Suggest A Fix PC Support Forums > Wlan Has Stopped Working Properly

Full Version: Wlan Has Stopped Working Properly

Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking

blueice

Oct 31 2009, 10:48 AM

My wife's computer has developed a problem, which causes it to keep shutting down. It is associated with the screen going blank and a small label dancing around the screen say "No Cable"; it then reboots automatically. After restarting, a windows error message appears, informing that the system has recovered from a serious error, and invites one to send them the report., i.e. : -

BCCode : 100000d1 BCP1 : 3131D7F1 BCP2 : 00000002 BCP3 : 00000000
BCP4 : F7FCB5A1 OSVer : 5_1_2600 SP : 2_0 Product : 256_1

If this is sent it returns with the following:

Address a problem with WLAN

WLAN has stopped working properly.
This product is no longer supported by the manufacturers.

Some research on google suggests unclicking the box in Wireless Network Connections Properties, that disables “Use windows to configure my wireless network settings”

This only serves to stop the wireless connection to the router to stop working.

I have used various proprietary malware and spyware scanners but the problem prevails. I didn’t have Ad-aware on this computer so I tried to download and install. Very difficult when the computer keeps crashing but I eventually got there. This runs very slow and the update manager just hangs before the computer eventually shuts down, so I haven’t been able to do a scan with that facility.

I have managed to a Highjack this before it shuts down and the log is attached.

System information is as follows: -

OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Manufacturer OEM
System Type X86-based PC
Processor x86 Family 15 Model 6 Stepping 5 GenuineIntel ~3192 Mhz
BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 29/06/2007
SMBIOS Version 2.5
System Directory C:\WINDOWS\system32

Any advice would be appreciated.

Ironbender

Oct 31 2009, 02:06 PM

Hi blueice,

this sounds more like a disk issue or a hardware problem to me. Did you try to restore your system to a previous date, just before this first started ?

Anyway, you may try this:

<Start/Run> type in chkdsk /r (Enter) -->schedule the scan, restart your system and let it perform.
<Start/Run> type in sfc /scannow (Enter).

Also, if you can, follow the instructions here: http://www.suggestafix.com/index.php?showtopic=33591

Let me know how it goes. We need a (barely) stable system to check for virus/baddies.

Chris

blueice

Nov 1 2009, 04:28 PM

Hi Chris
>>this sounds more like a disk issue or a hardware problem to me. Did you try to restore your system to a previous date, just before this first started ?<<
No but I did create a store point before I started to do anything to try to fix the problem.

>>We need a (barely) stable system to check for virus/baddies.<<
Yep; and also to do a chkdsk! I keep trying to run this, as you've suggested, but it takes more than 45 mins and the computer seems to wait until the last part of the last stage before shutting down

.

Ok I've now watched it to the end. As it did a message came up to say that the scan was completed, but I didn’t have time to read anymore before it closed down.

sfc /scannow required the service pack 2 install disk and took forever, when I came back to the screen the progress indicator had gone so I suppose it had completed; there was no message or dialogue box to say whether it was successfull or not

Re >>http://www.suggestafix.com/index.php?showtopic=33591<<

I have run crap cleaner and had already run MBAM, twice, before making the first posting. A scan now just reports a clean system but I have attached the log files from the previous two occasions.

Also attached the most recent HJT log file.

The PC appears to be behaving itself at the moment. I was contemplating up-dateing to service pack 3; do you think I should do that?

Clive

PS posted this but I don't see evidence of the attachments. Have they uploaded?

Malwarebytes' Anti-Malware 1.41
Database version: 3059
Windows 5.1.2600 Service Pack 2

31/10/2009 14:29:52
mbam-log-2009-10-31 (14-29-52).txt

Scan type: Quick Scan
Objects scanned: 106557
Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ironbender

Nov 1 2009, 04:43 PM

Hi Clive,

the mbam report has uploaded but HijackThis has not. I included it in your post.

Attaching files don't always works, and makes them difficult to read.

Download RSIT from http://images.malwareremoval.com/random/RSIT.exe to your desktop and run it there.

Post the log.txt it generates.

Do not attach it, copy/paste it to your next reply.

Chris

blueice

Nov 1 2009, 05:07 PM

>>the mbam report has uploaded but HijackThis has not. I included it in your post.

Attaching files don't always works, and makes them difficult to read.<<

There should have been two MBAM files. The other one was a full scan and the first; as follows: -
Malwarebytes' Anti-Malware 1.41
Database version: 3059
Windows 5.1.2600 Service Pack 2

30/10/2009 11:08:35
mbam-log-2009-10-30 (11-08-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 132959
Time elapsed: 29 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\gbdriver001.x (Spyware.Banker) -> Quarantined and deleted successfully.
C:\gbdriver002.x (Spyware.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6DE7EB79-7D99-4ED8-8418-428510375990}\RP218\A0600127.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crepusculox.exe (Spyware.Banker) -> Quarantined and deleted successfully.

The most recent HJT : -

Logfile of HijackThis v1.97.7
Scan saved at 22:48:09, on 01/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Rute\My Documents\1812\SpyWare\HijackThis\ThisHijack.exe

O1 - Hosts: 222.24.94.15 www.bradesco.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 bradesco.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.bradesco.com # GbPluguin
O1 - Hosts: 222.24.94.15 bradesco.com # GbPluguin
O1 - Hosts: 222.24.94.15 www.itau.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 itau.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.itau.com # GbPluguin
O1 - Hosts: 222.24.94.15 itau.com # GbPluguin
O1 - Hosts: 222.24.94.15 www.banespa.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 banespa.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.santander.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 santander.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.caixa.gov.br # GbPluguin
O1 - Hosts: 222.24.94.15 caixa.gov.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.caixa.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 caixa.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.cef.gov.br # GbPluguin
O1 - Hosts: 222.24.94.15 cef.gov.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.cef.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 cef.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 internetbanking.caixa.gov.br # GbPluguin
O1 - Hosts: 222.24.94.15 internetbanking.caixa.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 internetbanking.cef.gov.br # GbPluguin
O1 - Hosts: 222.24.94.15 internetbanking.cef.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.e-gold.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 e-gold.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.e-gold.com # GbPluguin
O1 - Hosts: 222.24.94.15 e-gold.com # GbPluguin
O1 - Hosts: 222.24.94.15 www.bradescoprime.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 bradescoprime.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.itaupersonnalite.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 itaupersonnalite.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.americanexpress.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.americanexpress.com # GbPluguin
O1 - Hosts: 222.24.94.15 americanexpress.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.banrisul.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 banrisul.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.banrisul.com # GbPluguin
O1 - Hosts: 222.24.94.15 www.real.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.bancoreal.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 real.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 bancoreal.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 banrisul.com # GbPluguin
O1 - Hosts: 222.24.94.15 www.cetelem.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 cetelem.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 www.cartaoaura.com.br # GbPluguin
O1 - Hosts: 222.24.94.15 cartaoaura.com.br # GbPluguin
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199792268796
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

Hope this helps. The RSIT to follow.
Clive

blueice

Nov 1 2009, 06:00 PM

QUOTE(Ironbender @ Nov 1 2009, 11:43 PM)

I keep getting an error when trying to add reply. I think it is too much text to upload. I did 3 months worth so it is extremely large. I'm going to try it as an attachment and see how it goes Chris. If it doesn't work, is there somewhere else I can send it?

There was a second log produced called infolog; I'll try and send that separately.

blueice

Nov 1 2009, 06:03 PM

QUOTE(Ironbender @ Nov 1 2009, 11:43 PM)

Here goes with the info file; perhaps this will paste as it is not so large: -

info.txt logfile of random's system information tool 1.06 2009-11-02 00:32:25

======Uninstall list======

-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Air Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{67BB93E2-60DD-49F5-97CB-3187BAE9D4E6}
AirPlus G-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0EA44599-1E9D-4517-A088-9588A9FAB211} /l1033
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Brother HL-2040-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52BC4085-28A7-495A-89BE-2C3905EA1525}\SETUP.exe" -l0x9 -removeonly /uninst
CA eTrust Antivirus-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CA\eTrust Antivirus\Uninst.isu" -c"C:\Program Files\CA\eTrust Antivirus\InoSetup.dll"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cloudmark Desktop for Microsoft Outlook Express-->MsiExec.exe /X{5B0A00E4-2F9F-49C7-B9A1-9A8E136E8869}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Macallan Outlook Express Extraction-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Macallan Applications\Macallan Outlook Express Extraction\Uninst.isu"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Baseline Security Analyzer 1.2-->MsiExec.exe /I{5FA4690C-1975-4F94-9A64-274F29BD9221}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NIOC Service-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WZCBDL Service-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{26595B84-25F5-43E2-9696-B1720E813850}

======Hosts File======

# GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin
# GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin
# GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin
# GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin
# GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin
# GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin # GbPluguin
127.0.0.1 localhost # GbPluguin
127.0.0.1 localhost # GbPluguin
127.0.0.1 localhost # GbPluguin
127.0.0.1 localhost # GbPluguin

======System event log======

Computer Name: RUTESPC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Cxq69

Record Number: 25059
Source Name: Service Control Manager
Time Written: 20091026105936.000000+000
Event Type: error
User:

Computer Name: RUTESPC
Event Code: 7000
Message: The BrSplService service failed to start due to the following error:
The system cannot find the file specified.

Record Number: 25058
Source Name: Service Control Manager
Time Written: 20091026105933.000000+000
Event Type: error
User:

Computer Name: RUTESPC
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\CLIVESSTUDY on the network \Device\NetBT_Tcpip_{CE0F83C4-625D-4E76-AB3D-A27F1F4B5440}.
The data is the error code.

Record Number: 25052
Source Name: BROWSER
Time Written: 20091026094153.000000+000
Event Type: warning
User:

Computer Name: RUTESPC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001CF01A9648. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 25051
Source Name: Dhcp
Time Written: 20091026085311.000000+000
Event Type: warning
User:

Computer Name: RUTESPC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001CF01A9648. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 25048
Source Name: Dhcp
Time Written: 20091026085306.000000+000
Event Type: warning
User:

======Environment variables======

"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"INOCULAN"=C:\PROGRA~1\CA\ETRUST~1
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0605
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

Ironbender

Nov 2 2009, 02:59 AM

Geez !

How did you manage to pick a Brazilian trojan-banker ? There are also traces of Vundo remnants, among others. The Rootkit agent values are still showing.

Warning ! Your MSN, Orkut, e-mail and bank IDs and passwords may have been stolen and sent to a chinese server.

The first HJT log you posted is far, far outdated! It's a very old version.

Download BankerFix from http://www.linhadefensiva.org/dl/bankerfix to your desktop.
- Double click bankerfix.exe - This will install it on your system.
Note: you'll need to be connected to the net.
- Click OK at any prompt message.
- Once all the components are installed, a little text window will open and prompt you to click OK again. Close any windows and programs on your system tray, including your antivirus.
- Hit any key to proceed.
- when done, locate C:\LinhaDefensiva\relatorio.txt and post it on your next reply.

- Download and unzip The Avenger from http://swandog46.geekstogo.com/avenger.zip to your desktop
- Start up Avenger.
- In the box that opens, copy, then paste the text in the code box below.

CODE

Folders to delete:
C:\Documents and Settings\Rute\My Documents\1812\SpyWare\HijackThis

Registry values to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network | Winkp62.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network | Winot52.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network | Winwd27.sys

- Click "Execute".
- Press OK at the prompts to reboot your PC.

After your system restarts, a log file should open with the results of Avenger’s actions. Please post this log here along with the bankerfix report and a fresh RSIT log.

If you need more than one post for this, please do so. Ah, and do not quote all my posts. Hit the Add Reply button at the very bottom of your window instead of the "reply one from my post.

We'll need to run other fixtools afterwards.

Chris

blueice

Nov 2 2009, 04:21 AM

QUOTE(Ironbender @ Nov 2 2009, 09:59 AM)

Geez !

OMG

My wife is from Belo Horizonte, now living in the UK. She is always receiving e-mails with attachments from Brasil. She used to have an on line BR bank account but closed it years ago, so hopefully no harm or risk has been made.

Here goes with the BankerFix log:

-------------------------------------------------------
BankerFix 3.1 VALKYRIE - Banker Trojan Remover
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Date: 2009-11-02 - 10:24
-------------------------------------------------------
Version: 2009-10-26-1 | CORE: 2009-07-24-1
=======================================================

Found malicious IP on hosts file: 222.24.94.15

Found malicious IP on hosts file: caixa.com.br

Found malicious IP on hosts file: caixa.gov.br

Found malicious IP on hosts file: www.cef.com.br

Found malicious IP on hosts file: www.cef.gov.br

----- End -------------------------

and now the Avenger
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Documents and Settings\Rute\My Documents\1812\SpyWare\HijackThis" deleted successfully.

