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\oddbse32.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\odbcji32.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\odbcint.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\odbc16gt.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\ocmanage.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\occache.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\objsel.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-11-10 21:45:58 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2008-11-10 21:45:57 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-11-10 21:45:57 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-11-10 21:45:56 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-11-10 21:45:56 ----A---- C:\WINDOWS\system32\ntmsoprq.msc
2008-11-10 21:45:56 ----A---- C:\WINDOWS\system32\ntmsmgr.msc
2008-11-10 21:45:56 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2008-11-10 21:45:56 ----A---- C:\WINDOWS\system32\ntmsevt.dll
2008-11-10 21:45:56 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-11-10 21:45:56 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2008-11-10 21:45:56 ----A---- C:\WINDOWS\system32\ntlanui.dll
2008-11-10 21:45:55 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2008-11-10 21:45:53 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-11-10 21:45:53 ----A---- C:\WINDOWS\system32\notepad.exe
2008-11-10 21:45:53 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-11-10 21:45:53 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2008-11-10 21:45:53 ----A---- C:\WINDOWS\notepad.exe
2008-11-10 21:45:51 ----A---- C:\WINDOWS\system32\netui2.dll
2008-11-10 21:45:51 ----A---- C:\WINDOWS\system32\netui1.dll
2008-11-10 21:45:51 ----A---- C:\WINDOWS\system32\netui0.dll
2008-11-10 21:45:51 ----A---- C:\WINDOWS\system32\netstat.exe
2008-11-10 21:45:51 ----A---- C:\WINDOWS\system32\netsh.exe
2008-11-10 21:45:51 ----A---- C:\WINDOWS\system32\netrap.dll
2008-11-10 21:45:51 ----A---- C:\WINDOWS\system32\netmsg.dll
2008-11-10 21:45:50 ----A---- C:\WINDOWS\system32\netid.dll
2008-11-10 21:45:50 ----A---- C:\WINDOWS\system32\neth.dll
2008-11-10 21:45:50 ----A---- C:\WINDOWS\system32\netevent.dll
2008-11-10 21:45:50 ----A---- C:\WINDOWS\system32\netapi.dll
2008-11-10 21:45:49 ----A---- C:\WINDOWS\system32\nddeapir.exe
2008-11-10 21:45:49 ----A---- C:\WINDOWS\system32\nddeapi.dll
2008-11-10 21:45:49 ----A---- C:\WINDOWS\system32\ncxpnt.dll
2008-11-10 21:45:49 ----A---- C:\WINDOWS\system32\nbtstat.exe
2008-11-10 21:45:49 ----A---- C:\WINDOWS\system32\narrhook.dll
2008-11-10 21:45:49 ----A---- C:\WINDOWS\system32\narrator.exe
2008-11-10 21:45:49 ----A---- C:\WINDOWS\system32\mydocs.dll
2008-11-10 21:45:49 ----A---- C:\WINDOWS\system32\mycomput.dll
2008-11-10 21:45:48 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-11-10 21:45:48 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-10 21:45:48 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-10 21:45:48 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\mtxclu.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\msxmlr.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\msxml3r.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\msxml2r.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\msxml.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\mswstr10.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\mswsock.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\mswmdm.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\mswdat10.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-11-10 21:45:47 ----A---- C:\WINDOWS\system32\msvideo.dll
2008-11-10 21:45:46 ----A---- C:\WINDOWS\system32\msvidc32.dll
2008-11-10 21:45:46 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2008-11-10 21:45:46 ----A---- C:\WINDOWS\system32\msvcrt20.dll
2008-11-10 21:45:46 ----A---- C:\WINDOWS\system32\msvcp50.dll
2008-11-10 21:45:46 ----A---- C:\WINDOWS\system32\msvcirt.dll
2008-11-10 21:45:46 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2008-11-10 21:45:46 ----A---- C:\WINDOWS\system32\msvbvm50.dll
2008-11-10 21:45:46 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-11-10 21:45:45 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2008-11-10 21:45:45 ----A---- C:\WINDOWS\system32\msswchx.exe
2008-11-10 21:45:45 ----A---- C:\WINDOWS\system32\msswch.dll
2008-11-10 21:45:45 ----A---- C:\WINDOWS\system32\mssip32.dll
2008-11-10 21:45:45 ----A---- C:\WINDOWS\system32\mssign32.dll
2008-11-10 21:45:45 ----A---- C:\WINDOWS\system32\msrecr40.dll
2008-11-10 21:45:45 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2008-11-10 21:45:45 ----A---- C:\WINDOWS\system32\msrclr40.dll
2008-11-10 21:45:44 ----A---- C:\WINDOWS\system32\msratelc.dll
2008-11-10 21:45:44 ----A---- C:\WINDOWS\system32\msr2cenu.dll
2008-11-10 21:45:44 ----A---- C:\WINDOWS\system32\msr2c.dll
2008-11-10 21:45:44 ----A---- C:\WINDOWS\system32\msprivs.dll
2008-11-10 21:45:44 ----A---- C:\WINDOWS\system32\msports.dll
2008-11-10 21:45:44 ----A---- C:\WINDOWS\system32\mspatcha.dll
2008-11-10 21:45:44 ----A---- C:\WINDOWS\system32\msorc32r.dll
2008-11-10 21:45:43 ----A---- C:\WINDOWS\system32\msobjs.dll
2008-11-10 21:45:42 ----A---- C:\WINDOWS\system32\msls31.dll
2008-11-10 21:45:42 ----A---- C:\WINDOWS\system32\msjter40.dll
2008-11-10 21:45:42 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-11-10 21:45:42 ----A---- C:\WINDOWS\system32\msisip.dll
2008-11-10 21:45:41 ----A---- C:\WINDOWS\system32\msimsg.dll
2008-11-10 21:45:41 ----A---- C:\WINDOWS\system32\msidntld.dll
2008-11-10 21:45:41 ----A---- C:\WINDOWS\system32\msidle.dll
2008-11-10 21:45:41 ----A---- C:\WINDOWS\system32\msident.dll
2008-11-10 21:45:40 ----A---- C:\WINDOWS\system32\mshta.exe
2008-11-10 21:45:40 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-11-10 21:45:40 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-11-10 21:45:39 ----A---- C:\WINDOWS\system32\msgina.dll
