View Full Version : Constant browser redirection from searches
TynoPrime
2009-06-19, 17:38
Hi guys, essentially my problem is this; Whenever I do a search (I'm using Firefox, not sure if it happens in IE) the results are displayed fine, however when clicking any link I get redirected to an ad. I can go back to the search and click it again and doing this three or four times gets me to the page I want, although this is very annoying. I can type addresses (or copy/paste from google) and they work fine, so it's only searches that are effected. I've read a few previous topics on this, and tried a few fixes but didn't want to tamper with the reg. (DNS settings are on automatic so it's not that)
Here's my HJT log, and thanks for any help.
Regards
Gordon
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:33:57, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21045)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
F:\Utilities\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
F:\Utilities\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\UserXP\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - F:\Utilities\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Utilities\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cognac] C:\WINDOWS\TEMP\b.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - F:\Utilities\BitDefender\BitDefender 2009\vsserv.exe
--
Dakeyras
2009-06-20, 22:40
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hi TynoPrime and welcome to Safer Networking :)
I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Next:
Note: If you already have Smitfraudfix, please delete this copy and download it again as it's being updated regularly.
Please download SmitFraudFix.exe (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) by S!Ri and save it to the desktop.
If you can't download it, please download it from these alternative sites:
From GeekstoGo (http://siri.geekstogo.com/SmitfraudFix.exe)
From Security Cadets (http://downloads.securitycadets.com/SmitfraudFix.exe)
From Zebulon (http://telechargement.zebulon.fr/259-smitfraudfix.html)
Double click on SmitfraudFix.exe.
Press 1 then hit the Enter key.
It will create a report named rapport.txt, usually at C drive.
Please post back this log in your next reply.
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Read more here (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
Scan with RSIT:
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.Make sure that RSIT.exe is on the your Desktop before running the application!
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any further symptoms and or problems encountered?
rapport.txt
Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
TynoPrime
2009-06-21, 04:11
Hi Dakeyras, firstly thanks for the reply. I've encountered no new symptoms, still the same problem and only happens on searches.
Here's the rapport.txt
SmitFraudFix v2.422
Scan done at 12:47:29.04, 01/06/2009
Run from C:\Documents and Settings\UserXP\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
F:\Utilities\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
F:\Utilities\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\UserXP\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\msxml71.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\UserXP
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UserXP\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\UserXP\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UserXP\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9EDFEE40-79D3-44FB-82FA-B421995C01FB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9EDFEE40-79D3-44FB-82FA-B421995C01FB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9EDFEE40-79D3-44FB-82FA-B421995C01FB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
TynoPrime
2009-06-21, 04:15
Here's the log.txt from RIST. It was too long to fit in one post, so it's split into two.
Logfile of random's system information tool 1.06 (written by random/random)
Run by UserXP at 2009-06-01 12:50:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (11%) free of 15 GB
Total RAM: 1526 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:35, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21045)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
F:\Utilities\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
F:\Utilities\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\UserXP\Desktop\SmitfraudFix\Policies.exe
C:\Documents and Settings\UserXP\Desktop\RSIT.exe
C:\Documents and Settings\UserXP\Desktop\UserXP.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - F:\Utilities\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Utilities\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cognac] C:\WINDOWS\TEMP\b.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - F:\Utilities\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 4799 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\WGASetup.job
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
XML Class - C:\WINDOWS\system32\msxml71.dll [2005-06-01 207364]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - F:\Utilities\BitDefender\BitDefender 2009\IEToolbar.dll [2009-06-08 95536]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-04-14 344064]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-01-20 3080192]
"iTunesHelper"=F:\Utilities\iTunes\iTunesHelper.exe [2009-05-30 292136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\19336094]
C:\Documents and Settings\All Users\Application Data\19336094\19336094.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\99346086]
C:\Documents and Settings\All Users\Application Data\99346086\99346086.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
F:\Utilities\BitDefender\BitDefender 2009\bdagent.exe [2009-06-08 778240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
F:\Utilities\BitDefender\BitDefender 2009\IEShow.exe [2009-06-08 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
C:\Program Files\DU Meter\DUMeter.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
F:\Utilities\iTunes\iTunesHelper.exe [2009-05-30 292136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2009-05-14 17881088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
F:\Utilities\Object Desktop\WindowBlinds\WBSrv.dll [2009-05-20 210168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=E0FFFF03
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"F:\Games\Baldur's Gate tutu\BGMain.exe"="F:\Games\Baldur's Gate tutu\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\Utilities\iPhone Tunnel\iTunnel\iTunnel.exe"="F:\Utilities\iPhone Tunnel\iTunnel\iTunnel.exe:*:Enabled:iTunnel"
"F:\Utilities\iTunes\iTunes.exe"="F:\Utilities\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{644ce9fb-d221-11d9-ab12-001302188ae5}]
shell\AutoRun\command - G:\AutoTransfer.exe
======File associations======
.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2009-06-11 00:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-06-11 00:09:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 00:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 00:08:51 ----AC---- C:\WINDOWS\system32\MRT.INI
2009-06-11 00:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 00:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-09 19:54:37 ----D---- C:\Program Files\DWG TrueView 2010
2009-06-09 19:52:04 ----D---- C:\Program Files\Autodesk
2009-06-09 19:46:54 ----D---- C:\WINDOWS\system32\Templates
2009-06-09 19:46:54 ----D---- C:\WINDOWS\system32\Design Data
2009-06-09 19:38:45 ----D---- C:\Documents and Settings\UserXP\Application Data\Autodesk
2009-06-09 19:38:45 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2009-06-09 18:18:50 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-09 17:21:54 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-06-09 17:20:35 ----D---- C:\WINDOWS\system32\XPSViewer
2009-06-09 17:20:32 ----D---- C:\Program Files\MSBuild
2009-06-09 17:20:24 ----D---- C:\Program Files\Reference Assemblies
2009-06-09 17:19:57 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-06-09 17:19:57 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-06-09 17:19:56 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-06-06 02:26:36 ----A---- C:\WINDOWS\system32\senekamcljgxii.dll
2009-06-02 23:30:20 ----A---- C:\LoadLogTextFormat.txt
2009-06-02 23:09:56 ----D---- C:\Documents and Settings\UserXP\Application Data\FixerLabs
2009-06-01 18:36:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-06-01 12:50:31 ----D---- C:\rsit
2009-06-01 12:47:34 ----A---- C:\WINDOWS\system32\tmp.txt
2009-06-01 12:47:29 ----A---- C:\rapport.txt
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\swsc.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\swreg.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\Process.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-06-01 12:47:04 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-06-01 02:19:50 ----A---- C:\WINDOWS\system32\senekaoobvcipc.dll
2009-06-01 02:02:14 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-06-01 02:02:14 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-06-01 01:59:42 ----D---- C:\Documents and Settings\UserXP\Application Data\Apple Computer
2009-06-01 01:59:34 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-06-01 01:59:25 ----D---- C:\Program Files\iPod
2009-06-01 01:59:22 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 01:59:13 ----D---- C:\Program Files\Bonjour
2009-06-01 01:58:55 ----D---- C:\Program Files\QuickTime
2009-06-01 01:58:44 ----D---- C:\Program Files\Apple Software Update
2009-06-01 01:58:36 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-06-01 01:58:25 ----D---- C:\Program Files\Common Files\Apple
2009-06-01 00:52:52 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-06-01 00:52:51 ----D---- C:\Program Files\Microsoft WSE
2009-05-27 21:33:02 ----D---- C:\Documents and Settings\UserXP\Application Data\Braid
2009-05-27 21:23:30 ----A---- C:\Documents and Settings\All Users\Application Data\xml179.tmp
2009-05-27 19:47:46 ----D---- C:\Documents and Settings\UserXP\Application Data\Media Player Classic
2009-05-27 19:47:20 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-05-27 19:47:20 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-05-27 19:47:20 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-05-27 19:47:20 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-05-27 19:47:19 ----A---- C:\WINDOWS\system32\unrar.dll
2009-05-27 19:47:19 ----A---- C:\WINDOWS\avisplitter.ini
2009-05-27 19:47:18 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-05-27 19:47:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-05-27 19:47:17 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-05-27 19:47:17 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-05-27 19:47:17 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-05-27 19:47:16 ----AC---- C:\WINDOWS\system32\pthreadGC2.dll
2009-05-27 19:47:16 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-05-27 19:47:16 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-05-27 19:47:14 ----D---- C:\Documents and Settings\UserXP\Application Data\Real
2009-05-27 19:47:14 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-05-27 18:13:58 ----D---- C:\Program Files\Microsoft
2009-05-27 18:13:41 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-27 18:13:06 ----D---- C:\Program Files\Windows Live
2009-05-26 18:43:39 ----RHD---- C:\MSOCache
2009-05-26 16:41:37 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-05-26 15:53:06 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-05-25 03:01:01 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap Games
2009-05-25 00:27:53 ----D---- C:\Documents and Settings\UserXP\Application Data\Nexon
2009-05-21 15:35:20 ----D---- C:\Documents and Settings\UserXP\Application Data\WinRAR
2009-05-21 15:35:10 ----D---- C:\Program Files\WinRAR
2009-05-20 18:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-20 18:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-20 18:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-20 18:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-20 18:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-05-20 18:01:04 ----D---- C:\WINDOWS\ie7updates
2009-05-20 18:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-20 18:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-20 18:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-20 18:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-20 18:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-20 17:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-20 17:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-20 17:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-20 17:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-05-20 17:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-20 17:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-20 17:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-20 17:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-20 17:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-20 17:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-20 17:57:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-20 17:57:29 ----D---- C:\Program Files\MSXML 4.0
2009-05-20 17:57:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-05-20 17:57:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-05-20 17:56:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-20 17:56:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-20 17:49:34 ----A---- C:\WINDOWS\ScUnin.exe
2009-05-20 16:27:47 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-05-20 16:26:09 ----SHD---- C:\WINDOWS\CSC
2009-05-20 16:23:41 ----D---- C:\WINDOWS\system32\RTCOM
2009-05-20 16:23:39 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-05-20 16:23:30 ----A---- C:\WINDOWS\vncutil.exe
2009-05-20 16:23:30 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-05-20 16:23:30 ----A---- C:\WINDOWS\SkyTel.exe
2009-05-20 16:23:30 ----A---- C:\WINDOWS\RtlUpd.exe
2009-05-20 16:23:30 ----A---- C:\WINDOWS\RTLCPL.EXE
2009-05-20 16:23:29 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-05-20 16:23:29 ----A---- C:\WINDOWS\RtkAudioService.exe
2009-05-20 16:23:27 ----D---- C:\Program Files\Realtek
2009-05-20 16:23:27 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-05-20 16:23:27 ----A---- C:\WINDOWS\MicCal.exe
2009-05-20 16:23:27 ----A---- C:\WINDOWS\ALCWZRD.EXE
2009-05-20 16:23:27 ----A---- C:\WINDOWS\ALCMTR.EXE
2009-05-20 16:23:23 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-05-20 16:21:43 ----D---- C:\Documents and Settings\UserXP\Application Data\DAEMON Tools Lite
2009-05-20 16:08:34 ----A---- C:\Documents and Settings\All Users\Application Data\xml104.tmp
2009-05-20 16:08:34 ----A---- C:\Documents and Settings\All Users\Application Data\xml101.tmp
2009-05-20 16:08:30 ----A---- C:\Documents and Settings\All Users\Application Data\xml100.tmp
2009-05-20 16:08:04 ----C---- C:\WINDOWS\system32\xpsp4res.dll
2009-05-20 16:05:51 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-05-20 14:57:53 ----AC---- C:\WINDOWS\system32\un2065.txt
2009-05-20 14:57:53 ----AC---- C:\WINDOWS\system32\2065.txt
2009-05-20 14:55:26 ----D---- C:\Documents and Settings\UserXP\Application Data\Acer
2009-05-20 14:48:04 ----A---- C:\WINDOWS\system32\Epm-Po.dll
2009-05-20 14:41:16 ----D---- C:\WINDOWS\system32\logs
2009-05-20 14:40:59 ----D---- C:\Documents and Settings\UserXP\Application Data\Macromedia
2009-05-20 14:40:58 ----D---- C:\Program Files\BitDefender
2009-05-20 14:40:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-20 14:40:33 ----D---- C:\Documents and Settings\All Users\Application Data\Acer
2009-05-20 14:40:23 ----D---- C:\Acer
2009-05-20 14:40:08 ----D---- C:\Program Files\Common Files\InstallShield
2009-05-20 14:37:47 ----A---- C:\WINDOWS\WB.ini
2009-05-20 14:01:49 ----D---- C:\Program Files\Common Files\BitDefender
2009-05-20 13:57:54 ----D---- C:\Program Files\Stardock
2009-05-20 13:57:54 ----A---- C:\WINDOWS\system32\wbsys.dll
2009-05-20 13:42:26 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-05-20 13:39:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-20 13:12:01 ----D---- C:\Documents and Settings\UserXP\Application Data\Mozilla
2009-05-20 13:11:56 ----D---- C:\Program Files\Mozilla Firefox
2009-05-20 05:00:38 ----D---- C:\Documents and Settings\UserXP\Application Data\Intel
2009-05-20 04:59:55 ----A---- C:\WINDOWS\system32\results.txt
2009-05-20 03:59:14 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2009-05-20 03:58:09 ----D---- C:\Program Files\Intel
2009-05-20 03:41:24 ----D---- C:\WINDOWS\system32\KB905474
2009-05-20 03:28:16 ----A---- C:\Documents and Settings\All Users\Application Data\xmlC.tmp
2009-05-20 03:28:16 ----A---- C:\Documents and Settings\All Users\Application Data\xmlB.tmp
2009-05-20 03:28:16 ----A---- C:\Documents and Settings\All Users\Application Data\xmlA.tmp
2009-05-20 03:28:16 ----A---- C:\Documents and Settings\All Users\Application Data\xml9.tmp
2009-05-20 03:28:04 ----HD---- C:\WINDOWS\PIF
2009-05-20 03:27:33 ----HD---- C:\WINDOWS\msdownld.tmp
2009-05-20 03:27:24 ----D---- C:\WINDOWS\Logs
2009-05-20 03:27:19 ----D---- C:\Program Files\SiSoftware
2009-05-20 03:22:12 ----RSD---- C:\WINDOWS\assembly
2009-05-20 03:22:11 ----D---- C:\WINDOWS\system32\URTTemp
2009-05-20 03:21:42 ----D---- C:\WINDOWS\pss
2009-05-20 03:21:07 ----SHD---- C:\RECYCLER
2009-05-20 03:20:31 ----AC---- C:\WINDOWS\system32\igfxres.dll
2009-05-20 03:19:34 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-05-20 03:17:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-20 03:13:35 ----D---- C:\Program Files\Adobe
2009-05-20 03:11:04 ----D---- C:\Documents and Settings\UserXP\Application Data\Adobe
2009-05-20 03:09:45 ----A---- C:\WINDOWS\system32\h323log.txt
2009-05-20 03:08:31 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-05-20 03:04:39 ----D---- C:\Program Files\Common Files\Adobe
2009-05-20 02:51:22 ----AC---- C:\WINDOWS\system32\igfxtray.exe
2009-05-20 02:51:22 ----A---- C:\WINDOWS\system32\igxprd32.dll
2009-05-20 02:51:21 ----AC---- C:\WINDOWS\system32\igfxsrvc.exe
2009-05-20 02:51:21 ----AC---- C:\WINDOWS\system32\igfxsrvc.dll
2009-05-20 02:51:21 ----AC---- C:\WINDOWS\system32\igfxress.dll
2009-05-20 02:51:21 ----AC---- C:\WINDOWS\system32\igfxdo.dll
2009-05-20 02:51:21 ----AC---- C:\WINDOWS\system32\igfxdev.dll
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\iglicd32.dll
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igldev32.dll
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igfxpph.dll
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igfxpers.exe
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igfxexps.dll
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igfxCoIn_v4926.dll
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-05-20 02:51:21 ----A---- C:\WINDOWS\system32\hccutils.dll
2009-05-20 02:51:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-20 02:51:20 ----D---- C:\WINDOWS\system32\Lang
2009-05-20 02:51:20 ----A---- C:\WINDOWS\system32\igxpun.exe
2009-05-20 02:51:20 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-05-20 02:51:15 ----D---- C:\Intel
2009-05-20 02:19:08 ----A---- C:\WINDOWS\system32\usbui.dll
2009-05-20 02:17:38 ----A---- C:\WINDOWS\imsins.BAK