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network|Winkp62.sys"
Deletion of registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network|Winkp62.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network|Winot52.sys"
Deletion of registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network|Winot52.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network|Winwd27.sys"
Deletion of registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network|Winwd27.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

The RSIT log will follow in installments

blueice

Nov 2 2009, 04:28 AM

gfile of random's system information tool 1.06 (written by random/random)
Run by Rute at 2009-11-02 10:48:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (70%) free of 38 GB
Total RAM: 502 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:18, on 02/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Rute\Desktop\RSIT.exe
C:\Program Files\trend micro\Rute.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199792268796
O21 - SSODL: yWwMDFV - {F4F6EE34-5E5C-449E-46E3-CEA8C41179EC} - C:\WINDOWS\system32\gchzeuk.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\System32\brsvc01a.exe (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 6504 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Every week.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-02-13 493024]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"D-Link Air Utility"=C:\Program Files\D-Link\Air Utility\AirCFG.exe [2003-06-26 2695168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-28 149280]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-07-22 1519616]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Cloudmark Desktop for Outlook Express.lnk - C:\WINDOWS\Installer\{5B0A00E4-2F9F-49C7-B9A1-9A8E136E8869}\SC_1.ico
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-02-28 239616]
yWwMDFV - {F4F6EE34-5E5C-449E-46E3-CEA8C41179EC} - C:\WINDOWS\system32\gchzeuk.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp62.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot52.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd27.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Reserved]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winkp62.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winot52.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd27.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\Rute\Local Settings\Temp\.tt6.tmp"="C:\Documents and Settings\Rute\Local Settings\Temp\.tt6.tmp:*:Enabled:enable"
"C:\WINDOWS\system32\sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

blueice

Nov 2 2009, 04:34 AM

======List of files/folders created in the last 1 months======

2009-11-02 10:45:07 ----D---- C:\Avenger
2009-11-02 10:45:06 ----A---- C:\avenger.txt
2009-11-02 10:23:58 ----D---- C:\LinhaDefensiva
2009-11-02 00:32:01 ----D---- C:\Program Files\trend micro
2009-11-02 00:31:58 ----D---- C:\rsit
2009-11-01 19:16:40 ----A---- C:\WINDOWS\system32\SET145.tmp
2009-11-01 19:16:37 ----D---- C:\WINDOWS\network diagnostic
2009-11-01 19:15:39 ----A---- C:\WINDOWS\system32\sprecovr.exe
2009-11-01 19:12:33 ----A---- C:\WINDOWS\002988_.tmp
2009-11-01 19:10:01 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmpasf.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmp.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmidx.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmerror.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\bthci.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\wshbth.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-11-01 19:09:27 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-11-01 19:09:25 ----A---- C:\WINDOWS\system32\spiisupd.exe
2009-11-01 19:09:18 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2009-11-01 19:08:59 ----A---- C:\WINDOWS\system32\secedit.exe
2009-11-01 19:08:59 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-11-01 19:08:55 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-11-01 19:08:55 ----A---- C:\WINDOWS\system32\encdec.dll
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\wscntfy.exe
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-11-01 19:08:53 ----A---- C:\WINDOWS\system32\w3ssl.dll
2009-11-01 19:08:53 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\sbe.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-11-01 19:08:50 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-11-01 19:08:49 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-11-01 19:08:49 ----A---- C:\WINDOWS\system32\smbinst.exe
2009-11-01 19:08:48 ----A---- C:\WINDOWS\system32\iuengine.dll
2009-11-01 19:08:48 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-11-01 19:08:47 ----A---- C:\WINDOWS\system32\mssap.dll
2009-11-01 19:08:47 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\xmlprov.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\twext.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\spnpinst.exe
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\p2p.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\encapi.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\gpresult.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\eventcreate.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\driverquery.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\systeminfo.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\schtasks.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\openfiles.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\appmgr.dll
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\appmgmts.dll
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\adsnw.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\gpedit.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\getmac.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\fdeploy.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\fde.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\efsadu.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\cipher.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\bootcfg.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2009-11-01 19:08:38 ----A---- C:\WINDOWS\system32\gptext.dll
2009-11-01 19:08:37 ----A---- C:\WINDOWS\system32\logman.exe
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqise.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqad.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\nwwks.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\nwapi32.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\ntbackup.exe
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqutil.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqtrig.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqsvc.exe
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqsnap.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqsec.dll
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tracerpt.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tasklist.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\taskkill.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\rsnotify.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\proxycfg.exe
2009-11-01 19:08:33 ----A---- C:\WINDOWS\system32\wsecedit.dll
2009-11-01 19:07:50 ----A---- C:\WINDOWS\explorer.exe
2009-11-01 19:07:49 ----A---- C:\WINDOWS\winhlp32.exe
2009-11-01 19:07:49 ----A---- C:\WINDOWS\twain_32.dll
2009-11-01 19:07:49 ----A---- C:\WINDOWS\regedit.exe
2009-11-01 19:07:49 ----A---- C:\WINDOWS\hh.exe
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\activeds.dll
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\aclui.dll
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\6to4svc.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\amstream.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\alg.exe
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\ahui.exe
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\advpack.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsldpc.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\admparse.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\atl.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\at.exe
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\asferror.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\cabview.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browseui.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browser.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browselc.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\blackbox.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\batt.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\authz.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\attrib.exe
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\certcli.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\capesnpn.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\camocx.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cisvc.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cic.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cewmdm.dll
2009-11-01 19:07:41 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-11-01 19:07:41 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comres.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\compstui.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\compatui.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\colbact.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cnbjmon2.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\credui.dll
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\corpol.dll
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\conime.exe
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\confmsp.dll
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\comuid.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\csrss.exe
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cscui.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cscript.exe
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptnet.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\datime.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\danim.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\diantz.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\devenum.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\defrag.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dmband.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dmadmin.exe
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dllhost.exe
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dispex.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\diskcopy.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dinput.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\digest.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmime.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drprov.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drmstor.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drmclien.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsound.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dskquoui.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\duser.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dswave.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dssec.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\eventlog.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\esent.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\es.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\els.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxmasf.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\forcedos.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fontview.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fontext.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\findstr.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\feclient.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\exts.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hlink.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hid.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hhsetup.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\help.exe
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\glu32.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\icmp.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\icm32.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\htui.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\idq.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imm32.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imapi.exe
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\ils.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\iexpress.exe
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\ipmontr.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inseng.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\input.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\initpki.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetres.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\itss.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\itircl.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\isign32.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\irmon.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\irftp.exe
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\ipxwan.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\kbdnec.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jscript.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jgpl400.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jgdw400.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\magnify.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\lsass.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\lpk.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\logonui.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\logagent.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\localui.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\localsec.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\loadperf.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\linkinfo.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\licdll.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\laprxy.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\miglibnt.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\midimap.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfc42u.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfc40u.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\makecab.exe
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmcshext.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmc.exe
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mlang.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mimefilt.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mpr.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\moricons.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\more.com
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\modemui.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msdart.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msctfp.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msctf.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msconf.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mscms.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msafd.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mprdim.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\mshta.exe
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msgina.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msexcl40.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msexch40.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msidle.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msident.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msi.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-11-01 19:07:11 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-11-01 19:07:11 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-11-01 19:07:11 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjter40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjint40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjet40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msisip.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msiregmv.exe
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msimtf.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msnetobj.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msltus40.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msjtes40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrepl40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrating.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\mspmsp.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\mspbde40.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstime.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstext40.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstask.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\msscp.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcrt.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msutb.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswsock.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswmdm.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswdat10.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxml.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxbde40.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\mswstr10.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\net1.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\net.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\narrator.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netrap.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netman.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netlogon.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netid.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netdde.exe
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\npptools.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\notepad.exe
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\newdev.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netui1.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netui0.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netstat.exe
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netshell.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netsh.exe
2009-11-01 19:07:01 ----A---- C:\WINDOWS\notepad.exe
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\occache.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\objsel.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\oakley.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcji32.dll

