My system is infected, plz help.

[deepak4490]

Hello Spybot members

My system is infected, whenever i open a webpage the status bar shows "opening page http://ads.vk987.info/"

and thn the AVG detects virus, i did complete full computer scan but the same problem plz help me.

 

[deepak4490]

please help - am in great trouble.

Thanks in advance.

 

[Baabiouz]

Hello

1. Please download the latest copy of HijackThis from Trend Micro and save it to your desktop.
2. Double click on HJTInstall.exe to install it. Click on Install. By default, it will install to C:\Program Files\Trend Micro\HijackThis.
3. Read through the License Agreement presented to you on the next screen and click on I Accept.
4. Once installed, HijackThis will start automatically. If it doesn't, please go to your desktop and double click on the HijackThis shortcut created there.
5. Select Do a system scan and save a logfile.
6. Close HijackThis.

Note: Do not click on the AnalyzeThis button.

Do not fix any lines you see in HijackThis as most entries are harmless and needed for the normal functioning of Windows.

Post the HijackThis log here

 

[deepak4490]

HijackThis Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:01 PM, on 10/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{63CBB1D0-8630-41EB-8B65-13EE9C7AE0B1}: NameServer = 202.88.149.25,202.88.149.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 4231 bytes

 

[Baabiouz]

Hello

Step #1

Click Start | My Computer | Local Disk (C: ) .
In the menu bar at the top, go to File | New | Folder.
That will create a folder named "New Folder", which you can rename to "HijackThis". You have now created C:\HijackThis.
Now get your HijackThis.exe file and place it in your folder.

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Step #2
Please download ATF-cleaner and save it to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
  
  If you use Firefox browser:
  
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  If you use Opera browser:
  
• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
• Click Exit on the Main menu to close the program.

Step #3
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  Update Malwarebytes' Anti-Malware
  Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  Note:
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Step #4
Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
(At installing Zonealarm, please uncheck this option "include a ZoneAlarm Spy Blocker...". The Toolbar is not recommended... You can read more about it here.)
2) Agnitum
3) Sunbelt/Kerio
4) Comodo
(at installing Comodo, please uncheck these options: "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage")

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Step #4
Please post Mbam report and a fresh HijackThis log back here

 

[deepak4490]

HijackThis logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:13 AM, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{63CBB1D0-8630-41EB-8B65-13EE9C7AE0B1}: NameServer = 202.88.149.25,202.88.149.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 4013 bytes


MalwareBytes Logfile

Malwarebytes' Anti-Malware 1.28
Database version: 1270
Windows 5.1.2600 Service Pack 2

10/15/2008 2:26:00 AM
mbam-log-2008-10-15 (02-26-00).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 65229
Time elapsed: 23 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Baabiouz]

Hello

Did you install firewall?

YouR hijackThis isn't in right path. Please make new folder like I istructed and move HijackThis.exe there.

 

[deepak4490]

Problem is resolved

thanks a lot buddy.

But now am facing problem with my another PC. The net is slow like hell - when i download something the speed is only 1kbps.

M sure my system is infected.

 

[deepak4490]

Buddy now my another pc is creating problems like first one.

whenever i open a webpage the status bar shows "opening page http://web.hyj008.info/"

and thn the AVG detects virus, i did complete full computer scan but the same problem plz help me.

First pc is now working fine, i didnt use any pen drive between these 2 pcs.

 

[deepak4490]

HijackThis Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:09 PM, on 1/1/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D56A5525-6B17-4A95-A765-E6FB5EFF99B9}: NameServer = 172.16.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 2788 bytes

 

[Baabiouz]

Hello

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  Update Malwarebytes' Anti-Malware
  Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  Note:
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• Or via the Logs tab when Malwarebytes' Anti-Malware is started.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post Mbam results and Rsit logs back here

 

[deepak4490]

MalwareBytes Log

Malwarebytes' Anti-Malware 1.29
Database version: 1300
Windows 5.1.2600 Service Pack 2

10/21/2008 10:35:26 PM
mbam-log-2008-10-21 (22-35-21).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 255301
Time elapsed: 1 hour(s), 33 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\7ADC2AB1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\HBmhly.dll (Spyware.OnlineGames) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6d4c7e08-e021-414c-a42d-ab15a2302196} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{deef6582-9927-4cbd-897c-6a1f9e8c47de} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7adc2ab1-5c6a-4178-82da-94863354af7c} (Spyware.OnlineGames) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{da191de0-aa86-4ed0-4b87-293d48b2ae99} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hbkernel32 (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hbkernel32 (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hbkernel32 (Backdoor.Bot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7adc2ab1-5c6a-4178-82da-94863354af7c} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\msnmsg (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBService32 (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\7ADC2AB1.dll (Spyware.OnlineGames) -> No action taken.
C:\Program Files\Messenger\msgmr.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temp\24.cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\8EDV4ZAG\19[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\8EDV4ZAG\24[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\A6HXBV76\18[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\A6HXBV76\23[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\FVTWQWL2\02[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\FVTWQWL2\17[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\FVTWQWL2\20[1].cab (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Deepak\Local Settings\Temporary Internet Files\Content.IE5\FVTWQWL2\21[1].cab (Spyware.OnlineGames) -> No action taken.
D:\fdrive\Warez\Goldfish_Aquarium\patch.exe (Trojan.Downloader) -> No action taken.
D:\fdrive\Warez\Goldfish_Aquarium\Goldfish_Aquarium\patch.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\System.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\HBKernel32.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\HBmhly.dll (Spyware.OnlineGames) -> No action taken.