2009-05-20 02:17:34 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-20 02:17:33 ----D---- C:\Program Files\Common Files\ODBC
2009-05-20 02:17:33 ----A---- C:\WINDOWS\ODBCINST.INI
2009-05-20 02:17:31 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-05-20 02:17:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-20 02:17:30 ----RD---- C:\Program Files
2009-05-20 02:17:30 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-05-20 02:17:30 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-05-20 02:17:30 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-05-20 02:17:30 ----D---- C:\Program Files\Common Files
2009-05-20 02:17:29 ----RAC---- C:\WINDOWS\system32\kbdhe220.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-05-20 02:17:29 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-05-20 02:17:28 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-05-20 02:17:26 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-05-20 02:17:26 ----AC---- C:\WINDOWS\system32\spxcoins.dll
2009-05-20 02:17:26 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-05-20 02:17:26 ----A---- C:\WINDOWS\system32\irclass.dll
2009-05-20 02:17:26 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-05-20 02:17:26 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-05-20 02:17:26 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-05-20 02:17:26 ----A---- C:\WINDOWS\system32\batt.dll
2009-05-20 02:17:26 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-05-20 02:17:25 ----A---- C:\WINDOWS\system32\storprop.dll
2009-05-20 02:17:15 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-05-20 02:17:10 ----RA---- C:\WINDOWS\SET8.tmp
2009-05-20 02:17:08 ----RA---- C:\WINDOWS\SET4.tmp
2009-05-20 02:17:06 ----RA---- C:\WINDOWS\SET3.tmp
2009-05-20 02:17:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-20 02:17:02 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-20 02:16:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-20 02:16:47 ----A---- C:\WINDOWS\setuplog.txt
2009-05-20 02:16:42 ----SHD---- C:\System Volume Information
2009-05-20 02:16:42 ----D---- C:\Documents and Settings
2009-05-20 02:16:08 ----A---- C:\boot.ini
2009-05-20 02:11:05 ----SHD---- C:\WINDOWS\Installer
2009-05-20 02:11:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-20 02:11:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-20 02:11:05 ----RSD---- C:\WINDOWS\Fonts
2009-05-20 02:11:05 ----RD---- C:\WINDOWS\Web
2009-05-20 02:11:05 ----RD---- C:\WINDOWS\Offline Web Pages
2009-05-20 02:11:05 ----HD---- C:\WINDOWS\inf
2009-05-20 02:11:05 ----D---- C:\WINDOWS\WinSxS
2009-05-20 02:11:05 ----D---- C:\WINDOWS\WBEM
2009-05-20 02:11:05 ----D---- C:\WINDOWS\twain_32
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Temp
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\wins
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\wbem
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\usmt
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\spool
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\ShellExt
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\Setup
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\scripting
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\ras
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\PreInstall
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\oobe
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\npp
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\mui
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\IME
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\icsxml
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\ias
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\export
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\en-US
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\en
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\DRM
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\drivers
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\dhcp
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\config
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\3com_dmi
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\3076
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\2052
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\1054
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\1042
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\1041
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\1037
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\1033
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\1031
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\1028
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32\1025
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system32
2009-05-20 02:11:05 ----D---- C:\WINDOWS\system
2009-05-20 02:11:05 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-20 02:11:05 ----D---- C:\WINDOWS\security
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Resources
2009-05-20 02:11:05 ----D---- C:\WINDOWS\repair
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Provisioning
2009-05-20 02:11:05 ----D---- C:\WINDOWS\PeerNet
2009-05-20 02:11:05 ----D---- C:\WINDOWS\pchealth
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Network Diagnostic
2009-05-20 02:11:05 ----D---- C:\WINDOWS\mui
2009-05-20 02:11:05 ----D---- C:\WINDOWS\msapps
2009-05-20 02:11:05 ----D---- C:\WINDOWS\msagent
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Media
2009-05-20 02:11:05 ----D---- C:\WINDOWS\L2Schemas
2009-05-20 02:11:05 ----D---- C:\WINDOWS\java
2009-05-20 02:11:05 ----D---- C:\WINDOWS\ime
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Help
2009-05-20 02:11:05 ----D---- C:\WINDOWS\ehome
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Driver Cache
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Debug
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Cursors
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Connection Wizard
2009-05-20 02:11:05 ----D---- C:\WINDOWS\Config
2009-05-20 02:11:05 ----D---- C:\WINDOWS\AppPatch
2009-05-20 02:11:05 ----D---- C:\WINDOWS\addins
2009-05-20 02:11:05 ----D---- C:\WINDOWS
2009-05-20 01:19:04 ----D---- C:\Documents and Settings\UserXP\Application Data\Identities
2009-05-20 01:19:01 ----HD---- C:\Program Files\Uninstall Information
2009-05-20 01:18:49 ----ASH---- C:\Documents and Settings\UserXP\Application Data\desktop.ini
2009-05-20 01:18:48 ----SD---- C:\Documents and Settings\UserXP\Application Data\Microsoft
2009-05-20 01:18:39 ----D---- C:\WINDOWS\Prefetch
2009-05-20 01:18:38 ----SD---- C:\WINDOWS\system32\Microsoft
2009-05-20 01:18:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-20 01:14:51 ----D---- C:\WINDOWS\system32\xircom
2009-05-20 01:14:51 ----D---- C:\Program Files\xerox
2009-05-20 01:14:51 ----D---- C:\Program Files\msn gaming zone
2009-05-20 01:14:51 ----D---- C:\Program Files\microsoft frontpage
2009-05-20 01:14:28 ----A---- C:\WINDOWS\control.ini
2009-05-20 01:14:28 ----A---- C:\AUTOEXEC.BAT
2009-05-20 01:14:09 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-20 01:13:26 ----A---- C:\WINDOWS\IsUninst.exe
2009-05-20 01:13:00 ----RAHC---- C:\WINDOWS\system32\logonui.exe.manifest
2009-05-20 01:12:56 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-05-20 01:12:48 ----HD---- C:\Program Files\WindowsUpdate
2009-05-20 01:12:30 ----D---- C:\Program Files\Windows Media Connect 2
2009-05-20 01:12:22 ----D---- C:\WINDOWS\system32\DirectX
2009-05-20 01:12:21 ----D---- C:\Program Files\Microsoft Silverlight
2009-05-20 01:12:18 ----A---- C:\WINDOWS\system32\desktop.ini
2009-05-20 01:12:18 ----A---- C:\WINDOWS\system32\atrace.dll
2009-05-20 01:12:18 ----A---- C:\WINDOWS\desktop.ini
2009-05-20 01:12:16 ----D---- C:\Program Files\Common Files\Services
2009-05-20 01:12:16 ----AC---- C:\WINDOWS\system32\acctres.dll
2009-05-20 01:12:16 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-05-20 01:12:15 ----SD---- C:\WINDOWS\Tasks
2009-05-20 01:12:15 ----D---- C:\Program Files\Common Files\MSSoap
2009-05-20 01:12:15 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-05-20 01:12:13 ----D---- C:\WINDOWS\system32\Macromed
2009-05-20 01:12:13 ----D---- C:\WINDOWS\srchasst
2009-05-20 01:12:12 ----AC---- C:\WINDOWS\system32\wucltui.dll
2009-05-20 01:12:12 ----AC---- C:\WINDOWS\system32\wuaueng1.dll
2009-05-20 01:12:12 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-05-20 01:12:12 ----A---- C:\WINDOWS\system32\wups.dll
2009-05-20 01:12:12 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-05-20 01:12:12 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-05-20 01:12:11 ----AC---- C:\WINDOWS\system32\wuauclt1.exe
2009-05-20 01:12:11 ----AC---- C:\WINDOWS\system32\qmgr.dll
2009-05-20 01:12:11 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-05-20 01:12:11 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-05-20 01:12:11 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-05-20 01:12:11 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-05-20 01:12:11 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-05-20 01:12:11 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-05-20 01:12:10 ----D---- C:\Program Files\Movie Maker
2009-05-20 01:12:04 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-05-20 01:12:04 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-05-20 01:12:04 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-05-20 01:12:04 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-05-20 01:12:03 ----D---- C:\WINDOWS\system32\Restore
2009-05-20 01:12:03 ----AC---- C:\WINDOWS\system32\srrstr.dll
2009-05-20 01:12:03 ----AC---- C:\WINDOWS\system32\mnmsrvc.exe
2009-05-20 01:12:03 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-05-20 01:12:03 ----A---- C:\WINDOWS\system32\srclient.dll
2009-05-20 01:12:03 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-05-20 01:12:03 ----A---- C:\WINDOWS\system32\msconf.dll
2009-05-20 01:12:03 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-05-20 01:12:03 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-05-20 01:12:03 ----A---- C:\WINDOWS\system32\ils.dll
2009-05-20 01:12:03 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-05-20 01:12:03 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-05-20 01:12:02 ----D---- C:\Program Files\NetMeeting
2009-05-20 01:12:02 ----AC---- C:\WINDOWS\system32\msoert2.dll
2009-05-20 01:12:02 ----AC---- C:\WINDOWS\system32\inetres.dll
2009-05-20 01:12:02 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-05-20 01:12:02 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-05-20 01:12:01 ----D---- C:\Program Files\Outlook Express
2009-05-20 01:12:01 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-05-20 01:12:01 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-05-20 01:12:01 ----A---- C:\WINDOWS\system32\mstask.dll
2009-05-20 01:12:01 ----A---- C:\WINDOWS\system32\isign32.dll
2009-05-20 01:12:01 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-05-20 01:12:01 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-05-20 01:12:01 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-05-20 01:11:59 ----D---- C:\Program Files\Internet Explorer
2009-05-20 01:11:59 ----D---- C:\Program Files\Common Files\System
2009-05-20 01:11:17 ----D---- C:\Program Files\ComPlus Applications
2009-05-20 01:11:15 ----A---- C:\WINDOWS\vbaddin.ini
2009-05-20 01:11:15 ----A---- C:\WINDOWS\vb.ini
2009-05-20 01:11:09 ----D---- C:\WINDOWS\Registration
2009-05-20 01:11:06 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-05-20 01:11:06 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-05-20 01:11:05 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-05-20 01:11:05 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-05-20 01:11:05 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-05-20 01:11:05 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-05-20 01:11:04 ----AC---- C:\WINDOWS\system32\D3DX9_40.dll
2009-05-20 01:11:04 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-05-20 01:11:04 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-05-20 01:11:04 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-05-20 01:11:03 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-05-20 01:11:03 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-05-20 01:11:03 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-05-20 01:11:03 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-05-20 01:11:00 ----D---- C:\Program Files\Windows Media Player
2009-05-20 01:11:00 ----D---- C:\Program Files\Online Services
2009-05-20 01:10:53 ----AC---- C:\WINDOWS\system32\write.exe
2009-05-20 01:10:49 ----AC---- C:\WINDOWS\system32\winchat.exe
2009-05-20 01:10:49 ----AC---- C:\WINDOWS\system32\sndvol32.exe
2009-05-20 01:10:49 ----A---- C:\WINDOWS\system32\hticons.dll
2009-05-20 01:10:49 ----A---- C:\WINDOWS\system32\avwav.dll
2009-05-20 01:10:49 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-05-20 01:10:49 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-05-20 01:10:47 ----AC---- C:\WINDOWS\system32\usrlogon.cmd
2009-05-20 01:10:47 ----AC---- C:\WINDOWS\system32\tsshutdn.exe
2009-05-20 01:10:47 ----AC---- C:\WINDOWS\system32\tslabels.ini
2009-05-20 01:10:47 ----AC---- C:\WINDOWS\system32\tskill.exe
2009-05-20 01:10:47 ----AC---- C:\WINDOWS\system32\tsdiscon.exe
2009-05-20 01:10:47 ----AC---- C:\WINDOWS\system32\tscon.exe
2009-05-20 01:10:47 ----AC---- C:\WINDOWS\system32\shadow.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\winmine.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\sol.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\reset.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\regini.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\msg.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\logoff.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\getuname.dll
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\freecell.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\charmap.exe
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-05-20 01:10:47 ----A---- C:\WINDOWS\system32\calc.exe
2009-05-20 01:10:46 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-05-20 01:10:45 ----AC---- C:\WINDOWS\system32\wmimgmt.msc
2009-05-20 01:10:42 ----D---- C:\Program Files\Windows NT
2009-05-20 01:10:42 ----D---- C:\Program Files\MSN
2009-05-20 01:10:42 ----AC---- C:\WINDOWS\system32\tsgqec.dll
2009-05-20 01:10:42 ----AC---- C:\WINDOWS\system32\tscfgwmi.dll
2009-05-20 01:10:42 ----AC---- C:\WINDOWS\system32\sndrec32.exe
2009-05-20 01:10:42 ----AC---- C:\WINDOWS\system32\accwiz.exe
2009-05-20 01:10:42 ----A---- C:\WINDOWS\system32\spider.exe
2009-05-20 01:10:42 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-05-20 01:10:42 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-05-20 01:10:42 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-05-20 01:10:42 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-05-20 01:10:41 ----D---- C:\WINDOWS\system32\MsDtc
2009-05-20 01:10:41 ----AC---- C:\WINDOWS\system32\sessmgr.exe
2009-05-20 01:10:41 ----AC---- C:\WINDOWS\system32\remotepg.dll
2009-05-20 01:10:41 ----AC---- C:\WINDOWS\system32\msdtc.exe
2009-05-20 01:10:41 ----AC---- C:\WINDOWS\system32\aaclient.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-05-20 01:10:41 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-05-20 01:10:40 ----D---- C:\WINDOWS\system32\Com
2009-05-20 01:10:40 ----A---- C:\WINDOWS\system32\stclient.dll
2009-05-20 01:10:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-05-20 01:10:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-05-20 01:10:40 ----A---- C:\WINDOWS\system32\colbact.dll
2009-05-20 01:10:40 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-05-20 01:10:40 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-05-20 01:10:40 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-05-20 01:10:39 ----A---- C:\WINDOWS\system32\comuid.dll
2009-05-20 01:10:39 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-05-20 01:10:39 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-05-20 01:10:39 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-05-20 01:10:39 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-05-20 01:10:37 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-05-20 01:10:37 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-05-20 01:10:37 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-05-20 01:10:37 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-05-20 00:52:27 ----D---- C:\Program Files\SystemRequirementsLab
2009-05-18 23:49:35 ----AC---- C:\WINDOWS\system32\undoren.cmd
2009-05-18 23:49:35 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-05-18 23:49:35 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-05-18 23:49:35 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-05-18 23:49:35 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-05-18 23:49:35 ----A---- C:\WINDOWS\system32\ren_fold.cmd
2009-05-18 23:49:35 ----A---- C:\WINDOWS\system32\binifix4.cmd
2009-05-18 23:49:34 ----AC---- C:\WINDOWS\system32\wudfx.dll
2009-05-18 23:49:34 ----AC---- C:\WINDOWS\system32\wudfplatform.dll
2009-05-18 23:49:34 ----AC---- C:\WINDOWS\system32\wudfcoinstaller.dll
2009-05-18 23:49:34 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2009-05-18 23:49:34 ----A---- C:\WINDOWS\system32\wups2.dll
2009-05-18 23:49:34 ----A---- C:\WINDOWS\system32\wudfsvc.dll
2009-05-18 23:49:33 ----AC---- C:\WINDOWS\system32\wudfhost.exe
2009-05-18 23:49:33 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-05-18 23:49:33 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-05-18 23:49:33 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-05-18 23:49:32 ----AC---- C:\WINDOWS\system32\wpdshextres.dll
2009-05-18 23:49:32 ----AC---- C:\WINDOWS\system32\wpdshextautoplay.exe
2009-05-18 23:49:32 ----AC---- C:\WINDOWS\system32\wpdmtpus.dll
2009-05-18 23:49:32 ----A---- C:\WINDOWS\system32\wshext.dll
2009-05-18 23:49:32 ----A---- C:\WINDOWS\system32\wscript.exe
2009-05-18 23:49:32 ----A---- C:\WINDOWS\system32\wpdsp.dll
2009-05-18 23:49:32 ----A---- C:\WINDOWS\system32\wpdshserviceobj.dll
2009-05-18 23:49:32 ----A---- C:\WINDOWS\system32\wpdshext.dll
2009-05-18 23:49:31 ----AC---- C:\WINDOWS\system32\wpdmtp.dll
2009-05-18 23:49:31 ----AC---- C:\WINDOWS\system32\wpdconns.dll
2009-05-18 23:49:31 ----AC---- C:\WINDOWS\system32\wmvxencd.dll
2009-05-18 23:49:31 ----AC---- C:\WINDOWS\system32\wmvsencd.dll
2009-05-18 23:49:31 ----AC---- C:\WINDOWS\system32\wmvsdecd.dll
2009-05-18 23:49:31 ----AC---- C:\WINDOWS\system32\wmvencod.dll
2009-05-18 23:49:31 ----AC---- C:\WINDOWS\system32\wmvdmoe2.dll
2009-05-18 23:49:31 ----AC---- C:\WINDOWS\system32\wmvdmod.dll
2009-05-18 23:49:31 ----AC---- C:\WINDOWS\system32\wmvdecod.dll
2009-05-18 23:49:31 ----AC---- C:\WINDOWS\system32\wmvadve.dll
2009-05-18 23:49:31 ----A---- C:\WINDOWS\system32\wpd_ci.dll
2009-05-18 23:49:31 ----A---- C:\WINDOWS\system32\WMVCore.dll
2009-05-18 23:49:30 ----AC---- C:\WINDOWS\system32\wmvadvd.dll
2009-05-18 23:49:30 ----AC---- C:\WINDOWS\system32\wmspdmoe.dll
2009-05-18 23:49:30 ----AC---- C:\WINDOWS\system32\wmspdmod.dll
2009-05-18 23:49:30 ----AC---- C:\WINDOWS\system32\wmsdmoe2.dll
2009-05-18 23:49:30 ----AC---- C:\WINDOWS\system32\wmsdmod.dll
2009-05-18 23:49:30 ----A---- C:\WINDOWS\system32\wmpsrcwp.dll
2009-05-18 23:49:30 ----A---- C:\WINDOWS\system32\wmpshell.dll