2008-11-10 21:45:39 ----A---- C:\WINDOWS\system32\msg.exe
2008-11-10 21:45:39 ----A---- C:\WINDOWS\system32\msencode.dll
2008-11-10 21:45:39 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-10 21:45:39 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-10 21:45:39 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-10 21:45:39 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-10 21:45:38 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2008-11-10 21:45:38 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2008-11-10 21:45:38 ----A---- C:\WINDOWS\system32\mscat32.dll
2008-11-10 21:45:38 ----A---- C:\WINDOWS\system32\msaudite.dll
2008-11-10 21:45:38 ----A---- C:\WINDOWS\system32\msasn1.dll
2008-11-10 21:45:38 ----A---- C:\WINDOWS\system32\msapsspc.dll
2008-11-10 21:45:38 ----A---- C:\WINDOWS\system32\msafd.dll
2008-11-10 21:45:37 ----A---- C:\WINDOWS\system32\msacm32.dll
2008-11-10 21:45:37 ----A---- C:\WINDOWS\system32\msacm.dll
2008-11-10 21:45:37 ----A---- C:\WINDOWS\system32\msaatext.dll
2008-11-10 21:45:36 ----A---- C:\WINDOWS\system32\mrinfo.exe
2008-11-10 21:45:36 ----A---- C:\WINDOWS\system32\mprui.dll
2008-11-10 21:45:36 ----A---- C:\WINDOWS\system32\mprmsg.dll
2008-11-10 21:45:36 ----A---- C:\WINDOWS\system32\mprdim.dll
2008-11-10 21:45:36 ----A---- C:\WINDOWS\system32\mprddm.dll
2008-11-10 21:45:36 ----A---- C:\WINDOWS\system32\mprapi.dll
2008-11-10 21:45:36 ----A---- C:\WINDOWS\system32\mpr.dll
2008-11-10 21:45:36 ----A---- C:\WINDOWS\system32\mpnotify.exe
2008-11-10 21:45:35 ----A---- C:\WINDOWS\system32\mountvol.exe
2008-11-10 21:45:35 ----A---- C:\WINDOWS\system32\more.com
2008-11-10 21:45:35 ----A---- C:\WINDOWS\system32\modex.dll
2008-11-10 21:45:35 ----A---- C:\WINDOWS\system32\modemui.dll
2008-11-10 21:45:34 ----A---- C:\WINDOWS\system32\mode.com
2008-11-10 21:45:34 ----A---- C:\WINDOWS\system32\mobsync.exe
2008-11-10 21:45:34 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-10 21:45:34 ----A---- C:\WINDOWS\system32\mmutilse.dll
2008-11-10 21:45:34 ----A---- C:\WINDOWS\system32\mmsystem.dll
2008-11-10 21:45:34 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-10 21:45:34 ----A---- C:\WINDOWS\system32\mmdrv.dll
2008-11-10 21:45:34 ----A---- C:\WINDOWS\system32\mmcshext.dll
2008-11-10 21:45:34 ----A---- C:\WINDOWS\system32\mmcbase.dll
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\mmc.exe
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\mll_qic.dll
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\mll_mtf.dll
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\mll_hp.dll
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\mlang.dll
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\mimefilt.dll
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\migpwd.exe
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\miglibnt.dll
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\midimap.dll
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-11-10 21:45:33 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2008-11-10 21:45:32 ----A---- C:\WINDOWS\system32\mfc42u.dll
2008-11-10 21:45:32 ----A---- C:\WINDOWS\system32\mfc42.dll
2008-11-10 21:45:32 ----A---- C:\WINDOWS\system32\mfc40u.dll
2008-11-10 21:45:32 ----A---- C:\WINDOWS\system32\mfc40.dll
2008-11-10 21:45:32 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-11-10 21:45:31 ----A---- C:\WINDOWS\system32\mem.exe
2008-11-10 21:45:30 ----A---- C:\WINDOWS\system32\mdminst.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mdhcp.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mciwave.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mciseq.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mciole32.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mciole16.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mcicda.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mciavi32.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mchgrcoi.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mcdsrv32.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mcd32.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mcastmib.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mapistub.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\makecab.exe
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\magnify.exe
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\mag_hook.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\lzexpand.dll
2008-11-10 21:45:29 ----A---- C:\WINDOWS\system32\lz32.dll
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\lusrmgr.msc
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\lsass.exe
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\lprmonui.dll
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\lprhelp.dll
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\lpr.exe
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\lpq.exe
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\lpk.dll
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\logoff.exe
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\loghours.dll
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\lodctr.exe
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\locator.exe
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\localspl.dll
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\localsec.dll
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\loadperf.dll
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\loadfix.com
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\lnkstub.exe
2008-11-10 21:45:28 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-11-10 21:45:27 ----A---- C:\WINDOWS\system32\linkinfo.dll
2008-11-10 21:45:27 ----A---- C:\WINDOWS\system32\lights.exe
2008-11-10 21:45:27 ----A---- C:\WINDOWS\system32\langwrbk.dll