RSIT Log

Logfile of random's system information tool 1.04 (written by random/random)
Run by Deepak at 2002-01-01 20:44:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (87%) free of 20 GB
Total RAM: 503 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:24 PM, on 1/1/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Deepak\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Deepak\Desktop\Deepak.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 127.1 localhost
O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
O1 - Hosts: 127.1 61.134.37.12
O1 - Hosts: 127.1 ko.ssa387.cn
O1 - Hosts: 127.1 www.ndxrr.cn
O1 - Hosts: 127.1 12345.ssa387.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 wwwwhf.cn
O1 - Hosts: 127.1 a89369093.sq.u9idc.com
O1 - Hosts: 127.1 www.mmd178.cn
O1 - Hosts: 127.1 www.178mmd.cn
O1 - Hosts: 127.1 www.wenzhuoyyy.cn
O1 - Hosts: 127.1 tw.lovechina.tw.cn
O1 - Hosts: 127.1 222.189.238.151
O1 - Hosts: 127.1 222.179.185.78
O1 - Hosts: 127.1 www.wq9q.cn
O1 - Hosts: 127.1 593ffcey.cn
O1 - Hosts: 127.1 set.yay520.cn
O1 - Hosts: 127.1 tenmoc999.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 121.kcuf-01.com
O1 - Hosts: 127.1 www.ew1q.cn
O1 - Hosts: 127.1 www.b3sk.cn
O1 - Hosts: 127.1 up.bizmd.cn
O1 - Hosts: 127.1 www.ms2a.cn
O1 - Hosts: 127.1 www.wo9188.cn
O1 - Hosts: 127.1 www.fgetchr.cn
O1 - Hosts: 127.1 www.e6zx.cn
O1 - Hosts: 127.1 hai067.com
O1 - Hosts: 127.1 hai088.com
O1 - Hosts: 127.1 778899.jd8j.cn
O1 - Hosts: 127.1 sql.78-11.net
O1 - Hosts: 127.1 www.bbbirdy.com
O1 - Hosts: 127.1 www.s1na1.com.cn
O1 - Hosts: 127.1 www.dianyinjzd.cn
O1 - Hosts: 127.1 www.dj5201314dj.com
O1 - Hosts: 127.1 max-2.cn
O1 - Hosts: 127.1 a.asp-o.cn
O1 - Hosts: 127.1 b.asp-o.cn
O1 - Hosts: 127.1 c.asp-o.cn
O1 - Hosts: 127.1 x.kprobb.cn
O1 - Hosts: 127.1 js.php-k.cn
O1 - Hosts: 127.1 max-1.cn
O1 - Hosts: 127.1 max-3.cn
O1 - Hosts: 127.1 max-4.cn
O1 - Hosts: 127.1 max-5.cn
O1 - Hosts: 127.1 max-6.cn
O1 - Hosts: 127.1 max-7.cn
O1 - Hosts: 127.1 max-8.cn
O1 - Hosts: 127.1 max-9.cn
O1 - Hosts: 127.1 max-10.cn
O1 - Hosts: 127.1 max-11.cn
O1 - Hosts: 127.1 max-12.cn
O1 - Hosts: 127.1 twocannon250.com.cn
O1 - Hosts: 127.1 www.133mm.cn
O1 - Hosts: 127.1 www.51vmm.cn
O1 - Hosts: 127.1 www.7mmoo.cn
O1 - Hosts: 127.1 www.99mmm.org.cn
O1 - Hosts: 127.1 www.hdec.cn
O1 - Hosts: 127.1 www.picc18.com
O1 - Hosts: 127.1 www.kissdh.com
O1 - Hosts: 127.1 www.x7v.cn
O1 - Hosts: 127.1 biqulu.cn
O1 - Hosts: 127.1 2008.qq2006.com.cn
O1 - Hosts: 127.1 giaitrisex.com
O1 - Hosts: 127.1 www.giaitrisex.com
O1 - Hosts: 127.1 www.giaitrituoitre.net
O1 - Hosts: 127.1 mekiep.com
O1 - Hosts: 127.1 www.1sex1day.com
O1 - Hosts: 127.1 a.9ymm.com
O1 - Hosts: 127.1 bobo.7wyt.com
O1 - Hosts: 127.1 www.591caobi.cn
O1 - Hosts: 127.1 www.hrz008.cn
O1 - Hosts: 127.1 asp-15.cn
O1 - Hosts: 127.1 asp-12.cn
O1 - Hosts: 127.1 www.jb88.net
O1 - Hosts: 127.1 6.a88a.com
O1 - Hosts: 127.1 w.b2c3.cn
O1 - Hosts: 127.1 m.c5x8.com
O1 - Hosts: 127.1 www.518sfw.cn
O1 - Hosts: 127.1 www.jjyyzmj.cn
O1 - Hosts: 127.1 u.cnmrx.net
O1 - Hosts: 127.1 duowan.czm.cn
O1 - Hosts: 127.1 xccxcxcxcxcx.cn
O1 - Hosts: 127.1 google-yahoo.org.cn
O1 - Hosts: 127.1 tudou-net.org.cn
O1 - Hosts: 127.1 downloads.zango.com
O1 - Hosts: 127.1 ftp.surfnet.nl
O1 - Hosts: 127.1 bis.180solutions.com
O1 - Hosts: 127.1 installs.hotbar.com
O1 - Hosts: 127.1 www.hbdownloads.com
O1 - Hosts: 127.1 static.zangocash.com
O1 - Hosts: 127.1 www.qq-songli.cn
O1 - Hosts: 127.1 aa.9234.net
O1 - Hosts: 127.1 www.97love.info
O1 - Hosts: 127.1 97love.info
O1 - Hosts: 127.1 www.zyzhuiku.cn
O1 - Hosts: 127.1 zyzhuiku.cn
O1 - Hosts: 127.1 www.lang18.com
O1 - Hosts: 127.1 lang18.com
O1 - Hosts: 127.1 sao6666.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D56A5525-6B17-4A95-A765-E6FB5EFF99B9}: NameServer = 172.16.0.1
O20 - AppInit_DLLs: HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll

--
End of file - 6792 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
ThunderHlpObj Class - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [2008-10-21 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HBService32"=C:\WINDOWS\system32\SYSTEM.EXE [2008-10-21 3572]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-05-23 3031040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
24Online Client.lnk - C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll [2008-10-21 15872]
Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll [2004-08-04 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DE02F764-C51A-4788-9597-D78ECC2AC08F}"=C:\WINDOWS\system32\DE02F764.dll [2008-10-21 217178]
"{43ACDCC5-9009-4AF4-B80A-93BC656EF298}"=C:\WINDOWS\system32\43ACDCC5.dll [2008-10-21 13419]
"{58FF3024-8A83-4B1A-88E9-302F47646EEE}"=C:\WINDOWS\system32\58FF3024.dll [2008-10-21 12972]
"{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B}"=C:\WINDOWS\system32\D91BC61E.dll [2008-10-21 12005]
"{82710040-F86E-42E0-B1F8-04EDF75856F8}"=C:\WINDOWS\system32\82710040.dll [2008-10-21 11379]
"{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}"=C:\WINDOWS\system32\4D023DE9.dll [2008-10-21 11698]
"{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}"=C:\WINDOWS\system32\08223B03.dll [2008-10-21 12213]
"{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}"=C:\WINDOWS\system32\7ADC2AB1.dll [2008-10-21 11261]
"{DA63E650-537C-4042-87BB-9D19D844680B}"=C:\WINDOWS\system32\DA63E650.dll [2008-10-21 12770]
"{C250CF20-5F89-4310-9854-4BC261FB14FB}"=C:\WINDOWS\system32\C250CF20.dll [2008-10-21 11657]
"{9CA963CA-107C-4089-B0AB-31380F90D7E3}"=C:\WINDOWS\system32\9CA963CA.dll [2008-10-21 11951]
"{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}"=C:\WINDOWS\system32\122B901E.dll [2008-10-21 12532]
"{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}"=C:\WINDOWS\system32\495271CA.dll [2008-10-21 11971]
"{4F34C688-FD49-42FC-97F7-87D2F5791612}"=C:\WINDOWS\system32\4F34C688.dll [2008-10-21 11717]
"{C56BCC10-503E-43AB-B208-3CD37FCFCE40}"=C:\WINDOWS\system32\C56BCC10.dll [2008-10-21 216485]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eb7e5a9-fef4-11d5-a6c0-806d6172696f}]
shell\AutoRun\command - E:\ASUSACPI.exe