2009-05-18 23:49:30 ----A---- C:\WINDOWS\system32\wmpps.dll
2009-05-18 23:49:28 ----AC---- C:\WINDOWS\system32\wmpmde.dll
2009-05-18 23:49:28 ----A---- C:\WINDOWS\system32\wmploc.dll
2009-05-18 23:49:28 ----A---- C:\WINDOWS\system32\wmpencen.dll
2009-05-18 23:49:28 ----A---- C:\WINDOWS\system32\wmpeffects.dll
2009-05-18 23:49:28 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-05-18 23:49:27 ----AC---- C:\WINDOWS\system32\wmidx.dll
2009-05-18 23:49:27 ----A---- C:\WINDOWS\system32\wmpasf.dll
2009-05-18 23:49:27 ----A---- C:\WINDOWS\system32\wmp.dll
2009-05-18 23:49:27 ----A---- C:\WINDOWS\system32\WMNetmgr.dll
2009-05-18 23:49:26 ----AC---- C:\WINDOWS\system32\wmdrmnet.dll
2009-05-18 23:49:26 ----AC---- C:\WINDOWS\system32\wmdrmdev.dll
2009-05-18 23:49:26 ----A---- C:\WINDOWS\system32\wmerror.dll
2009-05-18 23:49:26 ----A---- C:\WINDOWS\system32\wmdrmsdk.dll
2009-05-18 23:49:26 ----A---- C:\WINDOWS\system32\wmdmps.dll
2009-05-18 23:49:26 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2009-05-18 23:49:25 ----A---- C:\WINDOWS\system32\wmasf.dll
2009-05-18 23:49:24 ----AC---- C:\WINDOWS\system32\wmadmoe.dll
2009-05-18 23:49:24 ----AC---- C:\WINDOWS\system32\winfxdocobj.exe
2009-05-18 23:49:24 ----A---- C:\WINDOWS\system32\wmadmod.dll
2009-05-18 23:49:24 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-05-18 23:49:24 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-05-18 23:49:24 ----A---- C:\WINDOWS\system32\winlogon.exe
2009-05-18 23:49:24 ----A---- C:\WINDOWS\system32\wininet.dll
2009-05-18 23:49:24 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2009-05-18 23:49:24 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-05-18 23:49:23 ----AC---- C:\WINDOWS\system32\wdfmgr.exe
2009-05-18 23:49:23 ----AC---- C:\WINDOWS\system32\wdfapi.dll
2009-05-18 23:49:23 ----AC---- C:\WINDOWS\system32\w32tm.exe
2009-05-18 23:49:23 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2009-05-18 23:49:23 ----A---- C:\WINDOWS\system32\wgatray.exe
2009-05-18 23:49:23 ----A---- C:\WINDOWS\system32\wgalogon.dll
2009-05-18 23:49:23 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-05-18 23:49:23 ----A---- C:\WINDOWS\system32\w32time.dll
2009-05-18 23:49:23 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-05-18 23:49:22 ----AC---- C:\WINDOWS\system32\uwdf.exe
2009-05-18 23:49:22 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-05-18 23:49:22 ----A---- C:\WINDOWS\system32\url.dll
2009-05-18 23:49:22 ----A---- C:\WINDOWS\system32\ulib.dll
2009-05-18 23:49:22 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-05-18 23:49:21 ----A---- C:\WINDOWS\system32\tapisrv.dll
2009-05-18 23:49:20 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2009-05-18 23:49:19 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-05-18 23:49:19 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-05-18 23:49:19 ----A---- C:\WINDOWS\system32\shell32.dll
2009-05-18 23:49:19 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-05-18 23:49:18 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-05-18 23:49:18 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-05-18 23:49:18 ----A---- C:\WINDOWS\system32\rspndr.exe
2009-05-18 23:49:18 ----A---- C:\WINDOWS\system32\reg.exe
2009-05-18 23:49:18 ----A---- C:\WINDOWS\system32\rastls.dll
2009-05-18 23:49:18 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-18 23:49:17 ----A---- C:\WINDOWS\system32\qfecheck.exe
2009-05-18 23:49:17 ----A---- C:\WINDOWS\system32\qasf.dll
2009-05-18 23:49:17 ----A---- C:\WINDOWS\system32\psbase.dll
2009-05-18 23:49:17 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-05-18 23:49:17 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\portabledevicewmdrm.dll
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\portabledevicewiacompat.dll
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\portabledevicetypes.dll
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\portabledeviceclassextension.dll
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\portabledeviceapi.dll
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\pintool.exe
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\osk.exe
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\ole32.dll
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-05-18 23:49:16 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-05-18 23:49:15 ----A---- C:\WINDOWS\system32\occache.dll
2009-05-18 23:49:15 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-05-18 23:49:15 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-05-18 23:49:15 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-05-18 23:49:14 ----A---- C:\WINDOWS\system32\normaliz.dll
2009-05-18 23:49:14 ----A---- C:\WINDOWS\system32\nlsdl.dll
2009-05-18 23:49:14 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-05-18 23:49:14 ----A---- C:\WINDOWS\system32\netlogon.dll
2009-05-18 23:49:13 ----A---- C:\WINDOWS\system32\muweb.dll
2009-05-18 23:49:13 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-05-18 23:49:13 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-05-18 23:49:13 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-05-18 23:49:13 ----A---- C:\WINDOWS\system32\mswsock.dll
2009-05-18 23:49:13 ----A---- C:\WINDOWS\system32\mswmdm.dll
2009-05-18 23:49:13 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-05-18 23:49:13 ----A---- C:\WINDOWS\system32\mstime.dll
2009-05-18 23:49:13 ----A---- C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
2009-05-18 23:49:12 ----AC---- C:\WINDOWS\system32\msls31.dll
2009-05-18 23:49:12 ----A---- C:\WINDOWS\system32\msscp.dll
2009-05-18 23:49:12 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2009-05-18 23:49:12 ----A---- C:\WINDOWS\system32\msrating.dll
2009-05-18 23:49:12 ----A---- C:\WINDOWS\system32\mspmsp.dll
2009-05-18 23:49:12 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2009-05-18 23:49:12 ----A---- C:\WINDOWS\system32\msnetobj.dll
2009-05-18 23:49:12 ----A---- C:\WINDOWS\system32\msjet40.dll
2009-05-18 23:49:12 ----A---- C:\WINDOWS\system32\msisip.dll
2009-05-18 23:49:09 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-05-18 23:49:09 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-05-18 23:49:09 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-05-18 23:49:09 ----A---- C:\WINDOWS\system32\msi.dll
2009-05-18 23:49:09 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-05-18 23:49:09 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-05-18 23:49:08 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-05-18 23:49:08 ----A---- C:\WINDOWS\system32\mshta.exe
2009-05-18 23:49:08 ----A---- C:\WINDOWS\system32\msgina.dll
2009-05-18 23:49:08 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-05-18 23:49:08 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-05-18 23:49:08 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-05-18 23:49:08 ----A---- C:\WINDOWS\system32\msexcl40.dll
2009-05-18 23:49:08 ----A---- C:\WINDOWS\system32\msdrm.dll
2009-05-18 23:49:07 ----AC---- C:\WINDOWS\system32\mmcshext.dll
2009-05-18 23:49:07 ----A---- C:\WINDOWS\system32\msdelta.dll
2009-05-18 23:49:07 ----A---- C:\WINDOWS\system32\MSCTF.dll
2009-05-18 23:49:07 ----A---- C:\WINDOWS\system32\mscms.dll
2009-05-18 23:49:07 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2009-05-18 23:49:07 ----A---- C:\WINDOWS\system32\mpg4decd.dll
2009-05-18 23:49:07 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2009-05-18 23:49:07 ----A---- C:\WINDOWS\system32\mp4sdecd.dll
2009-05-18 23:49:07 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2009-05-18 23:49:07 ----A---- C:\WINDOWS\system32\mp43decd.dll
2009-05-18 23:49:07 ----A---- C:\WINDOWS\system32\mmcperf.exe
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\mmcex.dll
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\mmc.exe
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\mimefilt.dll
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\mfplat.dll
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\logagent.exe
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\licdll.dll
2009-05-18 23:49:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-05-18 23:49:05 ----A---- C:\WINDOWS\system32\laprxy.dll
2009-05-18 23:49:05 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-05-18 23:49:05 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-05-18 23:49:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-05-18 23:49:05 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-05-18 23:49:05 ----A---- C:\WINDOWS\system32\inseng.dll
2009-05-18 23:49:04 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-05-18 23:49:04 ----A---- C:\WINDOWS\system32\imapi2fs.dll
2009-05-18 23:49:04 ----A---- C:\WINDOWS\system32\imapi2.dll
2009-05-18 23:49:04 ----A---- C:\WINDOWS\system32\ifxcardm.dll
2009-05-18 23:49:04 ----A---- C:\WINDOWS\system32\ieui.dll
2009-05-18 23:49:03 ----AC---- C:\WINDOWS\system32\iepeers.dll
2009-05-18 23:49:03 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-05-18 23:49:03 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-05-18 23:49:03 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-05-18 23:49:03 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-05-18 23:49:03 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-05-18 23:49:02 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-05-18 23:49:02 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-05-18 23:49:02 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-05-18 23:49:02 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-05-18 23:49:02 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-05-18 23:49:02 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-05-18 23:49:01 ----AC---- C:\WINDOWS\system32\hal.dll
2009-05-18 23:49:01 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-05-18 23:49:01 ----A---- C:\WINDOWS\system32\idndl.dll
2009-05-18 23:49:01 ----A---- C:\WINDOWS\system32\icardie.dll
2009-05-18 23:49:01 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-05-18 23:49:00 ----A---- C:\WINDOWS\system32\gptext.dll
2009-05-18 23:49:00 ----A---- C:\WINDOWS\system32\gpprefcl.dll
2009-05-18 23:49:00 ----A---- C:\WINDOWS\system32\fc.exe
2009-05-18 23:49:00 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-05-18 23:49:00 ----A---- C:\WINDOWS\system32\es.dll
2009-05-18 23:49:00 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-05-18 23:49:00 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-05-18 23:49:00 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-05-18 23:49:00 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2009-05-18 23:49:00 ----A---- C:\WINDOWS\explorer.exe
2009-05-18 23:48:59 ----A---- C:\WINDOWS\system32\drmupgds.exe
2009-05-18 23:48:59 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-05-18 23:48:59 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-05-18 23:48:59 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-05-18 23:48:59 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-05-18 23:48:59 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-05-18 23:48:59 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-05-18 23:48:58 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-05-18 23:48:58 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-05-18 23:48:58 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-05-18 23:48:58 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-05-18 23:48:58 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-05-18 23:48:57 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-05-18 23:48:57 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-05-18 23:48:57 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-05-18 23:48:57 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-05-18 23:48:57 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-05-18 23:48:57 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-05-18 23:48:57 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-05-18 23:48:57 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-05-18 23:48:57 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
TynoPrime
2009-06-21, 04:16
2009-05-18 23:48:56 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-05-18 23:48:56 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-05-18 23:48:56 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-05-18 23:48:56 ----A---- C:\WINDOWS\system32\cscript.exe
2009-05-18 23:48:56 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-05-18 23:48:56 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-05-18 23:48:56 ----A---- C:\WINDOWS\system32\corpol.dll
2009-05-18 23:48:56 ----A---- C:\WINDOWS\system32\cic.dll
2009-05-18 23:48:55 ----A---- C:\WINDOWS\system32\cewmdm.dll
2009-05-18 23:48:55 ----A---- C:\WINDOWS\system32\cdm.dll
2009-05-18 23:48:55 ----A---- C:\WINDOWS\system32\browser.dll
2009-05-18 23:48:55 ----A---- C:\WINDOWS\system32\blackbox.dll
2009-05-18 23:48:55 ----A---- C:\WINDOWS\system32\bcsprsrc.dll
2009-05-18 23:48:55 ----A---- C:\WINDOWS\system32\basecsp.dll
2009-05-18 23:48:55 ----A---- C:\WINDOWS\system32\axaltocm.dll
2009-05-18 23:48:55 ----A---- C:\WINDOWS\system32\audiodev.dll
2009-05-18 23:48:55 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-05-18 23:48:55 ----A---- C:\WINDOWS\system32\asferror.dll
2009-05-18 23:48:54 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-05-18 23:48:54 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-05-18 23:48:54 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-05-18 23:48:54 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-05-18 23:48:54 ----A---- C:\WINDOWS\system32\advpack.dll
2009-05-18 23:48:54 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-05-18 23:48:54 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-05-18 23:48:54 ----A---- C:\WINDOWS\system32\admparse.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-05-18 23:48:53 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-05-18 23:48:52 ----A---- C:\WINDOWS\system32\zipfldr.dll
2009-05-18 23:48:43 ----AC---- C:\WINDOWS\system32\xpsp1res.dll
2009-05-18 23:48:43 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-05-18 23:48:43 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-05-18 23:48:42 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-05-18 23:48:39 ----AC---- C:\WINDOWS\system32\xmllite.dll
2009-05-18 23:48:39 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-05-18 23:48:39 ----A---- C:\WINDOWS\system32\xmlprov.dll
2009-05-18 23:48:38 ----AC---- C:\WINDOWS\system32\xcopy.exe
2009-05-18 23:48:38 ----A---- C:\WINDOWS\system32\xenroll.dll
2009-05-18 23:48:38 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-05-18 23:48:38 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-05-18 23:48:38 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-05-18 23:48:38 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-05-18 23:48:38 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-05-18 23:48:38 ----A---- C:\WINDOWS\system32\xactsrv.dll
2009-05-18 23:48:37 ----AC---- C:\WINDOWS\system32\wupdmgr.exe
2009-05-18 23:48:37 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2009-05-18 23:48:36 ----AC---- C:\WINDOWS\system32\WshRm.dll
2009-05-18 23:48:36 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-05-18 23:48:36 ----A---- C:\WINDOWS\system32\wsock32.dll
2009-05-18 23:48:36 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2009-05-18 23:48:36 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2009-05-18 23:48:35 ----AC---- C:\WINDOWS\system32\wshisn.dll
2009-05-18 23:48:35 ----AC---- C:\WINDOWS\system32\wshbth.dll
2009-05-18 23:48:35 ----AC---- C:\WINDOWS\system32\wshatm.dll
2009-05-18 23:48:35 ----AC---- C:\WINDOWS\system32\wsecedit.dll
2009-05-18 23:48:35 ----A---- C:\WINDOWS\system32\wshnetbs.dll
2009-05-18 23:48:35 ----A---- C:\WINDOWS\system32\wship6.dll
2009-05-18 23:48:35 ----A---- C:\WINDOWS\system32\wshcon.dll
2009-05-18 23:48:34 ----AC---- C:\WINDOWS\system32\wscntfy.exe
2009-05-18 23:48:34 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-05-18 23:48:34 ----A---- C:\WINDOWS\system32\ws2_32.dll
2009-05-18 23:48:33 ----AC---- C:\WINDOWS\system32\wpnpinst.exe
2009-05-18 23:48:33 ----AC---- C:\WINDOWS\system32\wpabaln.exe
2009-05-18 23:48:33 ----A---- C:\WINDOWS\system32\ws2help.dll
2009-05-18 23:48:32 ----AC---- C:\WINDOWS\system32\wowexec.exe
2009-05-18 23:48:32 ----A---- C:\WINDOWS\system32\wowdeb.exe
2009-05-18 23:48:32 ----A---- C:\WINDOWS\system32\wow32.dll
2009-05-18 23:48:32 ----A---- C:\WINDOWS\system32\wmstream.dll
2009-05-18 23:48:31 ----AC---- C:\WINDOWS\system32\wmsdmoe.dll
2009-05-18 23:48:31 ----AC---- C:\WINDOWS\system32\wmphoto.dll
2009-05-18 23:48:31 ----AC---- C:\WINDOWS\system32\wmpcore.dll
2009-05-18 23:48:31 ----AC---- C:\WINDOWS\system32\wmpcd.dll
2009-05-18 23:48:31 ----A---- C:\WINDOWS\system32\wmpui.dll
2009-05-18 23:48:29 ----A---- C:\WINDOWS\system32\wmiscmgr.dll
2009-05-18 23:48:28 ----AC---- C:\WINDOWS\system32\wmiprop.dll
2009-05-18 23:48:26 ----AC---- C:\WINDOWS\system32\wmerrenu.dll
2009-05-18 23:48:26 ----A---- C:\WINDOWS\system32\wmi.dll
2009-05-18 23:48:25 ----A---- C:\WINDOWS\system32\wlnotify.dll
2009-05-18 23:48:25 ----A---- C:\WINDOWS\system32\wldap32.dll
2009-05-18 23:48:23 ----AC---- C:\WINDOWS\system32\winver.exe
2009-05-18 23:48:23 ----AC---- C:\WINDOWS\system32\winstrm.dll
2009-05-18 23:48:23 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-05-18 23:48:23 ----A---- C:\WINDOWS\system32\wintrust.dll
2009-05-18 23:48:23 ----A---- C:\WINDOWS\system32\winsta.dll
2009-05-18 23:48:23 ----A---- C:\WINDOWS\system32\winspool.exe
2009-05-18 23:48:22 ----AC---- C:\WINDOWS\system32\winntbbu.dll
2009-05-18 23:48:22 ----A---- C:\WINDOWS\system32\winsock.dll
2009-05-18 23:48:22 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-05-18 23:48:22 ----A---- C:\WINDOWS\system32\winscard.dll
2009-05-18 23:48:22 ----A---- C:\WINDOWS\system32\winrnr.dll
2009-05-18 23:48:21 ----AC---- C:\WINDOWS\system32\winnls.dll
2009-05-18 23:48:21 ----AC---- C:\WINDOWS\system32\winmsd.exe
2009-05-18 23:48:21 ----AC---- C:\WINDOWS\system32\winhlp32.exe
2009-05-18 23:48:21 ----A---- C:\WINDOWS\system32\winmm.dll
2009-05-18 23:48:21 ----A---- C:\WINDOWS\system32\winipsec.dll
2009-05-18 23:48:21 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-05-18 23:48:20 ----AC---- C:\WINDOWS\system32\winfax.dll
2009-05-18 23:48:20 ----A---- C:\WINDOWS\winhlp32.exe
2009-05-18 23:48:20 ----A---- C:\WINDOWS\winhelp.exe
2009-05-18 23:48:19 ----AC---- C:\WINDOWS\system32\winbrand.dll
2009-05-18 23:48:19 ----AC---- C:\WINDOWS\system32\win.com
2009-05-18 23:48:19 ----AC---- C:\WINDOWS\system32\wifeman.dll
2009-05-18 23:48:19 ----AC---- C:\WINDOWS\system32\wiavusd.dll
2009-05-18 23:48:19 ----A---- C:\WINDOWS\win.ini
2009-05-18 23:48:19 ----A---- C:\WINDOWS\system32\win87em.dll
2009-05-18 23:48:19 ----A---- C:\WINDOWS\system32\wiavideo.dll
2009-05-18 23:48:19 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-05-18 23:48:18 ----AC---- C:\WINDOWS\system32\wiadss.dll
2009-05-18 23:48:18 ----A---- C:\WINDOWS\system32\wiaservc.dll
2009-05-18 23:48:18 ----A---- C:\WINDOWS\system32\wiascr.dll
2009-05-18 23:48:18 ----A---- C:\WINDOWS\system32\wiadefui.dll
2009-05-18 23:48:18 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-05-18 23:48:17 ----AC---- C:\WINDOWS\system32\wextract.exe
2009-05-18 23:48:17 ----AC---- C:\WINDOWS\system32\webhits.dll
2009-05-18 23:48:17 ----A---- C:\WINDOWS\system32\webvw.dll
