Solved Another trojan-spy.win32.greenscreen victim

jimscriv · 2008/08/26

Logfile of random's system information tool (written by random/random)
Run by Owner at 2008-08-26 21:52:08
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 60 GB (53%) free of 113 GB
Total RAM: 2037 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:20 PM, on 8/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\NetZero\exec.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\dyxmxuzq.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\NetZero\exec.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.metacrawler.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StrCfg] C:\Windows\system32\dyxmxuzq.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: sysmsgact - {6D0BA031-1BCE-4963-0E89-036B60C40E3C} - C:\Program Files\yksbsib\sysmsgact.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9701 bytes

Scheduled tasks folder

C:\Windows\tasks\Norton Security Scan.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-07-06 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-03-02 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-03-02 2403392]
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - ZeroBar - C:\Program Files\NetZero\Toolbar.dll [2007-03-06 297456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "=C:\Windows\system32\igfxtray.exe [2007-01-31 131072]
"HotKeysCmds "=C:\Windows\system32\hkcmd.exe [2007-01-31 151552]
"Persistence "=C:\Windows\system32\igfxpers.exe [2007-01-31 126976]
"Camera Assistant Software "=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-02-13 405504]
"RtHDVCpl "=C:\Windows\RtHDVCpl.exe [2007-01-18 4349952]
"HWSetup "=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2006-11-01 413696]
"SVPWUTIL "=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-11-01 438272]
"KeNotify "=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
"NDSTray.exe "=NDSTray.exe []
"TPwrMain "=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-20 411768]
"HSON "=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"SmoothView "=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-01-19 448632]
"00TCrdMain "=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-01-17 534648]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-02-02 835584]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-07-06 1232152]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2006-11-10 417792]
"NetZero_uoltray "=C:\Program Files\NetZero\exec.exe [2007-03-06 1629184]
"ehTray.exe "=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"StrCfg "=C:\Windows\system32\dyxmxuzq.exe [2008-08-26 94208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-01-31 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
sysmsgact - {6D0BA031-1BCE-4963-0E89-036B60C40E3C} - C:\Program Files\yksbsib\sysmsgact.dll [2008-08-26 106496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"EnableUIADesktopToggle "=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe "= "C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine "
"C:\TOSHIBA\Ivp\ISM\pinger.exe "= "C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-08-26 21:52:08 ----D---- C:\rsit
2008-08-26 18:47:42 ----A---- C:\Windows\gmer.ini
2008-08-26 18:47:39 ----A---- C:\Windows\gmer_uninstall.cmd
2008-08-26 18:47:39 ----A---- C:\Windows\gmer.exe
2008-08-26 18:47:39 ----A---- C:\Windows\gmer.dll
2008-08-26 18:16:25 ----D---- C:\Windows\temp
2008-08-26 18:15:32 ----A---- C:\ComboFix.txt
2008-08-26 17:55:51 ----A---- C:\Windows\swreg.exe
2008-08-26 14:51:18 ----D---- C:\Program Files\yksbsib
2008-08-26 14:51:15 ----A---- C:\Windows\system32\dyxmxuzq.exe
2008-08-26 09:11:32 ----D---- C:\Windows\Minidump
2008-08-26 09:07:54 ----D---- C:\Windows\erdnt
2008-08-26 09:07:28 ----D---- C:\QooBox
2008-08-26 09:07:24 ----A---- C:\Windows\zip.exe
2008-08-26 09:07:24 ----A---- C:\Windows\VFind.exe
2008-08-26 09:07:24 ----A---- C:\Windows\swsc.exe
2008-08-26 09:07:24 ----A---- C:\Windows\sed.exe
2008-08-26 09:07:24 ----A---- C:\Windows\Nircmd.exe
2008-08-26 09:07:24 ----A---- C:\Windows\grep.exe
2008-08-26 09:07:24 ----A---- C:\Windows\fdsv.exe
2008-08-26 09:07:16 ----A---- C:\Windows\swxcacls.exe
2008-08-25 07:22:40 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-08-25 07:22:37 ----D---- C:\ProgramData\Malwarebytes
2008-08-25 07:22:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 20:53:37 ----D---- C:\Program Files\Trend Micro
2008-08-21 15:24:09 ----A---- C:\Windows\system32\wups2.dll
2008-08-21 15:24:09 ----A---- C:\Windows\system32\wucltux.dll
2008-08-21 15:24:09 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-21 15:24:09 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-21 15:23:35 ----A---- C:\Windows\system32\wups.dll
2008-08-21 15:23:35 ----A---- C:\Windows\system32\wudriver.dll
2008-08-21 15:23:35 ----A---- C:\Windows\system32\wuapi.dll
2008-08-21 15:23:16 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-21 15:23:16 ----A---- C:\Windows\system32\wuapp.exe
2008-08-20 22:01:18 ----AD---- C:\ProgramData\TEMP
2008-08-20 21:56:00 ----D---- C:\ProgramData\WindowsSearch
2008-08-20 20:33:10 ----A---- C:\Windows\wininit.ini
2008-08-20 20:01:57 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-20 18:33:56 ----A---- C:\Windows\system32\msshooks.dll
2008-08-20 18:33:55 ----A---- C:\Windows\system32\msscb.dll
2008-08-20 18:33:52 ----A---- C:\Windows\system32\thawbrkr.dll
2008-08-20 18:33:52 ----A---- C:\Windows\system32\srchadmin.dll
2008-08-20 18:33:52 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-08-20 18:33:52 ----A---- C:\Windows\system32\propsys.dll
2008-08-20 18:33:52 ----A---- C:\Windows\system32\propdefs.dll
2008-08-20 18:33:52 ----A---- C:\Windows\system32\msstrc.dll
2008-08-20 18:33:52 ----A---- C:\Windows\system32\mssprxy.dll
2008-08-20 18:33:52 ----A---- C:\Windows\system32\mssitlb.dll
2008-08-20 18:33:52 ----A---- C:\Windows\system32\msshsq.dll
2008-08-20 18:33:52 ----A---- C:\Windows\system32\korwbrkr.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\xmlfilter.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\wsepno.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\tquery.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-08-20 18:33:51 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-08-20 18:33:51 ----A---- C:\Windows\system32\rtffilt.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\offfilt.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\nlhtml.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\mssvp.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\mssrch.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\mssph.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\msscntrs.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\mimefilt.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\chtbrkr.dll
2008-08-20 18:33:51 ----A---- C:\Windows\system32\chsbrkr.dll
2008-08-20 18:33:50 ----A---- C:\Windows\system32\mssphtb.dll
2008-08-20 13:19:06 ----D---- C:\ProgramData\fmlafwdk
2008-08-15 03:05:35 ----A---- C:\Windows\system32\tzres.dll
2008-08-14 10:31:55 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-14 10:31:53 ----A---- C:\Windows\system32\es.dll
2008-08-14 10:31:48 ----A---- C:\Windows\system32\mshtml.dll
2008-08-14 10:31:45 ----A---- C:\Windows\system32\wininet.dll
2008-08-14 10:31:45 ----A---- C:\Windows\system32\urlmon.dll
2008-08-14 10:31:45 ----A---- C:\Windows\system32\ieframe.dll
2008-08-14 10:31:44 ----A---- C:\Windows\system32\mstime.dll
2008-08-14 10:31:44 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-14 10:31:22 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-08 17:51:40 ----D---- C:\Program Files\Apple Software Update
2008-08-05 21:08:09 ----D---- C:\Program Files\Virtual Earth 3D
2008-08-04 10:52:03 ----D---- C:\Program Files\iPod
2008-08-04 10:51:57 ----D---- C:\Program Files\iTunes
2008-07-13 17:51:55 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-07-13 17:47:20 ----A---- C:\Windows\system32\javaws.exe
2008-07-13 17:47:20 ----A---- C:\Windows\system32\javaw.exe
2008-07-13 17:47:20 ----A---- C:\Windows\system32\java.exe
2008-07-12 21:08:01 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-12 21:07:57 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-12 21:07:44 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-11 17:33:39 ----D---- C:\Program Files\Safari
2008-07-08 18:40:48 ----A---- C:\Windows\system32\rpcrt4.dll
2008-07-08 18:40:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-07-08 18:40:47 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-07-08 18:40:47 ----A---- C:\Windows\system32\emdmgmt.dll
2008-07-08 18:40:46 ----A---- C:\Windows\system32\pacerprf.dll
2008-07-08 18:40:37 ----A---- C:\Windows\system32\shell32.dll
2008-07-08 18:40:32 ----A---- C:\Windows\system32\wshext.dll
2008-07-08 18:40:32 ----A---- C:\Windows\system32\wscript.exe
2008-07-08 18:40:32 ----A---- C:\Windows\system32\vbscript.dll
2008-07-08 18:40:32 ----A---- C:\Windows\system32\scrrun.dll
2008-07-08 18:40:32 ----A---- C:\Windows\system32\scrobj.dll
2008-07-08 18:40:32 ----A---- C:\Windows\system32\jscript.dll
2008-07-08 18:40:32 ----A---- C:\Windows\system32\cscript.exe
2008-06-26 09:36:33 ----D---- C:\PerfLogs
2008-06-17 13:18:45 ----A---- C:\Windows\system32\SLsvc.exe
2008-06-17 13:18:45 ----A---- C:\Windows\system32\onex.dll
2008-06-17 13:18:35 ----A---- C:\Windows\system32\PSHED.DLL
2008-06-17 13:18:34 ----A---- C:\Windows\system32\imagesp1.dll
2008-06-17 13:18:31 ----A---- C:\Windows\system32\dfsr.exe
2008-06-17 13:18:30 ----A---- C:\Windows\system32\sstpsvc.dll
2008-06-17 13:18:30 ----A---- C:\Windows\system32\pidgenx.dll
2008-06-17 13:18:30 ----A---- C:\Windows\system32\mstscax.dll
2008-06-17 13:18:28 ----A---- C:\Windows\system32\WsmSvc.dll
2008-06-17 13:18:28 ----A---- C:\Windows\system32\winrscmd.dll
2008-06-17 13:18:27 ----A---- C:\Windows\system32\vssapi.dll