======List of files/folders created in the last 1 months======

2008-10-22 00:35:59 ----SHD---- C:\RECYCLER
2008-10-21 22:49:51 ----D---- C:\rsit
2008-10-21 19:38:21 ----A---- C:\WINDOWS\system32\HBSO2.dll
2008-10-21 19:37:55 ----D---- C:\WINDOWS\Minidump
2008-10-21 19:08:17 ----D---- C:\Documents and Settings\Deepak\Application Data\Malwarebytes
2008-10-21 19:08:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-21 19:08:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 19:05:36 ----ASH---- C:\WINDOWS\system32\4BF9CBA3.dll
2008-10-21 19:05:26 ----ASH---- C:\WINDOWS\system32\C56BCC10.dll
2008-10-21 19:05:21 ----ASH---- C:\WINDOWS\system32\4F34C688.dll
2008-10-21 18:52:10 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-21 18:49:32 ----A---- C:\WINDOWS\system32\HBZG.dll
2008-10-21 18:49:28 ----A---- C:\WINDOWS\system32\HBZHUXIAN.dll
2008-10-21 18:49:22 ----A---- C:\WINDOWS\system32\HBBO.dll
2008-10-21 18:49:20 ----A---- C:\WINDOWS\system32\HBCHIBI.dll
2008-10-21 18:49:19 ----A---- C:\WINDOWS\system32\System.exe
2008-10-21 18:49:19 ----A---- C:\WINDOWS\system32\HBQQSG.dll
2008-10-21 18:49:12 ----ASH---- C:\WINDOWS\system32\495271CA.dll
2008-10-21 18:49:05 ----ASH---- C:\WINDOWS\system32\122B901E.dll
2008-10-21 18:48:57 ----ASH---- C:\WINDOWS\system32\9CA963CA.dll
2008-10-21 18:48:50 ----ASH---- C:\WINDOWS\system32\C250CF20.dll
2008-10-21 18:48:42 ----ASH---- C:\WINDOWS\system32\DA63E650.dll
2008-10-21 18:48:36 ----ASH---- C:\WINDOWS\system32\7ADC2AB1.dll
2008-10-21 18:48:27 ----ASH---- C:\WINDOWS\system32\08223B03.dll
2008-10-21 18:48:19 ----ASH---- C:\WINDOWS\system32\4D023DE9.dll
2008-10-21 18:48:10 ----ASH---- C:\WINDOWS\system32\82710040.dll
2008-10-21 18:48:03 ----ASH---- C:\WINDOWS\system32\D91BC61E.dll
2008-10-21 18:47:55 ----ASH---- C:\WINDOWS\system32\58FF3024.dll
2008-10-21 18:47:47 ----ASH---- C:\WINDOWS\system32\43ACDCC5.dll
2008-10-21 18:47:38 ----ASH---- C:\WINDOWS\system32\DE02F764.dll
2008-10-21 18:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-21 18:47:33 ----A---- C:\WINDOWS\system32\HBmhly.dll
2008-10-21 18:47:28 ----A---- C:\WINDOWS\Update.dll
2008-10-21 18:42:57 ----D---- C:\Program Files\WinRAR
2005-09-23 07:28:56 ----A---- C:\WINDOWS\system32\netfxperf.dll
2005-09-23 07:28:52 ----A---- C:\WINDOWS\system32\mscories.dll
2005-09-23 07:28:52 ----A---- C:\WINDOWS\system32\mscorier.dll
2005-09-23 07:28:52 ----A---- C:\WINDOWS\system32\mscoree.dll
2005-09-23 07:28:38 ----A---- C:\WINDOWS\system32\dfshim.dll
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wshnetbs.dll
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wshisn.dll
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wshatm.dll
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wowexec.exe
2004-10-13 23:39:36 ----A---- C:\WINDOWS\system32\wowdeb.exe
2004-10-13 23:39:34 ----A---- C:\WINDOWS\winhelp.exe
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\wmiscmgr.dll
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\wmiprop.dll
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\wmerrenu.dll
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winstrm.dll
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winspool.exe
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winsock.dll
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winmsd.exe
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winhlp32.exe
2004-10-13 23:39:34 ----A---- C:\WINDOWS\system32\winfax.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\win.ini
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\win87em.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\win.com
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\wifeman.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\wiavusd.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\webhits.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\wavemsp.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\w32topl.dll
2004-10-13 23:39:32 ----A---- C:\WINDOWS\system32\w32tm.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\vmmreg32.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\twunk_32.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\twunk_16.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\twain.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vwipxspx.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vwipxspx.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vssadmin.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vss_ps.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vjoy.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vga64k.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vga256.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vga.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vfpodbc.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\verifier.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\verifier.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\ver.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\vcdex.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\utildll.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\user.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\ureg.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\unlodctr.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\umdmxfrm.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\ufat.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\typeperf.exe
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\typelib.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\tsd32.dll
2004-10-13 23:39:30 ----A---- C:\WINDOWS\system32\tsappcmp.dll
2004-10-13 23:39:28 ----A---- C:\WINDOWS\system32\tree.com
2004-10-13 23:39:28 ----A---- C:\WINDOWS\system32\traffic.dll
2004-10-13 23:39:28 ----A---- C:\WINDOWS\system32\tracert6.exe
2004-10-13 23:39:28 ----A---- C:\WINDOWS\system32\toolhelp.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tftp.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\taskman.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tasklist.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\taskkill.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tapiui.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tapiperf.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\tapi.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\systray.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\systeminfo.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\syskey.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\sysinv.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\sysedit.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\syncapp.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\swprv.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\svcpack.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\subst.exe
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system32\storage.dll
2004-10-13 23:39:26 ----A---- C:\WINDOWS\system.ini
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\sqlwoa.dll
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\sqlwid.dll
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\sprestrt.exe
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\sort.exe
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\softpub.dll
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\skdll.dll
2004-10-13 23:39:24 ----A---- C:\WINDOWS\system32\sisbkup.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\shell.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\share.exe
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\sfmapi.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\sfc.exe
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\setver.exe
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\setupdll.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\serwvdrv.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\services.msc
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\serialui.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\senscfg.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\secpol.msc
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\sdpblb.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\scriptpw.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\scredir.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\scardssp.dll
2004-10-13 23:39:22 ----A---- C:\WINDOWS\system32\sc.exe
2004-10-13 23:39:20 ----R---- C:\WINDOWS\system32\rsop.msc
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\runas.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rtm.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsvpperf.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsvpmsg.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsvp.ini
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsvp.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsopprov.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsmui.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsmsink.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsm.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rsfsaps.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rpcns4.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\routetab.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\routemon.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\route.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rnr20.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\riched32.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\replace.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rend.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\relog.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\regwiz.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\regedt32.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\recover.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasser.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasrad.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasmxs.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasmontr.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasdial.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasctrs.ini
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasctrs.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\rasautou.exe
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\qosname.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\pubprn.vbs
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\psnppagn.dll
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\pschdprf.ini
2004-10-13 23:39:20 ----A---- C:\WINDOWS\system32\pschdprf.dll
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prodspec.ini
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prnqctl.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prnport.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prnmngr.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prnjobs.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prndrvr.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prncnfg.vbs
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\print.exe
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\prflbmsg.dll
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\pmspl.dll
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\plustab.dll
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\ping6.exe
2004-10-13 23:39:18 ----A---- C:\WINDOWS\system32\pifmgr.dll
2004-10-13 23:39:16 ----R---- C:\WINDOWS\system32\perfmon.msc
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perfwci.ini
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perfts.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perfnw.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perfnet.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perffilt.ini
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\perfci.ini
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\pentnt.exe
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\pathping.exe
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\panmap.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\pagefileconfig.vbs
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\osuninst.exe
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olethk32.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olesvr32.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olesvr.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\oledlg.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olecnv32.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olecli32.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\olecli.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\oleacc.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\ole2nls.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\ole2disp.dll
2004-10-13 23:39:16 ----A---- C:\WINDOWS\system32\ole2.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ocmanage.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nwscript.exe
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nwevent.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nwcfg.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nwapi32.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nwapi16.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\nw16.exe
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntsdexts.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntsd.exe
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntmsoprq.msc
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntmsmgr.msc
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntmsevt.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2004-10-13 23:39:14 ----A---- C:\WINDOWS\system32\ntlanui.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\ntdsbcli.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\netui2.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\netmsg.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\neth.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\netevent.dll
2004-10-13 23:39:12 ----A---- C:\WINDOWS\system32\netapi.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\ncxpnt.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\nbtstat.exe
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\narrhook.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\mycomput.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msxmlr.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msxml3r.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msxml2r.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msvideo.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msvidc32.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msvcrt20.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msvcp50.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msvbvm50.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msswchx.exe
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\msswch.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\mssip32.dll
2004-10-13 23:39:10 ----A---- C:\WINDOWS\system32\mssign32.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msrecr40.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msrclr40.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msratelc.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msr2cenu.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msr2c.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msports.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msobjs.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msls31.dll
2004-10-13 23:39:08 ----A---- C:\WINDOWS\system32\msidntld.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\msencode.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mscat32.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\msaudite.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\msacm.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\msaatext.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mrinfo.exe
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mqperf.ini
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mqperf.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mqgentr.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mqcertui.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mprui.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mprmsg.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mprdim.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mprddm.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mpnotify.exe
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\mountvol.exe
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\more.com
2004-10-13 23:39:06 ----A---- C:\WINDOWS\system32\modex.dll
2004-10-13 23:39:06 ----A---- C:\WINDOWS\msdfmap.ini
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mode.com
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mmutilse.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mmdrv.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mll_qic.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mll_mtf.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mll_hp.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mimefilt.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\migpwd.exe
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mfc40u.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mfc40.dll
2004-10-13 23:39:04 ----A---- C:\WINDOWS\system32\mem.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mdhcp.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mciole32.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mciole16.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mcicda.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mchgrcoi.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mcdsrv32.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mcd32.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mapistub.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\mag_hook.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lzexpand.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lz32.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lusrmgr.msc
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lprmonui.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lpr.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lpq.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\loghours.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lodctr.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\loadfix.com
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lnkstub.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\lights.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\langwrbk.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\label.exe