blueice

Nov 2 2009, 04:35 AM

2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\ocmanage.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\packager.exe
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\osk.exe
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\oledlg.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\olecli32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\ole32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\polstore.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\ping.exe
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pid.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfos.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfnet.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pdh.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\psbase.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\psapi.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\proquota.exe
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\progman.exe
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\profmap.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qedit.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qdv.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qcap.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qasf.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\query.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\quartz.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rcp.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rastls.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\raschap.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\riched20.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rexec.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\resutils.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regsvr32.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regsvc.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regapi.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\reg.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\scecli.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\runonce.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rundll32.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsh.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sfc.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\setup.exe
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sethc.exe
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sens.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\security.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\secur32.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-11-01 19:06:49 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2009-11-01 19:06:49 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-11-01 19:06:48 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-11-01 19:06:48 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-11-01 19:06:47 ----A---- C:\WINDOWS\system32\shell32.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\slbiop.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\slayerxp.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\skeys.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\sigverif.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\sigtab.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shutdown.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shsvcs.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shrpubw.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shmgrate.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shmedia.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shgina.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\srclient.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\spoolsv.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\spoolss.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\spider.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sort.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\snmpapi.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2009-11-01 19:06:44 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2009-11-01 19:06:44 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2009-11-01 19:06:44 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-11-01 19:06:44 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\svchost.exe
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\storprop.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\stobject.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\stimon.exe
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\sti_ci.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\sti.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\stclient.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\tapi32.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\tapi3.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\syncui.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\synceng.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\sxs.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tsddd.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\trkwks.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tree.com
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tracert.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tourstart.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\themeui.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\termmgr.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\telnet.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tcpmon.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tcpmib.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\taskmgr.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tapisrv.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\url.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\ups.exe
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnpui.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnphost.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnpcont.exe
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnp.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\uniplat.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\unimdmat.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\umandlg.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\udhisapi.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\txflog.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\utilman.exe
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\usp10.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\userenv.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\user32.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\usbui.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\usbmon.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\webvw.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\webclnt.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\wavemsp.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\w32time.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vssvc.exe
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vssapi.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\version.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\verifier.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vdmredir.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiaservc.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiascr.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiadss.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiadefui.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wextract.exe
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winscard.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winrnr.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winntbbu.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winmm.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winlogon.exe
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winipsec.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\wininet.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\wiavideo.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\wlnotify.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\wldap32.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\winver.exe
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\wintrust.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\winsta.dll
2009-11-01 19:06:34 ----A---- C:\WINDOWS\system32\wmasf.dll
2009-11-01 19:06:34 ----A---- C:\WINDOWS\system32\wmadmoe.dll
2009-11-01 19:06:34 ----A---- C:\WINDOWS\system32\wmadmod.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmstream.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpui.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpshell.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmploc.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpcore.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpcd.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmi.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmdmps.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wship6.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wshext.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wshcon.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wscript.exe
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\ws2help.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\ws2_32.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wpabaln.exe
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wow32.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wmvcore.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\zipfldr.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\xcopy.exe
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\xactsrv.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wsock32.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wshrm.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-11-01 19:06:29 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-11-01 19:06:29 ----A---- C:\WINDOWS\system32\autochk.exe
2009-11-01 19:06:29 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\format.com
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\cmd.exe
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\cacls.exe
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\locator.exe
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\localspl.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ftp.exe
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasman.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\printui.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\services.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\schannel.dll
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\savedump.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\samlib.dll
2009-11-01 19:06:24 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-11-01 19:06:24 ----A---- C:\WINDOWS\system32\smss.exe
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\userinit.exe
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\untfs.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\ulib.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\mspmspsv.dll
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\hal.dll
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\asfsipc.dll
2009-11-01 19:05:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-01 18:51:57 ----D---- C:\c54a6d05e83307ead7db2bd86b09
2009-11-01 11:22:32 ----D---- C:\Program Files\CCleaner
2009-10-31 20:28:08 ----D---- C:\ecdf583faca82bc123a6e40196
2009-10-31 19:26:53 ----D---- C:\a8a4fdb52b43ca7799
2009-10-31 17:43:03 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-31 15:30:46 ----D---- C:\809ce48a9298ca6fef
2009-10-31 15:30:22 ----D---- C:\036cf94b026c6c1a2abf5f9e
2009-10-31 15:11:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-31 15:10:30 ----D---- C:\Program Files\Lavasoft
2009-10-31 14:08:59 ----SHD---- C:\Config.Msi
2009-10-31 13:36:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-31 13:07:20 ----D---- C:\79dbf129e5766d58c21d
2009-10-31 12:49:11 ----D---- C:\a77b669a6bc9a21afaf97f36b4e048f5
2009-10-31 12:40:48 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-10-31 12:34:57 ----D---- C:\272288eb39584362c97bff20419ad220
2009-10-30 09:36:53 ----D---- C:\WINDOWS\system32\appmgmt
2009-10-30 09:33:28 ----A---- C:\WINDOWS\setup.ini
2009-10-30 09:33:26 ----D---- C:\WINDOWS\OvtCam
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\java.exe
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-11-02 10:46:01 ----D---- C:\WINDOWS\Temp
2009-11-02 10:45:07 ----D---- C:\WINDOWS\system32\drivers
2009-11-02 10:45:07 ----D---- C:\WINDOWS\system32
2009-11-02 10:44:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-02 10:41:05 ----D---- C:\WINDOWS\Prefetch
2009-11-02 09:45:53 ----D---- C:\WINDOWS\Minidump
2009-11-02 09:45:53 ----D---- C:\WINDOWS
2009-11-02 00:32:01 ----RD---- C:\Program Files
2009-11-02 00:27:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-01 23:36:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-01 23:04:08 ----HD---- C:\WINDOWS\inf
2009-11-01 22:57:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-01 21:41:57 ----D---- C:\WINDOWS\security
2009-11-01 19:23:02 ----RD---- C:\WINDOWS\Web
2009-11-01 19:23:02 ----D---- C:\WINDOWS\system32\wbem
2009-11-01 19:22:57 ----D---- C:\WINDOWS\system32\usmt
2009-11-01 19:22:56 ----D---- C:\WINDOWS\system32\Setup
2009-11-01 19:22:54 ----D---- C:\WINDOWS\system32\Restore
2009-11-01 19:22:54 ----D---- C:\WINDOWS\system32\oobe
2009-11-01 19:22:53 ----D---- C:\WINDOWS\system32\npp
2009-11-01 19:20:09 ----D---- C:\WINDOWS\system32\Com
2009-11-01 19:18:14 ----D---- C:\WINDOWS\system
2009-11-01 19:18:14 ----D---- C:\WINDOWS\srchasst
2009-11-01 19:18:13 ----D---- C:\WINDOWS\PeerNet
2009-11-01 19:18:12 ----D---- C:\WINDOWS\mui
2009-11-01 19:18:11 ----D---- C:\WINDOWS\msagent
2009-11-01 19:18:02 ----D---- C:\WINDOWS\ime
2009-11-01 19:18:01 ----D---- C:\WINDOWS\Help
2009-11-01 19:17:59 ----RSD---- C:\WINDOWS\Fonts
2009-11-01 19:17:59 ----D---- C:\WINDOWS\AppPatch
2009-11-01 19:17:54 ----D---- C:\Program Files\Windows NT
2009-11-01 19:17:54 ----D---- C:\Program Files\Windows Media Player
2009-11-01 19:17:52 ----D---- C:\Program Files\Outlook Express
2009-11-01 19:17:51 ----D---- C:\Program Files\NetMeeting
2009-11-01 19:17:49 ----D---- C:\Program Files\Movie Maker
2009-11-01 19:17:46 ----D---- C:\Program Files\Messenger
2009-11-01 19:17:44 ----D---- C:\Program Files\Internet Explorer
2009-11-01 19:17:39 ----D---- C:\Program Files\Common Files\System
2009-11-01 19:12:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-01 19:05:45 ----D---- C:\WINDOWS\ehome
2009-11-01 11:24:43 ----D---- C:\WINDOWS\Debug
2009-11-01 11:21:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-01 11:21:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-31 15:15:21 ----SD---- C:\WINDOWS\Tasks
2009-10-31 15:14:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-31 15:11:23 ----SHD---- C:\WINDOWS\Installer
2009-10-31 13:36:07 ----D---- C:\WINDOWS\WinSxS
2009-10-30 11:13:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-30 11:12:59 ----D---- C:\Program Files\SpywareBlaster