2008-06-17 13:18:27 ----A---- C:\Windows\system32\sysmain.dll
2008-06-17 13:18:27 ----A---- C:\Windows\system32\RMActivate.exe
2008-06-17 13:18:26 ----A---- C:\Windows\system32\VSSVC.exe
2008-06-17 13:18:26 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2008-06-17 13:18:25 ----A---- C:\Windows\system32\secproc.dll
2008-06-17 13:18:25 ----A---- C:\Windows\system32\RMActivate_isv.exe
2008-06-17 13:18:24 ----A---- C:\Windows\system32\iesetup.dll
2008-06-17 13:18:21 ----A---- C:\Windows\system32\secproc_isv.dll
2008-06-17 13:18:19 ----A---- C:\Windows\system32\icardres.dll
2008-06-17 13:18:19 ----A---- C:\Windows\system32\icardagt.exe
2008-06-17 13:18:19 ----A---- C:\Windows\system32\drmv2clt.dll
2008-06-17 13:18:18 ----A---- C:\Windows\system32\xpssvcs.dll
2008-06-17 13:18:18 ----A---- C:\Windows\system32\blackbox.dll
2008-06-17 13:18:17 ----A---- C:\Windows\system32\RacEngn.dll
2008-06-17 13:18:16 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2008-06-17 13:18:16 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2008-06-17 13:18:16 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2008-06-17 13:18:15 ----A---- C:\Windows\system32\spwizimg.dll
2008-06-17 13:18:15 ----A---- C:\Windows\system32\rdpencom.dll
2008-06-17 13:18:15 ----A---- C:\Windows\system32\lpremove.exe
2008-06-17 13:18:15 ----A---- C:\Windows\bfsvc.exe
2008-06-17 13:18:14 ----A---- C:\Windows\system32\ntdll.dll
2008-06-17 13:18:14 ----A---- C:\Windows\system32\msxml6.dll
2008-06-17 13:18:14 ----A---- C:\Windows\system32\msxml3.dll
2008-06-17 13:18:14 ----A---- C:\Windows\system32\msjet40.dll
2008-06-17 13:18:14 ----A---- C:\Windows\system32\lsasrv.dll
2008-06-17 13:18:13 ----A---- C:\Windows\system32\qmgr.dll
2008-06-17 13:18:13 ----A---- C:\Windows\system32\localspl.dll
2008-06-17 13:18:12 ----A---- C:\Windows\system32\wevtsvc.dll
2008-06-17 13:18:12 ----A---- C:\Windows\system32\wcncsvc.dll
2008-06-17 13:18:12 ----A---- C:\Windows\system32\mscoree.dll
2008-06-17 13:18:12 ----A---- C:\Windows\system32\IKEEXT.DLL
2008-06-17 13:18:11 ----A---- C:\Windows\system32\TsWpfWrp.exe
2008-06-17 13:18:11 ----A---- C:\Windows\system32\recdisc.exe
2008-06-17 13:18:11 ----A---- C:\Windows\system32\kernel32.dll
2008-06-17 13:18:10 ----A---- C:\Windows\system32\vds.exe
2008-06-17 13:18:10 ----A---- C:\Windows\system32\CompMgmtLauncher.exe
2008-06-17 13:18:09 ----A---- C:\Windows\system32\wmp.dll
2008-06-17 13:18:08 ----A---- C:\Windows\system32\wcnwiz.dll
2008-06-17 13:18:08 ----A---- C:\Windows\system32\SMBHelperClass.dll
2008-06-17 13:18:08 ----A---- C:\Windows\system32\mstsc.exe
2008-06-17 13:18:07 ----A---- C:\Windows\system32\msvbvm60.dll
2008-06-17 13:18:07 ----A---- C:\Windows\system32\mf.dll
2008-06-17 13:18:06 ----A---- C:\Windows\system32\termsrv.dll
2008-06-17 13:18:06 ----A---- C:\Windows\system32\msdtctm.dll
2008-06-17 13:18:06 ----A---- C:\Windows\system32\kerberos.dll
2008-06-17 13:18:06 ----A---- C:\Windows\system32\IMJP10K.DLL
2008-06-17 13:18:06 ----A---- C:\Windows\system32\advapi32.dll
2008-06-17 13:18:05 ----A---- C:\Windows\system32\mmcndmgr.dll
2008-06-17 13:18:04 ----A---- C:\Windows\system32\Query.dll
2008-06-17 13:18:04 ----A---- C:\Windows\system32\MSMPEG2ADEC.DLL
2008-06-17 13:18:04 ----A---- C:\Windows\system32\MPSSVC.dll
2008-06-17 13:18:04 ----A---- C:\Windows\system32\CertEnroll.dll
2008-06-17 13:18:03 ----A---- C:\Windows\system32\xolehlp.dll
2008-06-17 13:18:03 ----A---- C:\Windows\system32\ole32.dll
2008-06-17 13:18:03 ----A---- C:\Windows\system32\msdtcprx.dll
2008-06-17 13:18:02 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2008-06-17 13:18:02 ----A---- C:\Windows\system32\SSShim.dll
2008-06-17 13:18:02 ----A---- C:\Windows\system32\netlogon.dll
2008-06-17 13:18:02 ----A---- C:\Windows\system32\msvcrt.dll
2008-06-17 13:18:01 ----A---- C:\Windows\system32\schedsvc.dll
2008-06-17 13:18:01 ----A---- C:\Windows\system32\nlmgp.dll
2008-06-17 13:18:01 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2008-06-17 13:18:01 ----A---- C:\Windows\system32\DfsShlEx.dll
2008-06-17 13:18:00 ----A---- C:\Windows\system32\shlwapi.dll
2008-06-17 13:18:00 ----A---- C:\Windows\system32\sdclt.exe
2008-06-17 13:18:00 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2008-06-17 13:18:00 ----A---- C:\Windows\system32\milcore.dll
2008-06-17 13:18:00 ----A---- C:\Windows\system32\IasMigPlugin.dll
2008-06-17 13:17:59 ----A---- C:\Windows\system32\wer.dll
2008-06-17 13:17:59 ----A---- C:\Windows\system32\vdsdyn.dll
2008-06-17 13:17:59 ----A---- C:\Windows\system32\user32.dll
2008-06-17 13:17:59 ----A---- C:\Windows\system32\d3d9.dll
2008-06-17 13:17:59 ----A---- C:\Windows\system32\clusapi.dll
2008-06-17 13:17:58 ----A---- C:\Windows\system32\WSDApi.dll
2008-06-17 13:17:58 ----A---- C:\Windows\system32\winrsmgr.dll
2008-06-17 13:17:58 ----A---- C:\Windows\system32\QAGENTRT.DLL
2008-06-17 13:17:58 ----A---- C:\Windows\system32\mmc.exe
2008-06-17 13:17:58 ----A---- C:\Windows\system32\diagperf.dll
2008-06-17 13:17:57 ----A---- C:\Windows\system32\SLC.dll
2008-06-17 13:17:57 ----A---- C:\Windows\system32\mtxclu.dll
2008-06-17 13:17:56 ----A---- C:\Windows\system32\vdsbas.dll
2008-06-17 13:17:56 ----A---- C:\Windows\system32\swprv.dll
2008-06-17 13:17:56 ----A---- C:\Windows\system32\msi.dll
2008-06-17 13:17:56 ----A---- C:\Windows\system32\comctl32.dll
2008-06-17 13:17:55 ----A---- C:\Windows\system32\MSVidCtl.dll
2008-06-17 13:17:54 ----A---- C:\Windows\system32\XPSSHHDR.dll
2008-06-17 13:17:54 ----A---- C:\Windows\system32\sbe.dll
2008-06-17 13:17:54 ----A---- C:\Windows\system32\samsrv.dll
2008-06-17 13:17:54 ----A---- C:\Windows\system32\msdtckrm.dll
2008-06-17 13:17:54 ----A---- C:\Windows\system32\mfc42u.dll
2008-06-17 13:17:54 ----A---- C:\Windows\system32\gpsvc.dll
2008-06-17 13:17:54 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2008-06-17 13:17:53 ----A---- C:\Windows\system32\wecutil.exe
2008-06-17 13:17:53 ----A---- C:\Windows\system32\usp10.dll
2008-06-17 13:17:53 ----A---- C:\Windows\system32\sdengin2.dll
2008-06-17 13:17:53 ----A---- C:\Windows\system32\gacinstall.dll
2008-06-17 13:17:53 ----A---- C:\Windows\system32\esent.dll
2008-06-17 13:17:53 ----A---- C:\Windows\system32\cmipnpinstall.dll
2008-06-17 13:17:53 ----A---- C:\Windows\system32\cmicryptinstall.dll
2008-06-17 13:17:52 ----A---- C:\Windows\system32\mfc42.dll
2008-06-17 13:17:52 ----A---- C:\Windows\system32\comsvcs.dll
2008-06-17 13:17:51 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2008-06-17 13:17:51 ----A---- C:\Windows\system32\mswsock.dll
2008-06-17 13:17:51 ----A---- C:\Windows\system32\crypt32.dll
2008-06-17 13:17:51 ----A---- C:\Windows\system32\certutil.exe
2008-06-17 13:17:50 ----A---- C:\Windows\system32\wmdrmsdk.dll
2008-06-17 13:17:50 ----A---- C:\Windows\system32\oleaut32.dll
2008-06-17 13:17:50 ----A---- C:\Windows\explorer.exe
2008-06-17 13:17:49 ----A---- C:\Windows\system32\wecsvc.dll
2008-06-17 13:17:49 ----A---- C:\Windows\system32\sqlceqp30.dll
2008-06-17 13:17:49 ----A---- C:\Windows\system32\setupapi.dll
2008-06-17 13:17:49 ----A---- C:\Windows\system32\sdohlp.dll
2008-06-17 13:17:49 ----A---- C:\Windows\system32\lsm.exe
2008-06-17 13:17:49 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-06-17 13:17:49 ----A---- C:\Windows\system32\bcrypt.dll
2008-06-17 13:17:49 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll

jimscriv · 2008/08/26

2008-06-17 13:17:48 ----A---- C:\Windows\system32\thumbcache.dll
2008-06-17 13:17:48 ----A---- C:\Windows\system32\schannel.dll
2008-06-17 13:17:48 ----A---- C:\Windows\system32\p2psvc.dll
2008-06-17 13:17:48 ----A---- C:\Windows\system32\netapi32.dll
2008-06-17 13:17:48 ----A---- C:\Windows\system32\msv1_0.dll
2008-06-17 13:17:48 ----A---- C:\Windows\system32\iphlpsvc.dll
2008-06-17 13:17:48 ----A---- C:\Windows\system32\eapp3hst.dll
2008-06-17 13:17:47 ----A---- C:\Windows\system32\wmpmde.dll
2008-06-17 13:17:47 ----A---- C:\Windows\system32\vdsutil.dll
2008-06-17 13:17:47 ----A---- C:\Windows\system32\riched20.dll
2008-06-17 13:17:47 ----A---- C:\Windows\system32\mcmde.dll
2008-06-17 13:17:47 ----A---- C:\Windows\system32\d3d10_1.dll
2008-06-17 13:17:47 ----A---- C:\Windows\system32\autofmt.exe
2008-06-17 13:17:47 ----A---- C:\Windows\system32\autoconv.exe
2008-06-17 13:17:47 ----A---- C:\Windows\system32\autochk.exe
2008-06-17 13:17:46 ----A---- C:\Windows\system32\WinSAT.exe
2008-06-17 13:17:46 ----A---- C:\Windows\system32\imapi2fs.dll
2008-06-17 13:17:46 ----A---- C:\Windows\system32\authui.dll
2008-06-17 13:17:46 ----A---- C:\Windows\system32\authfwcfg.dll
2008-06-17 13:17:45 ----A---- C:\Windows\system32\WSDMon.dll
2008-06-17 13:17:45 ----A---- C:\Windows\system32\wevtapi.dll
2008-06-17 13:17:45 ----A---- C:\Windows\system32\mscories.dll
2008-06-17 13:17:45 ----A---- C:\Windows\system32\dmvdsitf.dll
2008-06-17 13:17:45 ----A---- C:\Windows\system32\d3d10_1core.dll
2008-06-17 13:17:45 ----A---- C:\Windows\system32\comuid.dll
2008-06-17 13:17:45 ----A---- C:\Windows\system32\comdlg32.dll
2008-06-17 13:17:45 ----A---- C:\Windows\system32\browseui.dll
2008-06-17 13:17:44 ----A---- C:\Windows\system32\eapphost.dll
2008-06-17 13:17:43 ----A---- C:\Windows\system32\wevtfwd.dll
2008-06-17 13:17:43 ----A---- C:\Windows\system32\untfs.dll
2008-06-17 13:17:43 ----A---- C:\Windows\system32\uexfat.dll
2008-06-17 13:17:43 ----A---- C:\Windows\system32\rasmans.dll
2008-06-17 13:17:43 ----A---- C:\Windows\system32\iassam.dll
2008-06-17 13:17:43 ----A---- C:\Windows\system32\eappcfg.dll
2008-06-17 13:17:43 ----A---- C:\Windows\system32\DfrgNtfs.exe
2008-06-17 13:17:42 ----A---- C:\Windows\system32\wlansvc.dll
2008-06-17 13:17:42 ----A---- C:\Windows\system32\whealogr.dll
2008-06-17 13:17:42 ----A---- C:\Windows\system32\sqlcese30.dll
2008-06-17 13:17:42 ----A---- C:\Windows\system32\pcaui.dll
2008-06-17 13:17:41 ----A---- C:\Windows\system32\dot3svc.dll
2008-06-17 13:17:39 ----A---- C:\Windows\system32\rdpwsx.dll