2008-11-10 21:45:27 ----A---- C:\WINDOWS\system32\label.exe
2008-11-10 21:45:27 ----A---- C:\WINDOWS\system32\krnl386.exe
2008-11-10 21:45:27 ----A---- C:\WINDOWS\system32\keymgr.dll
2008-11-10 21:45:26 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-11-10 21:45:26 ----A---- C:\WINDOWS\system32\kdcom.dll
2008-11-10 21:45:26 ----A---- C:\WINDOWS\system32\kbdmac.dll
2008-11-10 21:45:26 ----A---- C:\WINDOWS\system32\kbdfo.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\kbdcan.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\kbdbene.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\kb16.com
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\jscript.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\jobexec.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\jgsh400.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\jgsd400.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\jgpl400.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\jgmd400.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\jgdw400.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\jgaw400.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\jet500.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-10 21:45:25 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ir50_32.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ir32_32.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipxwan.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipxsap.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipxroute.exe
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipxrip.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipxpromn.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipxmontr.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipsec6.exe
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\iprtprio.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\iprop.dll
2008-11-10 21:45:24 ----A---- C:\WINDOWS\system32\ipmontr.dll
2008-11-10 21:45:23 ----A---- C:\WINDOWS\system32\iologmsg.dll
2008-11-10 21:45:23 ----A---- C:\WINDOWS\system32\initpki.dll
2008-11-10 21:45:23 ----A---- C:\WINDOWS\system32\infosoft.dll
2008-11-10 21:45:23 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-10 21:45:23 ----A---- C:\WINDOWS\system32\inetppui.dll
2008-11-10 21:45:23 ----A---- C:\WINDOWS\system32\inetpp.dll
2008-11-10 21:45:23 ----A---- C:\WINDOWS\system32\inetmib1.dll
2008-11-10 21:45:23 ----A---- C:\WINDOWS\system32\inetcplc.dll
2008-11-10 21:45:22 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-10 21:45:22 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2008-11-10 21:45:22 ----A---- C:\WINDOWS\system32\ifsutil.dll
2008-11-10 21:45:22 ----A---- C:\WINDOWS\system32\ifmon.dll
2008-11-10 21:45:22 ----A---- C:\WINDOWS\system32\iexpress.exe
2008-11-10 21:45:22 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\icmui.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\icmp.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iccvid.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iassvcs.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iassdo.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iassam.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iasrecst.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iasrad.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iaspolcy.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iasnap.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iashlpr.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iasads.dll
2008-11-10 21:45:21 ----A---- C:\WINDOWS\system32\iasacct.dll
2008-11-10 21:45:20 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-11-10 21:45:20 ----A---- C:\WINDOWS\system32\htui.dll
2008-11-10 21:45:20 ----A---- C:\WINDOWS\system32\hticons.dll
2008-11-10 21:45:20 ----A---- C:\WINDOWS\system32\hotplug.dll
2008-11-10 21:45:20 ----A---- C:\WINDOWS\system32\hostname.exe
2008-11-10 21:45:20 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2008-11-10 21:45:20 ----A---- C:\WINDOWS\system32\hnetmon.dll
2008-11-10 21:45:19 ----A---- C:\WINDOWS\system32\hlink.dll
2008-11-10 21:45:18 ----A---- C:\WINDOWS\system32\help.exe
2008-11-10 21:45:18 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-11-10 21:45:17 ----A---- C:\WINDOWS\system32\grpconv.exe
2008-11-10 21:45:17 ----A---- C:\WINDOWS\system32\graphics.com
2008-11-10 21:45:17 ----A---- C:\WINDOWS\system32\graftabl.com
2008-11-10 21:45:17 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2008-11-10 21:45:17 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2008-11-10 21:45:16 ----A---- C:\WINDOWS\system32\glu32.dll
2008-11-10 21:45:16 ----A---- C:\WINDOWS\system32\glmf32.dll
2008-11-10 21:45:15 ----A---- C:\WINDOWS\system32\getuname.dll
2008-11-10 21:45:15 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-11-10 21:45:15 ----A---- C:\WINDOWS\system32\gdi.exe
2008-11-10 21:45:15 ----A---- C:\WINDOWS\system32\fxssend.exe
2008-11-10 21:45:15 ----A---- C:\WINDOWS\system32\fxsroute.dll
2008-11-10 21:45:15 ----A---- C:\WINDOWS\system32\fxsmon.dll
2008-11-10 21:45:15 ----A---- C:\WINDOWS\system32\fxsevent.dll
2008-11-10 21:45:15 ----A---- C:\WINDOWS\system32\fxscom.dll
2008-11-10 21:45:15 ----A---- C:\WINDOWS\system32\fxsclntR.dll
2008-11-10 21:45:15 ----A---- C:\WINDOWS\system32\fxscfgwz.dll
2008-11-10 21:45:14 ----A---- C:\WINDOWS\system32\ftsrch.dll
2008-11-10 21:45:14 ----A---- C:\WINDOWS\system32\ftp.exe
2008-11-10 21:45:14 ----A---- C:\WINDOWS\system32\fsutil.exe
2008-11-10 21:45:14 ----A---- C:\WINDOWS\system32\fsusd.dll
2008-11-10 21:45:14 ----A---- C:\WINDOWS\system32\fsmgmt.msc
2008-11-10 21:45:14 ----A---- C:\WINDOWS\system32\freecell.exe
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\format.com
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\fontsub.dll
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\fontext.dll