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kdcom.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdusx.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdusr.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdusl.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdus.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbduk.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdsw.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdsp.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdsg.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdsf.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdpo.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdno.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdnec.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdne.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdmac.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdla.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdit142.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdit.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdir.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdic.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdgr1.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdgr.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdgae.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdfr.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdfo.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdfi.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdfc.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdes.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbddv.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdda.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdcan.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdca.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdbr.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdbene.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kbdbe.dll
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\kb16.com
2004-10-13 23:39:02 ----A---- C:\WINDOWS\system32\jobexec.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgsh400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgsd400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgpl400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgmd400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgdw400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jgaw400.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\jet500.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ir32_32.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxwan.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxsap.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxrip.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxpromn.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipxmontr.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipsec6.exe
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\iprtprio.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\iprop.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\ipmontr.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\iologmsg.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\infosoft.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\inetcplc.dll
2004-10-13 23:39:00 ----A---- C:\WINDOWS\system32\iissuba.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\ifsutil.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\ieakui.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\icmui.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iassvcs.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iassdo.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iassam.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iasrecst.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iaspolcy.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iasnap.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iashlpr.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iasads.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\iasacct.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\hostname.exe
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\hnetmon.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\hlink.dll
2004-10-13 23:38:58 ----A---- C:\WINDOWS\system32\help.exe
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\graphics.com
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\graftabl.com
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\gpupdate.exe
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\gpedit.msc
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\glmf32.dll
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\getmac.exe
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\gdi.exe
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\gcdef.dll
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\ftsrch.dll
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\fsutil.exe
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\fsusd.dll
2004-10-13 23:38:56 ----A---- C:\WINDOWS\system32\fsmgmt.msc
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\format.com
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\forcedos.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fontsub.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fmifs.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fixmapi.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\finger.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\find.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fde.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fc.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\fastopen.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\exts.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\expand.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\exe2bin.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eventvwr.msc
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eventvwr.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eventquery.vbs
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eventcls.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\eula.txt
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\esentutl.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\esentprf.ini
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\esentprf.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\esent97.dll
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\edlin.exe
2004-10-13 23:38:54 ----A---- C:\WINDOWS\system32\edit.com
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\dskquoui.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\dsauth.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\drwatson.exe
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\driverquery.exe
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dpwsock.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dpserial.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dplay.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\doskey.exe
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\docprop.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dmocx.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dmintf.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dmdskres.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dmconfig.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dispex.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diskperf.exe
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diskcopy.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diskcopy.com
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diskcomp.com
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dimap.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\diactfrm.dll
2004-10-13 23:38:44 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\dfrgres.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\dfrg.msc
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\devmgmt.msc
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\deskperf.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\deskmon.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\deskadp.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\debug.exe
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\ddeml.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\dbgeng.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\datime.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\d3dxof.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\d3drm.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\d3dramp.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\d3dim.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\ctl3dv2.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\ctl3d32.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\csseqchk.dll
2004-10-13 23:38:42 ----A---- C:\WINDOWS\system32\crtdll.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\convert.exe
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\control.exe
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\console.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\confmsp.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\compobj.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\compmgmt.msc
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\compact.exe
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\comp.exe
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\commdlg.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\command.com
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\comcat.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\cnvfat.dll
2004-10-13 23:38:40 ----A---- C:\WINDOWS\system32\cnetcfg.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\shellstyle.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\cmpbk32.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\clb.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\ckcnv.exe
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\cidaemon.exe
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\cic.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\ciadv.msc
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\ciadmin.dll
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\chkntfs.exe
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\chkdsk.exe
2004-10-13 23:38:38 ----A---- C:\WINDOWS\system32\chcp.com
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\certmgr.msc
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\ccfgnt.dll
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\cards.dll
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\capesnpn.dll
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\cacls.exe
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\bootvid.dll
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\bootok.exe
2004-10-13 23:38:36 ----A---- C:\WINDOWS\system32\bootcfg.exe
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\avifile.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\avicap32.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\avicap.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\autodisc.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\attrib.exe
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\atmpvcno.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\atkctrs.dll
2004-10-13 23:38:34 ----A---- C:\WINDOWS\system32\asr_ldm.exe
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\arp.exe
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\append.exe
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\apcups.dll
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\adsnw.dll
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\adsnds.dll
2004-10-13 23:38:32 ----A---- C:\WINDOWS\system32\adptif.dll
2004-10-13 23:38:30 ----A---- C:\WINDOWS\system32\acledit.dll
2004-10-13 23:38:30 ----A---- C:\WINDOWS\system32\aaaamon.dll
2004-08-04 06:32:46 ----A---- C:\WINDOWS\system32\netsetup.exe
2004-08-04 06:31:08 ----A---- C:\WINDOWS\system32\tsddd.dll
2004-08-04 06:31:08 ----A---- C:\WINDOWS\system32\rdpdd.dll
2004-08-04 06:27:06 ----A---- C:\WINDOWS\system32\drmclien.dll
2004-08-04 06:27:04 ----A---- C:\WINDOWS\system32\wmvcore.dll
2004-08-04 06:27:04 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2004-08-04 06:27:02 ----A---- C:\WINDOWS\system32\msscp.dll
2004-08-04 06:27:02 ----A---- C:\WINDOWS\system32\msnetobj.dll
2004-08-04 06:26:58 ----A---- C:\WINDOWS\winhlp32.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\xcopy.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wscript.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wscntfy.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wpabaln.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\winver.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\winlogon.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\wextract.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\vssvc.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\utilman.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\userinit.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\ups.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\upnpcont.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tracert.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tracerpt.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tourstart.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tlntsess.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\telnet.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\taskmgr.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\svchost.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\stimon.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\spoolsv.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\spnpinst.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\smss.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\smbinst.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\skeys.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\sigverif.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\shutdown.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\shrpubw.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\shmgrate.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\setup.exe
2004-08-04 06:26:58 ----A---- C:\WINDOWS\system32\sethc.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\services.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\secedit.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\sdbinst.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\schtasks.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\scardsvr.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\savedump.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\runonce.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rundll32.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rtcshare.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rsnotify.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rsh.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rexec.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\regsvr32.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\reg.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rcp.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rcimlby.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\rasphone.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\proxycfg.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\proquota.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\progman.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\powercfg.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\ping.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\perfmon.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\packager.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\osk.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\openfiles.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\odbcconf.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\odbcad32.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\ntvdm.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\ntbackup.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\nslookup.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\notepad.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\netstat.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\netsh.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\netdde.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\net1.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\net.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\nddeapir.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\system32\narrator.exe
2004-08-04 06:26:56 ----A---- C:\WINDOWS\regedit.exe
2004-08-04 06:26:54 ----A---- C:\WINDOWS\system32\msiexec.exe
2004-08-04 06:26:54 ----A---- C:\WINDOWS\system32\mshta.exe
2004-08-04 06:26:54 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2004-08-04 06:26:54 ----A---- C:\WINDOWS\system32\mqsvc.exe
2004-08-04 06:26:54 ----A---- C:\WINDOWS\system32\mqbkup.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\mobsync.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\mmc.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\makecab.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\magnify.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\lsass.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\logonui.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\logman.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\logagent.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\locator.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\ipxroute.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\ipv6.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\ipconfig.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\imapi.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\iexpress.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2004-08-04 06:26:52 ----A---- C:\WINDOWS\hh.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\grpconv.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\gpresult.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\ftp.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\fsquirt.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\fontview.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\findstr.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\extrac32.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\eventcreate.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\eudcedit.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dxdiag.exe