2008-06-17 13:17:39 ----A---- C:\Windows\system32\mssha.dll
2008-06-17 13:17:39 ----A---- C:\Windows\system32\msdrm.dll
2008-06-17 13:17:38 ----A---- C:\Windows\system32\zipfldr.dll
2008-06-17 13:17:38 ----A---- C:\Windows\system32\WsmAuto.dll
2008-06-17 13:17:38 ----A---- C:\Windows\system32\winhttp.dll
2008-06-17 13:17:38 ----A---- C:\Windows\system32\rpcss.dll
2008-06-17 13:17:38 ----A---- C:\Windows\system32\nlasvc.dll
2008-06-17 13:17:38 ----A---- C:\Windows\system32\evr.dll
2008-06-17 13:17:38 ----A---- C:\Windows\system32\dfrgui.exe
2008-06-17 13:17:37 ----A---- C:\Windows\system32\rasppp.dll
2008-06-17 13:17:37 ----A---- C:\Windows\system32\ncrypt.dll
2008-06-17 13:17:37 ----A---- C:\Windows\system32\msrepl40.dll
2008-06-17 13:17:37 ----A---- C:\Windows\system32\BFE.DLL
2008-06-17 13:17:37 ----A---- C:\Windows\system32\audiosrv.dll
2008-06-17 13:17:36 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-06-17 13:17:36 ----A---- C:\Windows\system32\wmdrmdev.dll
2008-06-17 13:17:36 ----A---- C:\Windows\system32\printui.dll
2008-06-17 13:17:36 ----A---- C:\Windows\system32\ddraw.dll
2008-06-17 13:17:35 ----A---- C:\Windows\system32\WsmWmiPl.dll
2008-06-17 13:17:35 ----A---- C:\Windows\system32\win32spl.dll
2008-06-17 13:17:35 ----A---- C:\Windows\system32\WebClnt.dll
2008-06-17 13:17:35 ----A---- C:\Windows\system32\themecpl.dll
2008-06-17 13:17:35 ----A---- C:\Windows\system32\rastls.dll
2008-06-17 13:17:35 ----A---- C:\Windows\system32\objsel.dll
2008-06-17 13:17:35 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-06-17 13:17:34 ----A---- C:\Windows\system32\w32time.dll
2008-06-17 13:17:34 ----A---- C:\Windows\system32\sqlsrv32.dll
2008-06-17 13:17:34 ----A---- C:\Windows\system32\QAGENT.DLL
2008-06-17 13:17:34 ----A---- C:\Windows\system32\iasnap.dll
2008-06-17 13:17:34 ----A---- C:\Windows\system32\dbghelp.dll
2008-06-17 13:17:33 ----A---- C:\Windows\system32\PresentationHost.exe
2008-06-17 13:17:33 ----A---- C:\Windows\system32\ncryptui.dll
2008-06-17 13:17:33 ----A---- C:\Windows\system32\icm32.dll
2008-06-17 13:17:32 ----A---- C:\Windows\system32\wmdrmnet.dll
2008-06-17 13:17:32 ----A---- C:\Windows\system32\WerFaultSecure.exe
2008-06-17 13:17:32 ----A---- C:\Windows\system32\spoolss.dll
2008-06-17 13:17:32 ----A---- C:\Windows\system32\iprtrmgr.dll
2008-06-17 13:17:32 ----A---- C:\Windows\system32\infocardapi.dll
2008-06-17 13:17:32 ----A---- C:\Windows\system32\azroles.dll
2008-06-17 13:17:31 ----A---- C:\Windows\system32\wlangpui.dll
2008-06-17 13:17:31 ----A---- C:\Windows\system32\winsrv.dll
2008-06-17 13:17:31 ----A---- C:\Windows\system32\taskschd.dll
2008-06-17 13:17:31 ----A---- C:\Windows\system32\msctf.dll
2008-06-17 13:17:31 ----A---- C:\Windows\system32\bcdedit.exe
2008-06-17 13:17:31 ----A---- C:\Windows\system32\basecsp.dll
2008-06-17 13:17:30 ----A---- C:\Windows\system32\winsta.dll
2008-06-17 13:17:30 ----A---- C:\Windows\system32\scksp.dll
2008-06-17 13:17:30 ----A---- C:\Windows\system32\netprofm.dll
2008-06-17 13:17:30 ----A---- C:\Windows\system32\mstlsapi.dll
2008-06-17 13:17:30 ----A---- C:\Windows\system32\AudioEng.dll
2008-06-17 13:17:29 ----A---- C:\Windows\system32\rsaenh.dll
2008-06-17 13:17:29 ----A---- C:\Windows\system32\netcfgx.dll
2008-06-17 13:17:29 ----A---- C:\Windows\system32\dbgeng.dll
2008-06-17 13:17:28 ----A---- C:\Windows\system32\winlogon.exe
2008-06-17 13:17:28 ----A---- C:\Windows\system32\wercon.exe
2008-06-17 13:17:28 ----A---- C:\Windows\system32\taskcomp.dll
2008-06-17 13:17:28 ----A---- C:\Windows\system32\lpksetup.exe
2008-06-17 13:17:28 ----A---- C:\Windows\system32\cdosys.dll
2008-06-17 13:17:27 ----A---- C:\Windows\system32\wlansec.dll
2008-06-17 13:17:27 ----A---- C:\Windows\system32\sqmapi.dll
2008-06-17 13:17:27 ----A---- C:\Windows\system32\msdtcuiu.dll
2008-06-17 13:17:27 ----A---- C:\Windows\system32\dfshim.dll
2008-06-17 13:17:27 ----A---- C:\Windows\system32\apds.dll
2008-06-17 13:17:26 ----A---- C:\Windows\system32\mprddm.dll
2008-06-17 13:17:26 ----A---- C:\Windows\system32\iasrad.dll
2008-06-17 13:17:26 ----A---- C:\Windows\system32\certcli.dll
2008-06-17 13:17:26 ----A---- C:\Windows\system32\AUDIOKSE.dll
2008-06-17 13:17:25 ----A---- C:\Windows\system32\tsgqec.dll
2008-06-17 13:17:25 ----A---- C:\Windows\system32\shdocvw.dll
2008-06-17 13:17:25 ----A---- C:\Windows\system32\eapsvc.dll
2008-06-17 13:17:25 ----A---- C:\Windows\system32\bcdsrv.dll
2008-06-17 13:17:25 ----A---- C:\Windows\system32\aaclient.dll
2008-06-17 13:17:24 ----A---- C:\Windows\system32\Wldap32.dll
2008-06-17 13:17:24 ----A---- C:\Windows\system32\uDWM.dll
2008-06-17 13:17:24 ----A---- C:\Windows\system32\msidcrl30.dll
2008-06-17 13:17:24 ----A---- C:\Windows\system32\dnsapi.dll
2008-06-17 13:17:24 ----A---- C:\Windows\system32\certmgr.dll
2008-06-17 13:17:23 ----A---- C:\Windows\system32\WMVDECOD.DLL
2008-06-17 13:17:23 ----A---- C:\Windows\system32\umpnpmgr.dll
2008-06-17 13:17:23 ----A---- C:\Windows\system32\pla.dll
2008-06-17 13:17:22 ----A---- C:\Windows\system32\netshell.dll
2008-06-17 13:17:22 ----A---- C:\Windows\system32\dxgi.dll
2008-06-17 13:17:22 ----A---- C:\Windows\system32\dot3gpui.dll
2008-06-17 13:17:21 ----A---- C:\Windows\system32\wmicmiplugin.dll
2008-06-17 13:17:20 ----A---- C:\Windows\system32\shsvcs.dll
2008-06-17 13:17:20 ----A---- C:\Windows\system32\ntprint.dll
2008-06-17 13:17:20 ----A---- C:\Windows\system32\MMDevAPI.dll
2008-06-17 13:17:20 ----A---- C:\Windows\system32\cryptnet.dll
2008-06-17 13:17:20 ----A---- C:\Windows\system32\comsnap.dll
2008-06-17 13:17:19 ----A---- C:\Windows\system32\wscsvc.dll
2008-06-17 13:17:19 ----A---- C:\Windows\system32\winmm.dll
2008-06-17 13:17:19 ----A---- C:\Windows\system32\services.exe
2008-06-17 13:17:19 ----A---- C:\Windows\system32\NlsData0009.dll
2008-06-17 13:17:18 ----A---- C:\Windows\system32\wscisvif.dll
2008-06-17 13:17:18 ----A---- C:\Windows\system32\taskeng.exe
2008-06-17 13:17:18 ----A---- C:\Windows\system32\synceng.dll
2008-06-17 13:17:18 ----A---- C:\Windows\system32\pnidui.dll
2008-06-17 13:17:18 ----A---- C:\Windows\system32\msconfig.exe
2008-06-17 13:17:18 ----A---- C:\Windows\system32\iassdo.dll
2008-06-17 13:17:18 ----A---- C:\Windows\system32\cmifw.dll
2008-06-17 13:17:17 ----A---- C:\Windows\system32\WMVSDECD.DLL
2008-06-17 13:17:17 ----A---- C:\Windows\system32\msjtes40.dll
2008-06-17 13:17:17 ----A---- C:\Windows\system32\cipher.exe
2008-06-17 13:17:16 ----A---- C:\Windows\system32\wersvc.dll
2008-06-17 13:17:16 ----A---- C:\Windows\system32\uxtheme.dll
2008-06-17 13:17:16 ----A---- C:\Windows\system32\tdh.dll
2008-06-17 13:17:16 ----A---- C:\Windows\system32\SessEnv.dll
2008-06-17 13:17:16 ----A---- C:\Windows\system32\rasapi32.dll
2008-06-17 13:17:16 ----A---- C:\Windows\system32\imapi2.dll
2008-06-17 13:17:16 ----A---- C:\Windows\system32\dot3api.dll
2008-06-17 13:17:16 ----A---- C:\Windows\system32\dmdskmgr.dll
2008-06-17 13:17:15 ----A---- C:\Windows\system32\wkssvc.dll
2008-06-17 13:17:15 ----A---- C:\Windows\system32\qdvd.dll
2008-06-17 13:17:15 ----A---- C:\Windows\system32\msscp.dll
2008-06-17 13:17:15 ----A---- C:\Windows\system32\cmd.exe
2008-06-17 13:17:15 ----A---- C:\Windows\system32\cbsra.exe
2008-06-17 13:17:15 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2008-06-17 13:17:14 ----A---- C:\Windows\system32\WUDFx.dll
2008-06-17 13:17:14 ----A---- C:\Windows\system32\wlanmsm.dll
2008-06-17 13:17:14 ----A---- C:\Windows\system32\wlancfg.dll
2008-06-17 13:17:14 ----A---- C:\Windows\system32\wevtutil.exe
2008-06-17 13:17:14 ----A---- C:\Windows\system32\srvsvc.dll
2008-06-17 13:17:14 ----A---- C:\Windows\system32\mshtmled.dll
2008-06-17 13:17:14 ----A---- C:\Windows\system32\msdtcVSp1res.dll
2008-06-17 13:17:14 ----A---- C:\Windows\system32\loadperf.dll
2008-06-17 13:17:14 ----A---- C:\Windows\system32\diskpart.exe
2008-06-17 13:17:14 ----A---- C:\Windows\system32\comres.dll
2008-06-17 13:17:13 ----A---- C:\Windows\system32\localsec.dll
2008-06-17 13:17:09 ----A---- C:\Windows\system32\rpchttp.dll
2008-06-17 13:17:09 ----A---- C:\Windows\system32\rdpdd.dll
2008-06-17 13:17:09 ----A---- C:\Windows\system32\fontext.dll
2008-06-17 13:17:08 ----A---- C:\Windows\system32\wsqmcons.exe
2008-06-17 13:17:08 ----A---- C:\Windows\system32\WMADMOD.DLL
2008-06-17 13:17:08 ----A---- C:\Windows\system32\wlanpref.dll
2008-06-17 13:17:08 ----A---- C:\Windows\system32\wlanapi.dll
2008-06-17 13:17:08 ----A---- C:\Windows\system32\WinSATAPI.dll
2008-06-17 13:17:08 ----A---- C:\Windows\system32\NAPMONTR.DLL
2008-06-17 13:17:08 ----A---- C:\Windows\system32\hnetcfg.dll
2008-06-17 13:17:08 ----A---- C:\Windows\system32\dsound.dll
2008-06-17 13:17:07 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-06-17 13:17:07 ----A---- C:\Windows\system32\RDPENCDD.dll
2008-06-17 13:17:07 ----A---- C:\Windows\system32\profprov.dll
2008-06-17 13:17:07 ----A---- C:\Windows\system32\filemgmt.dll
2008-06-17 13:17:07 ----A---- C:\Windows\system32\dnsrslvr.dll
2008-06-17 13:17:07 ----A---- C:\Windows\system32\avifil32.dll
2008-06-17 13:17:06 ----A---- C:\Windows\system32\wsecedit.dll
2008-06-17 13:17:06 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2008-06-17 13:17:06 ----A---- C:\Windows\system32\tracerpt.exe
2008-06-17 13:17:06 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2008-06-17 13:17:06 ----A---- C:\Windows\system32\SLCommDlg.dll
2008-06-17 13:17:06 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2008-06-17 13:17:06 ----A---- C:\Windows\system32\P2PGraph.dll
2008-06-17 13:17:06 ----A---- C:\Windows\system32\MuiUnattend.exe
2008-06-17 13:17:06 ----A---- C:\Windows\system32\dwmredir.dll
2008-06-17 13:17:06 ----A---- C:\Windows\system32\dhcpcsvc.dll
2008-06-17 13:17:06 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2008-06-17 13:17:05 ----A---- C:\Windows\system32\wininit.exe
2008-06-17 13:17:05 ----A---- C:\Windows\system32\spp.dll