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\fmifs.dll
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\fixmapi.exe
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\finger.exe
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\findstr.exe
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\find.exe
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\filemgmt.dll
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\feclient.dll
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\fc.exe
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\fastopen.exe
2008-11-10 21:45:13 ----A---- C:\WINDOWS\system32\extrac32.exe
2008-11-10 21:45:12 ----A---- C:\WINDOWS\system32\exe2bin.exe
2008-11-10 21:45:12 ----A---- C:\WINDOWS\system32\eventvwr.msc
2008-11-10 21:45:12 ----A---- C:\WINDOWS\system32\eventvwr.exe
2008-11-10 21:45:12 ----A---- C:\WINDOWS\system32\eventcls.dll
2008-11-10 21:45:12 ----A---- C:\WINDOWS\system32\esentutl.exe
2008-11-10 21:45:12 ----A---- C:\WINDOWS\system32\esentprf.dll
2008-11-10 21:45:11 ----A---- C:\WINDOWS\system32\esent97.dll
2008-11-10 21:45:11 ----A---- C:\WINDOWS\system32\esent.dll
2008-11-10 21:45:11 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-11-10 21:45:11 ----A---- C:\WINDOWS\system32\edlin.exe
2008-11-10 21:45:11 ----A---- C:\WINDOWS\system32\edit.com
2008-11-10 21:45:09 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2008-11-10 21:45:09 ----A---- C:\WINDOWS\system32\dsuiext.dll
2008-11-10 21:45:09 ----A---- C:\WINDOWS\system32\dssec.dll
2008-11-10 21:45:09 ----A---- C:\WINDOWS\system32\dsound(2).dll
2008-11-10 21:45:09 ----A---- C:\WINDOWS\system32\dskquoui.dll
2008-11-10 21:45:09 ----A---- C:\WINDOWS\system32\dskquota.dll
2008-11-10 21:45:09 ----A---- C:\WINDOWS\system32\dsauth.dll
2008-11-10 21:45:09 ----A---- C:\WINDOWS\system32\ds16gt.dLL
2008-11-10 21:45:09 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2008-11-10 21:45:09 ----A---- C:\WINDOWS\system32\drwatson.exe
2008-11-10 21:45:08 ----A---- C:\WINDOWS\system32\drprov.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dpwsock.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dpserial.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dplay.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dosx.exe
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\doskey.exe
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\docprop.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dmserver.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dmremote.exe
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dmocx.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dmintf.dll
2008-11-10 21:44:42 ----A---- C:\WINDOWS\system32\dmdskres.dll
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\dmconfig.dll
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\dmadmin.exe
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\dllhost.exe
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\dispex.dll
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\diskperf.exe
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\diskpart.exe
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\diskcopy.dll
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\diskcopy.com
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\diskcomp.com
2008-11-10 21:44:41 ----A---- C:\WINDOWS\system32\diantz.exe
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\dfrgres.dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\dfrg.msc
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\devmgmt.msc
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\deskperf.dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\deskmon.dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\deskadp.dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\debug.exe
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\ddraw(2).dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\ddeshare.exe
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\ddeml.dll
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-10 21:44:40 ----A---- C:\WINDOWS\system32\dciman32.dll
2008-11-10 21:44:39 ----A---- C:\WINDOWS\system32\davclnt.dll
2008-11-10 21:44:39 ----A---- C:\WINDOWS\system32\datime.dll
2008-11-10 21:44:39 ----A---- C:\WINDOWS\system32\dataclen.dll
2008-11-10 21:44:37 ----RA---- C:\WINDOWS\system32\ctl3dv2.dll
2008-11-10 21:44:37 ----A---- C:\WINDOWS\system32\ctl3d32.dll
2008-11-10 21:44:37 ----A---- C:\WINDOWS\system32\csseqchk.dll
2008-11-10 21:44:37 ----A---- C:\WINDOWS\system32\csrss.exe
2008-11-10 21:44:37 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-11-10 21:44:37 ----A---- C:\WINDOWS\system32\cscript.exe
2008-11-10 21:44:37 ----A---- C:\WINDOWS\system32\cscdll.dll
2008-11-10 21:44:37 ----A---- C:\WINDOWS\system32\cryptnet.dll
2008-11-10 21:44:37 ----A---- C:\WINDOWS\system32\cryptext.dll
2008-11-10 21:44:37 ----A---- C:\WINDOWS\system32\cryptdll.dll
2008-11-10 21:44:37 ----A---- C:\WINDOWS\system32\crtdll.dll
2008-11-10 21:44:36 ----A---- C:\WINDOWS\system32\corpol.dll
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\convert.exe
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\control.exe
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\console.dll
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\confmsp.dll
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\comres.dll
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\compstui.dll
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\compobj.dll
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\compmgmt.msc
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\compact.exe
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\comp.exe
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\commdlg.dll
2008-11-10 21:44:35 ----A---- C:\WINDOWS\system32\command.com