 

[deepak4490]

2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dwwin.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dumprep.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dmremote.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dmadmin.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dllhost.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\diskpart.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\diantz.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\defrag.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\ddeshare.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\ctfmon.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\csrss.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\cscript.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\conime.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\cmstp.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\cmmon32.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\cmdl32.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\system32\cmd.exe
2004-08-04 06:26:50 ----A---- C:\WINDOWS\explorer.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\twain_32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\zipfldr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\xmlprov.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\xactsrv.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wstdecod.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wsock32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\WshRm.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wship6.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wshext.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wshcon.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wshbth.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wsecedit.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wscsvc.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\ws2help.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\ws2_32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wow32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmstream.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpshell.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpcore.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpcd.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmpasf.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmp.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmidx.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmdmps.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmasf.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmadmoe.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wmadmod.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wlnotify.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wldap32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wkssvc.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wintrust.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winsta.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winsrv.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winshfhc.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winscard.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winrnr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winmm.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winipsec.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wininet.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\winhttp.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\win32spl.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiavideo.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiashext.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiaservc.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiascr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiadss.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wiadefui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\webvw.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\webclnt.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\wdigest.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\w3ssl.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\w32time.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\vssapi.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\version.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\vdmredir.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\vbscript.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\vbajet32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\uxtheme.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\usp10.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\userenv.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\user32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\usbmon.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\urlmon.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\url.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\upnpui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\upnphost.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\upnp.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\untfs.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\uniplat.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\unimdmat.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\umandlg.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\ulib.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\udhisapi.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\txflog.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\twext.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\trkwks.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\themeui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\termmgr.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tcpmon.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tcpmib.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tapisrv.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tapi32.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\tapi3.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\t2embed.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\syssetup.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\syncui.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\synceng.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\sxs.dll
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\clipsrv.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\cliconfg.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\cisvc.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\cipher.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\blastcln.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\autolfn.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\autofmt.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\autoconv.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\autochk.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\auditusr.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\atmadm.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\at.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\alg.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\ahui.exe
2004-08-04 06:26:48 ----A---- C:\WINDOWS\system32\actmovie.exe
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\strmfilt.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\strmdll.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\stobject.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sti_ci.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sti.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\srvsvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\spoolss.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\snmpapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\slbiop.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\slayerxp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sigtab.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shsvcs.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shscrap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shmedia.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shlwapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shimgvw.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shimeng.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shgina.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shfolder.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shell32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\shdocvw.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sfc_os.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sfc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\setupapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sensapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sens.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sendmail.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\security.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\secur32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\seclogon.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\scrrun.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\scrobj.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\schannel.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\scesrv.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\scecli.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sccsccp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\scarddlg.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sbeio.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\sbe.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\samsrv.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\samlib.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rtutils.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rsmps.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rshx32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rpcss.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\riched20.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\resutils.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\regwizc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\regsvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\regapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rastls.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rastapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rassapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasppp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasmans.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasman.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasdlg.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\raschap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasauto.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasapi32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\query.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\quartz.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\qedit.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\qdvd.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\qdv.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\qcap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\qasf.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pstorec.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\psbase.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\psapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\profmap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\printui.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\powrprof.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\polstore.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pngfilt.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pjlmon.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pid.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\photowiz.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\perfproc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\perfos.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\perfdisk.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\perfctrs.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pdh.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\pautoenr.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\p2psvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\p2p.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\osuninst.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\opengl32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\olepro32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\oleprn.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\oleaut32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ole32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\offfilt.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odtext32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odpdx32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odfox32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odexl32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\oddbse32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbctrac.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbccu32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbccr32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbccp32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbcconf.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\odbc32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\occache.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\objsel.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\oakley.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\nwwks.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\nwprovau.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntshrui.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntprint.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntmarta.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntlanman.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\npptools.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\nlhtml.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\newdev.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netui1.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netui0.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netshell.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netrap.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netplwiz.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netman.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netlogon.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netid.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netcfgx.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\netapi32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\nddenb32.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\nddeapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mydocs.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mtxclu.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\msyuv.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\msxml3.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\msxml2.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\msxml.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\msxbde40.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mswstr10.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mswsock.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mswmdm.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2004-08-04 06:26:46 ----A---- C:\WINDOWS\system32\mswdat10.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\upnpsrv.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msw3prt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvidctl.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvfw32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvcrt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvcp60.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvcirt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msv1_0.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msutb.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mstime.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mstext40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mssap.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msrle32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msrepl40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msrating.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mspmsp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mspbde40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mspatcha.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msorcl32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msnsspc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msltus40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mslbui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msjtes40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msjter40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msjint40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msjet40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msisip.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\MSIMTF.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msimg32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msihnd.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msieftp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msidle.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msident.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mshtmled.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msgsvc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msgina.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msftedit.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msexcl40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msexch40.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msdmo.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msdart.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msdadiag.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\MSCTFP.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\MSCTF.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mscpxl32.dLL