2008-06-17 13:17:05 ----A---- C:\Windows\system32\rasdlg.dll
2008-06-17 13:17:05 ----A---- C:\Windows\system32\QSHVHOST.DLL
2008-06-17 13:17:05 ----A---- C:\Windows\system32\iassvcs.dll
2008-06-17 13:17:05 ----A---- C:\Windows\system32\gpresult.exe
2008-06-17 13:17:05 ----A---- C:\Windows\system32\dwm.exe
2008-06-17 13:17:05 ----A---- C:\Windows\system32\apphelp.dll
2008-06-17 13:17:04 ----A---- C:\Windows\system32\mscorier.dll
2008-06-17 13:17:04 ----A---- C:\Windows\system32\iashost.exe
2008-06-17 13:17:04 ----A---- C:\Windows\system32\azroleui.dll
2008-06-17 13:17:04 ----A---- C:\Windows\HelpPane.exe
2008-06-17 13:17:03 ----A---- C:\Windows\system32\wecapi.dll
2008-06-17 13:17:03 ----A---- C:\Windows\system32\unbcl.dll
2008-06-17 13:17:03 ----A---- C:\Windows\system32\srrstr.dll
2008-06-17 13:17:03 ----A---- C:\Windows\system32\spwizeng.dll
2008-06-17 13:17:03 ----A---- C:\Windows\system32\SLUI.exe
2008-06-17 13:17:03 ----A---- C:\Windows\system32\rasmontr.dll
2008-06-17 13:17:03 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-06-17 13:17:03 ----A---- C:\Windows\system32\msra.exe
2008-06-17 13:17:03 ----A---- C:\Windows\system32\mcbuilder.exe
2008-06-17 13:17:03 ----A---- C:\Windows\system32\lltdsvc.dll
2008-06-17 13:17:02 ----A---- C:\Windows\system32\tcpmon.dll
2008-06-17 13:17:02 ----A---- C:\Windows\system32\shrink.dll
2008-06-17 13:17:02 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2008-06-17 13:17:02 ----A---- C:\Windows\system32\iashlpr.dll
2008-06-17 13:17:02 ----A---- C:\Windows\system32\gpedit.dll
2008-06-17 13:17:02 ----A---- C:\Windows\system32\brcpl.dll
2008-06-17 13:17:01 ----A---- C:\Windows\system32\WMPEncEn.dll
2008-06-17 13:17:01 ----A---- C:\Windows\system32\raschap.dll
2008-06-17 13:17:01 ----A---- C:\Windows\system32\oleacc.dll
2008-06-17 13:17:01 ----A---- C:\Windows\system32\msdri.dll
2008-06-17 13:17:01 ----A---- C:\Windows\system32\iertutil.dll
2008-06-17 13:17:00 ----A---- C:\Windows\system32\regsvc.dll
2008-06-17 13:17:00 ----A---- C:\Windows\system32\framedynos.dll
2008-06-17 13:17:00 ----A---- C:\Windows\system32\advpack.dll
2008-06-17 13:16:59 ----A---- C:\Windows\system32\wpdshext.dll
2008-06-17 13:16:59 ----A---- C:\Windows\system32\wdc.dll
2008-06-17 13:16:59 ----A---- C:\Windows\system32\vsstrace.dll
2008-06-17 13:16:59 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2008-06-17 13:16:59 ----A---- C:\Windows\system32\ntvdm.exe
2008-06-17 13:16:59 ----A---- C:\Windows\system32\ntlanman.dll
2008-06-17 13:16:59 ----A---- C:\Windows\system32\ipsmsnap.dll
2008-06-17 13:16:59 ----A---- C:\Windows\system32\fdWSD.dll
2008-06-17 13:16:59 ----A---- C:\Windows\system32\Faultrep.dll
2008-06-17 13:16:58 ----A---- C:\Windows\system32\Storprop.dll
2008-06-17 13:16:58 ----A---- C:\Windows\system32\NetProjW.dll
2008-06-17 13:16:58 ----A---- C:\Windows\system32\netman.dll
2008-06-17 13:16:58 ----A---- C:\Windows\system32\l2nacp.dll
2008-06-17 13:16:58 ----A---- C:\Windows\system32\iedkcs32.dll
2008-06-17 13:16:58 ----A---- C:\Windows\system32\ieapfltr.dll
2008-06-17 13:16:58 ----A---- C:\Windows\system32\framedyn.dll
2008-06-17 13:16:58 ----A---- C:\Windows\system32\dssenh.dll
2008-06-17 13:16:57 ----A---- C:\Windows\system32\WlanMM.dll
2008-06-17 13:16:57 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-06-17 13:16:57 ----A---- C:\Windows\system32\profsvc.dll
2008-06-17 13:16:57 ----A---- C:\Windows\system32\certreq.exe
2008-06-17 13:16:57 ----A---- C:\Windows\system32\adsnt.dll
2008-06-17 13:16:56 ----A---- C:\Windows\system32\WsmProv.dll
2008-06-17 13:16:56 ----A---- C:\Windows\system32\wlanhlp.dll
2008-06-17 13:16:56 ----A---- C:\Windows\system32\WLanConn.dll
2008-06-17 13:16:56 ----A---- C:\Windows\system32\sxs.dll
2008-06-17 13:16:56 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-06-17 13:16:56 ----A---- C:\Windows\system32\KMSVC.DLL
2008-06-17 13:16:56 ----A---- C:\Windows\system32\IPBusEnum.dll
2008-06-17 13:16:55 ----A---- C:\Windows\system32\wusa.exe
2008-06-17 13:16:55 ----A---- C:\Windows\system32\WUDFHost.exe
2008-06-17 13:16:55 ----A---- C:\Windows\system32\WerFault.exe
2008-06-17 13:16:55 ----A---- C:\Windows\system32\VAN.dll
2008-06-17 13:16:55 ----A---- C:\Windows\system32\userenv.dll
2008-06-17 13:16:55 ----A---- C:\Windows\system32\umb.dll
2008-06-17 13:16:55 ----A---- C:\Windows\system32\ncsi.dll
2008-06-17 13:16:55 ----A---- C:\Windows\system32\ie4uinit.exe
2008-06-17 13:16:55 ----A---- C:\Windows\system32\fundisc.dll
2008-06-17 13:16:55 ----A---- C:\Windows\system32\catsrvut.dll
2008-06-17 13:16:54 ----A---- C:\Windows\system32\puiobj.dll
2008-06-17 13:16:54 ----A---- C:\Windows\system32\NlsData000c.dll
2008-06-17 13:16:54 ----A---- C:\Windows\system32\netid.dll
2008-06-17 13:16:54 ----A---- C:\Windows\system32\cryptui.dll
2008-06-17 13:16:53 ----A---- C:\Windows\system32\photowiz.dll
2008-06-17 13:16:53 ----A---- C:\Windows\system32\NlsData0007.dll
2008-06-17 13:16:53 ----A---- C:\Windows\system32\netcenter.dll
2008-06-17 13:16:53 ----A---- C:\Windows\system32\MdSched.exe
2008-06-17 13:16:53 ----A---- C:\Windows\system32\InkEd.dll
2008-06-17 13:16:53 ----A---- C:\Windows\system32\dps.dll
2008-06-17 13:16:52 ----A---- C:\Windows\system32\NlsData0011.dll
2008-06-17 13:16:51 ----A---- C:\Windows\system32\NlsData004b.dll
2008-06-17 13:16:51 ----A---- C:\Windows\system32\NlsData0047.dll
2008-06-17 13:16:50 ----A---- C:\Windows\system32\NlsData004a.dll
2008-06-17 13:16:50 ----A---- C:\Windows\system32\NlsData0046.dll
2008-06-17 13:16:50 ----A---- C:\Windows\system32\ipsecsnp.dll
2008-06-17 13:16:49 ----A---- C:\Windows\system32\WinSCard.dll
2008-06-17 13:16:49 ----A---- C:\Windows\system32\NlsData004e.dll
2008-06-17 13:16:49 ----A---- C:\Windows\system32\NlsData004c.dll
2008-06-17 13:16:49 ----A---- C:\Windows\system32\NlsData0049.dll
2008-06-17 13:16:49 ----A---- C:\Windows\system32\NlsData0045.dll
2008-06-17 13:16:48 ----A---- C:\Windows\system32\spbcd.dll
2008-06-17 13:16:48 ----A---- C:\Windows\system32\NlsData000a.dll
2008-06-17 13:16:47 ----A---- C:\Windows\system32\ws2_32.dll
2008-06-17 13:16:47 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-06-17 13:16:47 ----A---- C:\Windows\system32\msinfo32.exe
2008-06-17 13:16:46 ----A---- C:\Windows\system32\ntdsapi.dll
2008-06-17 13:16:46 ----A---- C:\Windows\system32\NlsData0416.dll
2008-06-17 13:16:46 ----A---- C:\Windows\system32\NlsData0414.dll
2008-06-17 13:16:46 ----A---- C:\Windows\system32\NlsData001b.dll
2008-06-17 13:16:46 ----A---- C:\Windows\system32\NlsData001a.dll
2008-06-17 13:16:46 ----A---- C:\Windows\system32\NlsData0018.dll
2008-06-17 13:16:46 ----A---- C:\Windows\system32\NlsData000f.dll
2008-06-17 13:16:45 ----A---- C:\Windows\system32\winrs.exe
2008-06-17 13:16:45 ----A---- C:\Windows\system32\secur32.dll
2008-06-17 13:16:45 ----A---- C:\Windows\system32\odbcjt32.dll
2008-06-17 13:16:45 ----A---- C:\Windows\system32\NlsData003e.dll
2008-06-17 13:16:45 ----A---- C:\Windows\system32\NlsData0039.dll
2008-06-17 13:16:45 ----A---- C:\Windows\system32\NlsData0021.dll
2008-06-17 13:16:45 ----A---- C:\Windows\system32\NlsData0020.dll
2008-06-17 13:16:45 ----A---- C:\Windows\system32\NAPSTAT.EXE
2008-06-17 13:16:44 ----A---- C:\Windows\system32\NlsData0816.dll
2008-06-17 13:16:44 ----A---- C:\Windows\system32\NlsData002a.dll
2008-06-17 13:16:44 ----A---- C:\Windows\system32\NlsData0022.dll
2008-06-17 13:16:44 ----A---- C:\Windows\system32\NlsData001d.dll
2008-06-17 13:16:44 ----A---- C:\Windows\system32\NlsData0010.dll
2008-06-17 13:16:43 ----A---- C:\Windows\system32\NlsData0027.dll
2008-06-17 13:16:43 ----A---- C:\Windows\system32\NlsData0026.dll
2008-06-17 13:16:43 ----A---- C:\Windows\system32\NlsData0024.dll
2008-06-17 13:16:43 ----A---- C:\Windows\system32\NlsData0019.dll
2008-06-17 13:16:43 ----A---- C:\Windows\system32\NlsData0001.dll
2008-06-17 13:16:42 ----A---- C:\Windows\system32\prnntfy.dll
2008-06-17 13:16:42 ----A---- C:\Windows\system32\NlsData0013.dll
2008-06-17 13:16:42 ----A---- C:\Windows\system32\NlsData000d.dll
2008-06-17 13:16:42 ----A---- C:\Windows\system32\NlsData0002.dll
2008-06-17 13:16:41 ----A---- C:\Windows\system32\NlsData081a.dll
2008-06-17 13:16:41 ----A---- C:\Windows\system32\NlsData0003.dll
2008-06-17 13:16:40 ----A---- C:\Windows\system32\mblctr.exe
2008-06-17 13:16:40 ----A---- C:\Windows\system32\cryptsvc.dll
2008-06-17 13:16:39 ----A---- C:\Windows\system32\schtasks.exe
2008-06-17 13:16:39 ----A---- C:\Windows\system32\RelMon.dll
2008-06-17 13:16:39 ----A---- C:\Windows\system32\pdh.dll
2008-06-17 13:16:39 ----A---- C:\Windows\system32\netdiagfx.dll
2008-06-17 13:16:39 ----A---- C:\Windows\system32\msfeeds.dll
2008-06-17 13:16:39 ----A---- C:\Windows\system32\iasacct.dll
2008-06-17 13:16:39 ----A---- C:\Windows\system32\dmdlgs.dll
2008-06-17 13:16:39 ----A---- C:\Windows\system32\dhcpsapi.dll
2008-06-17 13:16:39 ----A---- C:\Windows\system32\catsrv.dll
2008-06-17 13:16:39 ----A---- C:\Windows\system32\activeds.dll
2008-06-17 13:16:38 ----A---- C:\Windows\system32\TSpkg.dll
2008-06-17 13:16:38 ----A---- C:\Windows\system32\FirewallControlPanel.exe
2008-06-17 13:16:38 ----A---- C:\Windows\system32\dfrgfat.exe
2008-06-17 13:16:37 ----A---- C:\Windows\system32\wvc.dll
2008-06-17 13:16:37 ----A---- C:\Windows\system32\winrm.vbs
2008-06-17 13:16:37 ----A---- C:\Windows\system32\qwave.dll
2008-06-17 13:16:37 ----A---- C:\Windows\system32\fdWCN.dll
2008-06-17 13:16:37 ----A---- C:\Windows\system32\dot3msm.dll
2008-06-17 13:16:37 ----A---- C:\Windows\system32\AudioSes.dll
2008-06-17 13:16:36 ----A---- C:\Windows\system32\rastapi.dll
2008-06-17 13:16:36 ----A---- C:\Windows\system32\netcorehc.dll
2008-06-17 13:16:36 ----A---- C:\Windows\system32\NAPHLPR.DLL
2008-06-17 13:16:36 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2008-06-17 13:16:36 ----A---- C:\Windows\system32\msacm32.dll
2008-06-17 13:16:36 ----A---- C:\Windows\system32\ifmon.dll