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\comcat.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\colbact.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cnvfat.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cnetcfg.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cmutil.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cmstp.exe
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cmpbk32.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cmmon32.exe
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cmd.exe
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\clipsrv.exe
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cliconfg.exe
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cliconfg.dll
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2008-11-10 21:44:34 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\clb.dll
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\ckcnv.exe
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\cisvc.exe
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\cidaemon.exe
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\cic.dll
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\ciadv.msc
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\ciadmin.dll
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\chkntfs.exe
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\chkdsk.exe
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\chcp.com
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\charmap.exe
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2008-11-10 21:44:33 ----A---- C:\WINDOWS\system32\certmgr.msc
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\certmgr.dll
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\cdosys.dll
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\ccfgnt.dll
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\cards.dll
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\capesnpn.dll
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\camocx.dll
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\calc.exe
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\cacls.exe
2008-11-10 21:44:32 ----A---- C:\WINDOWS\system32\cabview.dll
2008-11-10 21:44:31 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2008-11-10 21:44:31 ----A---- C:\WINDOWS\system32\bootvid.dll
2008-11-10 21:44:31 ----A---- C:\WINDOWS\system32\bootok.exe
2008-11-10 21:44:30 ----A---- C:\WINDOWS\system32\blackbox.dll
2008-11-10 21:44:30 ----A---- C:\WINDOWS\system32\bidispl.dll
2008-11-10 21:44:30 ----A---- C:\WINDOWS\system32\batmeter.dll
2008-11-10 21:44:30 ----A---- C:\WINDOWS\system32\basesrv.dll
2008-11-10 21:44:30 ----A---- C:\WINDOWS\system32\avwav.dll
2008-11-10 21:44:30 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-11-10 21:44:30 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-11-10 21:44:30 ----A---- C:\WINDOWS\system32\avifile.dll
2008-11-10 21:44:30 ----A---- C:\WINDOWS\system32\avicap32.dll
2008-11-10 21:44:30 ----A---- C:\WINDOWS\system32\avicap.dll
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\autodisc.dll
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\authz.dll
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\attrib.exe
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\atrace.dll
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\atmpvcno.dll
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\atmlib.dll
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\atmfd.dll
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\atmadm.exe
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\atkctrs.dll
2008-11-10 21:44:29 ----A---- C:\WINDOWS\system32\asycfilt.dll
2008-11-10 21:44:27 ----A---- C:\WINDOWS\system32\arp.exe
2008-11-10 21:44:27 ----A---- C:\WINDOWS\system32\append.exe
2008-11-10 21:44:27 ----A---- C:\WINDOWS\system32\apcups.dll
2008-11-10 21:44:27 ----A---- C:\WINDOWS\system32\alrsvc.dll
2008-11-10 21:44:26 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-11-10 21:44:26 ----A---- C:\WINDOWS\system32\adptif.dll
2008-11-10 21:44:26 ----A---- C:\WINDOWS\system32\admparse.dll
2008-11-10 21:44:26 ----A---- C:\WINDOWS\system32\actxprxy.dll
2008-11-10 21:44:26 ----A---- C:\WINDOWS\system32\actmovie.exe
2008-11-10 21:44:26 ----A---- C:\WINDOWS\system32\activeds.dll
2008-11-10 21:44:25 ----D---- C:\i386
2008-11-10 21:44:25 ----A---- C:\WINDOWS\system32\aclui.dll
2008-11-10 21:44:25 ----A---- C:\WINDOWS\system32\acledit.dll
2008-11-10 21:44:25 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-10 21:44:25 ----A---- C:\WINDOWS\system32\acctres.dll
2008-11-10 21:44:25 ----A---- C:\WINDOWS\system32\aaaamon.dll
2008-10-28 19:23:22 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-10-28 19:22:02 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-28 19:11:35 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2008-10-28 19:11:21 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2008-10-28 19:11:12 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2008-10-28 19:11:03 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2008-10-28 19:10:59 ----A---- C:\WINDOWS\system32\atioglxx.dll
2008-10-28 19:09:10 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2008-10-28 19:07:44 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2008-10-28 18:57:58 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-10-28 18:49:31 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-10-28 18:41:13 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-28 18:25:31 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2008-10-28 18:21:21 ----A---- C:\WINDOWS\system32\atikvmag.dll
2008-10-28 18:19:50 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2008-10-28 18:19:40 ----A---- C:\WINDOWS\system32\atitvo32.dll
2008-10-28 18:18:30 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2008-10-28 18:12:51 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-21 10:51:43 ----A---- C:\WINDOWS\system32\atibrtmon.exe