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mscms.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msasn1.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msapsspc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\msacm32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqutil.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqtrig.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqsnap.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqsec.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqrt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqqm.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqoa.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqise.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqdscli.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mqad.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mprapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mpr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\modemui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mobsync.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mmcshext.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mmcbase.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mlang.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\miglibnt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\midimap.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mfc42u.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mfc42.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mf3216.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mdminst.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mciwave.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mciseq.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mciavi32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\mcastmib.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\lsasrv.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\lprhelp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\lpk.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\localui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\localspl.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\localsec.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\loadperf.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\lmrt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\linkinfo.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\licmgr10.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\licdll.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\laprxy.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\keymgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\kernel32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\kerberos.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\jsproxy.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\jscript.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ixsso.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iuengine.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\itss.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\itircl.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ir50_32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ippromon.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\inseng.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\input.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\initpki.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\inetppui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\inetpp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\inetmib1.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\imm32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\imgutil.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\imeshare.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\imagehlp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ifmon.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iesetup.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iernonce.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iepeers.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ieencode.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ieaksie.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ieakeng.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\idq.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\icm32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iccvid.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\iasrad.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\htui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\httpapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hotplug.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hid.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hhsetup.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\hccoin.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\h323msp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\gptext.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\glu32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\gdi32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\fwcfg.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\fontext.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\filemgmt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\feclient.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\fdeploy.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\faultrep.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\extmgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\expsrv.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\eventlog.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\esent.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\es.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ersvc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\encdec.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\encapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\els.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\efsadu.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dxtrans.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dxmasf.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dx8vb.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dx7vb.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\duser.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dswave.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsuiext.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dssec.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsquery.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsprop.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsound3d.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsound.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dskquota.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dsdmo.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ds32gt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\drprov.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\drmstor.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpvvox.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpvoice.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpvacm.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpnet.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dplayx.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\docprop2.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dnsapi.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmutil.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmusic.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmsynth.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmstyle.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmserver.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmscript.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmloader.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmime.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmcompos.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dmband.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dinput8.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dinput.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\digest.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dgnet.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dfrgui.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\devmgr.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\devenum.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ddrawex.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\ddraw.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dciman32.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dbghelp.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\davclnt.dll
2004-08-04 06:26:44 ----A---- C:\WINDOWS\system32\dataclen.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\danim.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\d3dim700.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\d3d9.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\d3d8.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\csrsrv.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cscui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cscdll.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptnet.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptext.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptdll.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\crypt32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\credui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\corpol.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\comres.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\compstui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\compatUI.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\comdlg32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\comctl32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cmutil.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cmsetACL.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cmdial32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\clusapi.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cliconfg.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\ciodm.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cewmdm.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\certmgr.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\certcli.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cdosys.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cdm.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cdfview.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\camocx.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cabview.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\cabinet.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\btpanui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\bthserv.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\bthci.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\browsewm.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\browseui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\browser.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\blackbox.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\bidispl.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\batmeter.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\basesrv.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\avifil32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\authz.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\audiosrv.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\atmlib.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\atl.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\asycfilt.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\appmgr.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\appmgmts.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\apphelp.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\amstream.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\alrsvc.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\advpack.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\advapi32.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\adsnt.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\adsmsext.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\adsldpc.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\adsldp.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\admparse.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\actxprxy.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\activeds.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\aclui.dll
2004-08-04 06:26:42 ----A---- C:\WINDOWS\system32\6to4svc.dll
2004-08-04 06:26:38 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2004-08-04 06:26:38 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2004-08-04 06:26:38 ----A---- C:\WINDOWS\system32\xpob2res.dll
2004-08-04 06:26:38 ----A---- C:\WINDOWS\system32\wmploc.dll
2004-08-04 06:26:38 ----A---- C:\WINDOWS\system32\ntdll.dll
2004-08-04 06:26:36 ----A---- C:\WINDOWS\system32\wmi.dll
2004-08-04 06:26:36 ----A---- C:\WINDOWS\system32\wmerror.dll
2004-08-04 06:26:36 ----A---- C:\WINDOWS\system32\winntbbu.dll
2004-08-04 06:26:36 ----A---- C:\WINDOWS\system32\winbrand.dll
2004-08-04 06:26:28 ----A---- C:\WINDOWS\system32\shdoclc.dll
2004-08-04 06:26:28 ----A---- C:\WINDOWS\system32\dpcdll.dll
2004-08-04 06:26:26 ----A---- C:\WINDOWS\system32\qedwipes.dll
2004-08-04 06:26:24 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2004-08-04 06:26:24 ----A---- C:\WINDOWS\system32\odbcji32.dll
2004-08-04 06:26:24 ----A---- C:\WINDOWS\system32\odbcint.dll
2004-08-04 06:26:20 ----A---- C:\WINDOWS\system32\msprivs.dll
2004-08-04 06:26:20 ----A---- C:\WINDOWS\system32\msorc32r.dll
2004-08-04 06:26:18 ----A---- C:\WINDOWS\system32\msimsg.dll
2004-08-04 06:26:16 ----A---- C:\WINDOWS\system32\mshtmler.dll
2004-08-04 06:26:14 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2004-08-04 06:26:14 ----A---- C:\WINDOWS\system32\mscpx32r.dLL
2004-08-04 06:26:14 ----A---- C:\WINDOWS\system32\msafd.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\moricons.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdukx.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdno1.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdinben.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2004-08-04 06:26:12 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2004-08-04 06:26:08 ----A---- C:\WINDOWS\system32\icmp.dll
2004-08-04 06:26:08 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2004-08-04 06:26:08 ----A---- C:\WINDOWS\system32\gpedit.dll
2004-08-04 06:26:08 ----A---- C:\WINDOWS\system32\framebuf.dll
2004-08-04 06:26:06 ----A---- C:\WINDOWS\system32\pidgen.dll
2004-08-04 06:26:06 ----A---- C:\WINDOWS\system32\dsprpres.dll
2004-08-04 06:26:04 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2004-08-04 06:26:04 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2004-08-04 06:26:02 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2004-08-04 06:26:00 ----A---- C:\WINDOWS\system32\browselc.dll
2004-08-04 06:26:00 ----A---- C:\WINDOWS\system32\atmfd.dll
2004-08-04 06:26:00 ----A---- C:\WINDOWS\system32\asferror.dll
2004-08-04 04:50:00 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2004-08-04 04:29:36 ----A---- C:\WINDOWS\system32\spiisupd.exe
2004-08-04 04:29:24 ----A---- C:\WINDOWS\system32\kd1394.dll
2004-08-04 04:29:10 ----A---- C:\WINDOWS\system32\hal.dll
2004-08-04 04:29:00 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-04 04:28:26 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2004-08-04 04:21:22 ----A---- C:\WINDOWS\system32\dosx.exe
2004-08-04 04:21:20 ----A---- C:\WINDOWS\system32\winnls.dll
2004-08-04 04:21:12 ----A---- C:\WINDOWS\system32\mmsystem.dll
2004-08-04 04:19:34 ----A---- C:\WINDOWS\system32\krnl386.exe
2004-08-04 04:18:46 ----A---- C:\WINDOWS\system32\redir.exe
2004-08-04 04:08:34 ----RASH---- C:\NTDETECT.COM
2004-08-04 04:01:44 ----A---- C:\WINDOWS\system32\slbcsp.dll
2004-08-04 04:01:44 ----A---- C:\WINDOWS\system32\sccbase.dll
2004-08-04 04:01:44 ----A---- C:\WINDOWS\system32\rsaenh.dll
2004-08-04 04:01:44 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2004-08-04 04:01:44 ----A---- C:\WINDOWS\system32\dssenh.dll
2004-07-17 17:16:14 ----A---- C:\WINDOWS\system32\tcpmon.ini
2004-07-17 17:12:38 ----A---- C:\WINDOWS\system32\login.cmd
2004-07-17 17:09:16 ----A---- C:\WINDOWS\system32\xenroll.dll
2004-07-17 17:06:44 ----A---- C:\WINDOWS\system32\odbc16gt.dll
2004-07-17 17:06:44 ----A---- C:\WINDOWS\system32\ds16gt.dLL
2004-07-17 17:04:48 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2004-01-21 17:36:24 ----A---- C:\WINDOWS\system32\NetDiagnosis.dll
2002-01-02 02:20:58 ----A---- C:\WINDOWS\system32\h323log.txt
2002-01-02 02:18:32 ----A---- C:\WINDOWS\system32\usbui.dll
2002-01-02 02:17:37 ----A---- C:\WINDOWS\imsins.BAK
2002-01-02 02:17:34 ----SHD---- C:\WINDOWS\Installer
2002-01-02 02:17:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2002-01-02 02:17:33 ----D---- C:\Program Files\Common Files\ODBC
2002-01-02 02:17:33 ----A---- C:\WINDOWS\ODBCINST.INI
2002-01-02 02:17:30 ----RD---- C:\Program Files
2002-01-02 02:17:30 ----D---- C:\Program Files\Common Files\SpeechEngines
2002-01-02 02:17:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2002-01-02 02:17:30 ----D---- C:\Program Files\Common Files
2002-01-02 02:17:27 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2002-01-02 02:17:27 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2002-01-02 02:17:27 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdur.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdru.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2002-01-02 02:17:26 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2002-01-02 02:17:24 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2002-01-02 02:17:21 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2002-01-02 02:17:21 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2002-01-02 02:17:21 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2002-01-02 02:17:21 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2002-01-02 02:17:21 ----RA---- C:\WINDOWS\system32\kbdest.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdro.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2002-01-02 02:17:18 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2002-01-02 02:17:15 ----A---- C:\WINDOWS\system32\spxcoins.dll
2002-01-02 02:17:15 ----A---- C:\WINDOWS\system32\irclass.dll
2002-01-02 02:17:15 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2002-01-02 02:17:15 ----A---- C:\WINDOWS\system32\dgsetup.dll
2002-01-02 02:17:15 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2002-01-02 02:17:12 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2002-01-02 02:17:12 ----A---- C:\WINDOWS\TASKMAN.EXE
2002-01-02 02:17:11 ----A---- C:\WINDOWS\system32\batt.dll
2002-01-02 02:17:10 ----A---- C:\WINDOWS\NOTEPAD.EXE
2002-01-02 02:17:09 ----A---- C:\WINDOWS\system32\storprop.dll
2002-01-02 02:17:01 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2002-01-02 02:15:20 ----RA---- C:\WINDOWS\SET8.tmp
2002-01-02 02:15:17 ----RA---- C:\WINDOWS\SET4.tmp
2002-01-02 02:15:16 ----RA---- C:\WINDOWS\SET3.tmp
2002-01-02 02:15:11 ----D---- C:\WINDOWS\system32\CatRoot2
2002-01-02 02:15:11 ----D---- C:\WINDOWS\system32\CatRoot
2002-01-02 02:15:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2002-01-02 02:14:52 ----A---- C:\WINDOWS\setuplog.txt
2002-01-02 02:14:48 ----SHD---- C:\System Volume Information
2002-01-02 02:14:48 ----D---- C:\Documents and Settings
2002-01-02 02:14:13 ----SH---- C:\boot.ini
2002-01-02 02:10:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2002-01-02 02:10:55 ----RSD---- C:\WINDOWS\Fonts
2002-01-02 02:10:55 ----RD---- C:\WINDOWS\Web
2002-01-02 02:10:55 ----HD---- C:\WINDOWS\inf
2002-01-02 02:10:55 ----D---- C:\WINDOWS\WinSxS
2002-01-02 02:10:55 ----D---- C:\WINDOWS\twain_32
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Temp
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\wins
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\wbem
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\usmt
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\spool
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\ShellExt
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\Setup
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\ras
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\oobe
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\npp
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\mui
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\inetsrv
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\IME
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\icsxml
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\ias
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\export
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\drivers
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\dhcp
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\config
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\3com_dmi
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\3076
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\2052
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1054
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1042
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1041
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1037
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1033
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1031
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1028
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32\1025
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system32
2002-01-02 02:10:55 ----D---- C:\WINDOWS\system
2002-01-02 02:10:55 ----D---- C:\WINDOWS\security
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Resources
2002-01-02 02:10:55 ----D---- C:\WINDOWS\repair
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Provisioning
2002-01-02 02:10:55 ----D---- C:\WINDOWS\PeerNet
2002-01-02 02:10:55 ----D---- C:\WINDOWS\pchealth
2002-01-02 02:10:55 ----D---- C:\WINDOWS\mui
2002-01-02 02:10:55 ----D---- C:\WINDOWS\msapps
2002-01-02 02:10:55 ----D---- C:\WINDOWS\msagent
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Media
2002-01-02 02:10:55 ----D---- C:\WINDOWS\java
2002-01-02 02:10:55 ----D---- C:\WINDOWS\ime
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Help
2002-01-02 02:10:55 ----D---- C:\WINDOWS\ehome
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Driver Cache
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Debug
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Cursors
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Connection Wizard
2002-01-02 02:10:55 ----D---- C:\WINDOWS\Config
2002-01-02 02:10:55 ----D---- C:\WINDOWS\AppPatch
2002-01-02 02:10:55 ----D---- C:\WINDOWS\addins
2002-01-02 02:10:55 ----D---- C:\WINDOWS
2002-01-01 23:03:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2002-01-01 23:03:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2002-01-01 22:08:11 ----D---- C:\Documents and Settings\Deepak\Application Data\Macromedia
2002-01-01 22:06:59 ----D---- C:\Program Files\Yahoo!
2002-01-01 21:58:17 ----D---- C:\Program Files\Maxotek
2002-01-01 21:55:42 ----RSD---- C:\WINDOWS\assembly
2002-01-01 21:55:20 ----D---- C:\WINDOWS\Microsoft.NET
2002-01-01 21:54:42 ----N---- C:\WINDOWS\system32\spmsg.dll
2002-01-01 21:54:32 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