2008-06-17 13:16:36 ----A---- C:\Windows\system32\dot3cfg.dll
2008-06-17 13:16:35 ----A---- C:\Windows\system32\wow32.dll
2008-06-17 13:16:35 ----A---- C:\Windows\system32\shsetup.dll
2008-06-17 13:16:35 ----A---- C:\Windows\system32\adsldp.dll
2008-06-17 13:16:34 ----A---- C:\Windows\system32\wscntfy.dll
2008-06-17 13:16:34 ----A---- C:\Windows\system32\ntshrui.dll
2008-06-17 13:16:34 ----A---- C:\Windows\system32\msdt.dll
2008-06-17 13:16:34 ----A---- C:\Windows\system32\els.dll
2008-06-17 13:16:34 ----A---- C:\Windows\system32\clbcatq.dll
2008-06-17 13:16:33 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-06-17 13:16:33 ----A---- C:\Windows\system32\stobject.dll
2008-06-17 13:16:33 ----A---- C:\Windows\system32\sdrsvc.dll
2008-06-17 13:16:33 ----A---- C:\Windows\system32\QUTIL.DLL
2008-06-17 13:16:33 ----A---- C:\Windows\system32\net1.exe
2008-06-17 13:16:33 ----A---- C:\Windows\system32\ipnathlp.dll
2008-06-17 13:16:33 ----A---- C:\Windows\system32\iasrecst.dll
2008-06-17 13:16:33 ----A---- C:\Windows\system32\iasdatastore.dll
2008-06-17 13:16:33 ----A---- C:\Windows\system32\fdSSDP.dll
2008-06-17 13:16:32 ----A---- C:\Windows\system32\wlanui.dll
2008-06-17 13:16:32 ----A---- C:\Windows\system32\dsprop.dll
2008-06-17 13:16:32 ----A---- C:\Windows\system32\Defrag.exe
2008-06-17 13:16:31 ----A---- C:\Windows\system32\wlgpclnt.dll
2008-06-17 13:16:31 ----A---- C:\Windows\system32\upnphost.dll
2008-06-17 13:16:31 ----A---- C:\Windows\system32\systemcpl.dll
2008-06-17 13:16:31 ----A---- C:\Windows\system32\smss.exe
2008-06-17 13:16:31 ----A---- C:\Windows\system32\nci.dll
2008-06-17 13:16:31 ----A---- C:\Windows\system32\mprmsg.dll
2008-06-17 13:16:31 ----A---- C:\Windows\system32\adsldpc.dll
2008-06-17 13:16:30 ----A---- C:\Windows\system32\rasman.dll
2008-06-17 13:16:30 ----A---- C:\Windows\system32\rascfg.dll
2008-06-17 13:16:30 ----A---- C:\Windows\system32\PresentationSettings.exe
2008-06-17 13:16:30 ----A---- C:\Windows\system32\P2P.dll
2008-06-17 13:16:30 ----A---- C:\Windows\system32\msftedit.dll
2008-06-17 13:16:30 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2008-06-17 13:16:30 ----A---- C:\Windows\system32\loghours.dll
2008-06-17 13:16:30 ----A---- C:\Windows\system32\fde.dll
2008-06-17 13:16:30 ----A---- C:\Windows\system32\CompatUI.dll
2008-06-17 13:16:30 ----A---- C:\Windows\system32\ActiveContentWizard.dll
2008-06-17 13:16:29 ----A---- C:\Windows\system32\Wpc.dll
2008-06-17 13:16:29 ----A---- C:\Windows\system32\t2embed.dll
2008-06-17 13:16:29 ----A---- C:\Windows\system32\oleprn.dll
2008-06-17 13:16:29 ----A---- C:\Windows\system32\MigAutoPlay.exe
2008-06-17 13:16:29 ----A---- C:\Windows\system32\L2SecHC.dll
2008-06-17 13:16:29 ----A---- C:\Windows\system32\dxdiag.exe
2008-06-17 13:16:28 ----A---- C:\Windows\system32\wdigest.dll
2008-06-17 13:16:28 ----A---- C:\Windows\system32\setupcl.exe
2008-06-17 13:16:28 ----A---- C:\Windows\system32\mprdim.dll
2008-06-17 13:16:28 ----A---- C:\Windows\system32\gpapi.dll
2008-06-17 13:16:28 ----A---- C:\Windows\system32\DFDWiz.exe
2008-06-17 13:16:28 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2008-06-17 13:16:27 ----A---- C:\Windows\system32\scansetting.dll
2008-06-17 13:16:27 ----A---- C:\Windows\system32\rtm.dll
2008-06-17 13:16:27 ----A---- C:\Windows\system32\msutb.dll
2008-06-17 13:16:27 ----A---- C:\Windows\system32\devmgr.dll
2008-06-17 13:16:26 ----A---- C:\Windows\system32\wiaservc.dll
2008-06-17 13:16:26 ----A---- C:\Windows\system32\NAPCRYPT.DLL
2008-06-17 13:16:26 ----A---- C:\Windows\system32\msihnd.dll
2008-06-17 13:16:26 ----A---- C:\Windows\system32\ifsutil.dll
2008-06-17 13:16:26 ----A---- C:\Windows\system32\CertEnrollUI.dll
2008-06-17 13:16:26 ----A---- C:\Windows\system32\actxprxy.dll
2008-06-17 13:16:25 ----A---- C:\Windows\system32\wdi.dll
2008-06-17 13:16:25 ----A---- C:\Windows\system32\kdusb.dll
2008-06-17 13:16:25 ----A---- C:\Windows\system32\dimsroam.dll
2008-06-17 13:16:24 ----A---- C:\Windows\system32\wscapi.dll
2008-06-17 13:16:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2008-06-17 13:16:24 ----A---- C:\Windows\system32\usbmon.dll
2008-06-17 13:16:24 ----A---- C:\Windows\system32\SyncCenter.dll
2008-06-17 13:16:24 ----A---- C:\Windows\system32\spoolsv.exe
2008-06-17 13:16:24 ----A---- C:\Windows\system32\mswmdm.dll
2008-06-17 13:16:24 ----A---- C:\Windows\system32\imagehlp.dll
2008-06-17 13:16:24 ----A---- C:\Windows\system32\BOOTVID.DLL
2008-06-17 13:16:24 ----A---- C:\Windows\system32\audiodg.exe
2008-06-17 13:16:23 ----A---- C:\Windows\system32\wlandlg.dll
2008-06-17 13:16:23 ----A---- C:\Windows\system32\vssadmin.exe
2008-06-17 13:16:23 ----A---- C:\Windows\system32\uudf.dll
2008-06-17 13:16:23 ----A---- C:\Windows\system32\scecli.dll
2008-06-17 13:16:23 ----A---- C:\Windows\system32\regapi.dll
2008-06-17 13:16:23 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-06-17 13:16:23 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2008-06-17 13:16:23 ----A---- C:\Windows\system32\mycomput.dll
2008-06-17 13:16:23 ----A---- C:\Windows\system32\msls31.dll
2008-06-17 13:16:22 ----A---- C:\Windows\system32\sud.dll
2008-06-17 13:16:22 ----A---- C:\Windows\system32\SCardSvr.dll
2008-06-17 13:16:22 ----A---- C:\Windows\system32\newdev.dll
2008-06-17 13:16:22 ----A---- C:\Windows\system32\mstask.dll
2008-06-17 13:16:22 ----A---- C:\Windows\system32\mspaint.exe
2008-06-17 13:16:22 ----A---- C:\Windows\system32\kdcom.dll
2008-06-17 13:16:21 ----A---- C:\Windows\system32\termmgr.dll
2008-06-17 13:16:21 ----A---- C:\Windows\system32\ssdpsrv.dll
2008-06-17 13:16:21 ----A---- C:\Windows\system32\samlib.dll
2008-06-17 13:16:21 ----A---- C:\Windows\system32\puiapi.dll
2008-06-17 13:16:21 ----A---- C:\Windows\system32\mtxoci.dll
2008-06-17 13:16:21 ----A---- C:\Windows\system32\duser.dll
2008-06-17 13:16:21 ----A---- C:\Windows\system32\adtschema.dll
2008-06-17 13:16:20 ----A---- C:\Windows\system32\tapisrv.dll
2008-06-17 13:16:20 ----A---- C:\Windows\system32\Robocopy.exe
2008-06-17 13:16:20 ----A---- C:\Windows\system32\input.dll
2008-06-17 13:16:20 ----A---- C:\Windows\system32\inetpp.dll
2008-06-17 13:16:20 ----A---- C:\Windows\system32\cic.dll
2008-06-17 13:16:20 ----A---- C:\Windows\system32\AzSqlExt.dll
2008-06-17 13:16:19 ----A---- C:\Windows\system32\wisptis.exe
2008-06-17 13:16:19 ----A---- C:\Windows\system32\SLUINotify.dll
2008-06-17 13:16:19 ----A---- C:\Windows\system32\iasads.dll
2008-06-17 13:16:19 ----A---- C:\Windows\system32\cscapi.dll
2008-06-17 13:16:18 ----A---- C:\Windows\system32\WUDFPlatform.dll
2008-06-17 13:16:18 ----A---- C:\Windows\system32\sdshext.dll
2008-06-17 13:16:18 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-06-17 13:16:18 ----A---- C:\Windows\system32\netiohlp.dll
2008-06-17 13:16:18 ----A---- C:\Windows\system32\msdtclog.dll
2008-06-17 13:16:18 ----A---- C:\Windows\system32\msdt.exe
2008-06-17 13:16:18 ----A---- C:\Windows\system32\authz.dll
2008-06-17 13:16:17 ----A---- C:\Windows\system32\webcheck.dll
2008-06-17 13:16:17 ----A---- C:\Windows\system32\verifier.exe
2008-06-17 13:16:17 ----A---- C:\Windows\system32\themeui.dll
2008-06-17 13:16:17 ----A---- C:\Windows\system32\NlsData0000.dll
2008-06-17 13:16:17 ----A---- C:\Windows\system32\d3d8.dll
2008-06-17 13:16:17 ----A---- C:\Windows\system32\cmdial32.dll
2008-06-17 13:16:16 ----A---- C:\Windows\system32\wpcsvc.dll
2008-06-17 13:16:16 ----A---- C:\Windows\system32\wintrust.dll
2008-06-17 13:16:16 ----A---- C:\Windows\system32\slcinst.dll
2008-06-17 13:16:16 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll

jimscriv · 2008/08/26

008-06-17 13:16:16 ----A---- C:\Windows\system32\oledlg.dll
2008-06-17 13:16:16 ----A---- C:\Windows\system32\dxtmsft.dll
2008-06-17 13:16:16 ----A---- C:\Windows\system32\clfsw32.dll
2008-06-17 13:16:15 ----A---- C:\Windows\system32\wpccpl.dll
2008-06-17 13:16:15 ----A---- C:\Windows\system32\WMPhoto.dll
2008-06-17 13:16:15 ----A---- C:\Windows\system32\vdsldr.exe
2008-06-17 13:16:15 ----A---- C:\Windows\system32\SnippingTool.exe
2008-06-17 13:16:15 ----A---- C:\Windows\system32\SndVol.exe
2008-06-17 13:16:15 ----A---- C:\Windows\system32\rasgcw.dll
2008-06-17 13:16:15 ----A---- C:\Windows\system32\pnpsetup.dll
2008-06-17 13:16:15 ----A---- C:\Windows\system32\ntmarta.dll
2008-06-17 13:16:15 ----A---- C:\Windows\system32\msaatext.dll
2008-06-17 13:16:15 ----A---- C:\Windows\system32\mmcbase.dll
2008-06-17 13:16:15 ----A---- C:\Windows\system32\mlang.dll
2008-06-17 13:16:15 ----A---- C:\Windows\system32\icfupgd.dll
2008-06-17 13:16:15 ----A---- C:\Windows\system32\icardie.dll
2008-06-17 13:16:14 ----A---- C:\Windows\system32\wpd_ci.dll
2008-06-17 13:16:14 ----A---- C:\Windows\system32\slmgr.vbs
2008-06-17 13:16:14 ----A---- C:\Windows\system32\rasqec.dll
2008-06-17 13:16:14 ----A---- C:\Windows\system32\polstore.dll
2008-06-17 13:16:14 ----A---- C:\Windows\system32\nslookup.exe
2008-06-17 13:16:14 ----A---- C:\Windows\system32\ncobjapi.dll
2008-06-17 13:16:14 ----A---- C:\Windows\system32\msrd3x40.dll
2008-06-17 13:16:14 ----A---- C:\Windows\system32\mpr.dll
2008-06-17 13:16:14 ----A---- C:\Windows\system32\ieui.dll
2008-06-17 13:16:14 ----A---- C:\Windows\system32\diskraid.exe
2008-06-17 13:16:13 ----A---- C:\Windows\system32\wtsapi32.dll
2008-06-17 13:16:13 ----A---- C:\Windows\system32\unlodctr.exe
2008-06-17 13:16:13 ----A---- C:\Windows\system32\syssetup.dll
2008-06-17 13:16:13 ----A---- C:\Windows\system32\pnpui.dll
2008-06-17 13:16:13 ----A---- C:\Windows\system32\mscms.dll
2008-06-17 13:16:13 ----A---- C:\Windows\system32\lodctr.exe
2008-06-17 13:16:13 ----A---- C:\Windows\system32\iaspolcy.dll
2008-06-17 13:16:13 ----A---- C:\Windows\system32\extmgr.dll
2008-06-17 13:16:13 ----A---- C:\Windows\system32\accessibilitycpl.dll
2008-06-17 13:16:12 ----A---- C:\Windows\system32\ulib.dll
2008-06-17 13:16:12 ----A---- C:\Windows\system32\sethc.exe
2008-06-17 13:16:12 ----A---- C:\Windows\system32\oobefldr.dll