======List of files/folders modified in the last 1 months======

2008-11-18 18:44:56 ----D---- C:\WINDOWS\Temp
2008-11-18 18:25:37 ----D---- C:\WINDOWS\system32
2008-11-18 18:23:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-16 16:59:47 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-16 10:32:32 ----D---- C:\WINDOWS
2008-11-16 01:08:34 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-16 01:08:30 ----SHD---- C:\WINDOWS\Installer
2008-11-15 12:50:10 ----D---- C:\WINDOWS\system32\drivers
2008-11-15 12:48:45 ----D---- C:\WINDOWS\inf
2008-11-15 12:31:53 ----D---- C:\WINDOWS\Web
2008-11-15 11:49:01 ----D---- C:\Program Files\Internet Explorer
2008-11-15 11:44:34 ----D---- C:\WINDOWS\WinSxS
2008-11-15 11:44:06 ----D---- C:\Program Files\Messenger
2008-11-15 11:36:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-15 11:34:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-15 11:33:24 ----D---- C:\WINDOWS\Fonts
2008-11-15 11:32:46 ----D---- C:\WINDOWS\system32\spool
2008-11-15 00:05:11 ----SD---- C:\WINDOWS\Tasks
2008-11-14 15:33:05 ----D---- C:\Program Files\Common Files
2008-11-14 01:25:25 ----D---- C:\WINDOWS\Debug
2008-11-14 01:15:44 ----A---- C:\WINDOWS\wininit.ini
2008-11-14 00:58:10 ----D---- C:\WINDOWS\Help
2008-11-14 00:55:33 ----D---- C:\WINDOWS\Media
2008-11-13 23:55:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-13 23:47:50 ----D---- C:\WINDOWS\msagent
2008-11-13 23:42:29 ----D---- C:\Program Files\Windows Media Player
2008-11-13 23:39:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-13 23:37:23 ----D---- C:\WINDOWS\system32\config
2008-11-13 23:34:45 ----D---- C:\WINDOWS\system32\wbem
2008-11-13 23:33:52 ----D---- C:\WINDOWS\AppPatch
2008-11-13 23:31:30 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-13 23:27:46 ----RASH---- C:\boot.ini
2008-11-13 23:27:43 ----A---- C:\WINDOWS\win.ini
2008-11-13 23:27:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-13 23:26:31 ----D---- C:\WINDOWS\security
2008-11-13 23:25:58 ----AD---- C:\WINDOWS\system32\oobe
2008-11-13 23:25:55 ----D---- C:\WINDOWS\system32\Setup
2008-11-13 23:25:55 ----D---- C:\WINDOWS\system32\mui
2008-11-13 23:25:54 ----D---- C:\WINDOWS\ime
2008-11-13 23:25:32 ----D---- C:\Program Files\Movie Maker
2008-11-13 23:22:12 ----D---- C:\WINDOWS\system32\Restore
2008-11-13 23:22:12 ----D---- C:\WINDOWS\system32\npp
2008-11-13 23:22:10 ----D---- C:\WINDOWS\srchasst
2008-11-13 23:22:08 ----D---- C:\Program Files\NetMeeting
2008-11-13 23:22:07 ----D---- C:\WINDOWS\system32\Com
2008-11-13 23:22:04 ----D---- C:\Program Files\Windows NT
2008-11-13 23:22:03 ----D---- C:\Program Files\Outlook Express
2008-11-13 23:21:57 ----D---- C:\Program Files\Common Files\System
2008-11-13 23:21:42 ----D---- C:\WINDOWS\system32\usmt
2008-11-13 23:21:40 ----D---- C:\WINDOWS\system
2008-11-13 23:19:43 ----RASH---- C:\NTDETECT.COM
2008-11-13 22:57:47 ----D---- C:\WINDOWS\Registration
2008-11-13 22:55:19 ----D---- C:\WINDOWS\PCHEALTH
2008-11-13 22:02:25 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-13 21:39:01 ----HD---- C:\Program Files\WindowsUpdate
2008-11-13 19:31:25 ----D---- C:\WINDOWS\wt
2008-11-13 19:31:21 ----D---- C:\Program Files\WildTangent
2008-11-13 19:11:22 ----N---- C:\WINDOWS\system32\VXBLOCK.dll
2008-11-13 19:11:22 ----N---- C:\WINDOWS\system32\pxwma.dll
2008-11-13 19:11:22 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-11-13 19:11:22 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-11-13 19:11:22 ----N---- C:\WINDOWS\system32\px.dll
2008-11-12 23:33:55 ----D---- C:\Compaq
2008-11-12 00:24:55 ----A---- C:\WINDOWS\QUICKEN.INI
2008-11-12 00:19:44 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-11 01:54:57 ----A---- C:\WINDOWS\orun32.ini
2008-11-11 01:54:43 ----D---- C:\Documents and Settings
2008-11-10 22:42:08 ----A---- C:\WINDOWS\system.ini
2008-11-10 22:18:04 ----HD---- C:\hp
2008-11-10 22:13:57 ----D---- C:\WINDOWS\SMINST
2008-10-28 19:10:45 ----A---- C:\WINDOWS\system32\ati2evxx.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-13 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-13 26824]
R1 EAWDMFD;EAWDMFD; C:\WINDOWS\System32\DRIVERS\eawdmfd.sys [1999-10-29 24348]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-06-19 5589]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-06-19 22995]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-13 76040]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-06-06 40368]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-07-16 23701]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-07-16 34805]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-07-16 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-07-16 2201]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-07-16 54900]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-07-16 14421]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-07-16 6325]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-07-16 91156]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-07-16 95125]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-10-28 3341824]
R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-10 22608]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-05-22 90336]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-05-22 69504]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-05-22 78045]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-13 155008]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-10-28 585728]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-13 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-13 231704]
R2 PackethSvc;Virtual NIC Service; C:\WINDOWS\System32\PackethSvc.exe [2001-08-09 64512]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-12-12 516096]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S2 Compaq_RBA;Compaq Advisor; C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe [2002-05-17 262144]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