2009-10-30 10:23:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-30 09:36:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-30 09:33:26 ----D---- C:\WINDOWS\twain_32
2009-10-29 22:51:17 ----A---- C:\WINDOWS\DUMP33f0.tmp
2009-10-29 22:04:17 ----A---- C:\WINDOWS\DUMP3c5d.tmp
2009-10-29 21:55:03 ----A---- C:\WINDOWS\DUMP3c7c.tmp
2009-10-29 21:25:53 ----A---- C:\WINDOWS\DUMP3921.tmp
2009-10-29 21:25:03 ----A---- C:\WINDOWS\DUMP34bc.tmp
2009-10-29 21:10:35 ----A---- C:\WINDOWS\DUMP35f4.tmp
2009-10-29 21:08:42 ----A---- C:\WINDOWS\DUMP343f.tmp
2009-10-29 20:58:27 ----A---- C:\WINDOWS\DUMP3875.tmp
2009-10-29 20:57:39 ----A---- C:\WINDOWS\DUMP347d.tmp
2009-10-29 20:34:49 ----A---- C:\WINDOWS\DUMP3d57.tmp
2009-10-29 20:22:25 ----A---- C:\WINDOWS\DUMP3d28.tmp
2009-10-29 19:50:02 ----A---- C:\WINDOWS\DUMP349c.tmp
2009-10-29 18:58:49 ----A---- C:\WINDOWS\DUMP5004.tmp
2009-10-29 18:47:23 ----A---- C:\WINDOWS\DUMP4fa6.tmp
2009-10-29 18:38:05 ----A---- C:\WINDOWS\DUMP4f0b.tmp
2009-10-29 18:31:55 ----A---- C:\WINDOWS\DUMP5459.tmp
2009-10-29 18:30:58 ----A---- C:\WINDOWS\DUMP4eeb.tmp
2009-10-29 18:22:41 ----A---- C:\WINDOWS\DUMP517d.tmp
2009-10-29 18:20:43 ----A---- C:\WINDOWS\DUMP5018.tmp
2009-10-29 18:17:41 ----A---- C:\WINDOWS\DUMP5091.tmp
2009-10-29 18:15:42 ----A---- C:\WINDOWS\DUMP566f.tmp
2009-10-29 18:14:53 ----A---- C:\WINDOWS\DUMP5749.tmp
2009-10-29 18:14:05 ----A---- C:\WINDOWS\DUMP4f6c.tmp
2009-10-29 18:06:51 ----A---- C:\WINDOWS\DUMP5582.tmp
2009-10-29 18:05:54 ----A---- C:\WINDOWS\DUMP4e7e.tmp
2009-10-29 18:01:50 ----A---- C:\WINDOWS\DUMP4e9e.tmp
2009-10-29 17:56:42 ----A---- C:\WINDOWS\DUMP4ebe.tmp
2009-10-29 17:53:40 ----A---- C:\WINDOWS\DUMP4e5f.tmp
2009-10-29 17:43:18 ----A---- C:\WINDOWS\DUMP53be.tmp
2009-10-29 17:42:22 ----A---- C:\WINDOWS\DUMP5017.tmp
2009-10-29 17:40:24 ----A---- C:\WINDOWS\DUMP5999.tmp
2009-10-29 17:39:35 ----A---- C:\WINDOWS\DUMP565e.tmp
2009-10-29 17:38:38 ----A---- C:\WINDOWS\DUMP4f1a.tmp
2009-10-29 17:35:37 ----A---- C:\WINDOWS\DUMP54c9.tmp
2009-10-29 17:34:50 ----A---- C:\WINDOWS\DUMP54b9.tmp
2009-10-29 17:33:52 ----A---- C:\WINDOWS\DUMP54c8.tmp
2009-10-29 17:33:04 ----A---- C:\WINDOWS\DUMP4df2.tmp
2009-10-29 17:26:54 ----A---- C:\WINDOWS\DUMP4efa.tmp
2009-10-29 17:24:57 ----A---- C:\WINDOWS\DUMP539e.tmp
2009-10-29 17:24:01 ----A---- C:\WINDOWS\DUMP53dc.tmp
2009-10-29 17:23:05 ----A---- C:\WINDOWS\DUMP4fd7.tmp
2009-10-29 17:21:08 ----A---- C:\WINDOWS\DUMP544b.tmp
2009-10-29 17:20:11 ----A---- C:\WINDOWS\DUMP4e00.tmp
2009-10-29 17:14:01 ----A---- C:\WINDOWS\DUMP4e6e.tmp
2009-10-29 17:09:56 ----A---- C:\WINDOWS\DUMP4e41.tmp
2009-10-29 17:03:33 ----A---- C:\WINDOWS\DUMP4e40.tmp
2009-10-29 16:55:02 ----A---- C:\WINDOWS\DUMP4da3.tmp
2009-10-29 16:49:46 ----A---- C:\WINDOWS\DUMP510e.tmp
2009-10-29 16:48:47 ----A---- C:\WINDOWS\DUMP4fc7.tmp
2009-10-29 16:45:41 ----A---- C:\WINDOWS\DUMP5016.tmp
2009-10-29 16:39:17 ----A---- C:\WINDOWS\DUMP4f6b.tmp
2009-10-29 16:37:15 ----A---- C:\WINDOWS\DUMP4f6a.tmp
2009-10-29 16:29:48 ----A---- C:\WINDOWS\DUMP517c.tmp
2009-10-29 16:24:29 ----A---- C:\WINDOWS\DUMP5257.tmp
2009-10-29 16:20:16 ----A---- C:\WINDOWS\DUMP5248.tmp
2009-10-29 16:18:14 ----A---- C:\WINDOWS\DUMP58ce.tmp
2009-10-29 16:17:27 ----A---- C:\WINDOWS\DUMP544a.tmp
2009-10-29 16:11:03 ----A---- C:\WINDOWS\DUMP51ca.tmp
2009-10-29 16:05:45 ----A---- C:\WINDOWS\DUMP58af.tmp
2009-10-29 16:04:57 ----A---- C:\WINDOWS\DUMP54b8.tmp
2009-10-29 16:03:59 ----A---- C:\WINDOWS\DUMP51ea.tmp
2009-10-29 15:59:47 ----A---- C:\WINDOWS\DUMP5219.tmp
2009-10-29 15:56:39 ----A---- C:\WINDOWS\DUMP5247.tmp
2009-10-29 15:48:22 ----A---- C:\WINDOWS\DUMP56ab.tmp
2009-10-29 15:47:26 ----A---- C:\WINDOWS\DUMP5330.tmp
2009-10-29 15:45:26 ----A---- C:\WINDOWS\DUMP592c.tmp
2009-10-29 15:44:37 ----A---- C:\WINDOWS\DUMP58ed.tmp
2009-10-29 15:43:49 ----A---- C:\WINDOWS\DUMP56da.tmp
2009-10-29 15:42:52 ----A---- C:\WINDOWS\DUMP5218.tmp
2009-10-29 15:37:16 ----A---- C:\WINDOWS\DUMP5285.tmp
2009-10-29 15:25:50 ----A---- C:\WINDOWS\DUMP56bb.tmp
2009-10-29 15:25:02 ----A---- C:\WINDOWS\DUMP52b3.tmp
2009-10-29 15:17:48 ----A---- C:\WINDOWS\DUMP566e.tmp
2009-10-29 15:16:51 ----A---- C:\WINDOWS\DUMP57a6.tmp
2009-10-29 15:15:54 ----A---- C:\WINDOWS\DUMP5841.tmp
2009-10-29 15:15:06 ----A---- C:\WINDOWS\DUMP561e.tmp
2009-10-29 15:14:10 ----A---- C:\WINDOWS\DUMP5072.tmp
2009-10-29 15:11:08 ----A---- C:\WINDOWS\DUMP4f29.tmp
2009-10-29 15:07:04 ----A---- C:\WINDOWS\DUMP567c.tmp
2009-10-29 15:06:08 ----A---- C:\WINDOWS\DUMP5034.tmp
2009-10-29 15:02:02 ----A---- C:\WINDOWS\DUMP5071.tmp
2009-10-29 14:56:54 ----A---- C:\WINDOWS\DUMP516e.tmp
2009-10-29 14:51:46 ----A---- C:\WINDOWS\DUMP5015.tmp
2009-10-29 14:43:28 ----A---- C:\WINDOWS\DUMP55c1.tmp
2009-10-29 14:42:32 ----A---- C:\WINDOWS\DUMP55f0.tmp
2009-10-29 14:41:34 ----A---- C:\WINDOWS\DUMP5748.tmp
2009-10-29 14:40:47 ----A---- C:\WINDOWS\DUMP5709.tmp
2009-10-29 14:39:50 ----A---- C:\WINDOWS\DUMP565d.tmp
2009-10-29 14:38:54 ----A---- C:\WINDOWS\DUMP57d6.tmp
2009-10-29 14:38:07 ----A---- C:\WINDOWS\DUMP55b1.tmp
2009-10-29 14:37:10 ----A---- C:\WINDOWS\DUMP5082.tmp
2009-10-29 14:34:08 ----A---- C:\WINDOWS\DUMP60cd.tmp
2009-10-29 14:33:18 ----A---- C:\WINDOWS\DUMP50d0.tmp
2009-10-29 14:29:13 ----A---- C:\WINDOWS\DUMP57d5.tmp
2009-10-29 14:28:26 ----A---- C:\WINDOWS\DUMP5053.tmp
2009-10-29 14:20:08 ----A---- C:\WINDOWS\DUMP4fd6.tmp
2009-10-29 14:17:07 ----A---- C:\WINDOWS\DUMP50cf.tmp
2009-10-29 14:15:08 ----A---- C:\WINDOWS\DUMP4fc6.tmp
2009-10-29 14:12:08 ----A---- C:\WINDOWS\DUMP516d.tmp
2009-10-29 14:04:53 ----A---- C:\WINDOWS\DUMP5747.tmp
2009-10-29 14:03:56 ----A---- C:\WINDOWS\DUMP597a.tmp
2009-10-29 14:03:08 ----A---- C:\WINDOWS\DUMP5880.tmp
2009-10-29 14:02:19 ----A---- C:\WINDOWS\DUMP5256.tmp
2009-10-29 13:48:48 ----A---- C:\WINDOWS\DUMP596a.tmp
2009-10-29 13:47:59 ----A---- C:\WINDOWS\DUMP54b7.tmp
2009-10-29 13:47:00 ----A---- C:\WINDOWS\DUMP52a4.tmp
2009-10-29 13:45:01 ----A---- C:\WINDOWS\DUMP53bd.tmp
2009-10-29 13:43:01 ----A---- C:\WINDOWS\DUMP53fc.tmp
2009-10-29 13:41:02 ----A---- C:\WINDOWS\DUMP5718.tmp
2009-10-29 13:40:05 ----A---- C:\WINDOWS\DUMP5246.tmp
2009-10-29 13:38:06 ----A---- C:\WINDOWS\DUMP566d.tmp
2009-10-29 13:37:09 ----A---- C:\WINDOWS\DUMP514d.tmp
2009-10-29 13:33:04 ----A---- C:\WINDOWS\DUMP5eba.tmp
2009-10-29 13:32:14 ----A---- C:\WINDOWS\DUMP5023.tmp
2009-10-29 13:21:52 ----A---- C:\WINDOWS\DUMP55e0.tmp
2009-10-29 13:20:55 ----A---- C:\WINDOWS\DUMP57d4.tmp
2009-10-29 13:20:07 ----A---- C:\WINDOWS\DUMP517b.tmp
2009-10-29 13:18:09 ----A---- C:\WINDOWS\DUMP5062.tmp
2009-10-29 13:15:07 ----A---- C:\WINDOWS\DUMP5042.tmp
2009-10-29 13:12:06 ----A---- C:\WINDOWS\DUMP5795.tmp
2009-10-29 13:11:18 ----A---- C:\WINDOWS\DUMP57a5.tmp
2009-10-29 13:10:31 ----A---- C:\WINDOWS\DUMP4fe5.tmp
2009-10-29 13:06:26 ----A---- C:\WINDOWS\DUMP4fc5.tmp
2009-10-29 13:04:29 ----A---- C:\WINDOWS\DUMP5469.tmp
2009-10-29 13:03:33 ----A---- C:\WINDOWS\DUMP4e7d.tmp
2009-10-29 12:59:29 ----A---- C:\WINDOWS\DUMP4f69.tmp
2009-10-29 12:57:30 ----A---- C:\WINDOWS\DUMP4fd5.tmp
2009-10-29 12:53:24 ----A---- C:\WINDOWS\DUMP4e4e.tmp
2009-10-29 12:50:24 ----A---- C:\WINDOWS\DUMP4de1.tmp
2009-10-29 12:47:24 ----A---- C:\WINDOWS\DUMP5479.tmp
2009-10-29 12:46:36 ----A---- C:\WINDOWS\DUMP4ebd.tmp
2009-10-29 12:44:39 ----A---- C:\WINDOWS\DUMP4db2.tmp
2009-10-29 12:41:38 ----A---- C:\WINDOWS\DUMP5302.tmp
2009-10-29 12:40:42 ----A---- C:\WINDOWS\DUMP4f97.tmp
2009-10-29 12:38:44 ----A---- C:\WINDOWS\DUMP4df1.tmp
2009-10-29 12:35:44 ----A---- C:\WINDOWS\DUMP4e10.tmp
2009-10-29 12:31:39 ----A---- C:\WINDOWS\DUMP4ebc.tmp
2009-10-29 12:22:20 ----A---- C:\WINDOWS\DUMP4f0a.tmp
2009-10-28 21:58:27 ----A---- C:\WINDOWS\DUMP4a58.tmp
2009-10-28 21:48:05 ----A---- C:\WINDOWS\DUMP4a0a.tmp
2009-10-28 21:38:48 ----A---- C:\WINDOWS\DUMP50a1.tmp
2009-10-28 21:37:52 ----A---- C:\WINDOWS\DUMP4ca9.tmp
2009-10-28 21:35:54 ----A---- C:\WINDOWS\DUMP51c9.tmp
2009-10-28 21:35:07 ----A---- C:\WINDOWS\DUMP5277.tmp
2009-10-28 21:34:20 ----A---- C:\WINDOWS\DUMP4f58.tmp
2009-10-28 21:33:26 ----A---- C:\WINDOWS\DUMP5052.tmp
2009-10-28 21:32:31 ----A---- C:\WINDOWS\DUMP5033.tmp
2009-10-28 21:31:35 ----A---- C:\WINDOWS\DUMP4b60.tmp
2009-10-28 21:25:25 ----A---- C:\WINDOWS\DUMP4e8d.tmp
2009-10-28 21:24:31 ----A---- C:\WINDOWS\DUMP4f49.tmp
2009-10-28 21:23:37 ----A---- C:\WINDOWS\DUMP50a0.tmp
2009-10-28 21:22:42 ----A---- C:\WINDOWS\DUMP4c3c.tmp
2009-10-28 21:11:16 ----A---- C:\WINDOWS\DUMP49fa.tmp
2009-10-28 21:07:13 ----A---- C:\WINDOWS\DUMP5081.tmp
2009-10-28 21:06:27 ----A---- C:\WINDOWS\DUMP4ad4.tmp
2009-10-28 21:04:30 ----A---- C:\WINDOWS\DUMP4b82.tmp
2009-10-28 21:02:33 ----A---- C:\WINDOWS\DUMP4ba0.tmp
2009-10-28 21:00:36 ----A---- C:\WINDOWS\DUMP4b52.tmp
2009-10-28 20:45:01 ----A---- C:\WINDOWS\DUMP4a86.tmp
2009-10-28 20:25:13 ----A---- C:\WINDOWS\DUMP4a1a.tmp
2009-10-28 20:21:10 ----A---- C:\WINDOWS\DUMP4a09.tmp
2009-10-28 20:18:10 ----A---- C:\WINDOWS\DUMP4b71.tmp
2009-10-28 20:16:13 ----A---- C:\WINDOWS\DUMP54c7.tmp
2009-10-28 20:15:25 ----A---- C:\WINDOWS\DUMP49bb.tmp
2009-10-28 19:58:46 ----A---- C:\WINDOWS\DUMP4a19.tmp
2009-10-28 19:51:35 ----A---- C:\WINDOWS\DUMP49db.tmp
2009-10-28 19:47:31 ----A---- C:\WINDOWS\DUMP4f48.tmp
2009-10-28 19:46:36 ----A---- C:\WINDOWS\DUMP49f9.tmp
2009-10-28 19:37:18 ----A---- C:\WINDOWS\DUMP4b81.tmp
2009-10-28 19:31:09 ----A---- C:\WINDOWS\DUMP5014.tmp
2009-10-28 19:30:14 ----A---- C:\WINDOWS\DUMP4a57.tmp
2009-10-28 19:25:08 ----A---- C:\WINDOWS\DUMP4e5e.tmp
2009-10-28 19:24:13 ----A---- C:\WINDOWS\DUMP540b.tmp
2009-10-28 19:23:26 ----A---- C:\WINDOWS\DUMP4a66.tmp
2009-10-28 19:07:50 ----A---- C:\WINDOWS\DUMP4a18.tmp
2009-10-28 19:04:50 ----A---- C:\WINDOWS\DUMP49cc.tmp
2009-10-28 18:52:23 ----A---- C:\WINDOWS\DUMP49da.tmp
2009-10-28 18:43:05 ----A---- C:\WINDOWS\DUMP49cb.tmp
2009-10-28 18:30:38 ----A---- C:\WINDOWS\DUMP4f77.tmp
2009-10-28 18:29:44 ----A---- C:\WINDOWS\DUMP49ab.tmp
2009-10-28 18:25:41 ----A---- C:\WINDOWS\DUMP4dd2.tmp
2009-10-28 18:24:47 ----A---- C:\WINDOWS\DUMP49ca.tmp
2009-10-28 18:12:19 ----A---- C:\WINDOWS\DUMP4edb.tmp
2009-10-28 18:11:24 ----A---- C:\WINDOWS\DUMP4d37.tmp
2009-10-28 18:10:28 ----A---- C:\WINDOWS\DUMP499b.tmp
2009-10-28 17:58:01 ----A---- C:\WINDOWS\DUMP4ab6.tmp
2009-10-28 17:56:05 ----A---- C:\WINDOWS\DUMP4e3f.tmp
2009-10-28 17:55:10 ----A---- C:\WINDOWS\DUMP4b80.tmp
2009-10-28 17:47:54 ----A---- C:\WINDOWS\DUMP51e9.tmp
2009-10-28 17:47:07 ----A---- C:\WINDOWS\DUMP514c.tmp
2009-10-28 17:46:11 ----A---- C:\WINDOWS\DUMP4b70.tmp
2009-10-28 17:37:55 ----A---- C:\WINDOWS\DUMP50ff.tmp
2009-10-28 17:37:08 ----A---- C:\WINDOWS\DUMP4b51.tmp
2009-10-28 17:34:07 ----A---- C:\WINDOWS\DUMP4b03.tmp
2009-10-28 17:29:01 ----A---- C:\WINDOWS\DUMP4b9f.tmp
2009-10-28 17:24:59 ----A---- C:\WINDOWS\DUMP4cb9.tmp
2009-10-28 17:16:34 ----A---- C:\WINDOWS\DUMP516c.tmp
2009-10-28 17:15:48 ----A---- C:\WINDOWS\DUMP4d46.tmp
2009-10-28 17:13:50 ----A---- C:\WINDOWS\DUMP4b13.tmp
2009-10-28 17:06:38 ----A---- C:\WINDOWS\DUMP4ae4.tmp
2009-10-28 16:56:17 ----A---- C:\WINDOWS\DUMP512d.tmp
2009-10-28 16:55:31 ----A---- C:\WINDOWS\DUMP4d36.tmp
2009-10-28 16:54:36 ----A---- C:\WINDOWS\DUMP4ab5.tmp
2009-10-28 16:50:33 ----A---- C:\WINDOWS\DUMP4a95.tmp
2009-10-28 16:46:28 ----A---- C:\WINDOWS\DUMP4f68.tmp
2009-10-28 16:45:33 ----A---- C:\WINDOWS\DUMP4ae3.tmp
2009-10-28 16:40:27 ----A---- C:\WINDOWS\DUMP4b12.tmp
2009-10-28 16:37:27 ----A---- C:\WINDOWS\DUMP4a47.tmp
2009-10-28 16:32:20 ----A---- C:\WINDOWS\DUMP5294.tmp
2009-10-28 16:31:33 ----A---- C:\WINDOWS\DUMP4d45.tmp
2009-10-28 16:28:33 ----A---- C:\WINDOWS\DUMP4d54.tmp
2009-10-28 16:25:30 ----A---- C:\WINDOWS\DUMP4cf9.tmp
2009-10-28 16:20:23 ----A---- C:\WINDOWS\DUMP4cb8.tmp
2009-10-28 16:14:14 ----A---- C:\WINDOWS\DUMP4d35.tmp
2009-10-28 16:11:12 ----A---- C:\WINDOWS\DUMP5265.tmp
2009-10-28 16:10:17 ----A---- C:\WINDOWS\DUMP4cf8.tmp
2009-10-28 16:06:13 ----A---- C:\WINDOWS\DUMP4c6a.tmp
2009-10-28 16:02:09 ----A---- C:\WINDOWS\DUMP4dc2.tmp
2009-10-28 15:52:50 ----A---- C:\WINDOWS\DUMP4cf7.tmp
2009-10-28 15:25:38 ----A---- C:\WINDOWS\DUMP51e8.tmp
2009-10-28 15:24:43 ----A---- C:\WINDOWS\DUMP516b.tmp
2009-10-28 15:23:48 ----A---- C:\WINDOWS\DUMP4ce7.tmp
2009-10-28 15:18:41 ----A---- C:\WINDOWS\DUMP4e2f.tmp
2009-10-28 15:16:43 ----A---- C:\WINDOWS\DUMP5217.tmp
2009-10-28 15:15:47 ----A---- C:\WINDOWS\DUMP4c5b.tmp
2009-10-28 15:10:40 ----A---- C:\WINDOWS\DUMP4e9d.tmp
2009-10-28 15:08:42 ----A---- C:\WINDOWS\DUMP4c0e.tmp
2009-10-28 14:58:20 ----A---- C:\WINDOWS\DUMP511d.tmp
2009-10-28 14:57:23 ----A---- C:\WINDOWS\DUMP4c0d.tmp
2009-10-28 14:53:20 ----A---- C:\WINDOWS\DUMP4bce.tmp
2009-10-28 14:45:05 ----A---- C:\WINDOWS\DUMP52c3.tmp
2009-10-28 14:44:19 ----A---- C:\WINDOWS\DUMP51b9.tmp
2009-10-28 14:43:32 ----A---- C:\WINDOWS\DUMP4dd1.tmp
2009-10-28 14:27:55 ----A---- C:\WINDOWS\DUMP4c3b.tmp
2009-10-28 14:21:45 ----A---- C:\WINDOWS\DUMP4bfd.tmp
2009-10-28 14:16:38 ----A---- C:\WINDOWS\DUMP4c1c.tmp
2009-10-28 14:05:10 ----A---- C:\WINDOWS\DUMP4fb6.tmp
2009-10-28 14:04:15 ----A---- C:\WINDOWS\DUMP4bed.tmp
2009-10-28 14:00:11 ----A---- C:\WINDOWS\DUMP518b.tmp
2009-10-28 13:59:25 ----A---- C:\WINDOWS\DUMP4c9b.tmp
2009-10-28 13:57:25 ----A---- C:\WINDOWS\DUMP4c2c.tmp
2009-10-28 13:50:13 ----A---- C:\WINDOWS\DUMP50fe.tmp
2009-10-28 13:49:17 ----A---- C:\WINDOWS\DUMP4c4b.tmp
2009-10-28 13:46:17 ----A---- C:\WINDOWS\DUMP5592.tmp
2009-10-28 13:45:21 ----A---- C:\WINDOWS\DUMP4c89.tmp
2009-10-28 13:38:07 ----A---- C:\WINDOWS\DUMP5276.tmp
2009-10-28 13:37:21 ----A---- C:\WINDOWS\DUMP5275.tmp
2009-10-28 13:36:34 ----A---- C:\WINDOWS\DUMP4c0c.tmp
2009-10-28 13:30:25 ----A---- C:\WINDOWS\DUMP4bbe.tmp
2009-10-28 13:26:23 ----A---- C:\WINDOWS\DUMP4c5a.tmp
2009-10-28 13:03:25 ----A---- C:\WINDOWS\DUMP4baf.tmp
2009-10-28 12:59:22 ----A---- C:\WINDOWS\DUMP4c9a.tmp
2009-10-28 12:50:03 ----A---- C:\WINDOWS\DUMP4c99.tmp
2009-10-28 09:09:25 ----D---- C:\Program Files\Java
2009-10-26 11:32:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\System32\Drivers\ino_fltr.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 NIOC;NIOC Service; \??\C:\WINDOWS\System32\NIOC.SYS []
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 OVT511Plus;Dual Mode USB Camera Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-06-04 319104]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-02-28 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-02-28 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-02-28 10880]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver; C:\WINDOWS\System32\DRIVERS\NETDLWL.SYS [2003-07-14 159104]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2006-02-28 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2006-02-28 15360]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 InoRPC;eTrust Antivirus RPC Server; C:\Program Files\CA\eTrust Antivirus\InoRpc.exe [2003-02-13 144864]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Program Files\CA\eTrust Antivirus\InoRT.exe [2003-02-13 230880]
R2 InoTask;eTrust Antivirus Job Server; C:\Program Files\CA\eTrust Antivirus\InoTask.exe [2003-02-13 234976]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-28 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-31 1179232]
R2 LogWatch;Event Log Watch; C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R2 WZCBDLService;WZCBDL Service; C:\Program Files\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\System32\brsvc01a.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 CA_LIC_CLNT;CA License Client; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-20 138168]