2008-06-17 13:16:12 ----A---- C:\Windows\system32\Mcx2Svc.dll
2008-06-17 13:16:12 ----A---- C:\Windows\system32\fontsub.dll
2008-06-17 13:16:12 ----A---- C:\Windows\system32\dxdiagn.dll
2008-06-17 13:16:12 ----A---- C:\Windows\system32\cabinet.dll
2008-06-17 13:16:11 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2008-06-17 13:16:11 ----A---- C:\Windows\system32\Utilman.exe
2008-06-17 13:16:11 ----A---- C:\Windows\system32\trkwks.dll
2008-06-17 13:16:11 ----A---- C:\Windows\system32\scesrv.dll
2008-06-17 13:16:11 ----A---- C:\Windows\system32\lnkstub.exe
2008-06-17 13:16:10 ----A---- C:\Windows\system32\wermgr.exe
2008-06-17 13:16:10 ----A---- C:\Windows\system32\unattend.dll
2008-06-17 13:16:10 ----A---- C:\Windows\system32\ogldrv.dll
2008-06-17 13:16:10 ----A---- C:\Windows\system32\occache.dll
2008-06-17 13:16:10 ----A---- C:\Windows\system32\cabview.dll
2008-06-17 13:16:09 ----A---- C:\Windows\system32\dfdts.dll
2008-06-17 13:16:09 ----A---- C:\Windows\system32\bthci.dll
2008-06-17 13:16:08 ----A---- C:\Windows\system32\wpcao.dll
2008-06-17 13:16:08 ----A---- C:\Windows\system32\tlntsvr.exe
2008-06-17 13:16:08 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2008-06-17 13:16:08 ----A---- C:\Windows\system32\p2pcollab.dll
2008-06-17 13:16:08 ----A---- C:\Windows\system32\msnetobj.dll
2008-06-17 13:16:08 ----A---- C:\Windows\system32\iepeers.dll
2008-06-17 13:16:08 ----A---- C:\Windows\system32\eappgnui.dll
2008-06-17 13:16:07 ----A---- C:\Windows\system32\ieaksie.dll
2008-06-17 13:16:07 ----A---- C:\Windows\system32\DHCPQEC.DLL
2008-06-17 13:16:07 ----A---- C:\Windows\system32\basesrv.dll
2008-06-17 13:16:06 ----A---- C:\Windows\system32\drvinst.exe
2008-06-17 13:16:06 ----A---- C:\Windows\system32\dispdiag.exe
2008-06-17 13:16:05 ----A---- C:\Windows\system32\mmcss.dll
2008-06-17 13:16:05 ----A---- C:\Windows\system32\dsquery.dll
2008-06-17 13:16:04 ----A---- C:\Windows\system32\verifier.dll
2008-06-17 13:16:04 ----A---- C:\Windows\system32\RstrtMgr.dll
2008-06-17 13:16:03 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2008-06-17 13:16:03 ----A---- C:\Windows\system32\secproc_ssp.dll
2008-06-17 13:16:03 ----A---- C:\Windows\system32\mprapi.dll
2008-06-17 13:16:03 ----A---- C:\Windows\system32\efsadu.dll
2008-06-17 13:16:02 ----A---- C:\Windows\system32\WMVENCOD.DLL
2008-06-17 13:16:02 ----A---- C:\Windows\system32\wmpeffects.dll
2008-06-17 13:16:02 ----A---- C:\Windows\system32\wercplsupport.dll
2008-06-17 13:16:02 ----A---- C:\Windows\system32\qedit.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\WPDSp.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\wiascanprofiles.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\wiaaut.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\setupugc.exe
2008-06-17 13:16:01 ----A---- C:\Windows\system32\QSVRMGMT.DLL
2008-06-17 13:16:01 ----A---- C:\Windows\system32\pnrpnsp.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\pngfilt.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\p2pnetsh.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\networkmap.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\msoeacct.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\iscsiexe.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\icacls.exe
2008-06-17 13:16:01 ----A---- C:\Windows\system32\d3d10core.dll
2008-06-17 13:16:01 ----A---- C:\Windows\system32\consent.exe
2008-06-17 13:16:00 ----A---- C:\Windows\system32\xactsrv.dll
2008-06-17 13:16:00 ----A---- C:\Windows\system32\usercpl.dll
2008-06-17 13:16:00 ----A---- C:\Windows\system32\PNPXAssocPrx.dll
2008-06-17 13:16:00 ----A---- C:\Windows\system32\PNPXAssoc.dll
2008-06-17 13:16:00 ----A---- C:\Windows\system32\msrdc.dll
2008-06-17 13:16:00 ----A---- C:\Windows\system32\msdmo.dll
2008-06-17 13:16:00 ----A---- C:\Windows\system32\lsass.exe
2008-06-17 13:16:00 ----A---- C:\Windows\system32\conime.exe
2008-06-17 13:16:00 ----A---- C:\Windows\system32\autoplay.dll
2008-06-17 13:15:59 ----A---- C:\Windows\system32\pcadm.dll
2008-06-17 13:15:59 ----A---- C:\Windows\system32\lpk.dll
2008-06-17 13:15:59 ----A---- C:\Windows\system32\findstr.exe
2008-06-17 13:15:59 ----A---- C:\Windows\system32\eappprxy.dll
2008-06-17 13:15:59 ----A---- C:\Windows\system32\drmmgrtn.dll
2008-06-17 13:15:59 ----A---- C:\Windows\system32\dpapimig.exe
2008-06-17 13:15:58 ----A---- C:\Windows\system32\xwizards.dll
2008-06-17 13:15:58 ----A---- C:\Windows\system32\systeminfo.exe
2008-06-17 13:15:58 ----A---- C:\Windows\system32\resutils.dll
2008-06-17 13:15:58 ----A---- C:\Windows\system32\netcfg.exe
2008-06-17 13:15:58 ----A---- C:\Windows\system32\msrating.dll
2008-06-17 13:15:58 ----A---- C:\Windows\system32\mfplat.dll
2008-06-17 13:15:58 ----A---- C:\Windows\system32\DWWIN.EXE
2008-06-17 13:15:58 ----A---- C:\Windows\system32\cmdl32.exe
2008-06-17 13:15:57 ----A---- C:\Windows\system32\powercpl.dll
2008-06-17 13:15:57 ----A---- C:\Windows\system32\netprof.dll
2008-06-17 13:15:57 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2008-06-17 13:15:57 ----A---- C:\Windows\system32\dssec.dll
2008-06-17 13:15:57 ----A---- C:\Windows\system32\dot3ui.dll
2008-06-17 13:15:57 ----A---- C:\Windows\system32\dfrgifc.exe
2008-06-17 13:15:57 ----A---- C:\Windows\system32\dbnetlib.dll
2008-06-17 13:15:57 ----A---- C:\Windows\system32\alg.exe
2008-06-17 13:15:56 ----A---- C:\Windows\system32\odbc32.dll
2008-06-17 13:15:56 ----A---- C:\Windows\system32\nshhttp.dll
2008-06-17 13:15:56 ----A---- C:\Windows\system32\imm32.dll
2008-06-17 13:15:56 ----A---- C:\Windows\system32\btpanui.dll
2008-06-17 13:15:56 ----A---- C:\Windows\system32\apircl.dll
2008-06-17 13:15:56 ----A---- C:\Windows\regedit.exe
2008-06-17 13:15:55 ----A---- C:\Windows\system32\txflog.dll
2008-06-17 13:15:55 ----A---- C:\Windows\system32\feclient.dll
2008-06-17 13:15:54 ----A---- C:\Windows\system32\tbssvc.dll
2008-06-17 13:15:54 ----A---- C:\Windows\system32\taskkill.exe
2008-06-17 13:15:54 ----A---- C:\Windows\system32\iexpress.exe
2008-06-17 13:15:54 ----A---- C:\Windows\system32\dxva2.dll
2008-06-17 13:15:53 ----A---- C:\Windows\system32\RASMM.dll
2008-06-17 13:15:53 ----A---- C:\Windows\system32\msieftp.dll
2008-06-17 13:15:53 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2008-06-17 13:15:53 ----A---- C:\Windows\system32\dwmapi.dll
2008-06-17 13:15:53 ----A---- C:\Windows\system32\d3d10.dll
2008-06-17 13:15:53 ----A---- C:\Windows\system32\bcdprov.dll
2008-06-17 13:15:53 ----A---- C:\Windows\system32\ActionQueue.dll
2008-06-17 13:15:52 ----A---- C:\Windows\system32\syncui.dll
2008-06-17 13:15:52 ----A---- C:\Windows\system32\svchost.exe
2008-06-17 13:15:52 ----A---- C:\Windows\system32\slwmi.dll
2008-06-17 13:15:52 ----A---- C:\Windows\system32\shwebsvc.dll
2008-06-17 13:15:52 ----A---- C:\Windows\system32\provthrd.dll
2008-06-17 13:15:52 ----A---- C:\Windows\system32\EAPQEC.DLL
2008-06-17 13:15:52 ----A---- C:\Windows\system32\dmocx.dll
2008-06-17 13:15:51 ----A---- C:\Windows\system32\WMASF.DLL
2008-06-17 13:15:51 ----A---- C:\Windows\system32\SLCExt.dll
2008-06-17 13:15:51 ----A---- C:\Windows\system32\slcc.dll
2008-06-17 13:15:51 ----A---- C:\Windows\system32\raserver.exe
2008-06-17 13:15:51 ----A---- C:\Windows\system32\olepro32.dll
2008-06-17 13:15:51 ----A---- C:\Windows\system32\networkexplorer.dll
2008-06-17 13:15:51 ----A---- C:\Windows\system32\aclui.dll
2008-06-17 13:15:50 ----A---- C:\Windows\system32\xcopy.exe
2008-06-17 13:15:50 ----A---- C:\Windows\system32\uxsms.dll
2008-06-17 13:15:50 ----A---- C:\Windows\system32\UIHub.dll
2008-06-17 13:15:50 ----A---- C:\Windows\system32\taskmgr.exe
2008-06-17 13:15:50 ----A---- C:\Windows\system32\PnPUnattend.exe
2008-06-17 13:15:50 ----A---- C:\Windows\system32\ias.dll
2008-06-17 13:15:50 ----A---- C:\Windows\system32\dnscacheugc.exe
2008-06-17 13:15:50 ----A---- C:\Windows\system32\connect.dll
2008-06-17 13:15:50 ----A---- C:\Windows\system32\brcplsdw.dll
2008-06-17 13:15:50 ----A---- C:\Windows\system32\audiodev.dll
2008-06-17 13:15:49 ----A---- C:\Windows\system32\upnp.dll
2008-06-17 13:15:49 ----A---- C:\Windows\system32\reg.exe
2008-06-17 13:15:49 ----A---- C:\Windows\system32\QCLIPROV.DLL
2008-06-17 13:15:49 ----A---- C:\Windows\system32\icsfiltr.dll
2008-06-17 13:15:49 ----A---- C:\Windows\system32\atl.dll
2008-06-17 13:15:49 ----A---- C:\Windows\system32\appinfo.dll
2008-06-17 13:15:48 ----A---- C:\Windows\system32\wlanext.exe
2008-06-17 13:15:48 ----A---- C:\Windows\system32\perfts.dll
2008-06-17 13:15:48 ----A---- C:\Windows\system32\NapiNSP.dll
2008-06-17 13:15:48 ----A---- C:\Windows\system32\msoert2.dll
2008-06-17 13:15:48 ----A---- C:\Windows\system32\msjetoledb40.dll
2008-06-17 13:15:48 ----A---- C:\Windows\system32\mountvol.exe
2008-06-17 13:15:48 ----A---- C:\Windows\system32\mmcshext.dll
2008-06-17 13:15:48 ----A---- C:\Windows\system32\cmstp.exe
2008-06-17 13:15:48 ----A---- C:\Windows\system32\browser.dll
2008-06-17 13:15:48 ----A---- C:\Windows\system32\AuxiliaryDisplayApi.dll
2008-06-17 13:15:47 ----A---- C:\Windows\system32\wmpdxm.dll
2008-06-17 13:15:47 ----A---- C:\Windows\system32\netplwiz.dll
2008-06-17 13:15:47 ----A---- C:\Windows\system32\inetmib1.dll
2008-06-17 13:15:47 ----A---- C:\Windows\system32\dskquoui.dll
2008-06-17 13:15:47 ----A---- C:\Windows\system32\certprop.dll
2008-06-17 13:15:46 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2008-06-17 13:15:46 ----A---- C:\Windows\system32\WpdMtpUS.dll
2008-06-17 13:15:46 ----A---- C:\Windows\system32\WMVXENCD.DLL
2008-06-17 13:15:46 ----A---- C:\Windows\system32\SoundRecorder.exe
2008-06-17 13:15:46 ----A---- C:\Windows\system32\qcap.dll
2008-06-17 13:15:46 ----A---- C:\Windows\system32\qasf.dll
2008-06-17 13:15:46 ----A---- C:\Windows\system32\PING.EXE
2008-06-17 13:15:46 ----A---- C:\Windows\system32\ieakeng.dll
2008-06-17 13:15:46 ----A---- C:\Windows\system32\httpapi.dll
2008-06-17 13:15:46 ----A---- C:\Windows\system32\dmusic.dll