2009-05-18 23:48:16 ----A---- C:\WINDOWS\system32\webclnt.dll
2009-05-18 23:48:15 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-05-18 23:48:12 ----A---- C:\WINDOWS\system32\wavemsp.dll
2009-05-18 23:48:10 ----AC---- C:\WINDOWS\system32\w3ssl.dll
2009-05-18 23:48:09 ----AC---- C:\WINDOWS\system32\w32topl.dll
2009-05-18 23:48:09 ----AC---- C:\WINDOWS\system32\vwipxspx.exe
2009-05-18 23:48:09 ----AC---- C:\WINDOWS\system32\vwipxspx.dll
2009-05-18 23:48:08 ----AC---- C:\WINDOWS\system32\vssvc.exe
2009-05-18 23:48:08 ----AC---- C:\WINDOWS\system32\vssadmin.exe
2009-05-18 23:48:08 ----AC---- C:\WINDOWS\system32\vjoy.dll
2009-05-18 23:48:08 ----A---- C:\WINDOWS\vmmreg32.dll
2009-05-18 23:48:08 ----A---- C:\WINDOWS\system32\vssapi.dll
2009-05-18 23:48:08 ----A---- C:\WINDOWS\system32\vss_ps.dll
2009-05-18 23:48:05 ----AC---- C:\WINDOWS\system32\vga64k.dll
2009-05-18 23:48:05 ----AC---- C:\WINDOWS\system32\vga256.dll
2009-05-18 23:48:04 ----AC---- C:\WINDOWS\system32\vfpodbc.dll
2009-05-18 23:48:04 ----AC---- C:\WINDOWS\system32\verifier.exe
2009-05-18 23:48:04 ----AC---- C:\WINDOWS\system32\verifier.dll
2009-05-18 23:48:04 ----AC---- C:\WINDOWS\system32\ver.dll
2009-05-18 23:48:04 ----A---- C:\WINDOWS\system32\vga.dll
2009-05-18 23:48:04 ----A---- C:\WINDOWS\system32\version.dll
2009-05-18 23:48:04 ----A---- C:\WINDOWS\system32\verclsid.exe
2009-05-18 23:48:03 ----AC---- C:\WINDOWS\system32\vdmredir.dll
2009-05-18 23:48:03 ----AC---- C:\WINDOWS\system32\vdmdbg.dll
2009-05-18 23:48:03 ----AC---- C:\WINDOWS\system32\vcdex.dll
2009-05-18 23:48:03 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-05-18 23:48:03 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-05-18 23:48:01 ----AC---- C:\WINDOWS\system32\utilman.exe
2009-05-18 23:48:01 ----AC---- C:\WINDOWS\system32\utildll.dll
2009-05-18 23:48:01 ----A---- C:\WINDOWS\system32\usp10.dll
2009-05-18 23:48:00 ----AC---- C:\WINDOWS\system32\userinit.exe
2009-05-18 23:48:00 ----A---- C:\WINDOWS\system32\userenv.dll
2009-05-18 23:48:00 ----A---- C:\WINDOWS\system32\user32.dll
2009-05-18 23:48:00 ----A---- C:\WINDOWS\system32\user.exe
2009-05-18 23:47:59 ----AC---- C:\WINDOWS\system32\ureg.dll
2009-05-18 23:47:59 ----A---- C:\WINDOWS\system32\usbmon.dll
2009-05-18 23:47:58 ----AC---- C:\WINDOWS\system32\ups.exe
2009-05-18 23:47:58 ----A---- C:\WINDOWS\system32\upnpui.dll
2009-05-18 23:47:58 ----A---- C:\WINDOWS\system32\upnphost.dll
2009-05-18 23:47:58 ----A---- C:\WINDOWS\system32\upnpcont.exe
2009-05-18 23:47:58 ----A---- C:\WINDOWS\system32\upnp.dll
2009-05-18 23:47:55 ----AC---- C:\WINDOWS\system32\untfs.dll
2009-05-18 23:47:55 ----AC---- C:\WINDOWS\system32\unlodctr.exe
2009-05-18 23:47:55 ----AC---- C:\WINDOWS\system32\unimdmat.dll
2009-05-18 23:47:55 ----A---- C:\WINDOWS\system32\uniplat.dll
2009-05-18 23:47:54 ----AC---- C:\WINDOWS\system32\umdmxfrm.dll
2009-05-18 23:47:54 ----AC---- C:\WINDOWS\system32\umandlg.dll
2009-05-18 23:47:54 ----AC---- C:\WINDOWS\system32\udhisapi.dll
2009-05-18 23:47:54 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2009-05-18 23:47:54 ----A---- C:\WINDOWS\system32\ufat.dll
2009-05-18 23:47:53 ----AC---- C:\WINDOWS\system32\typeperf.exe
2009-05-18 23:47:53 ----A---- C:\WINDOWS\twunk_32.exe
2009-05-18 23:47:53 ----A---- C:\WINDOWS\twunk_16.exe
2009-05-18 23:47:53 ----A---- C:\WINDOWS\twain_32.dll
2009-05-18 23:47:53 ----A---- C:\WINDOWS\twain.dll
2009-05-18 23:47:53 ----A---- C:\WINDOWS\system32\typelib.dll
2009-05-18 23:47:53 ----A---- C:\WINDOWS\system32\txflog.dll
2009-05-18 23:47:53 ----A---- C:\WINDOWS\system32\twext.dll
2009-05-18 23:47:52 ----AC---- C:\WINDOWS\system32\tspkg.dll
2009-05-18 23:47:51 ----AC---- C:\WINDOWS\system32\tsddd.dll
2009-05-18 23:47:51 ----A---- C:\WINDOWS\system32\tsd32.dll
2009-05-18 23:47:50 ----AC---- C:\WINDOWS\system32\tsappcmp.dll
2009-05-18 23:47:50 ----AC---- C:\WINDOWS\system32\tree.com
2009-05-18 23:47:50 ----AC---- C:\WINDOWS\system32\tracert6.exe
2009-05-18 23:47:50 ----AC---- C:\WINDOWS\system32\tracert.exe
2009-05-18 23:47:50 ----A---- C:\WINDOWS\system32\trkwks.dll
2009-05-18 23:47:50 ----A---- C:\WINDOWS\system32\traffic.dll
2009-05-18 23:47:49 ----AC---- C:\WINDOWS\system32\tracerpt.exe
2009-05-18 23:47:49 ----A---- C:\WINDOWS\system32\tourstart.exe
2009-05-18 23:47:48 ----AC---- C:\WINDOWS\system32\tlntsess.exe
2009-05-18 23:47:48 ----AC---- C:\WINDOWS\system32\tlntadmn.exe
2009-05-18 23:47:48 ----A---- C:\WINDOWS\system32\toolhelp.dll
2009-05-18 23:47:48 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2009-05-18 23:47:48 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2009-05-18 23:47:47 ----AC---- C:\WINDOWS\system32\tftp.exe
2009-05-18 23:47:47 ----A---- C:\WINDOWS\system32\themeui.dll
2009-05-18 23:47:46 ----A---- C:\WINDOWS\system32\termmgr.dll
2009-05-18 23:47:46 ----A---- C:\WINDOWS\system32\telnet.exe
2009-05-18 23:47:45 ----AC---- C:\WINDOWS\system32\tcpsvcs.exe
2009-05-18 23:47:45 ----AC---- C:\WINDOWS\system32\tcpmonui.dll
2009-05-18 23:47:45 ----AC---- C:\WINDOWS\system32\tcpmon.ini
2009-05-18 23:47:45 ----AC---- C:\WINDOWS\system32\tcpmib.dll
2009-05-18 23:47:45 ----AC---- C:\WINDOWS\system32\tcmsetup.exe
2009-05-18 23:47:45 ----A---- C:\WINDOWS\system32\tcpmon.dll
2009-05-18 23:47:44 ----AC---- C:\WINDOWS\system32\taskmgr.exe
2009-05-18 23:47:44 ----AC---- C:\WINDOWS\system32\taskman.exe
2009-05-18 23:47:44 ----AC---- C:\WINDOWS\system32\tasklist.exe
2009-05-18 23:47:44 ----AC---- C:\WINDOWS\system32\taskkill.exe
2009-05-18 23:47:44 ----AC---- C:\WINDOWS\system32\tapiui.dll
2009-05-18 23:47:44 ----AC---- C:\WINDOWS\system32\tapi.dll
2009-05-18 23:47:44 ----A---- C:\WINDOWS\system32\tapiperf.dll
2009-05-18 23:47:44 ----A---- C:\WINDOWS\system32\tapi32.dll
2009-05-18 23:47:44 ----A---- C:\WINDOWS\system32\tapi3.dll
2009-05-18 23:47:43 ----AC---- C:\WINDOWS\system32\systray.exe
2009-05-18 23:47:43 ----AC---- C:\WINDOWS\system.ini
2009-05-18 23:47:43 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-05-18 23:47:42 ----AC---- C:\WINDOWS\system32\sysocmgr.exe
2009-05-18 23:47:42 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-05-18 23:47:41 ----AC---- C:\WINDOWS\system32\systeminfo.exe
2009-05-18 23:47:41 ----AC---- C:\WINDOWS\system32\syskey.exe
2009-05-18 23:47:41 ----AC---- C:\WINDOWS\system32\sysinv.dll
2009-05-18 23:47:41 ----AC---- C:\WINDOWS\system32\sysedit.exe
2009-05-18 23:47:41 ----AC---- C:\WINDOWS\system32\synceng.dll
2009-05-18 23:47:41 ----A---- C:\WINDOWS\system32\syncui.dll
2009-05-18 23:47:40 ----AC---- C:\WINDOWS\system32\syncapp.exe
2009-05-18 23:47:40 ----A---- C:\WINDOWS\system32\sxs.dll
2009-05-18 23:47:40 ----A---- C:\WINDOWS\system32\swprv.dll
2009-05-18 23:47:39 ----AC---- C:\WINDOWS\system32\svcpack.dll
2009-05-18 23:47:39 ----A---- C:\WINDOWS\system32\svchost.exe
2009-05-18 23:47:38 ----AC---- C:\WINDOWS\system32\subst.exe
2009-05-18 23:47:38 ----AC---- C:\WINDOWS\system32\strmfilt.dll
2009-05-18 23:47:38 ----AC---- C:\WINDOWS\system32\stimon.exe
2009-05-18 23:47:38 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-05-18 23:47:38 ----A---- C:\WINDOWS\system32\storage.dll
2009-05-18 23:47:38 ----A---- C:\WINDOWS\system32\stobject.dll
2009-05-18 23:47:38 ----A---- C:\WINDOWS\system32\sti_ci.dll
2009-05-18 23:47:37 ----A---- C:\WINDOWS\system32\sti.dll
2009-05-18 23:47:34 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2009-05-18 23:47:34 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2009-05-18 23:47:34 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-05-18 23:47:33 ----AC---- C:\WINDOWS\system32\sqlwoa.dll
2009-05-18 23:47:33 ----AC---- C:\WINDOWS\system32\sqlwid.dll
2009-05-18 23:47:33 ----AC---- C:\WINDOWS\system32\sqlunirl.dll
2009-05-18 23:47:31 ----AC---- C:\WINDOWS\system32\sprestrt.exe
2009-05-18 23:47:25 ----AC---- C:\WINDOWS\system32\spnpinst.exe
2009-05-18 23:47:25 ----A---- C:\WINDOWS\system32\spoolsv.exe
2009-05-18 23:47:25 ----A---- C:\WINDOWS\system32\spoolss.dll
2009-05-18 23:47:24 ----AC---- C:\WINDOWS\system32\spiisupd.exe
2009-05-18 23:47:17 ----AC---- C:\WINDOWS\system32\sort.exe
2009-05-18 23:47:17 ----A---- C:\WINDOWS\system32\softpub.dll
2009-05-18 23:47:16 ----AC---- C:\WINDOWS\system32\snmpsnap.dll
2009-05-18 23:47:16 ----A---- C:\WINDOWS\system32\snmpapi.dll
2009-05-18 23:47:14 ----AC---- C:\WINDOWS\system32\smlogsvc.exe
2009-05-18 23:47:14 ----A---- C:\WINDOWS\system32\smss.exe
2009-05-18 23:47:14 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2009-05-18 23:47:13 ----AC---- C:\WINDOWS\system32\smbinst.exe
2009-05-18 23:47:10 ----AC---- C:\WINDOWS\system32\skeys.exe
2009-05-18 23:47:10 ----AC---- C:\WINDOWS\system32\skdll.dll
2009-05-18 23:47:10 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2009-05-18 23:47:10 ----A---- C:\WINDOWS\system32\slbiop.dll
2009-05-18 23:47:10 ----A---- C:\WINDOWS\system32\slbcsp.dll
2009-05-18 23:47:10 ----A---- C:\WINDOWS\system32\slayerxp.dll
2009-05-18 23:47:07 ----AC---- C:\WINDOWS\system32\sisbkup.dll
2009-05-18 23:47:06 ----AC---- C:\WINDOWS\system32\sigverif.exe
2009-05-18 23:47:06 ----AC---- C:\WINDOWS\system32\sigtab.dll
2009-05-18 23:47:06 ----AC---- C:\WINDOWS\system32\shutdown.exe
2009-05-18 23:47:06 ----A---- C:\WINDOWS\system32\shsvcs.dll
2009-05-18 23:47:06 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-05-18 23:47:05 ----AC---- C:\WINDOWS\system32\shrpubw.exe
2009-05-18 23:47:05 ----A---- C:\WINDOWS\system32\shmgrate.exe
2009-05-18 23:47:05 ----A---- C:\WINDOWS\system32\shmedia.dll
2009-05-18 23:47:05 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-05-18 23:47:05 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-05-18 23:47:05 ----A---- C:\WINDOWS\system32\shgina.dll
2009-05-18 23:47:05 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-05-18 23:47:04 ----AC---- C:\WINDOWS\system32\share.exe
2009-05-18 23:47:04 ----AC---- C:\WINDOWS\system32\sfmapi.dll
2009-05-18 23:47:04 ----A---- C:\WINDOWS\system32\shell.dll
2009-05-18 23:47:04 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-05-18 23:47:04 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-05-18 23:47:03 ----AC---- C:\WINDOWS\system32\sfcfiles.dll
2009-05-18 23:47:03 ----AC---- C:\WINDOWS\system32\sfc.exe
2009-05-18 23:47:03 ----AC---- C:\WINDOWS\system32\setver.exe
2009-05-18 23:47:03 ----AC---- C:\WINDOWS\system32\setupn.exe
2009-05-18 23:47:03 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-05-18 23:47:03 ----A---- C:\WINDOWS\system32\sfc.dll
2009-05-18 23:47:02 ----AC---- C:\WINDOWS\system32\setupdll.dll
2009-05-18 23:47:02 ----AC---- C:\WINDOWS\system32\sethc.exe
2009-05-18 23:47:02 ----AC---- C:\WINDOWS\system32\serwvdrv.dll
2009-05-18 23:47:02 ----AC---- C:\WINDOWS\system32\services.msc
2009-05-18 23:47:02 ----A---- C:\WINDOWS\system32\setup.exe
2009-05-18 23:47:02 ----A---- C:\WINDOWS\system32\services.exe
2009-05-18 23:47:01 ----AC---- C:\WINDOWS\system32\serialui.dll
2009-05-18 23:47:00 ----AC---- C:\WINDOWS\system32\senscfg.dll
2009-05-18 23:47:00 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-05-18 23:47:00 ----A---- C:\WINDOWS\system32\sens.dll
2009-05-18 23:47:00 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-05-18 23:47:00 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-05-18 23:46:59 ----A---- C:\WINDOWS\system32\security.dll
2009-05-18 23:46:59 ----A---- C:\WINDOWS\system32\secur32.dll
2009-05-18 23:46:59 ----A---- C:\WINDOWS\system32\secpol.msc
2009-05-18 23:46:59 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-05-18 23:46:59 ----A---- C:\WINDOWS\system32\secedit.exe
2009-05-18 23:46:58 ----A---- C:\WINDOWS\system32\sdpblb.dll
2009-05-18 23:46:58 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-05-18 23:46:58 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-05-18 23:46:58 ----A---- C:\WINDOWS\system32\schtasks.exe
2009-05-18 23:46:57 ----A---- C:\WINDOWS\system32\scriptpw.dll
2009-05-18 23:46:57 ----A---- C:\WINDOWS\system32\scredir.dll
2009-05-18 23:46:56 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-05-18 23:46:56 ----A---- C:\WINDOWS\system32\schannel.dll
2009-05-18 23:46:56 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-05-18 23:46:55 ----AC---- C:\WINDOWS\system32\scardsvr.exe
2009-05-18 23:46:55 ----A---- C:\WINDOWS\system32\scecli.dll
2009-05-18 23:46:55 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-05-18 23:46:55 ----A---- C:\WINDOWS\system32\sccbase.dll
2009-05-18 23:46:55 ----A---- C:\WINDOWS\system32\scardssp.dll
2009-05-18 23:46:55 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-05-18 23:46:55 ----A---- C:\WINDOWS\system32\sc.exe
2009-05-18 23:46:55 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-05-18 23:46:54 ----A---- C:\WINDOWS\system32\sbe.dll
2009-05-18 23:46:54 ----A---- C:\WINDOWS\system32\savedump.exe
2009-05-18 23:46:54 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-05-18 23:46:53 ----A---- C:\WINDOWS\system32\samlib.dll
2009-05-18 23:46:51 ----AC---- C:\WINDOWS\system32\rundll32.exe
2009-05-18 23:46:51 ----A---- C:\WINDOWS\system32\runonce.exe
2009-05-18 23:46:51 ----A---- C:\WINDOWS\system32\runas.exe
2009-05-18 23:46:51 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-05-18 23:46:51 ----A---- C:\WINDOWS\system32\rtm.dll
2009-05-18 23:46:51 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-05-18 23:46:51 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-05-18 23:46:51 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2009-05-18 23:46:51 ----A---- C:\WINDOWS\system32\rsvpperf.dll
2009-05-18 23:46:51 ----A---- C:\WINDOWS\system32\rsvpmsg.dll
2009-05-18 23:46:50 ----R---- C:\WINDOWS\system32\rsop.msc
2009-05-18 23:46:50 ----AC---- C:\WINDOWS\system32\rsvp.exe
2009-05-18 23:46:50 ----A---- C:\WINDOWS\system32\rsvp.ini
2009-05-18 23:46:50 ----A---- C:\WINDOWS\system32\rsopprov.exe
2009-05-18 23:46:50 ----A---- C:\WINDOWS\system32\rsnotify.exe
2009-05-18 23:46:50 ----A---- C:\WINDOWS\system32\rsmui.exe
2009-05-18 23:46:49 ----A---- C:\WINDOWS\system32\rsmsink.exe
2009-05-18 23:46:49 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-05-18 23:46:49 ----A---- C:\WINDOWS\system32\rsm.exe
2009-05-18 23:46:49 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-05-18 23:46:49 ----A---- C:\WINDOWS\system32\rsh.exe
2009-05-18 23:46:49 ----A---- C:\WINDOWS\system32\rsfsaps.dll
2009-05-18 23:46:49 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-05-18 23:46:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-05-18 23:46:48 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-05-18 23:46:48 ----A---- C:\WINDOWS\system32\rpcns4.dll
2009-05-18 23:46:47 ----A---- C:\WINDOWS\system32\routetab.dll
2009-05-18 23:46:47 ----A---- C:\WINDOWS\system32\routemon.exe
2009-05-18 23:46:47 ----A---- C:\WINDOWS\system32\route.exe
2009-05-18 23:46:46 ----A---- C:\WINDOWS\system32\SecProc_ssp_isv.dll
2009-05-18 23:46:46 ----A---- C:\WINDOWS\system32\SecProc_ssp.dll
2009-05-18 23:46:46 ----A---- C:\WINDOWS\system32\rnr20.dll
2009-05-18 23:46:46 ----A---- C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2009-05-18 23:46:46 ----A---- C:\WINDOWS\system32\RmActivate_ssp.exe
2009-05-18 23:46:46 ----A---- C:\WINDOWS\system32\RmActivate_isv.exe
2009-05-18 23:46:45 ----A---- C:\WINDOWS\system32\SecProc_isv.dll
2009-05-18 23:46:45 ----A---- C:\WINDOWS\system32\SecProc.dll
2009-05-18 23:46:45 ----A---- C:\WINDOWS\system32\RmActivate.exe
2009-05-18 23:46:44 ----A---- C:\WINDOWS\system32\riched32.dll
2009-05-18 23:46:44 ----A---- C:\WINDOWS\system32\riched20.dll
2009-05-18 23:46:44 ----A---- C:\WINDOWS\system32\rexec.exe
2009-05-18 23:46:44 ----A---- C:\WINDOWS\system32\resutils.dll
2009-05-18 23:46:43 ----A---- C:\WINDOWS\system32\replace.exe
2009-05-18 23:46:43 ----A---- C:\WINDOWS\system32\rend.dll
2009-05-18 23:46:43 ----A---- C:\WINDOWS\system32\relog.exe
2009-05-18 23:46:43 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-05-18 23:46:42 ----AC---- C:\WINDOWS\system32\regsvr32.exe
2009-05-18 23:46:42 ----A---- C:\WINDOWS\system32\regwiz.exe
2009-05-18 23:46:42 ----A---- C:\WINDOWS\system32\regsvc.dll
2009-05-18 23:46:42 ----A---- C:\WINDOWS\system32\regedt32.exe
2009-05-18 23:46:42 ----A---- C:\WINDOWS\regedit.exe
2009-05-18 23:46:41 ----A---- C:\WINDOWS\system32\regapi.dll
2009-05-18 23:46:41 ----A---- C:\WINDOWS\system32\redir.exe
2009-05-18 23:46:40 ----A---- C:\WINDOWS\system32\recover.exe
2009-05-18 23:46:39 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-05-18 23:46:39 ----A---- C:\WINDOWS\system32\rcp.exe
2009-05-18 23:46:39 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-05-18 23:46:39 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-05-18 23:46:38 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-05-18 23:46:38 ----A---- C:\WINDOWS\system32\rasser.dll
2009-05-18 23:46:38 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-05-18 23:46:38 ----A---- C:\WINDOWS\system32\rasrad.dll
2009-05-18 23:46:38 ----A---- C:\WINDOWS\system32\rasqec.dll
2009-05-18 23:46:38 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-05-18 23:46:38 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\rasmxs.dll
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\rasmontr.dll
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\rasman.dll
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\rasdial.exe
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\rasctrs.ini
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\rasctrs.dll
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\raschap.dll
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\rasautou.exe
2009-05-18 23:46:37 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-05-18 23:46:36 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-05-18 23:46:36 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-05-18 23:46:35 ----A---- C:\WINDOWS\system32\qutil.dll
2009-05-18 23:46:35 ----A---- C:\WINDOWS\system32\query.dll
2009-05-18 23:46:35 ----A---- C:\WINDOWS\system32\qosname.dll
2009-05-18 23:46:34 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-05-18 23:46:34 ----A---- C:\WINDOWS\system32\qedit.dll
2009-05-18 23:46:33 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-05-18 23:46:33 ----A---- C:\WINDOWS\system32\qdv.dll
2009-05-18 23:46:33 ----A---- C:\WINDOWS\system32\qcliprov.dll
2009-05-18 23:46:33 ----A---- C:\WINDOWS\system32\qcap.dll
2009-05-18 23:46:33 ----A---- C:\WINDOWS\system32\qagentrt.dll
2009-05-18 23:46:33 ----A---- C:\WINDOWS\system32\qagent.dll
2009-05-18 23:46:32 ----A---- C:\WINDOWS\system32\pubprn.vbs
2009-05-18 23:46:32 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-05-18 23:46:32 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-05-18 23:46:32 ----A---- C:\WINDOWS\system32\psnppagn.dll
2009-05-18 23:46:32 ----A---- C:\WINDOWS\system32\pschdprf.ini
2009-05-18 23:46:32 ----A---- C:\WINDOWS\system32\pschdprf.dll
2009-05-18 23:46:32 ----A---- C:\WINDOWS\system32\psapi.dll
2009-05-18 23:46:29 ----A---- C:\WINDOWS\system32\proxycfg.exe
2009-05-18 23:46:29 ----A---- C:\WINDOWS\system32\proquota.exe
2009-05-18 23:46:28 ----A---- C:\WINDOWS\system32\progman.exe
2009-05-18 23:46:28 ----A---- C:\WINDOWS\system32\profmap.dll
2009-05-18 23:46:28 ----A---- C:\WINDOWS\system32\prodspec.ini
2009-05-18 23:46:28 ----A---- C:\WINDOWS\system32\prnqctl.vbs
2009-05-18 23:46:28 ----A---- C:\WINDOWS\system32\prnport.vbs
2009-05-18 23:46:28 ----A---- C:\WINDOWS\system32\prnmngr.vbs
2009-05-18 23:46:28 ----A---- C:\WINDOWS\system32\prnjobs.vbs
2009-05-18 23:46:28 ----A---- C:\WINDOWS\system32\prndrvr.vbs