-----------------EOF-----------------

Ironbender

Nov 2 2009, 06:35 AM

This system is badly infected. A Fresh install may be the only option.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O21 - SSODL: yWwMDFV - {F4F6EE34-5E5C-449E-46E3-CEA8C41179EC} - C:\WINDOWS\system32\gchzeuk.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.

Locate and delete all files on there: C:\WINDOWS\DUMP*.*

Download SDFix: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix\

Reboot into Safe Mode (without networking support !)

- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). I need that log afterwards.

Post the SDFix report along with a new RSIT log.

Better your Bazilian wife and you change ALL your IDs and passwords as soon as you can.

Chris

blueice

Nov 2 2009, 07:04 AM

QUOTE(Ironbender @ Nov 2 2009, 01:35 PM)

This system is badly infected. A Fresh install may be the only option.

Oh boy

At least I'll be able to save all her data before hand........ won't I?

The SDFix report: -

b]SDFix: Version 1.240 [/b]
Run by Administrator on 02/11/2009 at 14:34

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\DOCUME~1\LOCALS~1\APPLIC~1\637310~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\979571~1.EXE - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 14:39:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Documents and Settings\\Rute\\Local Settings\\Temp\\.tt6.tmp"="C:\\Documents and Settings\\Rute\\Local Settings\\Temp\\.tt6.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Tue 17 Jan 2006 74,752 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL0004.tmp"
Sat 11 Feb 2006 24,576 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL0005.tmp"
Sat 11 Feb 2006 842,752 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL0011.tmp"
Tue 17 Jan 2006 77,312 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL0051.tmp"
Sat 18 Feb 2006 1,014,784 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL0533.tmp"
Sat 11 Feb 2006 26,112 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL0543.tmp"
Sat 11 Feb 2006 20,480 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL0670.tmp"
Tue 17 Jan 2006 77,312 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL1697.tmp"
Tue 17 Jan 2006 77,312 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL2165.tmp"
Sat 11 Feb 2006 25,088 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL2257.tmp"
Sat 18 Feb 2006 1,016,832 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL2703.tmp"
Wed 15 Feb 2006 781,824 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL2874.tmp"
Wed 15 Feb 2006 931,840 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL3516.tmp"
Wed 15 Feb 2006 927,744 A..H. --- "C:\Documents and Settings\Rute\My Documents\Study\University\Dissertation\~WRL3638.tmp"

Finished!

The most recent RSIT Log (In stages)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rute at 2009-11-02 14:47:03
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (70%) free of 38 GB
Total RAM: 502 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:24, on 02/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Rute\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rute.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199792268796
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\System32\brsvc01a.exe (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 6291 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Every week.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-02-13 493024]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"D-Link Air Utility"=C:\Program Files\D-Link\Air Utility\AirCFG.exe [2003-06-26 2695168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-28 149280]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-07-22 1519616]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Cloudmark Desktop for Outlook Express.lnk - C:\WINDOWS\Installer\{5B0A00E4-2F9F-49C7-B9A1-9A8E136E8869}\SC_1.ico
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-02-28 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp62.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot52.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd27.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Reserved]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winkp62.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winot52.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd27.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\Rute\Local Settings\Temp\.tt6.tmp"="C:\Documents and Settings\Rute\Local Settings\Temp\.tt6.tmp:*:Enabled:enable"
"C:\WINDOWS\system32\sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-11-02 14:30:59 ----D---- C:\WINDOWS\ERUNT
2009-11-02 14:27:49 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-02 14:21:25 ----D---- C:\SDFix
2009-11-02 10:45:07 ----D---- C:\Avenger
2009-11-02 10:45:06 ----A---- C:\avenger.txt
2009-11-02 10:23:58 ----D---- C:\LinhaDefensiva
2009-11-02 00:32:01 ----D---- C:\Program Files\trend micro
2009-11-02 00:31:58 ----D---- C:\rsit
2009-11-01 19:16:40 ----A---- C:\WINDOWS\system32\SET145.tmp
2009-11-01 19:16:37 ----D---- C:\WINDOWS\network diagnostic
2009-11-01 19:15:39 ----A---- C:\WINDOWS\system32\sprecovr.exe
2009-11-01 19:12:33 ----A---- C:\WINDOWS\002988_.tmp
2009-11-01 19:10:01 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmpasf.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmp.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmidx.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmerror.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\bthci.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\wshbth.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-11-01 19:09:27 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-11-01 19:09:25 ----A---- C:\WINDOWS\system32\spiisupd.exe
2009-11-01 19:09:18 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2009-11-01 19:08:59 ----A---- C:\WINDOWS\system32\secedit.exe
2009-11-01 19:08:59 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-11-01 19:08:55 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-11-01 19:08:55 ----A---- C:\WINDOWS\system32\encdec.dll
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\wscntfy.exe
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-11-01 19:08:53 ----A---- C:\WINDOWS\system32\w3ssl.dll
2009-11-01 19:08:53 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\sbe.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-11-01 19:08:50 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-11-01 19:08:49 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-11-01 19:08:49 ----A---- C:\WINDOWS\system32\smbinst.exe
2009-11-01 19:08:48 ----A---- C:\WINDOWS\system32\iuengine.dll
2009-11-01 19:08:48 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-11-01 19:08:47 ----A---- C:\WINDOWS\system32\mssap.dll
2009-11-01 19:08:47 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\xmlprov.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\twext.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\spnpinst.exe
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\p2p.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\encapi.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\gpresult.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\eventcreate.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\driverquery.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\systeminfo.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\schtasks.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\openfiles.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\appmgr.dll
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\appmgmts.dll
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\adsnw.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\gpedit.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\getmac.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\fdeploy.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\fde.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\efsadu.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\cipher.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\bootcfg.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2009-11-01 19:08:38 ----A---- C:\WINDOWS\system32\gptext.dll
2009-11-01 19:08:37 ----A---- C:\WINDOWS\system32\logman.exe
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqise.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqad.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\nwwks.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\nwapi32.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\ntbackup.exe
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqutil.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqtrig.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqsvc.exe
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqsnap.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqsec.dll
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tracerpt.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tasklist.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\taskkill.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\rsnotify.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\proxycfg.exe
2009-11-01 19:08:33 ----A---- C:\WINDOWS\system32\wsecedit.dll
2009-11-01 19:07:50 ----A---- C:\WINDOWS\explorer.exe
2009-11-01 19:07:49 ----A---- C:\WINDOWS\winhlp32.exe
2009-11-01 19:07:49 ----A---- C:\WINDOWS\twain_32.dll
2009-11-01 19:07:49 ----A---- C:\WINDOWS\regedit.exe
2009-11-01 19:07:49 ----A---- C:\WINDOWS\hh.exe
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\activeds.dll
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\aclui.dll
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\6to4svc.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\amstream.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\alg.exe
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\ahui.exe
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\advpack.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsldpc.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\admparse.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\atl.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\at.exe
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\asferror.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\cabview.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browseui.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browser.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browselc.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\blackbox.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\batt.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\authz.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\attrib.exe
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\certcli.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\capesnpn.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\camocx.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cisvc.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cic.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cewmdm.dll
2009-11-01 19:07:41 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-11-01 19:07:41 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comres.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\compstui.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\compatui.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\colbact.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cnbjmon2.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\credui.dll
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\corpol.dll
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\conime.exe
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\confmsp.dll
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\comuid.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\csrss.exe
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cscui.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cscript.exe
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptnet.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\datime.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\danim.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\diantz.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\devenum.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\defrag.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dmband.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dmadmin.exe
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dllhost.exe
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dispex.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\diskcopy.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dinput.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\digest.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmime.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drprov.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drmstor.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drmclien.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsound.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dskquoui.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\duser.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dswave.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dssec.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\eventlog.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\esent.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\es.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\els.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxmasf.dll

blueice

Nov 2 2009, 08:01 AM

2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\forcedos.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fontview.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fontext.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\findstr.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\feclient.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\exts.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hlink.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hid.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hhsetup.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\help.exe
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\glu32.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\icmp.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\icm32.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\htui.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\idq.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imm32.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imapi.exe
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\ils.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\iexpress.exe
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\ipmontr.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inseng.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\input.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\initpki.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetres.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\itss.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\itircl.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\isign32.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\irmon.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\irftp.exe
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\ipxwan.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\kbdnec.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jscript.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jgpl400.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jgdw400.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\magnify.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\lsass.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\lpk.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\logonui.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\logagent.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\localui.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\localsec.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\loadperf.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\linkinfo.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\licdll.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\laprxy.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\miglibnt.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\midimap.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfc42u.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfc40u.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\makecab.exe
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmcshext.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmc.exe
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mlang.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mimefilt.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mpr.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\moricons.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\more.com
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\modemui.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msdart.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msctfp.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msctf.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msconf.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mscms.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msafd.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mprdim.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\mshta.exe
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msgina.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msexcl40.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msexch40.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msidle.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msident.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msi.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-11-01 19:07:11 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-11-01 19:07:11 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-11-01 19:07:11 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjter40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjint40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjet40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msisip.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msiregmv.exe
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msimtf.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msnetobj.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msltus40.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msjtes40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrepl40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrating.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\mspmsp.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\mspbde40.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstime.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstext40.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstask.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\msscp.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcrt.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msutb.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswsock.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswmdm.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswdat10.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxml.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxbde40.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\mswstr10.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\net1.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\net.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\narrator.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netrap.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netman.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netlogon.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netid.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netdde.exe
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\npptools.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\notepad.exe
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\newdev.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netui1.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netui0.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netstat.exe
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netshell.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netsh.exe
2009-11-01 19:07:01 ----A---- C:\WINDOWS\notepad.exe
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\occache.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\objsel.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\oakley.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcji32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\ocmanage.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\packager.exe
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\osk.exe
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\oledlg.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\olecli32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\ole32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\polstore.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\ping.exe
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pid.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfos.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfnet.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pdh.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\psbase.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\psapi.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\proquota.exe
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\progman.exe
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\profmap.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qedit.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qdv.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qcap.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qasf.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\query.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\quartz.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rcp.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rastls.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\raschap.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\riched20.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rexec.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\resutils.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regsvr32.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regsvc.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regapi.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\reg.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\scecli.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\runonce.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rundll32.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsh.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sfc.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\setup.exe
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sethc.exe
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sens.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\security.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\secur32.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-11-01 19:06:49 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2009-11-01 19:06:49 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-11-01 19:06:48 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-11-01 19:06:48 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-11-01 19:06:47 ----A---- C:\WINDOWS\system32\shell32.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\slbiop.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\slayerxp.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\skeys.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\sigverif.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\sigtab.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shutdown.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shsvcs.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shrpubw.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shmgrate.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shmedia.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shgina.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\srclient.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\spoolsv.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\spoolss.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\spider.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sort.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\snmpapi.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2009-11-01 19:06:44 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2009-11-01 19:06:44 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2009-11-01 19:06:44 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-11-01 19:06:44 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\svchost.exe
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\storprop.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\stobject.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\stimon.exe
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\sti_ci.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\sti.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\stclient.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\tapi32.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\tapi3.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\syncui.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\synceng.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\sxs.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tsddd.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\trkwks.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tree.com
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tracert.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tourstart.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\themeui.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\termmgr.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\telnet.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tcpmon.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tcpmib.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\taskmgr.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tapisrv.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\url.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\ups.exe
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnpui.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnphost.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnpcont.exe
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnp.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\uniplat.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\unimdmat.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\umandlg.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\udhisapi.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\txflog.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\utilman.exe
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\usp10.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\userenv.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\user32.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\usbui.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\usbmon.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\webvw.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\webclnt.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\wavemsp.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\w32time.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vssvc.exe
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vssapi.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\version.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\verifier.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vdmredir.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiaservc.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiascr.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiadss.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiadefui.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wextract.exe
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winscard.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winrnr.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winntbbu.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winmm.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winlogon.exe
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winipsec.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\wininet.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\wiavideo.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\wlnotify.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\wldap32.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\winver.exe
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\wintrust.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\winsta.dll
2009-11-01 19:06:34 ----A---- C:\WINDOWS\system32\wmasf.dll
2009-11-01 19:06:34 ----A---- C:\WINDOWS\system32\wmadmoe.dll
2009-11-01 19:06:34 ----A---- C:\WINDOWS\system32\wmadmod.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmstream.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpui.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpshell.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmploc.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpcore.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpcd.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmi.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmdmps.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wship6.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wshext.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wshcon.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wscript.exe
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\ws2help.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\ws2_32.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wpabaln.exe
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wow32.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wmvcore.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\zipfldr.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\xcopy.exe
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\xactsrv.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wsock32.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wshrm.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-11-01 19:06:29 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-11-01 19:06:29 ----A---- C:\WINDOWS\system32\autochk.exe
2009-11-01 19:06:29 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\format.com
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\cmd.exe
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\cacls.exe
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\locator.exe
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\localspl.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ftp.exe
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasman.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\printui.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\services.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\schannel.dll
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\savedump.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\samlib.dll
2009-11-01 19:06:24 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-11-01 19:06:24 ----A---- C:\WINDOWS\system32\smss.exe
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\userinit.exe
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\untfs.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\ulib.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\mspmspsv.dll
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\hal.dll
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\asfsipc.dll
2009-11-01 19:05:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-01 18:51:57 ----D---- C:\c54a6d05e83307ead7db2bd86b09
2009-11-01 11:22:32 ----D---- C:\Program Files\CCleaner
2009-10-31 20:28:08 ----D---- C:\ecdf583faca82bc123a6e40196
2009-10-31 19:26:53 ----D---- C:\a8a4fdb52b43ca7799
2009-10-31 17:43:03 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-31 15:30:46 ----D---- C:\809ce48a9298ca6fef
2009-10-31 15:30:22 ----D---- C:\036cf94b026c6c1a2abf5f9e
2009-10-31 15:11:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-31 15:10:30 ----D---- C:\Program Files\Lavasoft
2009-10-31 14:08:59 ----SHD---- C:\Config.Msi
2009-10-31 13:36:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-31 13:07:20 ----D---- C:\79dbf129e5766d58c21d
2009-10-31 12:49:11 ----D---- C:\a77b669a6bc9a21afaf97f36b4e048f5
2009-10-31 12:40:48 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-10-31 12:34:57 ----D---- C:\272288eb39584362c97bff20419ad220
2009-10-30 09:36:53 ----D---- C:\WINDOWS\system32\appmgmt
2009-10-30 09:33:26 ----D---- C:\WINDOWS\OvtCam
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\java.exe
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-11-02 14:47:17 ----D---- C:\WINDOWS\Prefetch
2009-11-02 14:47:14 ----D---- C:\WINDOWS\Temp
2009-11-02 14:34:22 ----D---- C:\WINDOWS
2009-11-02 14:24:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-02 14:23:21 ----D---- C:\WINDOWS\system32
2009-11-02 14:19:03 ----D---- C:\WINDOWS\Minidump
2009-11-02 10:45:07 ----D---- C:\WINDOWS\system32\drivers
2009-11-02 00:32:01 ----RD---- C:\Program Files
2009-11-02 00:27:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-01 23:36:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-01 23:04:08 ----HD---- C:\WINDOWS\inf
2009-11-01 22:57:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-01 21:41:57 ----D---- C:\WINDOWS\security
2009-11-01 19:23:02 ----RD---- C:\WINDOWS\Web
2009-11-01 19:23:02 ----D---- C:\WINDOWS\system32\wbem
2009-11-01 19:22:57 ----D---- C:\WINDOWS\system32\usmt
2009-11-01 19:22:56 ----D---- C:\WINDOWS\system32\Setup
2009-11-01 19:22:54 ----D---- C:\WINDOWS\system32\Restore
2009-11-01 19:22:54 ----D---- C:\WINDOWS\system32\oobe
2009-11-01 19:22:53 ----D---- C:\WINDOWS\system32\npp
2009-11-01 19:20:09 ----D---- C:\WINDOWS\system32\Com
2009-11-01 19:18:14 ----D---- C:\WINDOWS\system
2009-11-01 19:18:14 ----D---- C:\WINDOWS\srchasst
2009-11-01 19:18:13 ----D---- C:\WINDOWS\PeerNet
2009-11-01 19:18:12 ----D---- C:\WINDOWS\mui
2009-11-01 19:18:11 ----D---- C:\WINDOWS\msagent
2009-11-01 19:18:02 ----D---- C:\WINDOWS\ime
2009-11-01 19:18:01 ----D---- C:\WINDOWS\Help
2009-11-01 19:17:59 ----RSD---- C:\WINDOWS\Fonts
2009-11-01 19:17:59 ----D---- C:\WINDOWS\AppPatch
2009-11-01 19:17:54 ----D---- C:\Program Files\Windows NT
2009-11-01 19:17:54 ----D---- C:\Program Files\Windows Media Player
2009-11-01 19:17:52 ----D---- C:\Program Files\Outlook Express
2009-11-01 19:17:51 ----D---- C:\Program Files\NetMeeting
2009-11-01 19:17:49 ----D---- C:\Program Files\Movie Maker
2009-11-01 19:17:46 ----D---- C:\Program Files\Messenger
2009-11-01 19:17:44 ----D---- C:\Program Files\Internet Explorer
2009-11-01 19:17:39 ----D---- C:\Program Files\Common Files\System
2009-11-01 19:12:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-01 19:05:45 ----D---- C:\WINDOWS\ehome
2009-11-01 11:24:43 ----D---- C:\WINDOWS\Debug
2009-11-01 11:21:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-01 11:21:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-31 15:15:21 ----SD---- C:\WINDOWS\Tasks
2009-10-31 15:14:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-31 15:11:23 ----SHD---- C:\WINDOWS\Installer
2009-10-31 13:36:07 ----D---- C:\WINDOWS\WinSxS
2009-10-30 11:13:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-30 11:12:59 ----D---- C:\Program Files\SpywareBlaster
2009-10-30 10:23:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-30 09:36:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-30 09:33:26 ----D---- C:\WINDOWS\twain_32
2009-10-28 09:09:25 ----D---- C:\Program Files\Java
2009-10-26 11:32:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\System32\Drivers\ino_fltr.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 NIOC;NIOC Service; \??\C:\WINDOWS\System32\NIOC.SYS []
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
R3 catchme;catchme; \??\C:\DOCUME~1\Rute\LOCALS~1\Temp\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 OVT511Plus;Dual Mode USB Camera Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-06-04 319104]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-02-28 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-02-28 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-02-28 10880]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver; C:\WINDOWS\System32\DRIVERS\NETDLWL.SYS [2003-07-14 159104]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2006-02-28 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2006-02-28 15360]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 InoRPC;eTrust Antivirus RPC Server; C:\Program Files\CA\eTrust Antivirus\InoRpc.exe [2003-02-13 144864]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Program Files\CA\eTrust Antivirus\InoRT.exe [2003-02-13 230880]
R2 InoTask;eTrust Antivirus Job Server; C:\Program Files\CA\eTrust Antivirus\InoTask.exe [2003-02-13 234976]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-28 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-31 1179232]
R2 LogWatch;Event Log Watch; C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R2 WZCBDLService;WZCBDL Service; C:\Program Files\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\System32\brsvc01a.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 CA_LIC_CLNT;CA License Client; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-20 138168]