2008-06-17 13:15:46 ----A---- C:\Windows\system32\cewmdm.dll
2008-06-17 13:15:46 ----A---- C:\Windows\system32\bitsadmin.exe
2008-06-17 13:15:45 ----A---- C:\Windows\system32\WUDFSvc.dll
2008-06-17 13:15:45 ----A---- C:\Windows\system32\wmpsrcwp.dll
2008-06-17 13:15:45 ----A---- C:\Windows\system32\SysFxUI.dll
2008-06-17 13:15:45 ----A---- C:\Windows\system32\SecEdit.exe
2008-06-17 13:15:45 ----A---- C:\Windows\system32\rekeywiz.exe
2008-06-17 13:15:45 ----A---- C:\Windows\system32\mscandui.dll
2008-06-17 13:15:45 ----A---- C:\Windows\system32\dsuiext.dll
2008-06-17 13:15:45 ----A---- C:\Windows\system32\auditpol.exe
2008-06-17 13:15:45 ----A---- C:\Windows\system32\adsmsext.dll
2008-06-17 13:15:44 ----A---- C:\Windows\system32\WMVSENCD.DLL
2008-06-17 13:15:44 ----A---- C:\Windows\system32\Sens.dll
2008-06-17 13:15:44 ----A---- C:\Windows\system32\mtstocom.exe
2008-06-17 13:15:44 ----A---- C:\Windows\system32\makecab.exe
2008-06-17 13:15:44 ----A---- C:\Windows\system32\lsmproxy.dll
2008-06-17 13:15:43 ----A---- C:\Windows\system32\xwtpw32.dll
2008-06-17 13:15:43 ----A---- C:\Windows\system32\tlntsess.exe
2008-06-17 13:15:43 ----A---- C:\Windows\system32\shimgvw.dll
2008-06-17 13:15:43 ----A---- C:\Windows\system32\sbeio.dll
2008-06-17 13:15:43 ----A---- C:\Windows\system32\dot3gpclnt.dll
2008-06-17 13:15:43 ----A---- C:\Windows\system32\batt.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\wzcdlg.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\wscmisetup.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\wiashext.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\wiadefui.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\sppnp.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\seclogon.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\printcom.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\ndfapi.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\msorcl32.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\msdadiag.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\dxtrans.dll
2008-06-17 13:15:42 ----A---- C:\Windows\system32\apss.dll
2008-06-17 13:15:41 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2008-06-17 13:15:41 ----A---- C:\Windows\system32\userinit.exe
2008-06-17 13:15:41 ----A---- C:\Windows\system32\shacct.dll
2008-06-17 13:15:41 ----A---- C:\Windows\system32\perfmon.exe
2008-06-17 13:15:41 ----A---- C:\Windows\system32\p2phost.exe
2008-06-17 13:15:41 ----A---- C:\Windows\system32\napipsec.dll
2008-06-17 13:15:40 ----A---- C:\Windows\system32\wpdwcn.dll
2008-06-17 13:15:40 ----A---- C:\Windows\system32\winrshost.exe
2008-06-17 13:15:40 ----A---- C:\Windows\system32\tasklist.exe
2008-06-17 13:15:40 ----A---- C:\Windows\system32\TapiMigPlugin.dll
2008-06-17 13:15:40 ----A---- C:\Windows\system32\sxstrace.exe
2008-06-17 13:15:40 ----A---- C:\Windows\system32\rrinstaller.exe
2008-06-17 13:15:40 ----A---- C:\Windows\system32\prntvpt.dll
2008-06-17 13:15:40 ----A---- C:\Windows\system32\notepad.exe
2008-06-17 13:15:40 ----A---- C:\Windows\system32\ktmutil.exe
2008-06-17 13:15:40 ----A---- C:\Windows\system32\keymgr.dll
2008-06-17 13:15:40 ----A---- C:\Windows\system32\HelpPaneProxy.dll
2008-06-17 13:15:40 ----A---- C:\Windows\system32\ftp.exe
2008-06-17 13:15:40 ----A---- C:\Windows\system32\csrsrv.dll
2008-06-17 13:15:40 ----A---- C:\Windows\notepad.exe
2008-06-17 13:15:39 ----A---- C:\Windows\system32\MP4SDECD.DLL
2008-06-17 13:15:39 ----A---- C:\Windows\system32\fmifs.dll
2008-06-17 13:15:39 ----A---- C:\Windows\system32\d3dim700.dll
2008-06-17 13:15:39 ----A---- C:\Windows\system32\colorui.dll
2008-06-17 13:15:38 ----A---- C:\Windows\system32\wscproxystub.dll
2008-06-17 13:15:38 ----A---- C:\Windows\system32\winethc.dll
2008-06-17 13:15:38 ----A---- C:\Windows\system32\UIAutomationCore.dll
2008-06-17 13:15:38 ----A---- C:\Windows\system32\PnPutil.exe
2008-06-17 13:15:38 ----A---- C:\Windows\system32\pcasvc.dll
2008-06-17 13:15:38 ----A---- C:\Windows\system32\nshipsec.dll
2008-06-17 13:15:38 ----A---- C:\Windows\system32\netiougc.exe
2008-06-17 13:15:38 ----A---- C:\Windows\system32\msimtf.dll
2008-06-17 13:15:38 ----A---- C:\Windows\system32\msiexec.exe
2008-06-17 13:15:38 ----A---- C:\Windows\system32\mfps.dll
2008-06-17 13:15:38 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-06-17 13:15:38 ----A---- C:\Windows\system32\driverquery.exe
2008-06-17 13:15:38 ----A---- C:\Windows\system32\cryptdll.dll
2008-06-17 13:15:37 ----A---- C:\Windows\system32\wmiprop.dll
2008-06-17 13:15:37 ----A---- C:\Windows\system32\txfw32.dll
2008-06-17 13:15:37 ----A---- C:\Windows\system32\takeown.exe
2008-06-17 13:15:37 ----A---- C:\Windows\system32\pots.dll
2008-06-17 13:15:37 ----A---- C:\Windows\system32\logagent.exe
2008-06-17 13:15:37 ----A---- C:\Windows\system32\inseng.dll
2008-06-17 13:15:37 ----A---- C:\Windows\system32\findnetprinters.dll
2008-06-17 13:15:36 ----A---- C:\Windows\system32\wpdbusenum.dll
2008-06-17 13:15:36 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-06-17 13:15:36 ----A---- C:\Windows\system32\rasplap.dll
2008-06-17 13:15:36 ----A---- C:\Windows\system32\powrprof.dll
2008-06-17 13:15:36 ----A---- C:\Windows\system32\mfpmp.exe
2008-06-17 13:15:36 ----A---- C:\Windows\system32\fsutil.exe
2008-06-17 13:15:36 ----A---- C:\Windows\system32\dnshc.dll
2008-06-17 13:15:36 ----A---- C:\Windows\system32\capisp.dll
2008-06-17 13:15:35 ----A---- C:\Windows\system32\shrpubw.exe
2008-06-17 13:15:35 ----A---- C:\Windows\system32\sfc_os.dll
2008-06-17 13:15:35 ----A---- C:\Windows\system32\sendmail.dll
2008-06-17 13:15:35 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2008-06-17 13:15:35 ----A---- C:\Windows\system32\perfnet.dll
2008-06-17 13:15:35 ----A---- C:\Windows\system32\olecli32.dll
2008-06-17 13:15:35 ----A---- C:\Windows\system32\nsisvc.dll
2008-06-17 13:15:35 ----A---- C:\Windows\system32\luainstall.dll
2008-06-17 13:15:34 ----A---- C:\Windows\system32\WLanHC.dll
2008-06-17 13:15:34 ----A---- C:\Windows\system32\wextract.exe
2008-06-17 13:15:34 ----A---- C:\Windows\system32\TMM.dll
2008-06-17 13:15:34 ----A---- C:\Windows\system32\shgina.dll
2008-06-17 13:15:34 ----A---- C:\Windows\system32\rshx32.dll
2008-06-17 13:15:34 ----A---- C:\Windows\system32\RpcPing.exe
2008-06-17 13:15:34 ----A---- C:\Windows\system32\ktmw32.dll
2008-06-17 13:15:34 ----A---- C:\Windows\system32\imapi.dll
2008-06-17 13:15:34 ----A---- C:\Windows\system32\fdPHost.dll
2008-06-17 13:15:34 ----A---- C:\Windows\system32\d3dim.dll
2008-06-17 13:15:34 ----A---- C:\Windows\system32\cmmon32.exe
2008-06-17 13:15:33 ----A---- C:\Windows\system32\WMADMOE.DLL
2008-06-17 13:15:33 ----A---- C:\Windows\system32\wiaacmgr.exe
2008-06-17 13:15:33 ----A---- C:\Windows\system32\version.dll
2008-06-17 13:15:33 ----A---- C:\Windows\system32\runonce.exe
2008-06-17 13:15:33 ----A---- C:\Windows\system32\getmac.exe
2008-06-17 13:15:33 ----A---- C:\Windows\system32\dimsjob.dll
2008-06-17 13:15:33 ----A---- C:\Windows\system32\compstui.dll
2008-06-17 13:15:33 ----A---- C:\Windows\system32\cmlua.dll
2008-06-17 13:15:32 ----A---- C:\Windows\system32\w32tm.exe
2008-06-17 13:15:32 ----A---- C:\Windows\system32\unregmp2.exe
2008-06-17 13:15:32 ----A---- C:\Windows\system32\UI0Detect.exe
2008-06-17 13:15:32 ----A---- C:\Windows\system32\net.exe
2008-06-17 13:15:32 ----A---- C:\Windows\system32\msvfw32.dll
2008-06-17 13:15:32 ----A---- C:\Windows\system32\MPG4DECD.DLL
2008-06-17 13:15:32 ----A---- C:\Windows\system32\MP43DECD.DLL
2008-06-17 13:15:32 ----A---- C:\Windows\system32\mdminst.dll
2008-06-17 13:15:32 ----A---- C:\Windows\system32\dsauth.dll
2008-06-17 13:15:31 ----A---- C:\Windows\system32\wmpshell.dll
2008-06-17 13:15:31 ----A---- C:\Windows\system32\tscupgrd.exe
2008-06-17 13:15:31 ----A---- C:\Windows\system32\ipconfig.exe
2008-06-17 13:15:31 ----A---- C:\Windows\system32\imgutil.dll
2008-06-17 13:15:31 ----A---- C:\Windows\system32\credui.dll
2008-06-17 13:15:31 ----A---- C:\Windows\system32\ACW.exe
2008-06-17 13:15:30 ----A---- C:\Windows\system32\sdchange.exe
2008-06-17 13:15:30 ----A---- C:\Windows\system32\PortableDeviceWiaCompat.dll

jimscriv · 2008/08/26

2008-06-17 13:15:30 ----A---- C:\Windows\system32\pnpts.dll
2008-06-17 13:15:30 ----A---- C:\Windows\system32\migisol.dll
2008-06-17 13:15:30 ----A---- C:\Windows\system32\fdeploy.dll
2008-06-17 13:15:30 ----A---- C:\Windows\system32\dispci.dll
2008-06-17 13:15:30 ----A---- C:\Windows\system32\diantz.exe
2008-06-17 13:15:30 ----A---- C:\Windows\system32\cmutil.dll
2008-06-17 13:15:29 ----A---- C:\Windows\system32\sfc.exe
2008-06-17 13:15:29 ----A---- C:\Windows\system32\dinput8.dll
2008-06-17 13:15:29 ----A---- C:\Windows\system32\comrepl.dll
2008-06-17 13:15:28 ----A---- C:\Windows\system32\TSTheme.exe
2008-06-17 13:15:27 ----A---- C:\Windows\system32\remotepg.dll
2008-06-17 13:15:27 ----A---- C:\Windows\system32\pdhui.dll
2008-06-17 13:15:27 ----A---- C:\Windows\system32\nlaapi.dll
2008-06-17 13:15:27 ----A---- C:\Windows\system32\ExplorerFrame.dll
2008-06-17 13:15:27 ----A---- C:\Windows\system32\EncDump.dll
2008-06-17 13:15:27 ----A---- C:\Windows\system32\cfgbkend.dll
2008-06-17 13:15:26 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2008-06-17 13:15:26 ----A---- C:\Windows\system32\wmidx.dll
2008-06-17 13:15:26 ----A---- C:\Windows\system32\vdmredir.dll
2008-06-17 13:15:26 ----A---- C:\Windows\system32\utildll.dll
2008-06-17 13:15:26 ----A---- C:\Windows\system32\TpmInit.exe
2008-06-17 13:15:26 ----A---- C:\Windows\system32\softkbd.dll
2008-06-17 13:15:26 ----A---- C:\Windows\system32\modemui.dll
2008-06-17 13:15:26 ----A---- C:\Windows\system32\hlink.dll
2008-06-17 13:15:26 ----A---- C:\Windows\system32\fwcfg.dll
2008-06-17 13:15:26 ----A---- C:\Windows\system32\expand.exe
2008-06-17 13:15:26 ----A---- C:\Windows\system32\colbact.dll
2008-06-17 13:15:25 ----A---- C:\Windows\system32\McxDriv.dll