mvfisher

2008-11-19, 03:02

info.txt logfile of random's system information tool 1.04 2008-11-18 18:45:04

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\S3\P4M266\P4M266.isu"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
America Online-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Coloreal-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}\Setup.exe"
Compaq Advisor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}\Setup.exe" UNINSTALL
CompuServe 2000-->C:\Program Files\Common Files\csshare\csunins_us.exe
Curse Client-->C:\Program Files\Curse\uninstall.exe
DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Easy Access Button Support-->C:\Program Files\COMPAQ\Easy Access Button Support\Uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Inactive HP Printer Drivers (Remove only)-->RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel(R) 845G Chipset Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
WildTangent Channel Manager-->C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\WINDOWS\DOWNLO~1\ymmapi.dll

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ATI Technologies\ATI Control Panel
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0602
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

mvfisher

2008-11-19, 03:03

Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 2

11/18/2008 6:22:34 PM
mbam-log-2008-11-18 (18-22-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 102398
Time elapsed: 1 hour(s), 0 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31e7c510-aecc-4bfc-8863-ed45b230b2f5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{31e7c510-aecc-4bfc-8863-ed45b230b2f5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{31e7c510-aecc-4bfc-8863-ed45b230b2f5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

peku006

2008-11-19, 09:19

Hi mvfisher

Click Start> Run> type in CMD tap enter key
Copy/Paste: ipconfig /flushdns
(If you are typing this in, note the space between the g /f
It needs to be there.)
Hit Enter.
Close the command box.

Configure TCP/IP to use DNS.
Go to Start > Control Panel, and choose Network Connections.
Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
Double-click on the Internet Protocol (TCP/IP) item.
Select the radio button that says "Obtain DNS servers automatically".
Click OK twice to get out of the properties screen and restart your computer.

Open Notepad.
Copy the text from the box to an empty file.
Save it as export.bat to your desktop.
Choose save as all types

regedit /e c:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
Close Notepad.

Locate Export.bat on your Desktop and double-click on it It will create a file called look.txt in C:\
Copy the entire text and past it to your reply here in this topic.

Thanks peku006

mvfisher

2008-11-21, 05:38

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"NV Hostname"="Fisher"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="Fisher"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000000
"DhcpNameServer"="85.255.112.104 85.255.112.203"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,31,00,46,00,35,00,35,00,39,00,\
39,00,39,00,2d,00,30,00,37,00,44,00,43,00,2d,00,34,00,41,00,43,00,36,00,2d,\
00,41,00,33,00,33,00,41,00,2d,00,46,00,39,00,46,00,31,00,36,00,42,00,42,00,\
41,00,34,00,42,00,41,00,35,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,44,\
00,38,00,44,00,38,00,45,00,42,00,39,00,2d,00,30,00,45,00,31,00,43,00,2d,00,\
34,00,38,00,33,00,32,00,2d,00,39,00,36,00,45,00,31,00,2d,00,38,00,32,00,32,\
00,38,00,30,00,31,00,43,00,45,00,46,00,45,00,31,00,32,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:99,59,f5,f1,dc,07,c6,4a,a3,3a,f9,f1,6b,ba,4b,a5,b9,8e,8d,7d,\
1c,0e,32,48,96,e1,82,28,01,ce,fe,12