-----------------EOF-----------------

blueice

Nov 2 2009, 08:11 AM

QUOTE(Ironbender @ Nov 2 2009, 01:35 PM)

Better your Bazilian wife and you change ALL your IDs and passwords as soon as you can.

Do you think is could have effected my system as well????

It does run on the same network. How could I check? Run HJT and post the log?

Ironbender

Nov 2 2009, 10:29 AM

Not sure... we will check it later, on a new thread. The system looks much better now but a lot of critical files seems to have been modified in the last month. Some of the rootkit agent entries are still showing. It may be more stable than before as well.

Run Ccleaner again. Don't forget to uncheck "Only delete files in Windows Temp folders older than 48 hours" under <options/advanced>

Download Combofix to your desktop by clicking here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Disconnect from the internet (unplug the cable), close all windows and any program on your system tray, including your antivirus. Do not mouseclick or type anything while combofix is running. That may cause it to stall.

You can safely ignore warnings about not having the recovery console installed. Run it only once !

Post the ComboFix report along with a fresh RSIT log.

Chris

blueice

Nov 2 2009, 01:02 PM

The ComboFix report (the computer crashed durring the scan the first time. Second time it managed a full run.; -
ComboFix 09-11-01.04 - Rute 02/11/2009 19:40.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.256 [GMT 0:00]
Running from: c:\documents and settings\Rute\My Documents\1812\SpyWare\ComboFix\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\_004668_.tmp.dll
c:\windows\system32\_004669_.tmp.dll
c:\windows\system32\_004670_.tmp.dll
c:\windows\system32\_004671_.tmp.dll
c:\windows\system32\_004678_.tmp.dll
c:\windows\system32\_004679_.tmp.dll
c:\windows\system32\_004680_.tmp.dll
c:\windows\system32\_004681_.tmp.dll
c:\windows\system32\_004683_.tmp.dll
c:\windows\system32\_004684_.tmp.dll
c:\windows\system32\_004687_.tmp.dll
c:\windows\system32\_004688_.tmp.dll
c:\windows\system32\_004690_.tmp.dll
c:\windows\system32\_004691_.tmp.dll
c:\windows\system32\_004692_.tmp.dll
c:\windows\system32\_004694_.tmp.dll
c:\windows\system32\_004697_.tmp.dll
c:\windows\system32\_004698_.tmp.dll
c:\windows\system32\_004702_.tmp.dll
c:\windows\system32\_004703_.tmp.dll
c:\windows\system32\_004705_.tmp.dll
c:\windows\system32\_004708_.tmp.dll
c:\windows\system32\_004710_.tmp.dll
c:\windows\system32\_004711_.tmp.dll
c:\windows\system32\_004712_.tmp.dll
c:\windows\system32\_004713_.tmp.dll
c:\windows\system32\_004714_.tmp.dll
c:\windows\system32\_004717_.tmp.dll
c:\windows\system32\_004718_.tmp.dll
c:\windows\system32\_004719_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004726_.tmp.dll
c:\windows\system32\_004728_.tmp.dll
c:\windows\system32\bios_setup114.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDBGEVTSVC
-------\Legacy_SYSREST.SYS

((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 14:30 . 2009-11-02 14:31 -------- d-----w- c:\windows\ERUNT
2009-11-02 14:21 . 2009-11-02 14:45 -------- d-----w- C:\SDFix
2009-11-02 10:23 . 2009-11-02 10:25 -------- d-----w- C:\LinhaDefensiva
2009-11-02 00:32 . 2009-11-02 14:11 -------- d-----w- c:\program files\trend micro
2009-11-02 00:31 . 2009-11-02 00:32 -------- d-----w- C:\rsit
2009-11-01 22:38 . 2004-08-04 00:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-01 22:38 . 2001-08-17 22:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-01 22:38 . 2001-08-17 22:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-01 22:38 . 2001-08-17 22:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-01 22:38 . 2001-08-17 22:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-01 22:37 . 2001-08-17 22:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-01 22:37 . 2001-08-17 12:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-01 22:37 . 2004-08-03 22:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-11-01 22:37 . 2004-08-03 22:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-11-01 22:35 . 2004-08-03 22:29 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2009-11-01 22:34 . 2001-08-17 13:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2009-11-01 22:33 . 2001-08-17 22:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-11-01 22:32 . 2001-08-17 12:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-11-01 22:31 . 2001-08-17 22:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-01 22:30 . 2001-08-17 13:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-11-01 22:29 . 2001-08-17 22:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2009-11-01 22:28 . 2001-07-21 14:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-11-01 22:27 . 2001-08-17 12:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2009-11-01 22:26 . 2001-08-17 22:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-11-01 22:26 . 2001-08-17 12:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2009-11-01 22:26 . 2004-08-03 22:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2009-11-01 22:26 . 2004-08-03 23:04 30080 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2009-11-01 22:26 . 2001-08-17 12:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-11-01 22:26 . 2004-08-03 23:10 59648 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2009-11-01 22:26 . 2001-08-17 22:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2009-11-01 22:26 . 2004-08-03 22:41 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2009-11-01 22:26 . 2001-08-17 13:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-11-01 22:26 . 2001-08-17 13:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-11-01 22:26 . 2001-08-17 22:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-11-01 22:26 . 2001-08-17 13:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-11-01 22:26 . 2001-08-17 13:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2009-11-01 22:24 . 2001-08-17 14:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2009-11-01 22:23 . 2001-08-17 14:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-11-01 22:22 . 2001-08-17 12:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-11-01 22:21 . 2001-08-17 14:56 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2009-11-01 22:20 . 2001-08-17 14:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-11-01 22:20 . 2001-08-17 13:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-11-01 22:20 . 2001-08-17 13:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-11-01 22:20 . 2001-08-17 13:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-11-01 22:20 . 2001-08-17 13:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-11-01 22:20 . 2001-08-17 12:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-11-01 22:20 . 2001-08-17 14:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-11-01 22:20 . 2004-08-03 23:00 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-11-01 22:18 . 2004-08-03 22:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-11-01 22:18 . 2001-08-17 12:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2009-11-01 22:18 . 2001-08-17 12:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2009-11-01 22:18 . 2001-08-17 22:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-11-01 22:18 . 2001-08-17 22:36 242176 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2009-11-01 22:18 . 2001-08-17 22:36 45568 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2009-11-01 22:18 . 2001-08-17 22:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-01 22:18 . 2001-08-17 22:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-11-01 22:18 . 2004-08-03 22:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-01 22:18 . 2001-08-17 14:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-01 22:18 . 2001-08-17 14:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-11-01 22:18 . 2001-08-17 14:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-11-01 22:18 . 2001-08-17 14:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-01 22:17 . 2001-08-17 13:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-11-01 22:17 . 2001-08-17 13:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2009-11-01 22:17 . 2004-08-03 23:08 40832 -c--a-w- c:\windows\system32\dllcache\irbus.sys
2009-11-01 22:17 . 2001-08-17 12:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2009-11-01 22:17 . 2001-08-17 22:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2009-11-01 22:17 . 2001-08-17 13:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2009-11-01 22:17 . 2004-08-03 22:59 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2009-11-01 22:17 . 2001-08-17 13:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2009-11-01 22:17 . 2001-08-17 13:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2009-11-01 22:15 . 2004-08-03 22:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-11-01 22:15 . 2004-08-03 22:41 685056 -c--a-w- c:\windows\system32\dllcache\hsfcxts2.sys
2009-11-01 22:15 . 2004-08-04 00:56 32285 -c--a-w- c:\windows\system32\dllcache\hsfcisp2.dll
2009-11-01 22:15 . 2004-08-03 22:41 220032 -c--a-w- c:\windows\system32\dllcache\hsfbs2s2.sys
2009-11-01 22:15 . 2001-08-17 13:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2009-11-01 22:15 . 2001-08-17 13:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2009-11-01 22:15 . 2001-08-17 13:28 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2009-11-01 22:15 . 2001-08-17 13:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2009-11-01 22:15 . 2001-08-17 13:28 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2009-11-01 22:15 . 2001-08-17 13:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2009-11-01 22:15 . 2001-08-17 13:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2009-11-01 22:15 . 2001-08-17 22:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2009-11-01 22:13 . 2001-08-17 13:28 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2009-11-01 22:12 . 2001-08-17 12:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2009-11-01 22:11 . 2001-08-17 12:12 18503 -c--a-w- c:\windows\system32\dllcache\epro4.sys
2009-11-01 22:10 . 2001-08-17 12:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2009-11-01 22:09 . 2001-08-17 22:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-11-01 22:08 . 2004-08-03 23:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-11-01 22:07 . 2001-08-17 22:36 41472 -c--a-w- c:\windows\system32\dllcache\brmfusb.dll
2009-11-01 22:06 . 2004-08-03 22:29 11615 -c--a-w- c:\windows\system32\dllcache\ati1mdxx.sys
2009-11-01 22:05 . 2001-08-17 14:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-11-01 22:04 . 2004-08-03 23:18 2148352 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-01 19:15 . 2007-08-10 20:46 33656 ----a-w- c:\windows\system32\sprecovr.exe
2009-11-01 19:10 . 2006-02-28 12:00 98304 -c--a-w- c:\windows\system32\dllcache\wmpband.dll
2009-11-01 19:10 . 2006-02-28 12:00 786432 -c--a-w- c:\windows\system32\dllcache\migrate.exe
2009-11-01 19:10 . 2006-02-28 12:00 368640 -c--a-w- c:\windows\system32\dllcache\mpvis.dll
2009-11-01 19:10 . 2006-02-28 12:00 221184 -c--a-w- c:\windows\system32\dllcache\wmpns.dll
2009-11-01 19:10 . 2006-02-28 12:00 1001472 -c--a-w- c:\windows\system32\dllcache\wmvdmoe2.dll
2009-11-01 19:10 . 2006-02-28 12:00 1001472 ----a-w- c:\windows\system32\wmvdmoe2.dll
2009-11-01 19:10 . 2006-02-28 12:00 896512 -c--a-w- c:\windows\system32\dllcache\wmspdmoe.dll
2009-11-01 19:10 . 2006-02-28 12:00 896512 ----a-w- c:\windows\system32\wmspdmoe.dll
2009-11-01 19:10 . 2006-02-28 12:00 484864 -c--a-w- c:\windows\system32\dllcache\wmspdmod.dll
2009-11-01 19:10 . 2006-02-28 12:00 484864 ----a-w- c:\windows\system32\wmspdmod.dll
2009-11-01 19:10 . 2006-02-28 12:00 1119744 -c--a-w- c:\windows\system32\dllcache\wmsdmoe2.dll
2009-11-01 19:10 . 2006-02-28 12:00 1119744 ----a-w- c:\windows\system32\wmsdmoe2.dll
2009-11-01 19:08 . 2006-02-28 12:00 96768 -c--a-w- c:\windows\system32\dllcache\dpcdll.dll
2009-11-01 19:07 . 2006-02-28 12:00 84992 -c--a-w- c:\windows\system32\dllcache\wabimp.dll
2009-11-01 19:06 . 2006-02-28 12:00 94208 -c--a-w- c:\windows\system32\dllcache\odbcint.dll
2009-11-01 18:51 . 2009-11-01 18:56 -------- d-----w- C:\c54a6d05e83307ead7db2bd86b09
2009-11-01 11:22 . 2009-11-01 11:22 -------- d-----w- c:\program files\CCleaner
2009-10-31 20:28 . 2009-10-31 20:34 -------- d-----w- C:\ecdf583faca82bc123a6e40196
2009-10-31 19:26 . 2009-10-31 19:31 -------- d-----w- C:\a8a4fdb52b43ca7799
2009-10-31 17:43 . 2009-10-31 15:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-31 15:30 . 2009-10-31 15:30 -------- d-----w- C:\809ce48a9298ca6fef
2009-10-31 15:30 . 2009-10-31 15:30 -------- d-----w- C:\036cf94b026c6c1a2abf5f9e
2009-10-31 15:14 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-31 15:11 . 2009-10-31 15:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-31 15:10 . 2009-10-31 15:10 -------- d-----w- c:\program files\Lavasoft
2009-10-31 14:16 . 2009-10-31 14:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-31 14:11 . 2009-10-31 14:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-10-31 14:11 . 2009-10-31 14:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-10-31 13:36 . 2009-10-31 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-31 13:07 . 2009-10-31 13:12 -------- d-----w- C:\79dbf129e5766d58c21d
2009-10-31 12:49 . 2009-10-31 12:49 -------- d-----w- C:\a77b669a6bc9a21afaf97f36b4e048f5
2009-10-31 12:40 . 2009-11-01 22:55 -------- d-----w- c:\windows\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 11:21 . 2008-08-18 11:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 11:21 . 2008-08-18 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-30 11:13 . 2008-08-18 09:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 11:12 . 2008-08-18 09:34 -------- d-----w- c:\program files\SpywareBlaster
2009-10-30 10:23 . 2008-08-18 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 09:09 . 2008-01-12 10:50 -------- d-----w- c:\program files\Java
2009-09-25 18:50 . 2009-09-25 18:49 79 ----a-w- C:\adobereader.bat
2009-09-10 14:54 . 2008-08-18 10:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2008-08-18 10:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2003-02-13 493024]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 2695168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-28 149280]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cloudmark Desktop for Outlook Express.lnk - c:\windows\Installer\{5B0A00E4-2F9F-49C7-B9A1-9A8E136E8869}\SC_1.ico [2007-8-27 3638]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd27.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R?2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [19/03/2002 11:15 36864]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31/10/2009 15:14 64288]
R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [20/09/2002 16:29 53248]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [27/09/2002 17:21 22912]
S0 Cxq69;Cxq69; [x]
S0 Winkp62;Winkp62;c:\windows\system32\Drivers\Winkp62.sys --> c:\windows\system32\Drivers\Winkp62.sys [?]
S0 Winot52;Winot52;c:\windows\system32\Drivers\Winot52.sys --> c:\windows\system32\Drivers\Winot52.sys [?]
S0 Winwd27;Winwd27;c:\windows\system32\Drivers\Winwd27.sys --> c:\windows\system32\Drivers\Winwd27.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1179232]
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [20/09/2002 16:27 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20/09/2002 16:41 77824]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [27/08/2007 06:00 159104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:13]