2009-05-18 23:46:27 ----A---- C:\WINDOWS\system32\prncnfg.vbs
2009-05-18 23:46:27 ----A---- C:\WINDOWS\system32\printui.dll
2009-05-18 23:46:27 ----A---- C:\WINDOWS\system32\print.exe
2009-05-18 23:46:27 ----A---- C:\WINDOWS\system32\prflbmsg.dll
2009-05-18 23:46:26 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-05-18 23:46:26 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-05-18 23:46:26 ----A---- C:\WINDOWS\system32\polstore.dll
2009-05-18 23:46:25 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-05-18 23:46:25 ----A---- C:\WINDOWS\system32\pmspl.dll
2009-05-18 23:46:24 ----A---- C:\WINDOWS\system32\plustab.dll
2009-05-18 23:46:23 ----A---- C:\WINDOWS\system32\ping6.exe
2009-05-18 23:46:23 ----A---- C:\WINDOWS\system32\ping.exe
2009-05-18 23:46:23 ----A---- C:\WINDOWS\system32\pifmgr.dll
2009-05-18 23:46:22 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-05-18 23:46:22 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-05-18 23:46:21 ----R---- C:\WINDOWS\system32\perfmon.msc
2009-05-18 23:46:21 ----A---- C:\WINDOWS\system32\perfwci.ini
2009-05-18 23:46:21 ----A---- C:\WINDOWS\system32\perfts.dll
2009-05-18 23:46:21 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-05-18 23:46:21 ----A---- C:\WINDOWS\system32\perfos.dll
2009-05-18 23:46:21 ----A---- C:\WINDOWS\system32\perfnw.dll
2009-05-18 23:46:21 ----A---- C:\WINDOWS\system32\perfnet.dll
2009-05-18 23:46:20 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-05-18 23:46:20 ----A---- C:\WINDOWS\system32\perffilt.ini
2009-05-18 23:46:20 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-05-18 23:46:20 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-05-18 23:46:20 ----A---- C:\WINDOWS\system32\perfci.ini
2009-05-18 23:46:19 ----A---- C:\WINDOWS\system32\pentnt.exe
2009-05-18 23:46:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-05-18 23:46:17 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-05-18 23:46:17 ----A---- C:\WINDOWS\system32\pathping.exe
2009-05-18 23:46:17 ----A---- C:\WINDOWS\system32\panmap.dll
2009-05-18 23:46:16 ----A---- C:\WINDOWS\system32\pagefileconfig.vbs
2009-05-18 23:46:16 ----A---- C:\WINDOWS\system32\packager.exe
2009-05-18 23:46:15 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-05-18 23:46:15 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-05-18 23:46:15 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-05-18 23:46:15 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-05-18 23:46:15 ----A---- C:\WINDOWS\system32\p2p.dll
2009-05-18 23:46:15 ----A---- C:\WINDOWS\system32\osuninst.exe
2009-05-18 23:46:15 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-05-18 23:46:14 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-05-18 23:46:14 ----A---- C:\WINDOWS\system32\openfiles.exe
2009-05-18 23:46:13 ----A---- C:\WINDOWS\system32\onex.dll
2009-05-18 23:46:12 ----A---- C:\WINDOWS\system32\olethk32.dll
2009-05-18 23:46:12 ----A---- C:\WINDOWS\system32\olesvr32.dll
2009-05-18 23:46:12 ----A---- C:\WINDOWS\system32\olesvr.dll
2009-05-18 23:46:12 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-05-18 23:46:12 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-05-18 23:46:12 ----A---- C:\WINDOWS\system32\oledlg.dll
2009-05-18 23:46:12 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-05-18 23:46:12 ----A---- C:\WINDOWS\system32\olecli32.dll
2009-05-18 23:46:11 ----AC---- C:\WINDOWS\system32\oleacc.dll
2009-05-18 23:46:11 ----A---- C:\WINDOWS\system32\olecli.dll
2009-05-18 23:46:11 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-05-18 23:46:11 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2009-05-18 23:46:11 ----A---- C:\WINDOWS\system32\ole2nls.dll
2009-05-18 23:46:11 ----A---- C:\WINDOWS\system32\ole2disp.dll
2009-05-18 23:46:11 ----A---- C:\WINDOWS\system32\ole2.dll
2009-05-18 23:46:09 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-05-18 23:46:09 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-05-18 23:46:09 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-05-18 23:46:09 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-05-18 23:46:09 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-05-18 23:46:09 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-05-18 23:46:09 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-05-18 23:46:08 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-05-18 23:46:08 ----A---- C:\WINDOWS\system32\odbcji32.dll
2009-05-18 23:46:08 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-05-18 23:46:08 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-05-18 23:46:08 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-05-18 23:46:08 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-05-18 23:46:08 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-05-18 23:46:08 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-05-18 23:46:08 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-05-18 23:46:07 ----A---- C:\WINDOWS\system32\odbc16gt.dll
2009-05-18 23:46:07 ----A---- C:\WINDOWS\system32\ocmanage.dll
2009-05-18 23:46:05 ----A---- C:\WINDOWS\system32\objsel.dll
2009-05-18 23:46:04 ----A---- C:\WINDOWS\system32\oakley.dll
2009-05-18 23:46:04 ----A---- C:\WINDOWS\system32\nwwks.dll
2009-05-18 23:46:04 ----A---- C:\WINDOWS\system32\nwscript.exe
2009-05-18 23:46:04 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-05-18 23:46:03 ----AC---- C:\WINDOWS\system32\nwapi32.dll
2009-05-18 23:46:03 ----A---- C:\WINDOWS\system32\nwevent.dll
2009-05-18 23:46:03 ----A---- C:\WINDOWS\system32\nwcfg.dll
2009-05-18 23:46:03 ----A---- C:\WINDOWS\system32\nwapi16.dll
2009-05-18 23:46:03 ----A---- C:\WINDOWS\system32\nw16.exe
2009-05-18 23:46:02 ----AC---- C:\WINDOWS\system32\ntvdm.exe
2009-05-18 23:46:02 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2009-05-18 23:46:01 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-05-18 23:46:01 ----A---- C:\WINDOWS\system32\ntsdexts.dll
2009-05-18 23:46:01 ----A---- C:\WINDOWS\system32\ntsd.exe
2009-05-18 23:46:01 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-05-18 23:46:00 ----AC---- C:\WINDOWS\system32\ntmsmgr.dll
2009-05-18 23:46:00 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2009-05-18 23:46:00 ----A---- C:\WINDOWS\system32\ntmsoprq.msc
2009-05-18 23:46:00 ----A---- C:\WINDOWS\system32\ntmsmgr.msc
2009-05-18 23:46:00 ----A---- C:\WINDOWS\system32\ntmsevt.dll
2009-05-18 23:46:00 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-05-18 23:46:00 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-05-18 23:46:00 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-05-18 23:45:59 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-05-18 23:45:59 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2009-05-18 23:45:59 ----A---- C:\WINDOWS\system32\ntlanui.dll
2009-05-18 23:45:59 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-05-18 23:45:58 ----A---- C:\WINDOWS\system32\ntdsbcli.dll
2009-05-18 23:45:57 ----RASH---- C:\NTDETECT.COM
2009-05-18 23:45:57 ----A---- C:\WINDOWS\system32\ntbackup.exe
2009-05-18 23:45:56 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-05-18 23:45:56 ----A---- C:\WINDOWS\system32\npptools.dll
2009-05-18 23:45:54 ----A---- C:\WINDOWS\system32\notepad.exe
2009-05-18 23:45:52 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2009-05-18 23:45:49 ----A---- C:\WINDOWS\system32\newdev.dll
2009-05-18 23:45:48 ----A---- C:\WINDOWS\system32\netui2.dll
2009-05-18 23:45:48 ----A---- C:\WINDOWS\system32\netui1.dll
2009-05-18 23:45:48 ----A---- C:\WINDOWS\system32\netui0.dll
2009-05-18 23:45:47 ----A---- C:\WINDOWS\system32\netstat.exe
2009-05-18 23:45:47 ----A---- C:\WINDOWS\system32\netshell.dll
2009-05-18 23:45:46 ----A---- C:\WINDOWS\system32\netsh.exe
2009-05-18 23:45:46 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-05-18 23:45:45 ----A---- C:\WINDOWS\system32\netrap.dll
2009-05-18 23:45:45 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-05-18 23:45:44 ----A---- C:\WINDOWS\system32\netmsg.dll
2009-05-18 23:45:44 ----A---- C:\WINDOWS\system32\netman.dll
2009-05-18 23:45:42 ----A---- C:\WINDOWS\system32\netid.dll
2009-05-18 23:45:42 ----A---- C:\WINDOWS\system32\neth.dll
2009-05-18 23:45:41 ----A---- C:\WINDOWS\system32\netevent.dll
2009-05-18 23:45:40 ----A---- C:\WINDOWS\system32\netdde.exe
2009-05-18 23:45:39 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-05-18 23:45:37 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-05-18 23:45:37 ----A---- C:\WINDOWS\system32\netapi.dll
2009-05-18 23:45:35 ----A---- C:\WINDOWS\system32\net1.exe
2009-05-18 23:45:35 ----A---- C:\WINDOWS\system32\net.exe
2009-05-18 23:45:34 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-05-18 23:45:34 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-05-18 23:45:34 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-05-18 23:45:34 ----A---- C:\WINDOWS\system32\ncxpnt.dll
2009-05-18 23:45:34 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2009-05-18 23:45:34 ----A---- C:\WINDOWS\system32\nbtstat.exe
2009-05-18 23:45:33 ----A---- C:\WINDOWS\system32\narrhook.dll
2009-05-18 23:45:33 ----A---- C:\WINDOWS\system32\narrator.exe
2009-05-18 23:45:33 ----A---- C:\WINDOWS\system32\napstat.exe
2009-05-18 23:45:33 ----A---- C:\WINDOWS\system32\napmontr.dll
2009-05-18 23:45:33 ----A---- C:\WINDOWS\system32\napipsec.dll
2009-05-18 23:45:33 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-05-18 23:45:33 ----A---- C:\WINDOWS\system32\mycomput.dll
2009-05-18 23:45:30 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-05-18 23:45:29 ----A---- C:\WINDOWS\system32\msxmlr.dll
2009-05-18 23:45:29 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-05-18 23:45:29 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-05-18 23:45:29 ----A---- C:\WINDOWS\system32\msxml3r.dll
2009-05-18 23:45:29 ----A---- C:\WINDOWS\system32\msxml3.dll
2009-05-18 23:45:29 ----A---- C:\WINDOWS\system32\msxml2r.dll
2009-05-18 23:45:28 ----A---- C:\WINDOWS\system32\msxml.dll
2009-05-18 23:45:28 ----A---- C:\WINDOWS\system32\msxbde40.dll
2009-05-18 23:45:28 ----A---- C:\WINDOWS\system32\mswstr10.dll
2009-05-18 23:45:28 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-05-18 23:45:28 ----A---- C:\WINDOWS\system32\mswdat10.dll
2009-05-18 23:45:28 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvideo.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvidc32.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvcrt20.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvcrt.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvcp50.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-05-18 23:45:27 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-05-18 23:45:26 ----A---- C:\WINDOWS\system32\msvbvm50.dll
2009-05-18 23:45:26 ----A---- C:\WINDOWS\system32\msutb.dll
2009-05-18 23:45:26 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-05-18 23:45:26 ----A---- C:\WINDOWS\system32\mstext40.dll
2009-05-18 23:45:25 ----A---- C:\WINDOWS\system32\msswchx.exe
2009-05-18 23:45:25 ----A---- C:\WINDOWS\system32\msswch.dll
2009-05-18 23:45:25 ----A---- C:\WINDOWS\system32\mssip32.dll
2009-05-18 23:45:25 ----A---- C:\WINDOWS\system32\mssign32.dll
2009-05-18 23:45:24 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2009-05-18 23:45:24 ----A---- C:\WINDOWS\system32\mssha.dll
2009-05-18 23:45:24 ----A---- C:\WINDOWS\system32\mssap.dll
2009-05-18 23:45:24 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-05-18 23:45:24 ----A---- C:\WINDOWS\system32\msrepl40.dll
2009-05-18 23:45:24 ----A---- C:\WINDOWS\system32\msrecr40.dll
2009-05-18 23:45:23 ----AC---- C:\WINDOWS\system32\msr2c.dll
2009-05-18 23:45:23 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2009-05-18 23:45:23 ----A---- C:\WINDOWS\system32\msrclr40.dll
2009-05-18 23:45:23 ----A---- C:\WINDOWS\system32\msratelc.dll
2009-05-18 23:45:23 ----A---- C:\WINDOWS\system32\msr2cenu.dll
2009-05-18 23:45:22 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-05-18 23:45:22 ----A---- C:\WINDOWS\system32\msports.dll
2009-05-18 23:45:21 ----A---- C:\WINDOWS\system32\mspbde40.dll
2009-05-18 23:45:21 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-05-18 23:45:20 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-05-18 23:45:20 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-05-18 23:45:17 ----A---- C:\WINDOWS\system32\msobjs.dll
2009-05-18 23:45:16 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-05-18 23:45:11 ----A---- C:\WINDOWS\system32\msltus40.dll
2009-05-18 23:45:11 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-05-18 23:45:11 ----A---- C:\WINDOWS\system32\msjtes40.dll
2009-05-18 23:45:11 ----A---- C:\WINDOWS\system32\msjter40.dll
2009-05-18 23:45:10 ----A---- C:\WINDOWS\system32\msjint40.dll
2009-05-18 23:45:10 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2009-05-18 23:45:09 ----A---- C:\WINDOWS\system32\MSIMTF.dll
2009-05-18 23:45:09 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-05-18 23:45:09 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-05-18 23:45:09 ----A---- C:\WINDOWS\system32\msidntld.dll
2009-05-18 23:45:09 ----A---- C:\WINDOWS\system32\msidle.dll
2009-05-18 23:45:09 ----A---- C:\WINDOWS\system32\msident.dll
2009-05-18 23:45:08 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-05-18 23:45:07 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-05-18 23:45:05 ----A---- C:\WINDOWS\system32\msexch40.dll
2009-05-18 23:45:05 ----A---- C:\WINDOWS\system32\msencode.dll
2009-05-18 23:45:05 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-05-18 23:45:04 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-05-18 23:45:04 ----A---- C:\WINDOWS\msdfmap.ini
2009-05-18 23:45:03 ----A---- C:\WINDOWS\system32\msdart.dll
2009-05-18 23:45:02 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-05-18 23:45:02 ----A---- C:\WINDOWS\system32\MSCTFP.dll
2009-05-18 23:45:02 ----A---- C:\WINDOWS\system32\mscpxl32.dLL
2009-05-18 23:45:02 ----A---- C:\WINDOWS\system32\mscpx32r.dLL
2009-05-18 23:45:01 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2009-05-18 23:45:01 ----A---- C:\WINDOWS\system32\mscat32.dll
2009-05-18 23:45:01 ----A---- C:\WINDOWS\system32\msaudite.dll
2009-05-18 23:45:01 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-05-18 23:45:00 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-05-18 23:45:00 ----A---- C:\WINDOWS\system32\msafd.dll
2009-05-18 23:44:59 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-05-18 23:44:59 ----A---- C:\WINDOWS\system32\msacm.dll
2009-05-18 23:44:59 ----A---- C:\WINDOWS\system32\msaatext.dll
2009-05-18 23:44:50 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-18 23:44:50 ----A---- C:\WINDOWS\system32\mrinfo.exe
2009-05-18 23:44:49 ----A---- C:\WINDOWS\system32\mqutil.dll
2009-05-18 23:44:49 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2009-05-18 23:44:49 ----A---- C:\WINDOWS\system32\mqtrig.dll
2009-05-18 23:44:49 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2009-05-18 23:44:49 ----A---- C:\WINDOWS\system32\mqsvc.exe
2009-05-18 23:44:49 ----A---- C:\WINDOWS\system32\mqsnap.dll
2009-05-18 23:44:49 ----A---- C:\WINDOWS\system32\mqsec.dll
2009-05-18 23:44:49 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-05-18 23:44:48 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-05-18 23:44:48 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-05-18 23:44:48 ----A---- C:\WINDOWS\system32\mqperf.ini
2009-05-18 23:44:48 ----A---- C:\WINDOWS\system32\mqperf.dll
2009-05-18 23:44:48 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-05-18 23:44:48 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2009-05-18 23:44:48 ----A---- C:\WINDOWS\system32\mqise.dll
2009-05-18 23:44:48 ----A---- C:\WINDOWS\system32\mqgentr.dll
2009-05-18 23:44:48 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-05-18 23:44:48 ----A---- C:\WINDOWS\system32\mqcertui.dll
2009-05-18 23:44:47 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-05-18 23:44:47 ----A---- C:\WINDOWS\system32\mqad.dll
2009-05-18 23:44:47 ----A---- C:\WINDOWS\system32\mprui.dll
2009-05-18 23:44:47 ----A---- C:\WINDOWS\system32\mprmsg.dll
2009-05-18 23:44:47 ----A---- C:\WINDOWS\system32\mprdim.dll
2009-05-18 23:44:47 ----A---- C:\WINDOWS\system32\mprddm.dll
2009-05-18 23:44:47 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-05-18 23:44:47 ----A---- C:\WINDOWS\system32\mpr.dll
2009-05-18 23:44:47 ----A---- C:\WINDOWS\system32\mpnotify.exe
2009-05-18 23:44:43 ----A---- C:\WINDOWS\system32\mountvol.exe
2009-05-18 23:44:43 ----A---- C:\WINDOWS\system32\moricons.dll
2009-05-18 23:44:43 ----A---- C:\WINDOWS\system32\more.com
2009-05-18 23:44:42 ----A---- C:\WINDOWS\system32\modex.dll
2009-05-18 23:44:41 ----A---- C:\WINDOWS\system32\modemui.dll
2009-05-18 23:44:41 ----A---- C:\WINDOWS\system32\mode.com
2009-05-18 23:44:41 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-05-18 23:44:41 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-05-18 23:44:40 ----A---- C:\WINDOWS\system32\mmutilse.dll
2009-05-18 23:44:40 ----A---- C:\WINDOWS\system32\mmsystem.dll
2009-05-18 23:44:40 ----A---- C:\WINDOWS\system32\mmdrv.dll
2009-05-18 23:44:39 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-05-18 23:44:39 ----A---- C:\WINDOWS\system32\mll_qic.dll
2009-05-18 23:44:39 ----A---- C:\WINDOWS\system32\mll_mtf.dll
2009-05-18 23:44:39 ----A---- C:\WINDOWS\system32\mll_hp.dll
2009-05-18 23:44:39 ----A---- C:\WINDOWS\system32\mlang.dll
2009-05-18 23:44:39 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-05-18 23:44:37 ----A---- C:\WINDOWS\system32\migpwd.exe
2009-05-18 23:44:36 ----AC---- C:\WINDOWS\system32\miglibnt.dll
2009-05-18 23:44:36 ----A---- C:\WINDOWS\system32\midimap.dll
2009-05-18 23:44:35 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-05-18 23:44:34 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-05-18 23:44:34 ----A---- C:\WINDOWS\system32\mfc42u.dll
2009-05-18 23:44:34 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-05-18 23:44:34 ----A---- C:\WINDOWS\system32\mfc40u.dll
2009-05-18 23:44:33 ----A---- C:\WINDOWS\system32\mfc40.dll
2009-05-18 23:44:33 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-05-18 23:44:32 ----A---- C:\WINDOWS\system32\mem.exe
2009-05-18 23:44:23 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-05-18 23:44:17 ----A---- C:\WINDOWS\system32\mdhcp.dll
2009-05-18 23:44:14 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-05-18 23:44:14 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-05-18 23:44:14 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-05-18 23:44:14 ----A---- C:\WINDOWS\system32\mciole32.dll
2009-05-18 23:44:14 ----A---- C:\WINDOWS\system32\mciole16.dll
2009-05-18 23:44:14 ----A---- C:\WINDOWS\system32\mcicda.dll
2009-05-18 23:44:14 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-05-18 23:44:13 ----A---- C:\WINDOWS\system32\mchgrcoi.dll
2009-05-18 23:44:13 ----A---- C:\WINDOWS\system32\mcdsrv32.dll
2009-05-18 23:44:13 ----A---- C:\WINDOWS\system32\mcd32.dll
2009-05-18 23:44:13 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-05-18 23:44:13 ----A---- C:\WINDOWS\system32\mapistub.dll
2009-05-18 23:44:12 ----A---- C:\WINDOWS\system32\makecab.exe
2009-05-18 23:44:12 ----A---- C:\WINDOWS\system32\magnify.exe
2009-05-18 23:44:12 ----A---- C:\WINDOWS\system32\mag_hook.dll
2009-05-18 23:44:11 ----A---- C:\WINDOWS\system32\lzexpand.dll
2009-05-18 23:44:11 ----A---- C:\WINDOWS\system32\lz32.dll