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{31E7C510-AECC-4BFC-8863-ED45B230B2F5}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,33,00,31,00,45,00,37,00,43,00,35,00,\
31,00,30,00,2d,00,41,00,45,00,43,00,43,00,2d,00,34,00,42,00,46,00,43,00,2d,\
00,38,00,38,00,36,00,33,00,2d,00,45,00,44,00,34,00,35,00,42,00,32,00,33,00,\
30,00,42,00,32,00,46,00,35,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C56FF7D1-1FC2-48ED-BEC6-BF751262F1B5}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,43,00,35,00,36,00,46,00,46,00,37,00,\
44,00,31,00,2d,00,31,00,46,00,43,00,32,00,2d,00,34,00,38,00,45,00,44,00,2d,\
00,42,00,45,00,43,00,36,00,2d,00,42,00,46,00,37,00,35,00,31,00,32,00,36,00,\
32,00,46,00,31,00,42,00,35,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31E7C510-AECC-4BFC-8863-ED45B230B2F5}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="192.168.1.2"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.1.1"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:492610cd
"T1"=dword:4926b98d
"T2"=dword:49272fad
"LeaseTerminatesTime"=dword:4927624d
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"DhcpRetryTime"=dword:0000a8b5
"DhcpRetryStatus"=dword:00000000
"DhcpNameServer"="85.255.112.104 85.255.112.203"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7D8D8EB9-0E1C-4832-96E1-822801CEFE12}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C56FF7D1-1FC2-48ED-BEC6-BF751262F1B5}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):31,00,35,00,32,00,2e,00,31,00,36,00,33,00,2e,00,30,00,2e,00,\
30,00,00,00,00,00
"SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,\
00,35,00,2e,00,32,00,35,00,35,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="169.254.101.152"
"DhcpSubnetMask"="255.255.0.0"
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:3d49b28e
"T1"=dword:3d49b28e
"T2"=dword:3d49b28e
"LeaseTerminatesTime"=dword:7fffffff
"IPAutoconfigurationAddress"="169.254.101.152"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1F55999-07DC-4AC6-A33A-F9F16BBA4BA5}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

peku006

2008-11-21, 10:44

Hi mvfisher

Please reset your router

next...

Please update mbam, run full scan with it and post back its report.

Thanks peku006

mvfisher

2008-11-25, 06:04

Malwarebytes' Anti-Malware 1.30
Database version: 1421
Windows 5.1.2600 Service Pack 2

11/24/2008 10:02:55 PM
mbam-log-2008-11-24 (22-02-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 104879
Time elapsed: 1 hour(s), 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31e7c510-aecc-4bfc-8863-ed45b230b2f5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{31e7c510-aecc-4bfc-8863-ed45b230b2f5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{31e7c510-aecc-4bfc-8863-ed45b230b2f5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104 85.255.112.203 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

peku006

2008-11-25, 19:24

Hi mvfisher

Blacklight
Download F-Secure Blacklight (ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe) to the root of your drive (usually C:\).
Click Start > Run and copy & paste the following:

\fsbl /expert
Then click OK
Click I accept the agreement, then Scan to start the scan
After the scan has finished, EXIT Blacklight. Do not choose to rename any items, because legitimate items might be present!
Post the fsbl-xxxxxxx.log logfile that was made (can be found in the same directory as Blacklight). xxxxxxx are numbers representing the current date.

Thanks peku006

mvfisher

2008-11-27, 01:45

11/26/08 17:41:08 [Info]: BlackLight Engine 2.2.1092 initialized
11/26/08 17:41:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/26/08 17:41:08 [Note]: 7019 4
11/26/08 17:41:08 [Note]: 7005 0
11/26/08 17:41:11 [Note]: 7006 0
11/26/08 17:41:11 [Note]: 7022 0
11/26/08 17:41:11 [Note]: 7011 1852
11/26/08 17:41:11 [Note]: 7035 0
11/26/08 17:41:11 [Note]: 7026 0
11/26/08 17:41:11 [Note]: 7026 0
11/26/08 17:41:11 [Note]: FSRAW library version 1.7.1024
11/26/08 17:41:29 [Note]: 4013 45026
11/26/08 17:41:29 [Note]: 4020 21721 262144
11/26/08 17:41:29 [Note]: 4018 21721 262144
11/26/08 17:41:29 [Note]: 4013 45026
11/26/08 17:41:29 [Note]: 4020 21721 262144
11/26/08 17:41:29 [Note]: 4018 21721 262144
11/26/08 17:44:09 [Note]: 7007 0

peku006

2008-11-27, 08:30

Hi mvfisher

this sounds like a case of Zlob/DNSchanger that change the router's DNS settings.

if there are other Zlob-infected machines using the same router, they will need to be cleared with the below steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings.

let's proceed like this and in the numbered order.

1. Next disconnect your system from the internet, and your router, then…

2. Click Start> Run> type in CMD tap enter key
Copy/Paste: ipconfig /flushdns
If you are typing this in, note the space between the g /f
It needs to be there.

3. Malwarebytes' Anti-Malware
Please do a scan using these settins:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected

4. Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fwww.phenoelit-us.org%2Fdpl%2Fdpl.html)

5. Malwarebytes' Anti-Malware
Please do a scan using these settins:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

Thanks peku006

peku006

2008-11-30, 17:34

Hello!

Do you still need help

It has been three days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!

tashi

2008-12-04, 23:52

mvfisher, this topic has been archived due to inactivity.

As it has been five days or more since your last post, and your helper posted a response to which you did not reply, this topic has been archived and will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.

Thank you peku006.