2009-11-02 c:\windows\Tasks\Every week.job
- c:\windows\system32\ntbackup.exe [2009-11-01 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 19:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1324)
c:\documents and settings\Rute\Local Settings\Application Data\Cloudmark\SpamNet\snoew32h_1.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-11-02 19:47
ComboFix-quarantined-files.txt 2009-11-02 19:47

Pre-Run: 27,807,186,944 bytes free
Post-Run: 27,777,159,168 bytes free

- - End Of File - - 5B22E68439ECD08BCD2C7AE01D1BA63D

Fresh RSIT log:-

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rute at 2009-11-02 19:49:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (69%) free of 38 GB
Total RAM: 502 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:27, on 02/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Rute\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rute.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199792268796
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\System32\brsvc01a.exe (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 5884 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Every week.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-02-13 493024]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"D-Link Air Utility"=C:\Program Files\D-Link\Air Utility\AirCFG.exe [2003-06-26 2695168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-28 149280]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-07-22 1519616]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Cloudmark Desktop for Outlook Express.lnk - C:\WINDOWS\Installer\{5B0A00E4-2F9F-49C7-B9A1-9A8E136E8869}\SC_1.ico
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-02-28 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp62.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot52.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd27.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winkp62.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winot52.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winwd27.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-11-02 19:47:56 ----D---- C:\WINDOWS\temp
2009-11-02 19:47:54 ----A---- C:\ComboFix.txt
2009-11-02 19:47:53 ----A---- C:\log.txt
2009-11-02 19:24:25 ----A---- C:\WINDOWS\zip.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\SWSC.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\SWREG.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\sed.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\PEV.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\MBR.exe
2009-11-02 19:24:25 ----A---- C:\WINDOWS\grep.exe
2009-11-02 19:24:20 ----D---- C:\WINDOWS\ERDNT
2009-11-02 19:23:16 ----D---- C:\Qoobox
2009-11-02 14:30:59 ----D---- C:\WINDOWS\ERUNT
2009-11-02 14:21:25 ----D---- C:\SDFix
2009-11-02 10:45:07 ----D---- C:\Avenger
2009-11-02 10:45:06 ----A---- C:\avenger.txt
2009-11-02 10:23:58 ----D---- C:\LinhaDefensiva
2009-11-02 00:32:01 ----D---- C:\Program Files\trend micro
2009-11-02 00:31:58 ----D---- C:\rsit
2009-11-01 19:16:40 ----A---- C:\WINDOWS\system32\SET145.tmp
2009-11-01 19:16:37 ----D---- C:\WINDOWS\network diagnostic
2009-11-01 19:15:39 ----A---- C:\WINDOWS\system32\sprecovr.exe
2009-11-01 19:12:33 ----A---- C:\WINDOWS\002988_.tmp
2009-11-01 19:10:01 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2009-11-01 19:10:00 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2009-11-01 19:09:59 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmpasf.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmp.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmidx.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\wmerror.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2009-11-01 19:09:59 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-11-01 19:09:47 ----A---- C:\WINDOWS\system32\bthci.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\wshbth.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-11-01 19:09:46 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-11-01 19:09:27 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-11-01 19:09:25 ----A---- C:\WINDOWS\system32\spiisupd.exe
2009-11-01 19:09:18 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2009-11-01 19:08:59 ----A---- C:\WINDOWS\system32\secedit.exe
2009-11-01 19:08:59 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-11-01 19:08:57 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-11-01 19:08:55 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-11-01 19:08:55 ----A---- C:\WINDOWS\system32\encdec.dll
2009-11-01 19:08:54 ----N---- C:\WINDOWS\system32\wscntfy.exe
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-11-01 19:08:54 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-11-01 19:08:53 ----A---- C:\WINDOWS\system32\w3ssl.dll
2009-11-01 19:08:53 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-11-01 19:08:52 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\sbe.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-11-01 19:08:51 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-11-01 19:08:50 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-11-01 19:08:49 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-11-01 19:08:49 ----A---- C:\WINDOWS\system32\smbinst.exe
2009-11-01 19:08:48 ----A---- C:\WINDOWS\system32\iuengine.dll
2009-11-01 19:08:48 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-11-01 19:08:47 ----A---- C:\WINDOWS\system32\mssap.dll
2009-11-01 19:08:47 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-11-01 19:08:46 ----N---- C:\WINDOWS\system32\xmlprov.dll
2009-11-01 19:08:46 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\twext.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\spnpinst.exe
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-11-01 19:08:46 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-11-01 19:08:45 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-11-01 19:08:44 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\p2p.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\encapi.dll
2009-11-01 19:08:43 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-11-01 19:08:42 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\gpresult.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\eventcreate.exe
2009-11-01 19:08:41 ----A---- C:\WINDOWS\system32\driverquery.exe
2009-11-01 19:08:40 ----N---- C:\WINDOWS\system32\appmgmts.dll
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\systeminfo.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\schtasks.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\openfiles.exe
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\appmgr.dll
2009-11-01 19:08:40 ----A---- C:\WINDOWS\system32\adsnw.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\gpedit.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\getmac.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\fdeploy.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\fde.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\efsadu.dll
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\cipher.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\bootcfg.exe
2009-11-01 19:08:39 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2009-11-01 19:08:38 ----A---- C:\WINDOWS\system32\gptext.dll
2009-11-01 19:08:37 ----A---- C:\WINDOWS\system32\logman.exe
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqise.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-11-01 19:08:36 ----A---- C:\WINDOWS\system32\mqad.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\nwwks.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\nwapi32.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\ntbackup.exe
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqutil.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqtrig.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqsvc.exe
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqsnap.dll
2009-11-01 19:08:35 ----A---- C:\WINDOWS\system32\mqsec.dll
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tracerpt.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\tasklist.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\taskkill.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\rsnotify.exe
2009-11-01 19:08:34 ----A---- C:\WINDOWS\system32\proxycfg.exe
2009-11-01 19:08:33 ----A---- C:\WINDOWS\system32\wsecedit.dll
2009-11-01 19:07:50 ----N---- C:\WINDOWS\explorer.exe
2009-11-01 19:07:49 ----A---- C:\WINDOWS\winhlp32.exe
2009-11-01 19:07:49 ----A---- C:\WINDOWS\twain_32.dll
2009-11-01 19:07:49 ----A---- C:\WINDOWS\regedit.exe
2009-11-01 19:07:49 ----A---- C:\WINDOWS\hh.exe
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\activeds.dll
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\aclui.dll
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-11-01 19:07:47 ----A---- C:\WINDOWS\system32\6to4svc.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\amstream.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\alg.exe
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\ahui.exe
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\advpack.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsldpc.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\admparse.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-11-01 19:07:46 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\atl.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\at.exe
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\asferror.dll
2009-11-01 19:07:45 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-11-01 19:07:44 ----N---- C:\WINDOWS\system32\browser.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\cabview.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browseui.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\browselc.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\blackbox.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\batt.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\batmeter.dll