2009-05-18 23:44:11 ----A---- C:\WINDOWS\system32\lusrmgr.msc
2009-05-18 23:44:10 ----A---- C:\WINDOWS\system32\lsass.exe
2009-05-18 23:44:10 ----A---- C:\WINDOWS\system32\lprmonui.dll
2009-05-18 23:44:10 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-05-18 23:44:10 ----A---- C:\WINDOWS\system32\lpr.exe
2009-05-18 23:44:09 ----AC---- C:\WINDOWS\system32\logonui.exe
2009-05-18 23:44:09 ----A---- C:\WINDOWS\system32\lpq.exe
2009-05-18 23:44:09 ----A---- C:\WINDOWS\system32\lpk.dll
2009-05-18 23:44:08 ----AC---- C:\WINDOWS\system32\locator.exe
2009-05-18 23:44:08 ----AC---- C:\WINDOWS\system32\loadperf.dll
2009-05-18 23:44:08 ----A---- C:\WINDOWS\system32\logman.exe
2009-05-18 23:44:08 ----A---- C:\WINDOWS\system32\login.cmd
2009-05-18 23:44:08 ----A---- C:\WINDOWS\system32\loghours.dll
2009-05-18 23:44:08 ----A---- C:\WINDOWS\system32\lodctr.exe
2009-05-18 23:44:08 ----A---- C:\WINDOWS\system32\localui.dll
2009-05-18 23:44:08 ----A---- C:\WINDOWS\system32\localsec.dll
2009-05-18 23:44:08 ----A---- C:\WINDOWS\system32\loadfix.com
2009-05-18 23:44:07 ----A---- C:\WINDOWS\system32\lnkstub.exe
2009-05-18 23:44:07 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-05-18 23:44:07 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-05-18 23:44:07 ----A---- C:\WINDOWS\system32\linkinfo.dll
2009-05-18 23:44:07 ----A---- C:\WINDOWS\system32\lights.exe
2009-05-18 23:44:02 ----A---- C:\WINDOWS\system32\langwrbk.dll
2009-05-18 23:44:02 ----A---- C:\WINDOWS\system32\label.exe
2009-05-18 23:44:02 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2009-05-18 23:44:01 ----AC---- C:\WINDOWS\system32\keymgr.dll
2009-05-18 23:44:01 ----A---- C:\WINDOWS\system32\krnl386.exe
2009-05-18 23:44:01 ----A---- C:\WINDOWS\system32\kmsvc.dll
2009-05-18 23:44:00 ----AC---- C:\WINDOWS\system32\kdcom.dll
2009-05-18 23:44:00 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-05-18 23:43:59 ----AC---- C:\WINDOWS\system32\kbdus.dll
2009-05-18 23:43:59 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-05-18 23:43:59 ----A---- C:\WINDOWS\system32\kbdusx.dll
2009-05-18 23:43:59 ----A---- C:\WINDOWS\system32\kbdusr.dll
2009-05-18 23:43:59 ----A---- C:\WINDOWS\system32\kbdusl.dll
2009-05-18 23:43:59 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-05-18 23:43:58 ----AC---- C:\WINDOWS\system32\kbduk.dll
2009-05-18 23:43:58 ----A---- C:\WINDOWS\system32\kbdsw.dll
2009-05-18 23:43:58 ----A---- C:\WINDOWS\system32\kbdsp.dll
2009-05-18 23:43:57 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-05-18 23:43:57 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-05-18 23:43:57 ----A---- C:\WINDOWS\system32\kbdsg.dll
2009-05-18 23:43:57 ----A---- C:\WINDOWS\system32\kbdsf.dll
2009-05-18 23:43:57 ----A---- C:\WINDOWS\system32\kbdpo.dll
2009-05-18 23:43:57 ----A---- C:\WINDOWS\system32\kbdpash.dll
2009-05-18 23:43:56 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-05-18 23:43:56 ----A---- C:\WINDOWS\system32\kbdno.dll
2009-05-18 23:43:56 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2009-05-18 23:43:56 ----A---- C:\WINDOWS\system32\kbdnec.dll
2009-05-18 23:43:56 ----A---- C:\WINDOWS\system32\kbdne.dll
2009-05-18 23:43:56 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-05-18 23:43:56 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-05-18 23:43:56 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-05-18 23:43:55 ----A---- C:\WINDOWS\system32\kbdmac.dll
2009-05-18 23:43:55 ----A---- C:\WINDOWS\system32\kbdla.dll
2009-05-18 23:43:55 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2009-05-18 23:43:55 ----A---- C:\WINDOWS\system32\kbdit142.dll
2009-05-18 23:43:54 ----A---- C:\WINDOWS\system32\kbdit.dll
2009-05-18 23:43:54 ----A---- C:\WINDOWS\system32\kbdir.dll
2009-05-18 23:43:54 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-05-18 23:43:54 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-05-18 23:43:54 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-05-18 23:43:53 ----A---- C:\WINDOWS\system32\kbdic.dll
2009-05-18 23:43:52 ----A---- C:\WINDOWS\system32\kbdgr1.dll
2009-05-18 23:43:52 ----A---- C:\WINDOWS\system32\kbdgr.dll
2009-05-18 23:43:52 ----A---- C:\WINDOWS\system32\kbdgae.dll
2009-05-18 23:43:52 ----A---- C:\WINDOWS\system32\kbdfr.dll
2009-05-18 23:43:52 ----A---- C:\WINDOWS\system32\kbdfo.dll
2009-05-18 23:43:52 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-05-18 23:43:52 ----A---- C:\WINDOWS\system32\kbdfi.dll
2009-05-18 23:43:52 ----A---- C:\WINDOWS\system32\kbdfc.dll
2009-05-18 23:43:51 ----A---- C:\WINDOWS\system32\kbdes.dll
2009-05-18 23:43:51 ----A---- C:\WINDOWS\system32\kbddv.dll
2009-05-18 23:43:51 ----A---- C:\WINDOWS\system32\kbdda.dll
2009-05-18 23:43:51 ----A---- C:\WINDOWS\system32\kbdcan.dll
2009-05-18 23:43:51 ----A---- C:\WINDOWS\system32\kbdca.dll
2009-05-18 23:43:50 ----A---- C:\WINDOWS\system32\kbdbr.dll
2009-05-18 23:43:50 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2009-05-18 23:43:50 ----A---- C:\WINDOWS\system32\kbdbene.dll
2009-05-18 23:43:50 ----A---- C:\WINDOWS\system32\kbdbe.dll
2009-05-18 23:43:49 ----A---- C:\WINDOWS\system32\kb16.com
2009-05-18 23:43:48 ----A---- C:\WINDOWS\system32\jobexec.dll
2009-05-18 23:43:48 ----A---- C:\WINDOWS\system32\jgsh400.dll
2009-05-18 23:43:48 ----A---- C:\WINDOWS\system32\jgsd400.dll
2009-05-18 23:43:48 ----A---- C:\WINDOWS\system32\jgpl400.dll
2009-05-18 23:43:48 ----A---- C:\WINDOWS\system32\jgmd400.dll
2009-05-18 23:43:48 ----A---- C:\WINDOWS\system32\jgdw400.dll
2009-05-18 23:43:48 ----A---- C:\WINDOWS\system32\jgaw400.dll
2009-05-18 23:43:48 ----A---- C:\WINDOWS\system32\jet500.dll
2009-05-18 23:43:48 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-05-18 23:43:47 ----A---- C:\WINDOWS\system32\iuengine.dll
2009-05-18 23:43:47 ----A---- C:\WINDOWS\system32\itss.dll
2009-05-18 23:43:47 ----A---- C:\WINDOWS\system32\itircl.dll
2009-05-18 23:43:45 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ir32_32.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ipxwan.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ipxsap.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ipxrip.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ipxpromn.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ipxmontr.dll
2009-05-18 23:43:44 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-05-18 23:43:43 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-05-18 23:43:43 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-05-18 23:43:43 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-05-18 23:43:43 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-05-18 23:43:43 ----A---- C:\WINDOWS\system32\ipsec6.exe
2009-05-18 23:43:43 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2009-05-18 23:43:43 ----A---- C:\WINDOWS\system32\iprtprio.dll
2009-05-18 23:43:43 ----A---- C:\WINDOWS\system32\iprop.dll
2009-05-18 23:43:41 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-05-18 23:43:41 ----A---- C:\WINDOWS\system32\ipmontr.dll
2009-05-18 23:43:41 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-05-18 23:43:41 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-05-18 23:43:40 ----A---- C:\WINDOWS\system32\iologmsg.dll
2009-05-18 23:43:40 ----A---- C:\WINDOWS\system32\input.dll
2009-05-18 23:43:39 ----A---- C:\WINDOWS\system32\initpki.dll
2009-05-18 23:43:39 ----A---- C:\WINDOWS\system32\infosoft.dll
2009-05-18 23:43:38 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-05-18 23:43:38 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-05-18 23:43:38 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-05-18 23:43:38 ----A---- C:\WINDOWS\system32\inetcplc.dll
2009-05-18 23:43:37 ----AC---- C:\WINDOWS\system32\imapi.exe
2009-05-18 23:43:37 ----A---- C:\WINDOWS\system32\imm32.dll
2009-05-18 23:43:37 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-05-18 23:43:36 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-05-18 23:43:36 ----A---- C:\WINDOWS\system32\iissuba.dll
2009-05-18 23:43:34 ----AC---- C:\WINDOWS\system32\iexpress.exe
2009-05-18 23:43:34 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-05-18 23:43:34 ----A---- C:\WINDOWS\system32\ifsutil.dll
2009-05-18 23:43:34 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-05-18 23:43:33 ----A---- C:\WINDOWS\system32\idq.dll
2009-05-18 23:43:31 ----A---- C:\WINDOWS\system32\icmui.dll
2009-05-18 23:43:31 ----A---- C:\WINDOWS\system32\icmp.dll
2009-05-18 23:43:31 ----A---- C:\WINDOWS\system32\icm32.dll
2009-05-18 23:43:31 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-05-18 23:43:31 ----A---- C:\WINDOWS\system32\iassvcs.dll
2009-05-18 23:43:31 ----A---- C:\WINDOWS\system32\iassdo.dll
2009-05-18 23:43:31 ----A---- C:\WINDOWS\system32\iassam.dll
2009-05-18 23:43:31 ----A---- C:\WINDOWS\system32\iasrecst.dll
2009-05-18 23:43:30 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-05-18 23:43:30 ----A---- C:\WINDOWS\system32\iaspolcy.dll
2009-05-18 23:43:30 ----A---- C:\WINDOWS\system32\iasnap.dll
2009-05-18 23:43:30 ----A---- C:\WINDOWS\system32\iashlpr.dll
2009-05-18 23:43:30 ----A---- C:\WINDOWS\system32\iasads.dll
2009-05-18 23:43:30 ----A---- C:\WINDOWS\system32\iasacct.dll
2009-05-18 23:43:29 ----A---- C:\WINDOWS\system32\htui.dll
2009-05-18 23:43:28 ----AC---- C:\WINDOWS\system32\httpapi.dll
2009-05-18 23:43:26 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-05-18 23:43:25 ----A---- C:\WINDOWS\system32\hostname.exe
2009-05-18 23:43:25 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-05-18 23:43:25 ----A---- C:\WINDOWS\system32\hnetmon.dll
2009-05-18 23:43:24 ----A---- C:\WINDOWS\system32\hlink.dll
2009-05-18 23:43:23 ----AC---- C:\WINDOWS\system32\hhsetup.dll
2009-05-18 23:43:22 ----A---- C:\WINDOWS\hh.exe
2009-05-18 23:43:21 ----A---- C:\WINDOWS\system32\help.exe
2009-05-18 23:43:21 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-05-18 23:43:19 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-05-18 23:43:18 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-05-18 23:43:17 ----A---- C:\WINDOWS\system32\graphics.com
2009-05-18 23:43:17 ----A---- C:\WINDOWS\system32\graftabl.com
2009-05-18 23:43:16 ----A---- C:\WINDOWS\system32\gpupdate.exe
2009-05-18 23:43:16 ----A---- C:\WINDOWS\system32\gpresult.exe
2009-05-18 23:43:16 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-05-18 23:43:16 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2009-05-18 23:43:16 ----A---- C:\WINDOWS\system32\gpedit.msc
2009-05-18 23:43:16 ----A---- C:\WINDOWS\system32\gpedit.dll
2009-05-18 23:43:15 ----A---- C:\WINDOWS\system32\glu32.dll
2009-05-18 23:43:15 ----A---- C:\WINDOWS\system32\glmf32.dll
2009-05-18 23:43:14 ----A---- C:\WINDOWS\system32\getmac.exe
2009-05-18 23:43:13 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-05-18 23:43:13 ----A---- C:\WINDOWS\system32\gdi.exe
2009-05-18 23:43:13 ----A---- C:\WINDOWS\system32\gcdef.dll
2009-05-18 23:43:09 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-05-18 23:43:09 ----A---- C:\WINDOWS\system32\ftsrch.dll
2009-05-18 23:43:09 ----A---- C:\WINDOWS\system32\ftp.exe
2009-05-18 23:43:08 ----A---- C:\WINDOWS\system32\fsutil.exe
2009-05-18 23:43:08 ----A---- C:\WINDOWS\system32\fsusd.dll
2009-05-18 23:43:08 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-05-18 23:43:08 ----A---- C:\WINDOWS\system32\fsmgmt.msc
2009-05-18 23:43:08 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-05-18 23:43:07 ----A---- C:\WINDOWS\system32\format.com
2009-05-18 23:43:07 ----A---- C:\WINDOWS\system32\forcedos.exe
2009-05-18 23:43:07 ----A---- C:\WINDOWS\system32\fontview.exe
2009-05-18 23:43:07 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-05-18 23:43:06 ----A---- C:\WINDOWS\system32\fontext.dll
2009-05-18 23:43:06 ----A---- C:\WINDOWS\system32\fmifs.dll
2009-05-18 23:43:06 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-05-18 23:43:05 ----A---- C:\WINDOWS\system32\fixmapi.exe
2009-05-18 23:43:05 ----A---- C:\WINDOWS\system32\finger.exe
2009-05-18 23:43:05 ----A---- C:\WINDOWS\system32\findstr.exe
2009-05-18 23:43:05 ----A---- C:\WINDOWS\system32\find.exe
2009-05-18 23:43:04 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-05-18 23:43:04 ----A---- C:\WINDOWS\system32\feclient.dll
2009-05-18 23:43:03 ----A---- C:\WINDOWS\system32\fdeploy.dll
2009-05-18 23:43:03 ----A---- C:\WINDOWS\system32\fde.dll
2009-05-18 23:43:03 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-05-18 23:43:03 ----A---- C:\WINDOWS\system32\fastopen.exe
2009-05-18 23:43:03 ----A---- C:\WINDOWS\system32\exts.dll
2009-05-18 23:43:03 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-05-18 23:43:02 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-05-18 23:43:02 ----A---- C:\WINDOWS\system32\expand.exe
2009-05-18 23:43:01 ----A---- C:\WINDOWS\system32\exe2bin.exe
2009-05-18 23:43:01 ----A---- C:\WINDOWS\system32\eventtriggers.exe
TynoPrime
2009-06-21, 04:17
2009-05-18 23:43:01 ----A---- C:\WINDOWS\system32\eventquery.vbs
2009-05-18 23:43:00 ----A---- C:\WINDOWS\system32\eventvwr.msc
2009-05-18 23:43:00 ----A---- C:\WINDOWS\system32\eventvwr.exe
2009-05-18 23:43:00 ----A---- C:\WINDOWS\system32\eventlog.dll
2009-05-18 23:43:00 ----A---- C:\WINDOWS\system32\eventcreate.exe
2009-05-18 23:43:00 ----A---- C:\WINDOWS\system32\eventcls.dll
2009-05-18 23:43:00 ----A---- C:\WINDOWS\system32\eula.txt
2009-05-18 23:43:00 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-05-18 23:42:59 ----A---- C:\WINDOWS\system32\esentutl.exe
2009-05-18 23:42:59 ----A---- C:\WINDOWS\system32\esentprf.ini
2009-05-18 23:42:59 ----A---- C:\WINDOWS\system32\esentprf.dll
2009-05-18 23:42:59 ----A---- C:\WINDOWS\system32\esent97.dll
2009-05-18 23:42:59 ----A---- C:\WINDOWS\system32\esent.dll
2009-05-18 23:42:59 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-05-18 23:42:58 ----A---- C:\WINDOWS\system32\encdec.dll
2009-05-18 23:42:58 ----A---- C:\WINDOWS\system32\encapi.dll
2009-05-18 23:42:58 ----A---- C:\WINDOWS\system32\els.dll
2009-05-18 23:42:56 ----A---- C:\WINDOWS\system32\efsadu.dll
2009-05-18 23:42:56 ----A---- C:\WINDOWS\system32\edlin.exe
2009-05-18 23:42:56 ----A---- C:\WINDOWS\system32\edit.com
2009-05-18 23:42:56 ----A---- C:\WINDOWS\system32\eapsvc.dll
2009-05-18 23:42:56 ----A---- C:\WINDOWS\system32\eapqec.dll
2009-05-18 23:42:56 ----A---- C:\WINDOWS\system32\eappprxy.dll
2009-05-18 23:42:55 ----A---- C:\WINDOWS\system32\eapphost.dll
2009-05-18 23:42:55 ----A---- C:\WINDOWS\system32\eappgnui.dll
2009-05-18 23:42:55 ----A---- C:\WINDOWS\system32\eappcfg.dll
2009-05-18 23:42:55 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2009-05-18 23:42:55 ----A---- C:\WINDOWS\system32\eapolqec.dll
2009-05-18 23:42:55 ----A---- C:\WINDOWS\system32\dxmasf.dll
2009-05-18 23:42:54 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-05-18 23:42:54 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-05-18 23:42:54 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-05-18 23:42:54 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-05-18 23:42:54 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-05-18 23:42:54 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-05-18 23:42:54 ----A---- C:\WINDOWS\system32\duser.dll
2009-05-18 23:42:53 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-05-18 23:42:53 ----A---- C:\WINDOWS\system32\dswave.dll
2009-05-18 23:42:53 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-05-18 23:42:53 ----A---- C:\WINDOWS\system32\dssec.dll
2009-05-18 23:42:53 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-05-18 23:42:53 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-05-18 23:42:53 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-05-18 23:42:52 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-05-18 23:42:52 ----A---- C:\WINDOWS\system32\dsound.dll
2009-05-18 23:42:52 ----A---- C:\WINDOWS\system32\dskquoui.dll
2009-05-18 23:42:52 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-05-18 23:42:52 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-05-18 23:42:52 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-05-18 23:42:52 ----A---- C:\WINDOWS\system32\dsauth.dll
2009-05-18 23:42:51 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-05-18 23:42:51 ----A---- C:\WINDOWS\system32\ds16gt.dLL
2009-05-18 23:42:51 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2009-05-18 23:42:51 ----A---- C:\WINDOWS\system32\drwatson.exe
2009-05-18 23:42:51 ----A---- C:\WINDOWS\system32\drprov.dll
2009-05-18 23:42:51 ----A---- C:\WINDOWS\system32\drmstor.dll
2009-05-18 23:42:51 ----A---- C:\WINDOWS\system32\drmclien.dll
2009-05-18 23:42:51 ----A---- C:\WINDOWS\system32\driverquery.exe
2009-05-18 23:42:45 ----AC---- C:\WINDOWS\system32\dpvsetup.exe
2009-05-18 23:42:45 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-05-18 23:42:45 ----A---- C:\WINDOWS\system32\dpwsock.dll
2009-05-18 23:42:45 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-05-18 23:42:45 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-05-18 23:42:45 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-05-18 23:42:45 ----A---- C:\WINDOWS\system32\dpserial.dll
2009-05-18 23:42:45 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2009-05-18 23:42:44 ----AC---- C:\WINDOWS\system32\dpcdll.dll
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-05-18 23:42:44 ----A---- C:\WINDOWS\system32\dplay.dll
2009-05-18 23:42:43 ----A---- C:\WINDOWS\system32\dot3ui.dll
2009-05-18 23:42:43 ----A---- C:\WINDOWS\system32\dot3svc.dll
2009-05-18 23:42:43 ----A---- C:\WINDOWS\system32\dot3msm.dll
2009-05-18 23:42:43 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-05-18 23:42:43 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2009-05-18 23:42:43 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2009-05-18 23:42:43 ----A---- C:\WINDOWS\system32\dot3api.dll
2009-05-18 23:42:43 ----A---- C:\WINDOWS\system32\dosx.exe
2009-05-18 23:42:43 ----A---- C:\WINDOWS\system32\doskey.exe
2009-05-18 23:42:42 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-05-18 23:42:42 ----A---- C:\WINDOWS\system32\docprop.dll
2009-05-18 23:42:42 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-05-18 23:42:42 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-05-18 23:42:42 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-05-18 23:42:42 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-05-18 23:42:42 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-05-18 23:42:42 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-05-18 23:42:42 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-05-18 23:42:42 ----A---- C:\WINDOWS\system32\dmocx.dll
2009-05-18 23:42:41 ----AC---- C:\WINDOWS\system32\dmadmin.exe
2009-05-18 23:42:41 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-05-18 23:42:41 ----A---- C:\WINDOWS\system32\dmintf.dll
2009-05-18 23:42:41 ----A---- C:\WINDOWS\system32\dmime.dll
2009-05-18 23:42:41 ----A---- C:\WINDOWS\system32\dmdskres.dll
2009-05-18 23:42:41 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-05-18 23:42:41 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2009-05-18 23:42:41 ----A---- C:\WINDOWS\system32\dmconfig.dll
2009-05-18 23:42:41 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-05-18 23:42:41 ----A---- C:\WINDOWS\system32\dmband.dll
2009-05-18 23:42:41 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2009-05-18 23:42:40 ----AC---- C:\WINDOWS\system32\dllhost.exe
2009-05-18 23:42:40 ----A---- C:\WINDOWS\system32\dispex.dll
2009-05-18 23:42:40 ----A---- C:\WINDOWS\system32\diskperf.exe