 

[deepak4490]

2002-01-01 21:11:31 ----D---- C:\Program Files\Marvell
2002-01-01 21:11:21 ----D---- C:\Program Files\Common Files\InstallShield
2002-01-01 21:07:01 ----A---- C:\WINDOWS\UnGins.exe
2002-01-01 21:07:00 ----D---- C:\Program Files\eLitecore
2002-01-01 21:05:34 ----D---- C:\Documents and Settings\Deepak\Application Data\Identities
2002-01-01 21:05:33 ----HD---- C:\Program Files\Uninstall Information
2002-01-01 21:05:21 ----SD---- C:\Documents and Settings\Deepak\Application Data\Microsoft
2002-01-01 21:05:21 ----ASH---- C:\Documents and Settings\Deepak\Application Data\desktop.ini
2002-01-01 21:00:17 ----D---- C:\WINDOWS\SoftwareDistribution
2002-01-01 21:00:15 ----SD---- C:\WINDOWS\system32\Microsoft
2002-01-01 21:00:15 ----D---- C:\WINDOWS\Prefetch
2002-01-01 21:00:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2002-01-01 20:56:43 ----D---- C:\WINDOWS\system32\xircom
2002-01-01 20:56:43 ----D---- C:\Program Files\xerox
2002-01-01 20:56:43 ----D---- C:\Program Files\microsoft frontpage
2002-01-01 20:56:17 ----A---- C:\WINDOWS\control.ini
2002-01-01 20:56:17 ----A---- C:\AUTOEXEC.BAT
2002-01-01 20:55:55 ----A---- C:\WINDOWS\OEWABLog.txt
2002-01-01 20:55:51 ----A---- C:\WINDOWS\system32\mapi32.dll
2002-01-01 20:54:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2002-01-01 20:54:58 ----RD---- C:\WINDOWS\Offline Web Pages
2002-01-01 20:54:58 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2002-01-01 20:54:52 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2002-01-01 20:54:48 ----HD---- C:\Program Files\WindowsUpdate
2002-01-01 20:54:31 ----D---- C:\WINDOWS\system32\DirectX
2002-01-01 20:54:16 ----A---- C:\WINDOWS\system32\atrace.dll
2002-01-01 20:54:14 ----A---- C:\WINDOWS\system32\desktop.ini
2002-01-01 20:54:14 ----A---- C:\WINDOWS\desktop.ini
2002-01-01 20:54:09 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2002-01-01 20:54:08 ----D---- C:\Program Files\Common Files\Services
2002-01-01 20:54:08 ----A---- C:\WINDOWS\system32\acctres.dll
2002-01-01 20:54:06 ----SD---- C:\WINDOWS\Tasks
2002-01-01 20:54:06 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2002-01-01 20:54:05 ----D---- C:\Program Files\Common Files\MSSoap
2002-01-01 20:54:02 ----D---- C:\WINDOWS\system32\Macromed
2002-01-01 20:54:02 ----D---- C:\WINDOWS\srchasst
2002-01-01 20:54:00 ----A---- C:\WINDOWS\system32\wuweb.dll
2002-01-01 20:54:00 ----A---- C:\WINDOWS\system32\wucltui.dll
2002-01-01 20:54:00 ----A---- C:\WINDOWS\system32\wuauserv.dll
2002-01-01 20:54:00 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\wups.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\wuaueng.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\wuauclt.exe
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\wuapi.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\qmgr.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2002-01-01 20:53:59 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2002-01-01 20:53:56 ----D---- C:\Program Files\Movie Maker
2002-01-01 20:53:53 ----A---- C:\WINDOWS\system32\safrslv.dll
2002-01-01 20:53:53 ----A---- C:\WINDOWS\system32\safrdm.dll
2002-01-01 20:53:53 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2002-01-01 20:53:53 ----A---- C:\WINDOWS\system32\racpldlg.dll
2002-01-01 20:53:50 ----D---- C:\WINDOWS\system32\Restore
2002-01-01 20:53:50 ----A---- C:\WINDOWS\system32\srsvc.dll
2002-01-01 20:53:50 ----A---- C:\WINDOWS\system32\srrstr.dll
2002-01-01 20:53:50 ----A---- C:\WINDOWS\system32\srclient.dll
2002-01-01 20:53:50 ----A---- C:\WINDOWS\system32\fltMc.exe
2002-01-01 20:53:50 ----A---- C:\WINDOWS\system32\fltlib.dll
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\msconf.dll
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\mnmdd.dll
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2002-01-01 20:53:49 ----A---- C:\WINDOWS\system32\ils.dll
2002-01-01 20:53:47 ----D---- C:\Program Files\NetMeeting
2002-01-01 20:53:47 ----A---- C:\WINDOWS\system32\msoert2.dll
2002-01-01 20:53:47 ----A---- C:\WINDOWS\system32\msoeacct.dll
2002-01-01 20:53:46 ----A---- C:\WINDOWS\system32\inetres.dll
2002-01-01 20:53:46 ----A---- C:\WINDOWS\system32\inetcomm.dll
2002-01-01 20:53:44 ----D---- C:\Program Files\Outlook Express
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\schedsvc.dll
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\mstinit.exe
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\mstask.dll
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\isign32.dll
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\inetcfg.dll
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\icwphbk.dll
2002-01-01 20:53:44 ----A---- C:\WINDOWS\system32\icwdial.dll
2002-01-01 20:53:40 ----D---- C:\Program Files\Common Files\System
2002-01-01 20:53:39 ----D---- C:\Program Files\Internet Explorer
2002-01-01 20:53:08 ----D---- C:\Program Files\ComPlus Applications
2002-01-01 20:53:06 ----A---- C:\WINDOWS\vbaddin.ini
2002-01-01 20:53:06 ----A---- C:\WINDOWS\vb.ini
2002-01-01 20:53:02 ----D---- C:\WINDOWS\Registration
2002-01-01 20:52:55 ----D---- C:\Program Files\Online Services
2002-01-01 20:52:54 ----D---- C:\Program Files\Windows Media Player
2002-01-01 20:52:49 ----D---- C:\Program Files\Messenger
2002-01-01 20:52:46 ----D---- C:\Program Files\MSN Gaming Zone
2002-01-01 20:52:46 ----A---- C:\WINDOWS\system32\write.exe
2002-01-01 20:52:40 ----A---- C:\WINDOWS\system32\sndvol32.exe
2002-01-01 20:52:40 ----A---- C:\WINDOWS\system32\hticons.dll
2002-01-01 20:52:39 ----A---- C:\WINDOWS\system32\winchat.exe
2002-01-01 20:52:39 ----A---- C:\WINDOWS\system32\avwav.dll
2002-01-01 20:52:39 ----A---- C:\WINDOWS\system32\avtapi.dll
2002-01-01 20:52:39 ----A---- C:\WINDOWS\system32\avmeter.dll
2002-01-01 20:52:35 ----A---- C:\WINDOWS\system32\getuname.dll
2002-01-01 20:52:34 ----A---- C:\WINDOWS\system32\winmine.exe
2002-01-01 20:52:34 ----A---- C:\WINDOWS\system32\sol.exe
2002-01-01 20:52:34 ----A---- C:\WINDOWS\system32\mshearts.exe
2002-01-01 20:52:34 ----A---- C:\WINDOWS\system32\charmap.exe
2002-01-01 20:52:34 ----A---- C:\WINDOWS\system32\calc.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\tslabels.ini
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\tskill.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\tscon.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\shadow.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\rwinsta.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\reset.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\regini.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\qwinsta.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\qappsrv.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\msg.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\logoff.exe
2002-01-01 20:52:33 ----A---- C:\WINDOWS\system32\freecell.exe
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\mtxex.dll
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\mtxdm.dll
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2002-01-01 20:52:32 ----A---- C:\WINDOWS\system32\cdmodem.dll
2002-01-01 20:52:31 ----A---- C:\WINDOWS\system32\stclient.dll
2002-01-01 20:52:31 ----A---- C:\WINDOWS\system32\comsnap.dll
2002-01-01 20:52:31 ----A---- C:\WINDOWS\system32\comrepl.dll
2002-01-01 20:52:31 ----A---- C:\WINDOWS\system32\comaddin.dll
2002-01-01 20:52:28 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2002-01-01 20:52:18 ----D---- C:\Program Files\MSN
2002-01-01 20:52:18 ----A---- C:\WINDOWS\system32\accwiz.exe
2002-01-01 20:52:17 ----D---- C:\Program Files\Windows NT
2002-01-01 20:52:17 ----A---- C:\WINDOWS\system32\sndrec32.exe
2002-01-01 20:52:17 ----A---- C:\WINDOWS\system32\mspaint.exe
2002-01-01 20:52:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2002-01-01 20:52:17 ----A---- C:\WINDOWS\system32\hypertrm.dll
2002-01-01 20:52:17 ----A---- C:\WINDOWS\system32\clipbrd.exe
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\spider.exe
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\remotepg.dll
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\rdshost.exe
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\mstscax.dll
2002-01-01 20:52:16 ----A---- C:\WINDOWS\system32\mstsc.exe
2002-01-01 20:52:15 ----D---- C:\WINDOWS\system32\MsDtc
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\termsrv.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\sessmgr.exe
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\rdpclip.exe
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\rdchost.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\qprocess.exe
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\icaapi.dll
2002-01-01 20:52:15 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\xolehlp.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\mtxoci.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\msdtctm.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\msdtclog.dll
2002-01-01 20:52:14 ----A---- C:\WINDOWS\system32\msdtc.exe
2002-01-01 20:52:13 ----D---- C:\WINDOWS\system32\Com
2002-01-01 20:52:13 ----A---- C:\WINDOWS\system32\colbact.dll
2002-01-01 20:52:13 ----A---- C:\WINDOWS\system32\clbcatex.dll
2002-01-01 20:52:13 ----A---- C:\WINDOWS\system32\catsrvut.dll
2002-01-01 20:52:13 ----A---- C:\WINDOWS\system32\catsrvps.dll
2002-01-01 20:52:13 ----A---- C:\WINDOWS\system32\catsrv.dll
2002-01-01 20:52:12 ----A---- C:\WINDOWS\system32\comuid.dll
2002-01-01 20:52:12 ----A---- C:\WINDOWS\system32\comsvcs.dll
2002-01-01 20:52:12 ----A---- C:\WINDOWS\system32\clbcatq.dll
2002-01-01 20:52:06 ----A---- C:\WINDOWS\system32\servdeps.dll
2002-01-01 20:52:06 ----A---- C:\WINDOWS\system32\mmfutil.dll
2002-01-01 20:52:06 ----A---- C:\WINDOWS\system32\licwmi.dll
2002-01-01 20:52:06 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\wowfaxui.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\wowfax.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrvpa.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrvoica.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrv80a.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrv42a.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrsvpia.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrshuta.exe
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrsdpia.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrrtosa.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrprbda.exe
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrlbva.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrfaxa.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrdtea.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrdpa.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrcoina.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\usrcntra.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\streamci.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\sprio800.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\sprio600.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\spnike.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\paqsp.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\mdwmdmsp.dll
2004-10-13 23:38:52 ----A---- C:\WINDOWS\system32\dvdplay.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R3 4c70249;4c70249; \??\C:\WINDOWS\system32\4c70249.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-04-01 230272]
S3 4901228;4901228; \??\C:\WINDOWS\system32\4901228.sys []
S3 8b52f47;8b52f47; \??\C:\WINDOWS\system32\8b52f47.sys []
S3 c551839;c551839; \??\C:\WINDOWS\system32\c551839.sys []
S3 eth8023;eth8023; C:\WINDOWS\system32\drivers\eth8023.sys [2008-10-21 18048]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