blueice

Nov 2 2009, 01:03 PM

2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\authz.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\attrib.exe
2009-11-01 19:07:44 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\certcli.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\capesnpn.dll
2009-11-01 19:07:43 ----A---- C:\WINDOWS\system32\camocx.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cisvc.exe
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cic.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-11-01 19:07:42 ----A---- C:\WINDOWS\system32\cewmdm.dll
2009-11-01 19:07:41 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-11-01 19:07:41 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comres.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\compstui.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\compatui.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\colbact.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cnbjmon2.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-11-01 19:07:40 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\credui.dll
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\corpol.dll
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\conime.exe
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\confmsp.dll
2009-11-01 19:07:39 ----A---- C:\WINDOWS\system32\comuid.dll
2009-11-01 19:07:38 ----N---- C:\WINDOWS\system32\ctfmon.exe
2009-11-01 19:07:38 ----N---- C:\WINDOWS\system32\cryptsvc.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\csrss.exe
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cscui.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cscript.exe
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptnet.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-11-01 19:07:38 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\datime.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\danim.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-11-01 19:07:37 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\diantz.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\devenum.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\defrag.exe
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-11-01 19:07:36 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dmband.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dmadmin.exe
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dllhost.exe
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dispex.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\diskcopy.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\dinput.dll
2009-11-01 19:07:35 ----A---- C:\WINDOWS\system32\digest.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmime.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2009-11-01 19:07:34 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drprov.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drmstor.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\drmclien.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-11-01 19:07:33 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsound.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dskquoui.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-11-01 19:07:32 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\duser.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dswave.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-11-01 19:07:31 ----A---- C:\WINDOWS\system32\dssec.dll
2009-11-01 19:07:30 ----N---- C:\WINDOWS\system32\eventlog.dll
2009-11-01 19:07:30 ----N---- C:\WINDOWS\system32\es.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\esent.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\els.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxmasf.dll
2009-11-01 19:07:30 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\forcedos.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fontview.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fontext.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\findstr.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\feclient.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\exts.dll
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-11-01 19:07:29 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hlink.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hid.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\hhsetup.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\help.exe
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-11-01 19:07:28 ----A---- C:\WINDOWS\system32\glu32.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\icmp.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\icm32.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\htui.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-11-01 19:07:27 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\idq.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-11-01 19:07:26 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-11-01 19:07:25 ----N---- C:\WINDOWS\system32\imm32.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\imapi.exe
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\ils.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-11-01 19:07:25 ----A---- C:\WINDOWS\system32\iexpress.exe
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\ipmontr.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inseng.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\input.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\initpki.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetres.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-11-01 19:07:24 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2009-11-01 19:07:23 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\itss.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\itircl.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\isign32.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\irmon.dll
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\irftp.exe
2009-11-01 19:07:22 ----A---- C:\WINDOWS\system32\ipxwan.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\kbdnec.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jscript.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jgpl400.dll
2009-11-01 19:07:21 ----A---- C:\WINDOWS\system32\jgdw400.dll
2009-11-01 19:07:20 ----N---- C:\WINDOWS\system32\lsass.exe
2009-11-01 19:07:20 ----N---- C:\WINDOWS\system32\lpk.dll
2009-11-01 19:07:20 ----N---- C:\WINDOWS\system32\linkinfo.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\magnify.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\logonui.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\logagent.exe
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\localui.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\localsec.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\loadperf.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\licdll.dll
2009-11-01 19:07:20 ----A---- C:\WINDOWS\system32\laprxy.dll
2009-11-01 19:07:19 ----N---- C:\WINDOWS\system32\mfc40u.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\miglibnt.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\midimap.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfc42u.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-11-01 19:07:19 ----A---- C:\WINDOWS\system32\makecab.exe
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmcshext.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mmc.exe
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mlang.dll
2009-11-01 19:07:18 ----A---- C:\WINDOWS\system32\mimefilt.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mpr.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\moricons.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\more.com
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\modemui.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-11-01 19:07:17 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msdart.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msctfp.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msctf.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msconf.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mscms.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msafd.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-11-01 19:07:16 ----A---- C:\WINDOWS\system32\mprdim.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-11-01 19:07:15 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\mshta.exe
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msgina.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msexcl40.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msexch40.dll
2009-11-01 19:07:14 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-11-01 19:07:12 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msidle.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msident.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\msi.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-11-01 19:07:12 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-11-01 19:07:11 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-11-01 19:07:11 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-11-01 19:07:11 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjter40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjint40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msjet40.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msisip.dll
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msiregmv.exe
2009-11-01 19:07:10 ----A---- C:\WINDOWS\system32\msimtf.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msnetobj.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msltus40.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-11-01 19:07:09 ----A---- C:\WINDOWS\system32\msjtes40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrepl40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msrating.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\mspmsp.dll
2009-11-01 19:07:08 ----A---- C:\WINDOWS\system32\mspbde40.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstime.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstext40.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\mstask.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\msscp.dll
2009-11-01 19:07:07 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-11-01 19:07:06 ----N---- C:\WINDOWS\system32\msvcrt.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\msutb.dll
2009-11-01 19:07:06 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-11-01 19:07:05 ----N---- C:\WINDOWS\system32\mswsock.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswmdm.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\mswdat10.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-11-01 19:07:05 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxml.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\msxbde40.dll
2009-11-01 19:07:04 ----A---- C:\WINDOWS\system32\mswstr10.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\net1.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\net.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\narrator.exe
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-11-01 19:07:03 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-11-01 19:07:02 ----N---- C:\WINDOWS\system32\netman.dll
2009-11-01 19:07:02 ----N---- C:\WINDOWS\system32\netlogon.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netrap.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netid.dll
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netdde.exe
2009-11-01 19:07:02 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\npptools.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\notepad.exe
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\newdev.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netui1.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netui0.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netstat.exe
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netshell.dll
2009-11-01 19:07:01 ----A---- C:\WINDOWS\system32\netsh.exe
2009-11-01 19:07:01 ----A---- C:\WINDOWS\notepad.exe
2009-11-01 19:07:00 ----N---- C:\WINDOWS\system32\ntmssvc.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\occache.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\objsel.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\oakley.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-11-01 19:07:00 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcji32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-11-01 19:06:59 ----A---- C:\WINDOWS\system32\ocmanage.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\packager.exe
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\osk.exe
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\oledlg.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\olecli32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\ole32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-11-01 19:06:58 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\polstore.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\ping.exe
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pid.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfos.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfnet.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pdh.dll
2009-11-01 19:06:57 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-11-01 19:06:56 ----N---- C:\WINDOWS\system32\powrprof.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\psbase.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\psapi.dll
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\proquota.exe
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\progman.exe
2009-11-01 19:06:56 ----A---- C:\WINDOWS\system32\profmap.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qedit.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qdv.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qcap.dll
2009-11-01 19:06:55 ----A---- C:\WINDOWS\system32\qasf.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\query.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\quartz.dll
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-11-01 19:06:54 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rcp.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rastls.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\raschap.dll
2009-11-01 19:06:53 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-11-01 19:06:52 ----N---- C:\WINDOWS\system32\regsvc.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\riched20.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rexec.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\resutils.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regsvr32.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\regapi.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\reg.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-11-01 19:06:52 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-11-01 19:06:51 ----N---- C:\WINDOWS\system32\scecli.dll
2009-11-01 19:06:51 ----N---- C:\WINDOWS\system32\rpcss.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\runonce.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rundll32.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsh.exe
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-11-01 19:06:51 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-11-01 19:06:50 ----N---- C:\WINDOWS\system32\sfc.dll
2009-11-01 19:06:50 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\setup.exe
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sethc.exe
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sens.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\security.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\secur32.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-11-01 19:06:50 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-11-01 19:06:49 ----N---- C:\WINDOWS\system32\sfcfiles.dll
2009-11-01 19:06:49 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-11-01 19:06:48 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-11-01 19:06:48 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-11-01 19:06:47 ----A---- C:\WINDOWS\system32\shell32.dll
2009-11-01 19:06:46 ----N---- C:\WINDOWS\system32\shsvcs.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\slbiop.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\slayerxp.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\skeys.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\sigverif.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\sigtab.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shutdown.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shrpubw.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shmgrate.exe
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shmedia.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shgina.dll
2009-11-01 19:06:46 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-11-01 19:06:45 ----N---- C:\WINDOWS\system32\spoolsv.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\srclient.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\spoolss.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\spider.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sort.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\snmpapi.dll
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-11-01 19:06:45 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2009-11-01 19:06:44 ----N---- C:\WINDOWS\system32\ssdpsrv.dll
2009-11-01 19:06:44 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-11-01 19:06:44 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2009-11-01 19:06:44 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-11-01 19:06:43 ----N---- C:\WINDOWS\system32\svchost.exe
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\storprop.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\stobject.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\stimon.exe
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\sti_ci.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\sti.dll
2009-11-01 19:06:43 ----A---- C:\WINDOWS\system32\stclient.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\tapi32.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\tapi3.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\syncui.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\synceng.dll
2009-11-01 19:06:42 ----A---- C:\WINDOWS\system32\sxs.dll
2009-11-01 19:06:41 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-11-01 19:06:41 ----N---- C:\WINDOWS\system32\tapisrv.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tsddd.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\trkwks.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tree.com
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tracert.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tourstart.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\themeui.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\termmgr.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\telnet.exe
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tcpmon.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\tcpmib.dll
2009-11-01 19:06:41 ----A---- C:\WINDOWS\system32\taskmgr.exe
2009-11-01 19:06:40 ----N---- C:\WINDOWS\system32\upnphost.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\url.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\ups.exe
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnpui.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnpcont.exe
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\upnp.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\uniplat.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\unimdmat.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\umandlg.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\udhisapi.dll
2009-11-01 19:06:40 ----A---- C:\WINDOWS\system32\txflog.dll
2009-11-01 19:06:39 ----N---- C:\WINDOWS\system32\user32.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\utilman.exe
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\usp10.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\userenv.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\usbui.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\usbmon.dll
2009-11-01 19:06:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\webvw.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\webclnt.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\wavemsp.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\w32time.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vssvc.exe
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vssapi.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\version.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\verifier.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vdmredir.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2009-11-01 19:06:38 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiaservc.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiascr.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiadss.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiadefui.dll
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-11-01 19:06:37 ----A---- C:\WINDOWS\system32\wextract.exe
2009-11-01 19:06:36 ----N---- C:\WINDOWS\system32\winlogon.exe
2009-11-01 19:06:36 ----N---- C:\WINDOWS\system32\wininet.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winscard.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winrnr.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winntbbu.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winmm.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\winipsec.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\wiavideo.dll
2009-11-01 19:06:36 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\wlnotify.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\wldap32.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\winver.exe
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\wintrust.dll
2009-11-01 19:06:35 ----A---- C:\WINDOWS\system32\winsta.dll
2009-11-01 19:06:34 ----A---- C:\WINDOWS\system32\wmasf.dll
2009-11-01 19:06:34 ----A---- C:\WINDOWS\system32\wmadmoe.dll
2009-11-01 19:06:34 ----A---- C:\WINDOWS\system32\wmadmod.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmstream.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpui.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpshell.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmploc.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpcore.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmpcd.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmi.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmdmps.dll
2009-11-01 19:06:33 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2009-11-01 19:06:32 ----N---- C:\WINDOWS\system32\ws2_32.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wship6.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wshext.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wshcon.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wscript.exe
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\ws2help.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wpabaln.exe
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wow32.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2009-11-01 19:06:32 ----A---- C:\WINDOWS\system32\wmvcore.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\zipfldr.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\xcopy.exe
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\xactsrv.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wsock32.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wshrm.dll
2009-11-01 19:06:31 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-11-01 19:06:29 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-11-01 19:06:29 ----A---- C:\WINDOWS\system32\autochk.exe
2009-11-01 19:06:29 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-11-01 19:06:28 ----N---- C:\WINDOWS\system32\comctl32.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\format.com
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\cmd.exe
2009-11-01 19:06:28 ----A---- C:\WINDOWS\system32\cacls.exe
2009-11-01 19:06:27 ----N---- C:\WINDOWS\system32\msgsvc.dll
2009-11-01 19:06:27 ----N---- C:\WINDOWS\system32\kernel32.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\locator.exe
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\localspl.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-11-01 19:06:27 ----A---- C:\WINDOWS\system32\ftp.exe
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasman.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\printui.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-11-01 19:06:26 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-11-01 19:06:25 ----N---- C:\WINDOWS\system32\services.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\schannel.dll
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\savedump.exe
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-11-01 19:06:25 ----A---- C:\WINDOWS\system32\samlib.dll
2009-11-01 19:06:24 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-11-01 19:06:24 ----A---- C:\WINDOWS\system32\smss.exe
2009-11-01 19:06:23 ----N---- C:\WINDOWS\system32\userinit.exe
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\untfs.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\ulib.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-11-01 19:06:23 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-11-01 19:06:17 ----N---- C:\WINDOWS\system32\ntoskrnl.exe
2009-11-01 19:06:17 ----N---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\mspmspsv.dll
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\hal.dll
2009-11-01 19:06:17 ----A---- C:\WINDOWS\system32\asfsipc.dll
2009-11-01 19:05:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-01 18:51:57 ----D---- C:\c54a6d05e83307ead7db2bd86b09
2009-11-01 11:22:32 ----D---- C:\Program Files\CCleaner
2009-10-31 20:28:08 ----D---- C:\ecdf583faca82bc123a6e40196
2009-10-31 19:26:53 ----D---- C:\a8a4fdb52b43ca7799
2009-10-31 17:43:03 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-31 15:30:46 ----D---- C:\809ce48a9298ca6fef
2009-10-31 15:30:22 ----D---- C:\036cf94b026c6c1a2abf5f9e
2009-10-31 15:11:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-31 15:10:30 ----D---- C:\Program Files\Lavasoft
2009-10-31 14:08:59 ----D---- C:\Config.Msi
2009-10-31 13:36:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-31 13:07:20 ----D---- C:\79dbf129e5766d58c21d
2009-10-31 12:49:11 ----D---- C:\a77b669a6bc9a21afaf97f36b4e048f5
2009-10-31 12:40:48 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-10-31 12:34:57 ----D---- C:\272288eb39584362c97bff20419ad220
2009-10-30 09:36:53 ----D---- C:\WINDOWS\system32\appmgmt
2009-10-30 09:33:26 ----D---- C:\WINDOWS\OvtCam
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\java.exe
2009-10-28 09:10:05 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-11-02 19:47:56 ----D---- C:\WINDOWS\Prefetch
2009-11-02 19:47:56 ----D---- C:\WINDOWS
2009-11-02 19:45:24 ----A---- C:\WINDOWS\system.ini
2009-11-02 19:43:57 ----D---- C:\WINDOWS\system32\drivers
2009-11-02 19:43:57 ----D---- C:\WINDOWS\system32
2009-11-02 19:43:57 ----D---- C:\WINDOWS\AppPatch
2009-11-02 19:43:47 ----D---- C:\Program Files\Common Files
2009-11-02 19:40:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-02 19:39:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-02 19:36:25 -

Ironbender

Nov 2 2009, 01:36 PM

Please run The Avenger again with the following script:

CODE

Files to delete:
c:\windows\system32\Drivers\Winkp62.sys
c:\windows\system32\Drivers\Winot52.sys
c:\windows\system32\Drivers\Winwd27.sys

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp62.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot52.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd27.sys

Click Execute.
Once done, post the Avenger log.

Let me know how is your system running.

Chris

<<Continued here: http://www.suggestafix.com/index.php?showtopic=34058>>

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.