2009-05-18 23:42:40 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-05-18 23:42:40 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2009-05-18 23:42:39 ----A---- C:\WINDOWS\system32\diskcopy.dll
2009-05-18 23:42:39 ----A---- C:\WINDOWS\system32\diskcopy.com
2009-05-18 23:42:39 ----A---- C:\WINDOWS\system32\diskcomp.com
2009-05-18 23:42:39 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-05-18 23:42:39 ----A---- C:\WINDOWS\system32\dinput.dll
2009-05-18 23:42:39 ----A---- C:\WINDOWS\system32\dimsroam.dll
2009-05-18 23:42:38 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2009-05-18 23:42:38 ----A---- C:\WINDOWS\system32\dimap.dll
2009-05-18 23:42:38 ----A---- C:\WINDOWS\system32\digest.dll
2009-05-18 23:42:37 ----A---- C:\WINDOWS\system32\diantz.exe
2009-05-18 23:42:37 ----A---- C:\WINDOWS\system32\diactfrm.dll
2009-05-18 23:42:36 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2009-05-18 23:42:36 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2009-05-18 23:42:36 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2009-05-18 23:42:36 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-05-18 23:42:36 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-05-18 23:42:35 ----AC---- C:\WINDOWS\system32\dfrgres.dll
2009-05-18 23:42:35 ----AC---- C:\WINDOWS\system32\dfrgntfs.exe
2009-05-18 23:42:35 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-05-18 23:42:35 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-05-18 23:42:35 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-05-18 23:42:35 ----A---- C:\WINDOWS\system32\dfrg.msc
2009-05-18 23:42:35 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-05-18 23:42:35 ----A---- C:\WINDOWS\system32\devmgmt.msc
2009-05-18 23:42:34 ----AC---- C:\WINDOWS\system32\defrag.exe
2009-05-18 23:42:34 ----A---- C:\WINDOWS\system32\devenum.dll
2009-05-18 23:42:34 ----A---- C:\WINDOWS\system32\deskperf.dll
2009-05-18 23:42:34 ----A---- C:\WINDOWS\system32\deskmon.dll
2009-05-18 23:42:34 ----A---- C:\WINDOWS\system32\deskadp.dll
2009-05-18 23:42:34 ----A---- C:\WINDOWS\system32\debug.exe
2009-05-18 23:42:33 ----AC---- C:\WINDOWS\system32\ddrawex.dll
2009-05-18 23:42:33 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-05-18 23:42:33 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-05-18 23:42:33 ----A---- C:\WINDOWS\system32\ddeml.dll
2009-05-18 23:42:33 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-05-18 23:42:33 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-05-18 23:42:33 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-05-18 23:42:32 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-05-18 23:42:32 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-05-18 23:42:32 ----A---- C:\WINDOWS\system32\dbgeng.dll
2009-05-18 23:42:32 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-05-18 23:42:32 ----A---- C:\WINDOWS\system32\datime.dll
2009-05-18 23:42:31 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-05-18 23:42:31 ----A---- C:\WINDOWS\system32\danim.dll
2009-05-18 23:42:31 ----A---- C:\WINDOWS\system32\d3dxof.dll
2009-05-18 23:42:31 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-05-18 23:42:31 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-05-18 23:42:30 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-05-18 23:42:30 ----A---- C:\WINDOWS\system32\d3drm.dll
2009-05-18 23:42:30 ----A---- C:\WINDOWS\system32\d3dramp.dll
2009-05-18 23:42:30 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2009-05-18 23:42:30 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-05-18 23:42:30 ----A---- C:\WINDOWS\system32\d3dim.dll
2009-05-18 23:42:30 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-05-18 23:42:30 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-05-18 23:42:29 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-05-18 23:42:29 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-05-18 23:42:29 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-05-18 23:42:29 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-05-18 23:42:29 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-05-18 23:42:29 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-05-18 23:42:29 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-05-18 23:42:20 ----A---- C:\WINDOWS\system32\ctl3dv2.dll
2009-05-18 23:42:20 ----A---- C:\WINDOWS\system32\ctl3d32.dll
2009-05-18 23:42:19 ----AC---- C:\WINDOWS\system32\cryptnet.dll
2009-05-18 23:42:19 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-05-18 23:42:19 ----A---- C:\WINDOWS\system32\csseqchk.dll
2009-05-18 23:42:19 ----A---- C:\WINDOWS\system32\csrss.exe
2009-05-18 23:42:19 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-05-18 23:42:19 ----A---- C:\WINDOWS\system32\cscui.dll
2009-05-18 23:42:19 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-05-18 23:42:19 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2009-05-18 23:42:19 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-05-18 23:42:19 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-05-18 23:42:18 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-05-18 23:42:18 ----A---- C:\WINDOWS\system32\crtdll.dll
2009-05-18 23:42:18 ----A---- C:\WINDOWS\system32\credui.dll
2009-05-18 23:42:18 ----A---- C:\WINDOWS\system32\credssp.dll
2009-05-18 23:42:15 ----A---- C:\WINDOWS\system32\convert.exe
2009-05-18 23:42:15 ----A---- C:\WINDOWS\system32\control.exe
2009-05-18 23:42:14 ----A---- C:\WINDOWS\system32\console.dll
2009-05-18 23:42:14 ----A---- C:\WINDOWS\system32\conime.exe
2009-05-18 23:42:14 ----A---- C:\WINDOWS\system32\confmsp.dll
2009-05-18 23:42:13 ----A---- C:\WINDOWS\system32\comres.dll
2009-05-18 23:42:13 ----A---- C:\WINDOWS\system32\compstui.dll
2009-05-18 23:42:13 ----A---- C:\WINDOWS\system32\compobj.dll
2009-05-18 23:42:12 ----A---- C:\WINDOWS\system32\compmgmt.msc
2009-05-18 23:42:12 ----A---- C:\WINDOWS\system32\compatUI.dll
2009-05-18 23:42:12 ----A---- C:\WINDOWS\system32\compact.exe
2009-05-18 23:42:12 ----A---- C:\WINDOWS\system32\comp.exe
2009-05-18 23:42:12 ----A---- C:\WINDOWS\system32\commdlg.dll
2009-05-18 23:42:12 ----A---- C:\WINDOWS\system32\command.com
2009-05-18 23:42:11 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-05-18 23:42:11 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-05-18 23:42:11 ----A---- C:\WINDOWS\system32\comcat.dll
2009-05-18 23:42:10 ----A---- C:\WINDOWS\system32\cnvfat.dll
2009-05-18 23:42:10 ----A---- C:\WINDOWS\system32\cnetcfg.dll
2009-05-18 23:42:10 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-05-18 23:42:10 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-05-18 23:42:10 ----A---- C:\WINDOWS\system32\cmsetACL.dll
2009-05-18 23:42:10 ----A---- C:\WINDOWS\system32\cmpbk32.dll
2009-05-18 23:42:09 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-05-18 23:42:09 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-05-18 23:42:09 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-05-18 23:42:09 ----A---- C:\WINDOWS\system32\cmd.exe
2009-05-18 23:42:09 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-05-18 23:42:09 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-05-18 23:42:08 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-05-18 23:42:08 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-05-18 23:42:08 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-05-18 23:42:07 ----AC---- C:\WINDOWS\system32\shellstyle.dll
2009-05-18 23:42:07 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-05-18 23:42:07 ----A---- C:\WINDOWS\system32\clb.dll
2009-05-18 23:42:07 ----A---- C:\WINDOWS\system32\ckcnv.exe
2009-05-18 23:42:06 ----AC---- C:\WINDOWS\system32\cisvc.exe
2009-05-18 23:42:06 ----A---- C:\WINDOWS\system32\cipher.exe
2009-05-18 23:42:06 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-05-18 23:42:06 ----A---- C:\WINDOWS\system32\cidaemon.exe
2009-05-18 23:42:05 ----A---- C:\WINDOWS\system32\ciadv.msc
2009-05-18 23:42:05 ----A---- C:\WINDOWS\system32\ciadmin.dll
2009-05-18 23:42:05 ----A---- C:\WINDOWS\system32\chkntfs.exe
2009-05-18 23:42:05 ----A---- C:\WINDOWS\system32\chkdsk.exe
2009-05-18 23:42:04 ----A---- C:\WINDOWS\system32\chcp.com
2009-05-18 23:42:03 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-05-18 23:42:02 ----A---- C:\WINDOWS\system32\certmgr.msc
2009-05-18 23:42:02 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-05-18 23:42:01 ----A---- C:\WINDOWS\system32\certcli.dll
2009-05-18 23:42:01 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-05-18 23:42:00 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-05-18 23:42:00 ----A---- C:\WINDOWS\system32\ccfgnt.dll
2009-05-18 23:42:00 ----A---- C:\WINDOWS\system32\cards.dll
2009-05-18 23:41:59 ----A---- C:\WINDOWS\system32\capesnpn.dll
2009-05-18 23:41:59 ----A---- C:\WINDOWS\system32\camocx.dll
2009-05-18 23:41:58 ----A---- C:\WINDOWS\system32\cacls.exe
2009-05-18 23:41:58 ----A---- C:\WINDOWS\system32\cabview.dll
2009-05-18 23:41:58 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-05-18 23:41:56 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-05-18 23:41:56 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-05-18 23:41:55 ----A---- C:\WINDOWS\system32\bthci.dll
2009-05-18 23:41:55 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-05-18 23:41:55 ----A---- C:\WINDOWS\system32\browseui.dll
2009-05-18 23:41:55 ----A---- C:\WINDOWS\system32\browselc.dll
2009-05-18 23:41:53 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2009-05-18 23:41:52 ----AC---- C:\WINDOWS\system32\bootvid.dll
2009-05-18 23:41:52 ----A---- C:\WINDOWS\system32\bootok.exe
2009-05-18 23:41:52 ----A---- C:\WINDOWS\system32\bootcfg.exe
2009-05-18 23:41:51 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-05-18 23:41:50 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-05-18 23:41:49 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-05-18 23:41:49 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-05-18 23:41:47 ----AC---- C:\WINDOWS\system32\avicap32.dll
2009-05-18 23:41:47 ----A---- C:\WINDOWS\system32\azroles.dll
2009-05-18 23:41:47 ----A---- C:\WINDOWS\system32\avifile.dll
2009-05-18 23:41:47 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-05-18 23:41:47 ----A---- C:\WINDOWS\system32\avicap.dll
2009-05-18 23:41:46 ----AC---- C:\WINDOWS\system32\autochk.exe
2009-05-18 23:41:46 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-05-18 23:41:46 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-05-18 23:41:46 ----A---- C:\WINDOWS\system32\autodisc.dll
2009-05-18 23:41:46 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-05-18 23:41:46 ----A---- C:\WINDOWS\system32\authz.dll
2009-05-18 23:41:45 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-05-18 23:41:45 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-05-18 23:41:45 ----A---- C:\WINDOWS\system32\attrib.exe
2009-05-18 23:41:45 ----A---- C:\WINDOWS\system32\atmpvcno.dll
2009-05-18 23:41:45 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-05-18 23:41:44 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-05-18 23:41:44 ----A---- C:\WINDOWS\system32\atl.dll
2009-05-18 23:41:44 ----A---- C:\WINDOWS\system32\atkctrs.dll
2009-05-18 23:41:43 ----A---- C:\WINDOWS\system32\at.exe
2009-05-18 23:41:43 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-05-18 23:41:43 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2009-05-18 23:41:43 ----A---- C:\WINDOWS\system32\asr_ldm.exe
2009-05-18 23:41:43 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2009-05-18 23:41:41 ----A---- C:\WINDOWS\system32\arp.exe
2009-05-18 23:41:40 ----A---- C:\WINDOWS\system32\appmgr.dll
2009-05-18 23:41:40 ----A---- C:\WINDOWS\system32\appmgmts.dll
2009-05-18 23:41:40 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-05-18 23:41:40 ----A---- C:\WINDOWS\system32\append.exe
2009-05-18 23:41:39 ----A---- C:\WINDOWS\system32\apcups.dll
2009-05-18 23:41:38 ----A---- C:\WINDOWS\system32\amstream.dll
2009-05-18 23:41:38 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-05-18 23:41:38 ----A---- C:\WINDOWS\system32\alg.exe
2009-05-18 23:41:38 ----A---- C:\WINDOWS\system32\ahui.exe
2009-05-18 23:41:33 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-05-18 23:41:33 ----A---- C:\WINDOWS\system32\adsnw.dll
2009-05-18 23:41:33 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-05-18 23:41:33 ----A---- C:\WINDOWS\system32\adsnds.dll
2009-05-18 23:41:33 ----A---- C:\WINDOWS\system32\adsldpc.dll
2009-05-18 23:41:33 ----A---- C:\WINDOWS\system32\adptif.dll
2009-05-18 23:41:31 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-05-18 23:41:31 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-05-18 23:41:31 ----A---- C:\WINDOWS\system32\activeds.dll
2009-05-18 23:41:30 ----A---- C:\WINDOWS\system32\aclui.dll
2009-05-18 23:41:30 ----A---- C:\WINDOWS\system32\acledit.dll
2009-05-18 23:41:28 ----AC---- C:\WINDOWS\system32\aaaamon.dll
2009-05-18 23:41:27 ----AC---- C:\WINDOWS\system32\6to4svc.dll
2009-05-18 23:41:26 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-05-18 23:41:26 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-05-18 23:41:25 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-05-18 23:41:25 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-05-18 23:41:25 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
======List of files/folders modified in the last 1 months======
2009-06-08 00:37:06 ----A---- C:\WINDOWS\system32\txmlutil.dll
2009-06-01 07:51:57 ----D---- C:\Program Files\Lavasoft
2009-06-01 07:51:55 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-01 07:50:54 ----D---- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 BDVEDISK;BDVEDISK; \??\F:\Utilities\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 ioperm;ioperm support for Cygwin driver; \??\F:\Utilities\cmospwd-5.0\ioperm.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-05-29 62848]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2009-06-08 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-06-08 104328]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-06-08 242184]
R3 BDSelfPr;BDSelfPr; \??\F:\Utilities\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-05-15 5080064]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-24 30336]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekamgrdksdp.sys []
S3 alit9fqx;alit9fqx; C:\WINDOWS\system32\drivers\alit9fqx.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3\WNt500x86\Sandra.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\WudfPf.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\wudfrd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-06-08 415024]
R2 VSSERV;BitDefender Virus Shield; F:\Utilities\BitDefender\BitDefender 2009\vsserv.exe [2009-06-08 1626112]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-20 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
TynoPrime
2009-06-21, 04:19
And finaly here's the info.txt from RSIT:
info.txt logfile of random's system information tool 1.06 2009-06-01 12:50:44
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -f"f:\games\Baldur's Gate II\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer Empowering Technology framework-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer ePerformance Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer eSettings Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AutoCAD Mechanical 2010-->F:\Utilites\Autodesk\ACADM 2010i\Setup\Setup.exe /P {5783F2D7-8005-0409-0002-0060B0CE6BBA} /M ACAD /language en-US
AutoCAD Mechanical 2010-->F:\Utilites\Autodesk\ACADM 2010i\Setup\Setup.exe /P {5783F2D7-8005-0409-0002-0060B0CE6BBA} /M ACM /language en-US
Autodesk Design Review 2010-->F:\Utilities\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {55D9E026-DCB0-46FF-B60A-68B972228CF6} /M ADR
Autodesk Inventor View 2010 English Language Pack-->MsiExec.exe /I{F06578CA-84BE-4a9e-902D-17A0867FBE69}
Autodesk Inventor View 2010-->C:\Program Files\Autodesk\Inventor 2010\Setup\Setup.exe /P {76D6189D-0004-1400-0001-DFC2EE337EAC} /M INVENTORVIEW /LANG en-US
Autodesk Inventor View 2010-->MsiExec.exe /I{76D6189D-0004-1400-0001-DFC2EE337EAC}
Autodesk Vault 2010 (Client) English Language Pack-->MsiExec.exe /I{723D0010-CA4C-4248-B206-10B80B1EDBCC}
Autodesk Vault 2010 (Client)-->F:\Utilites\Autodesk\Vault 2010\Setup\setup.exe /P {1BF66D77-6604-4f3f-B3AE-D640AFB58A88} /M VAULT /language en-US
Autodesk Vault 2010 (Client)-->MsiExec.exe /X{1BF66D77-6604-4f3f-B3AE-D640AFB58A88}
Baldur's Gate II Shadows of Amn-->C:\WINDOWS\IsUninst.exe -f"f:\games\Baldur's Gate II\Uninst.isu"
Baldur's Gate Tutu-->C:\WINDOWS\IsUninst.exe -f"f:\games\Baldur's Gate tutu\Uninst.isu"
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DivX Web Player-->F:\Utilities\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DWG TrueView 2010-->C:\Program Files\DWG TrueView 2010\Setup\Setup.exe /P {5783F2D7-8028-0409-0000-0060B0CE6BBA} /M AOEM /language en-US
FixerBundle-->MsiExec.exe /I{5559EC94-8051-4E5B-B878-C23AF633697B}
HijackThis 2.0.2-->"C:\Documents and Settings\UserXP\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iPhone Tunnel Suite 2.7 BETA-->"F:\Utilities\iPhone Tunnel\unins000.exe"
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
K-Lite Mega Codec Pack 4.8.5-->"F:\Utilities\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Legacy of Kain: Soul Reaver-->C:\WINDOWS\IsUninst.exe -f"f:\games\Soul Reaver\UninstSR.isu"
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /X{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SiSoftware Sandra Professional Business 2009.SP3-->"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3\unins000.exe"
SizeFixer XL-->MsiExec.exe /I{C3A3B7AA-DBB8-45CD-A221-1A9A91C20FC5}
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Chronicles of Riddick: Escape From Butcher Bay-->f:\Games\Riddick\Uninstall.exe
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0009 -removeonly
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WindowBlinds-->F:\UTILIT~1\OBJECT~1\WINDOW~1\UNWISE.EXE F:\UTILIT~1\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xiph QuickTime Components-->"C:\Program Files\QuickTime\QTComponents\XiphQTuninstall.exe"
======Hosts File======
127.0.0.1 activate.adobe.com
======Security center information======
AV: BitDefender Antivirus
FW: BitDefender Firewall
======System event log======
Computer Name: PRIVE-A6438B264
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 1321
Source Name: W32Time
Time Written: 20090623030834.000000+120
Event Type: warning
User:
Computer Name: PRIVE-A6438B264
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 1288
Source Name: Windows Update Agent
Time Written: 20090525011558.000000+120
Event Type: error
User:
Computer Name: PRIVE-A6438B264
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 1287
Source Name: W32Time
Time Written: 20090525004137.000000+120
Event Type: warning
User:
Computer Name: PRIVE-A6438B264
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 1267
Source Name: W32Time
Time Written: 20090525184851.000000+120
Event Type: warning
User:
Computer Name: PRIVE-A6438B264
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 1266
Source Name: Windows Update Agent
Time Written: 20090525183655.000000+120
Event Type: error
User:
=====Application event log=====
Computer Name: PRIVE-A6438B264
Event Code: 24
Message: Event provider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent"
does not exist.