 

[Baabiouz]

Hello
Let's run Combofix.
Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

 

[deepak4490]

Hello
Bro yesterday my AVG corrupted and my ISP blocked my internet access, he told me that he blocked my net coz of suspicious activities.
I formatted my C: and installed windows xp again.
Now i installed Kaspersky - it is detecting file flash.ocx as virus but now deleting it.

HijackThis Log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:07 PM, on 10/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viruslist.com/en/advisories/29321
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DEFE24-3973-444A-8971-2DF474663929}: NameServer = 172.16.0.1
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 2930 bytes

ComboFix Logfile
ComboFix 08-10-22.05 - Deepak 2008-10-23 14:56:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.312 [GMT 5.5:30]
Running from: C:\Documents and Settings\Deepak\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Deepak\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Messenger\msgmr.dll
C:\WINDOWS\AppPatch\AcSpecf.dll
C:\WINDOWS\AppPatch\AcXtrnel.sdb
C:\WINDOWS\Fonts\Framdee.ttf
C:\WINDOWS\system32\drivers\eth8023.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ETH8023
-------\Service_eth8023


((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.

2008-10-23 13:12 . 2008-10-23 13:12 <DIR> d-------- C:\Program Files\Maxotek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 09:27 7,150,112 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-23 09:27 61,132 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-23 09:27 3,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-23 09:27 131,104 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-23 09:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-22 17:40 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-29 14:51 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
24Online Client.lnk - C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe [2004-05-31 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 ENO;ENO;C:\WINDOWS\system32\drivers\ENO.sys [2004-05-27 51564]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.viruslist.com/en/advisories/29321
O17 -: HKLM\CCS\Interface\{93DEFE24-3973-444A-8971-2DF474663929}: NameServer = 172.16.0.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 14:58:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-23 14:59:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-23 09:29:38

Pre-Run: 18,379,968,512 bytes free
Post-Run: 18,366,046,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

90

 

[deepak4490]

Thumbnail view of message i did get from kaspersky whenever i open a webpage.

 

[Baabiouz]

Hello

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
(At installing Zonealarm, please uncheck this option "include a ZoneAlarm Spy Blocker...". The Toolbar is not recommended... You can read more about it here.)
2) Agnitum
3) Sunbelt/Kerio
4) Comodo
(at installing Comodo, please uncheck these options: "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage")

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Let's scan your computer with Mbam:

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  Update Malwarebytes' Anti-Malware
  Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  Note:
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Post a fresh HijackThis log and Mbam's results here

 

[deepak4490]

MalwareByte Anti Malware Logfile

Malwarebytes' Anti-Malware 1.30
Database version: 1310
Windows 5.1.2600 Service Pack 2

10/24/2008 10:15:52 AM
mbam-log-2008-10-24 (10-15-52).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 254146
Time elapsed: 1 hour(s), 58 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\System Volume Information\_restore{4D5EAD28-9447-467A-811E-8B5354A073DB}\RP6\A0002396.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{4D5EAD28-9447-467A-811E-8B5354A073DB}\RP6\A0002398.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Hijackthis Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:55 AM, on 10/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viruslist.com/en/advisories/29321
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DEFE24-3973-444A-8971-2DF474663929}: NameServer = 172.16.0.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3445 bytes

 

[deepak4490]

Bro Comodo notified me this, and i denied the request - Is this trojan or normal activity ?