The query will be ignored.
Record Number: 843
Source Name: WinMgmt
Time Written: 20050601000136.000000+120
Event Type: error
User:
Computer Name: PRIVE-A6438B264
Event Code: 24
Message: Event provider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent"
does not exist.
The query will be ignored.
Record Number: 830
Source Name: WinMgmt
Time Written: 20050601000122.000000+120
Event Type: error
User:
Computer Name: PRIVE-A6438B264
Event Code: 24
Message: Event provider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent"
does not exist.
The query will be ignored.
Record Number: 829
Source Name: WinMgmt
Time Written: 20050601000122.000000+120
Event Type: error
User:
Computer Name: PRIVE-A6438B264
Event Code: 24
Message: Event provider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent"
does not exist.
The query will be ignored.
Record Number: 822
Source Name: WinMgmt
Time Written: 20050601045650.000000+120
Event Type: error
User:
Computer Name: PRIVE-A6438B264
Event Code: 24
Message: Event provider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent"
does not exist.
The query will be ignored.
Record Number: 821
Source Name: WinMgmt
Time Written: 20050601045650.000000+120
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Dakeyras
2009-06-21, 23:00
Hi :)
Hi Dakeyras, firstly thanks for the reply. I've encountered no new symptoms, still the same problem and only happens on searches. You're welcome and thanks for the situation update.
It was too long to fit in one post, so it's split into two.It is on the rather large side eh.
Hard-Drive Free Space Advice:
At present the free space available is dangerously low, in-fact by todays standards that actual capacity of the Hard_Drive is very small indeed.
System drive C: has 2 GB (11%) free of 15 GB
You need to free up some space and get it to around the the 15% minimum. Reason being otherwise eventually the Hard-Drive will cease to function correctly and with the present lack of free space any form of system maintenance is going to be problematic.
I advice you uninstall any software applications not required and or used frequently and move any documents/files etc to a form of removable storage media. Also because of the lack of free space it is most likely going to make it somewhat difficult for myself to complete the malware removal process, if the need to ask your good self to download any further applications.
Do what I advised first then proceed to the next step and that is about as far as we can safely go at this time.
Next
Please copy this set of instructions or print it out as you will not have internet access during the fix.
Re-boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.
If any problems refer to this tutorial. (http://www.malwareremoval.com/tutorials/safemodeboot.php)
In safe mode carry out the following:
Once in Safe Mode, double-click on SmitfraudFix.exe.
Press 2 and press Enter to delete infected files.
You will be prompted: Registry cleaning - Do you want to clean the registry ?; press Y and press Enter in order to start cleaning the cleaning process. Your desktop will be gone for a while cleaning.
The tool will now check if wininet.dll is infected. You will be prompted to replace the infected file (if found); press Y and press Enter.
The tool will restart your computer to finish the cleaning process; if it doesn't, please restart manually into Normal Mode.
A text file will appear onscreen, with results from the cleaning process; please copy and paste the contents of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt
Note to users: Running option 2 on a clean machine will remove your desktop background.
Next:
Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)
Double click once on RSIT.exe
RSIT will start running, at the disclaimer click on Continue.
When done, 1 log will be produced.
Post that in your next reply.
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any further symptoms and or problems encountered?
rapport.txt
A new RSIT log. <-- Since it is so large it would be best to attach it to this topic rather than post OK.
TynoPrime
2009-06-22, 18:47
Hi Dakeyras, I followed your guide. Firstly, the problem is still there. Agian, still only happens on searches. Secondly, the reason I only have a 15gb C drive is that I'm on a laptop with an 80gb hardrive, this is sectioned into two drives, C only having 15gb as I install and keep all data on the F drive. I can use partition magic to combine the two if it would be a problem?
Also, since using SmitfraudFix in safe mode, Windows Blinds doesn't appear to be working anymore. I'll keep you updated on this.
Finaly, ignore the times/dates on the reports, etc my laptops bios resets often, and resets the time to 1/6/2005 00:00:00, so it depends whether I've changed the time before using the programs.
Regards
Gordon
rapport.txt
SmitFraudFix v2.422
Scan done at 0:04:11.29, 01/06/2005
Run from C:\Documents and Settings\UserXP\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\msxml71.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9EDFEE40-79D3-44FB-82FA-B421995C01FB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9EDFEE40-79D3-44FB-82FA-B421995C01FB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9EDFEE40-79D3-44FB-82FA-B421995C01FB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
TynoPrime
2009-06-22, 21:20
Here's the log.txt from RSIT. Wouldn't upload as it's too large a txt file to upload. Zipped it, and here it is again.
Dakeyras
2009-06-23, 00:07
Hi :)
I only have a 15gb C drive is that I'm on a laptop with an 80gb hardrive, this is sectioned into two drives, C only having 15gb as I install and keep all data on the F drive. I can use partition magic to combine the two if it would be a problem?
Ah explains a lot, no do not combine the partitions at this time we can work around it now as I see you have freed up some free space so it should be adequate.
Also, since using SmitfraudFix in safe mode, Windows Blinds doesn't appear to be working anymore. I'll keep you updated on this.WindowBlinds should not have been affected by running SmitfraudFix but since part of the SmitfraudFix cleaning/fix process does involve checking for desktop hijacks it may have inadvertently affected the installation but I am seeing no evidence of this. By all means keep myself appraised about this :bigthumb:
At present you provided the RSIT log in Safe Mode. Please boot you computer back into Normal Mode if you have not done so already.
I have to be honest looking at the latest RSIT log something is not quite right here but it may be down to you having the actual Hard-Drive partitioned. I think though it would be prudent to read the below and follow the advice.
Before we start:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Reset Host File:
Open Notepad.
Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
del %0
Go to File >> Save As
Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
Change Save as Type to All Files and save the file to your Desktop.
It should look like this: http://i223.photobucket.com/albums/dd202/Dakeyras_album/Dakeyras.jpg
Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.
TFC(Temp File Cleaner):
Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
Next:
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and select then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Scan with Rooter:
Please download Rooter.exe (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Feric.71.mespages.googlepages.com%2FRooter.exe) to your desktop.
Double click on Rooter.exe to start the application.
Now click on the Scan button.
When the scan is completed a text file called Rooter.txt will appear on your desktop, post the contents in your next reply.
Now click on Close button to exit Rooter.
Note: The logfile can also be located within this folder Rooter$ at the root of your installed Hard-Drive. EG: C:\Rooter$
Next:
Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)
Double click once on RSIT.exe
RSIT will start running, at the disclaimer click on Continue.
When done, 1 log will be produced.
Post that in your next reply.
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any further symptoms and or problems encountered?
Malwarebytes' Anti-Malware Log.
Rooter Log.
A new RSIT logs. <-- You will probably need to attach as a Zip file again..
TynoPrime
2009-06-23, 19:12
Hi again, ok firstly Windows blinds is working fine agian, not sure what the problem was but it seems to have fixed itself.
Everything went fine untill I came to Malwarebyes' anti-malware. This did a full scan, and found some files, however when it tried to remove them the program would crash with a "Not enough memory" error. I did a scan again and instead just saved the log. (Posted below) and there's a screenshot of the infected files. It may be that because they're so large (some are 600mb) it could not remove them. Should I manually delete? Please advise.
log from Malwarebytes' anti-malware
Malwarebytes' Anti-Malware 1.38
Database version: 2325
Windows 5.1.2600 Service Pack 3
01/06/2005 01:20:28
mbam-log-2005-06-01 (01-20-24).txt
Scan type: Full Scan (C:\|)
Objects scanned: 120719
Time elapsed: 16 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 45
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{56acb669-4139-5611-cbba-f5acb0f4db09} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\seneka (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\pv_install.exe (Rogue.SystemSecurity) -> No action taken.
c:\WINDOWS\system32\install.48025.exe (Trojan-Downloader) -> No action taken.
c:\WINDOWS\system32\senekacypvchdv.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekadbnwrvts.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekadtbmkixe.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekaitnrrvrx.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekaomntmkjh.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekapdkelsev.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekasmrnappo.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekatgymcllr.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekavxjakymb.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekawqptrhpp.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekawriqxumn.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\senekamgrdksdp.sys (Trojan.Agent) -> No action taken.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.
c:\WINDOWS\system32\senekarfwxwhps.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekakifoknmk.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekakpssuwko.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekaksqqhnpc.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekaktkbaxiq.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekalewhwfoh.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekalmmcxhto.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekamehewfth.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekametillov.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekamoojcpfx.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekanbcavrie.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekaohrwvfer.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekapwipymya.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekaqbqukyet.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekaqrqmpifj.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekabntuktaw.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekactjfjuad.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekadwyolwrl.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekaexbipdnc.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekaexmtnosb.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekagrmwqpit.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekagyvmsntt.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekaskgmjpne.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekasocupbln.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekausquibfo.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekauxgbdhea.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekavjvnkrgq.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\senekawdawgwmb.dat (Trojan.Agent) -> No action taken.
http://img145.imageshack.us/img145/1244/virusf.jpg
Rooter_1.txt[b]
Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
32_bits - x86 Family 6 Model 14 Stepping 8, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:14 Go - Free:2 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Fixed-NTFS] .. ( Total:59 Go - Free:11 Go )
¨
Scan : 01:23.25
Path : C:\Documents and Settings\UserXP\Desktop\Rooter.exe
User : UserXP ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (912)
______ \??\C:\WINDOWS\system32\csrss.exe (960)
______ \??\C:\WINDOWS\system32\winlogon.exe (984)
______ C:\WINDOWS\system32\services.exe (1028)
______ C:\WINDOWS\system32\lsass.exe (1040)
______ C:\WINDOWS\system32\svchost.exe (1204)
______ C:\WINDOWS\system32\svchost.exe (1272)
Locked livesrv.exe (1312)
Locked vsserv.exe (1328)
______ C:\WINDOWS\System32\svchost.exe (1432)
______ C:\WINDOWS\system32\svchost.exe (1548)
______ C:\WINDOWS\system32\svchost.exe (1688)
______ C:\WINDOWS\system32\spoolsv.exe (2012)
______ C:\WINDOWS\Explorer.EXE (488)
______ C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (888)
______ F:\Utilities\iTunes\iTunesHelper.exe (956)
______ C:\Program Files\DAEMON Tools Lite\daemon.exe (1516)
______ C:\WINDOWS\system32\ctfmon.exe (1568)
______ C:\WINDOWS\system32\svchost.exe (452)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (564)
______ C:\Acer\Empowering Technology\admServ.exe (1364)
______ C:\Program Files\Bonjour\mDNSResponder.exe (672)
______ C:\WINDOWS\system32\svchost.exe (1504)
______ C:\Program Files\iPod\bin\iPodService.exe (268)
______ C:\WINDOWS\System32\alg.exe (2344)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2360)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2440)
______ C:\WINDOWS\system32\wbem\unsecapp.exe (2792)
______ C:\Program Files\Mozilla Firefox\firefox.exe (332)
______ C:\WINDOWS\system32\msiexec.exe (1960)
______ C:\WINDOWS\system32\NOTEPAD.EXE (3304)
______ C:\Documents and Settings\UserXP\Desktop\Rooter.exe (3320)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:15726703104)
\Device\Harddisk0\Partition0 (Start_Offset:15726735360 | Length:64288788480)
\Device\Harddisk0\Partition2 (Start_Offset:15726767616 | Length:64288756224)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\WGASetup.job
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
¨
----------------------\\ Registry
¨
Rootkit! ... [HKLM\SYSTEM\ControlSet001\Services\seneka]
Rootkit! ... [HKLM\SYSTEM\ControlSet002\Services\seneka]
Rootkit! ... [HKLM\SYSTEM\CurrentControlSet\Services\seneka]
¨
----------------------\\ Files & Folders
¨
C:\WINDOWS\system32\drivers\seneka.sys
C:\WINDOWS\system32\drivers\senekamgrdksdp.sys
C:\WINDOWS\system32\senekabntuktaw.dat
C:\WINDOWS\system32\senekactjfjuad.dat
C:\WINDOWS\system32\senekadwyolwrl.dat
C:\WINDOWS\system32\senekaexbipdnc.dat
C:\WINDOWS\system32\senekaexmtnosb.dat
C:\WINDOWS\system32\senekagrmwqpit.dat
C:\WINDOWS\system32\senekagyvmsntt.dat
C:\WINDOWS\system32\senekakifoknmk.dat
C:\WINDOWS\system32\senekakpssuwko.dat
C:\WINDOWS\system32\senekaksqqhnpc.dat
C:\WINDOWS\system32\senekaktkbaxiq.dat
C:\WINDOWS\system32\senekalewhwfoh.dat
C:\WINDOWS\system32\senekalmmcxhto.dat
C:\WINDOWS\system32\senekamehewfth.dat
C:\WINDOWS\system32\senekametillov.dat
C:\WINDOWS\system32\senekamoojcpfx.dat
C:\WINDOWS\system32\senekanbcavrie.dat
C:\WINDOWS\system32\senekaohrwvfer.dat
C:\WINDOWS\system32\senekapwipymya.dat
C:\WINDOWS\system32\senekaqbqukyet.dat
C:\WINDOWS\system32\senekaqrqmpifj.dat
C:\WINDOWS\system32\senekarfwxwhps.dat
C:\WINDOWS\system32\senekaskgmjpne.dat
C:\WINDOWS\system32\senekasocupbln.dat
C:\WINDOWS\system32\senekausquibfo.dat
C:\WINDOWS\system32\senekauxgbdhea.dat
C:\WINDOWS\system32\senekavjvnkrgq.dat
C:\WINDOWS\system32\senekawdawgwmb.dat
C:\WINDOWS\system32\senekacypvchdv.dll
C:\WINDOWS\system32\senekadbnwrvts.dll
C:\WINDOWS\system32\senekadtbmkixe.dll
C:\WINDOWS\system32\senekaitnrrvrx.dll
C:\WINDOWS\system32\senekaomntmkjh.dll
C:\WINDOWS\system32\senekapdkelsev.dll
C:\WINDOWS\system32\senekasmrnappo.dll
C:\WINDOWS\system32\senekatgymcllr.dll
C:\WINDOWS\system32\senekavxjakymb.dll
C:\WINDOWS\system32\senekawqptrhpp.dll
C:\WINDOWS\system32\senekawriqxumn.dll
[b]==> ROOTKIT Tibs <==
¨
----------------------\\ Scan completed at 01:23.31
¨
C:\Rooter$\Rooter_1.txt - (01/06/2005 | 01:23.31)
Dakeyras
2009-06-23, 21:29
Hi,
I have bad news I'm afraid :sad:
One or more of the identified infections is a Rootkit.
OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.
Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.
Should you have any questions, please feel free to ask.
Please let myself know what you have decided to do in your next post.
TynoPrime
2009-06-25, 20:02
Hi, I decided to reformat as you suggested, so have done so. I didn't really have anything that vital and I'd backed everything up so it was easy enough. I also merged the partitions into a single one when I was reinstalling windows.
Even though alot of hackers only want access, the potential was there for harm, so I changed the password for anything I'd used (Only Paypal really)
Thanks for the help during this process. What malware program do you suggest to keep annoying malware away?
Dakeyras
2009-06-25, 22:01
Hi :)
Hi, I decided to reformat as you suggested, so have done so.A most prudent decision I assure you.
I also merged the partitions into a single one when I was reinstalling windows.To be honest in my opinion this is a better option.
Even though alot of hackers only want access, the potential was there for harm, so I changed the password for anything I'd used (Only Paypal really)Also a prudent move.
Thanks for the help during this process. What malware program do you suggest to keep annoying malware away?
You are very welcome and by all means I will provide information about what you requested.
Reformat and Reinstallation Advice:
Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
Here are some free Anti Virus programs which I recommend to use:
Antivir PersonalEditionClassic (http://www.free-av.com/)
Free anti-virus software for Windows.
Detects and removes more than 50,000 viruses. Free support
avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html)
Anti-virus program for Windows.
The home edition is freeware for noncommercial users.
Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
Here are some free Firewalls which I recommend to use:
(Use only one, and disable your Windows Firewall)
Sunbelt Kerio (http://www.sunbelt-software.com/Kerio.cfm)
Outpost (http://www.agnitum.com/products/outpostfree/download.php)
Jetico Personal Firewall (http://www.jetico.com/)
Note: Only ever have installed/use one Anti-Virus application and Software Firewall. Otherwise a system conflict will occur and this also lessens overall online protection!
Keep your system updated-[ b]Microsoft [/b]releases patches for Windows and other products regularly:
I advise you visit: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
Install the Active X
Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
Start >> All Programs >> Microsoft Updates
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Malwarebytes' Anti-Malware - Download it from here (http://www.besttechie.net/tools/mbam-setup.exe)
The tutorial on how to use MBAM is located here (http://thespykiller.co.uk/index.php?PHPSESSID=12a63a8f9a27c9b153f67c04a5c10955&topic=5946.0)
Install WinPatrol - Download it from here (http://www.winpatrol.com/download.html)
You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
The tutorial on how to use Spyware Blaster is located here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for your becoming infected again will reduce dramatically. Any questions feel free to ask OK!
Dakeyras
2009-06-28, 14:12
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.