2008-06-17 13:15:25 ----A---- C:\Windows\system32\iernonce.dll
2008-06-17 13:15:25 ----A---- C:\Windows\system32\bridgeunattend.exe
2008-06-17 13:15:25 ----A---- C:\Windows\system32\amstream.dll
2008-06-17 13:15:24 ----A---- C:\Windows\system32\wsnmp32.dll
2008-06-17 13:15:24 ----A---- C:\Windows\system32\wmvdspa.dll
2008-06-17 13:15:24 ----A---- C:\Windows\system32\vds_ps.dll
2008-06-17 13:15:24 ----A---- C:\Windows\system32\sti_ci.dll
2008-06-17 13:15:24 ----A---- C:\Windows\system32\rdrleakdiag.exe
2008-06-17 13:15:24 ----A---- C:\Windows\system32\msfeedsbs.dll
2008-06-17 13:15:24 ----A---- C:\Windows\system32\esentutl.exe
2008-06-17 13:15:24 ----A---- C:\Windows\system32\bootcfg.exe
2008-06-17 13:15:23 ----A---- C:\Windows\system32\waitfor.exe
2008-06-17 13:15:23 ----A---- C:\Windows\system32\tabcal.exe
2008-06-17 13:15:23 ----A---- C:\Windows\system32\qdv.dll
2008-06-17 13:15:23 ----A---- C:\Windows\system32\osblprov.dll
2008-06-17 13:15:23 ----A---- C:\Windows\system32\odbccp32.dll
2008-06-17 13:15:23 ----A---- C:\Windows\system32\logman.exe
2008-06-17 13:15:23 ----A---- C:\Windows\system32\iscsium.dll
2008-06-17 13:15:23 ----A---- C:\Windows\system32\dpnet.dll
2008-06-17 13:15:23 ----A---- C:\Windows\system32\cmcfg32.dll
2008-06-17 13:15:23 ----A---- C:\Windows\system32\admparse.dll
2008-06-17 13:15:22 ----A---- C:\Windows\system32\WsmCl.dll
2008-06-17 13:15:22 ----A---- C:\Windows\system32\wfapigp.dll
2008-06-17 13:15:22 ----A---- C:\Windows\system32\shutdown.exe
2008-06-17 13:15:22 ----A---- C:\Windows\system32\cacls.exe
2008-06-17 13:15:21 ----A---- C:\Windows\system32\wmpcm.dll
2008-06-17 13:15:21 ----A---- C:\Windows\system32\olesvr32.dll
2008-06-17 13:15:21 ----A---- C:\Windows\system32\msdtc.exe
2008-06-17 13:15:21 ----A---- C:\Windows\system32\DpiScaling.exe
2008-06-17 13:15:20 ----A---- C:\Windows\system32\wpnpinst.exe
2008-06-17 13:15:20 ----A---- C:\Windows\system32\werdiagcontroller.dll
2008-06-17 13:15:20 ----A---- C:\Windows\system32\rasauto.dll
2008-06-17 13:15:20 ----A---- C:\Windows\system32\olethk32.dll
2008-06-17 13:15:20 ----A---- C:\Windows\system32\mstext40.dll
2008-06-17 13:15:20 ----A---- C:\Windows\system32\mfvdsp.dll
2008-06-17 13:15:20 ----A---- C:\Windows\system32\iscsiwmi.dll
2008-06-17 13:15:20 ----A---- C:\Windows\system32\dmsynth.dll
2008-06-17 13:15:20 ----A---- C:\Windows\system32\COLORCNV.DLL
2008-06-17 13:15:19 ----A---- C:\Windows\system32\wavemsp.dll
2008-06-17 13:15:19 ----A---- C:\Windows\system32\ufat.dll
2008-06-17 13:15:19 ----A---- C:\Windows\system32\sxproxy.dll
2008-06-17 13:15:19 ----A---- C:\Windows\system32\SLLUA.exe
2008-06-17 13:15:18 ----A---- C:\Windows\system32\WpdConns.dll
2008-06-17 13:15:18 ----A---- C:\Windows\system32\odbctrac.dll
2008-06-17 13:15:18 ----A---- C:\Windows\system32\networkitemfactory.dll
2008-06-17 13:15:18 ----A---- C:\Windows\system32\msctfui.dll
2008-06-17 13:15:18 ----A---- C:\Windows\system32\at.exe
2008-06-17 13:15:17 ----A---- C:\Windows\system32\xmlprovi.dll
2008-06-17 13:15:17 ----A---- C:\Windows\system32\ucsvc.exe
2008-06-17 13:15:17 ----A---- C:\Windows\system32\TimeDateMUICallback.dll
2008-06-17 13:15:17 ----A---- C:\Windows\system32\rgb9rast.dll
2008-06-17 13:15:17 ----A---- C:\Windows\system32\RegCtrl.dll
2008-06-17 13:15:17 ----A---- C:\Windows\system32\mshta.exe
2008-06-17 13:15:17 ----A---- C:\Windows\system32\mobsync.exe
2008-06-17 13:15:17 ----A---- C:\Windows\system32\licmgr10.dll
2008-06-17 13:15:17 ----A---- C:\Windows\system32\itss.dll
2008-06-17 13:15:17 ----A---- C:\Windows\system32\csrstub.exe
2008-06-17 13:15:17 ----A---- C:\Windows\system32\convert.exe
2008-06-17 13:15:17 ----A---- C:\Windows\system32\bitsigd.dll
2008-06-17 13:15:16 ----A---- C:\Windows\system32\tbs.dll
2008-06-17 13:15:16 ----A---- C:\Windows\system32\rasdiag.dll
2008-06-17 13:15:16 ----A---- C:\Windows\system32\prevhost.exe
2008-06-17 13:15:16 ----A---- C:\Windows\system32\netbtugc.exe
2008-06-17 13:15:16 ----A---- C:\Windows\system32\iscsied.dll
2008-06-17 13:15:16 ----A---- C:\Windows\system32\dskquota.dll
2008-06-17 13:15:16 ----A---- C:\Windows\system32\AuthFWGP.dll
2008-06-17 13:15:16 ----A---- C:\Windows\system32\AtBroker.exe
2008-06-17 13:15:15 ----A---- C:\Windows\system32\unattendedjoin.exe
2008-06-17 13:15:15 ----A---- C:\Windows\system32\setupcln.dll
2008-06-17 13:15:15 ----A---- C:\Windows\system32\ocsetup.exe
2008-06-17 13:15:15 ----A---- C:\Windows\system32\GuidedHelp.dll
2008-06-17 13:15:15 ----A---- C:\Windows\system32\fphc.dll
2008-06-17 13:15:15 ----A---- C:\Windows\system32\dmime.dll
2008-06-17 13:15:15 ----A---- C:\Windows\system32\cscdll.dll
2008-06-17 13:15:14 ----A---- C:\Windows\system32\winnsi.dll
2008-06-17 13:15:14 ----A---- C:\Windows\system32\regini.exe
2008-06-17 13:15:14 ----A---- C:\Windows\system32\napdsnap.dll
2008-06-17 13:15:14 ----A---- C:\Windows\system32\mydocs.dll
2008-06-17 13:15:14 ----A---- C:\Windows\system32\l2gpstore.dll
2008-06-17 13:15:14 ----A---- C:\Windows\system32\dsdmo.dll
2008-06-17 13:15:14 ----A---- C:\Windows\system32\devenum.dll
2008-06-17 13:15:14 ----A---- C:\Windows\system32\cmpbk32.dll
2008-06-17 13:15:14 ----A---- C:\Windows\system32\amxread.dll
2008-06-17 13:15:13 ----A---- C:\Windows\system32\VIDRESZR.DLL
2008-06-17 13:15:13 ----A---- C:\Windows\system32\usbui.dll
2008-06-17 13:15:13 ----A---- C:\Windows\system32\odbccu32.dll
2008-06-17 13:15:13 ----A---- C:\Windows\system32\odbccr32.dll
2008-06-17 13:15:13 ----A---- C:\Windows\system32\msident.dll
2008-06-17 13:15:13 ----A---- C:\Windows\system32\msdart.dll
2008-06-17 13:15:13 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2008-06-17 13:15:13 ----A---- C:\Windows\system32\dot3dlg.dll
2008-06-17 13:15:13 ----A---- C:\Windows\system32\cmstplua.dll
2008-06-17 13:15:13 ----A---- C:\Windows\system32\apilogen.dll
2008-06-17 13:15:12 ----A---- C:\Windows\system32\wpclsp.dll
2008-06-17 13:15:12 ----A---- C:\Windows\system32\WINSRPC.DLL
2008-06-17 13:15:12 ----A---- C:\Windows\system32\vss_ps.dll
2008-06-17 13:15:12 ----A---- C:\Windows\system32\upnpcont.exe
2008-06-17 13:15:12 ----A---- C:\Windows\system32\srwmi.dll
2008-06-17 13:15:12 ----A---- C:\Windows\system32\RacAgent.exe
2008-06-17 13:15:12 ----A---- C:\Windows\system32\nsi.dll
2008-06-17 13:15:12 ----A---- C:\Windows\system32\nbtstat.exe
2008-06-17 13:15:12 ----A---- C:\Windows\system32\mtxlegih.dll
2008-06-17 13:15:12 ----A---- C:\Windows\system32\mtxdm.dll
2008-06-17 13:15:12 ----A---- C:\Windows\system32\gpupdate.exe
2008-06-17 13:15:12 ----A---- C:\Windows\system32\avrt.dll
2008-06-17 13:15:11 ----A---- C:\Windows\system32\syskey.exe
2008-06-17 13:15:11 ----A---- C:\Windows\system32\rasphone.exe
2008-06-17 13:15:11 ----A---- C:\Windows\system32\netevent.dll
2008-06-17 13:15:11 ----A---- C:\Windows\system32\mfcsubs.dll
2008-06-17 13:15:11 ----A---- C:\Windows\system32\graftabl.com
2008-06-17 13:15:10 ----A---- C:\Windows\system32\wsock32.dll
2008-06-17 13:15:10 ----A---- C:\Windows\system32\wiarpc.dll
2008-06-17 13:15:10 ----A---- C:\Windows\system32\WavDest.dll
2008-06-17 13:15:10 ----A---- C:\Windows\system32\vfwwdm32.dll
2008-06-17 13:15:10 ----A---- C:\Windows\system32\odbcbcp.dll
2008-06-17 13:15:10 ----A---- C:\Windows\system32\ndfetw.dll
2008-06-17 13:15:10 ----A---- C:\Windows\system32\msexcl40.dll
2008-06-17 13:15:10 ----A---- C:\Windows\system32\extrac32.exe
2008-06-17 13:15:09 ----A---- C:\Windows\system32\ROUTE.EXE
2008-06-17 13:15:09 ----A---- C:\Windows\system32\procinst.dll
2008-06-17 13:15:09 ----A---- C:\Windows\system32\MP3DMOD.DLL
2008-06-17 13:15:09 ----A---- C:\Windows\system32\eventcls.dll
2008-06-17 13:15:09 ----A---- C:\Windows\system32\d3dxof.dll
2008-06-17 13:15:09 ----A---- C:\Windows\system32\csrss.exe
2008-06-17 13:15:08 ----A---- C:\Windows\system32\WlanMmHC.dll
2008-06-17 13:15:08 ----A---- C:\Windows\system32\WindowsAnytimeUpgrade.exe
2008-06-17 13:15:08 ----A---- C:\Windows\system32\wiadss.dll
2008-06-17 13:15:08 ----A---- C:\Windows\system32\TabbtnEx.dll
2008-06-17 13:15:08 ----A---- C:\Windows\system32\Tabbtn.dll
2008-06-17 13:15:08 ----A---- C:\Windows\system32\psbase.dll
2008-06-17 13:15:08 ----A---- C:\Windows\system32\inetppui.dll
2008-06-17 13:15:08 ----A---- C:\Windows\system32\dmscript.dll
2008-06-17 13:15:08 ----A---- C:\Windows\system32\cdd.dll
2008-06-17 13:15:08 ----A---- C:\Windows\system32\atmfd.dll
2008-06-17 13:15:08 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-06-17 13:15:07 ----A---- C:\Windows\system32\msxbde40.dll
2008-06-17 13:15:07 ----A---- C:\Windows\system32\dmloader.dll
2008-06-17 13:15:07 ----A---- C:\Windows\system32\CertEnrollCtrl.exe
2008-06-17 13:15:07 ----A---- C:\Windows\fveupdate.exe
2008-06-17 13:15:06 ----A---- C:\Windows\system32\wshcon.dll
2008-06-17 13:15:06 ----A---- C:\Windows\system32\Netplwiz.exe
2008-06-17 13:15:06 ----A---- C:\Windows\system32\msltus40.dll
2008-06-17 13:15:06 ----A---- C:\Windows\system32\credssp.dll
2008-06-17 13:15:05 ----A---- C:\Windows\system32\mspbde40.dll
2008-06-17 13:15:05 ----A---- C:\Windows\system32\icsunattend.exe
2008-06-17 13:15:04 ----A---- C:\Windows\system32\WsmRes.dll
2008-06-17 13:15:04 ----A---- C:\Windows\system32\wship6.dll
2008-06-17 13:15:04 ----A---- C:\Windows\system32\PlaySndSrv.dll
2008-06-17 13:15:04 ----A---- C:\Windows\system32\HotStartUserAgent.dll
2008-06-17 13:15:03 ----A---- C:\Windows\system32\WSHTCPIP.DLL
2008-06-17 13:15:03 ----A---- C:\Windows\system32\sxsstore.dll
2008-06-17 13:15:03 ----A---- C:\Windows\system32\msvidc32.dll
2008-06-17 13:15:03 ----A---- C:\Windows\system32\localui.dll
2008-06-17 13:15:03 ----A---- C:\Windows\system32\lltdapi.dll
2008-06-17 13:15:03 ----A---- C:\Windows\system32\ComputerDefaults.exe
2008-06-17 13:15:02 ----A---- C:\Windows\system32\tcpmon.ini
2008-06-17 13:15:02 ----A---- C:\Windows\system32\slwga.dll
2008-06-17 13:15:02 ----A---- C:\Windows\system32\setupSNK.exe
2008-06-17 13:15:02 ----A---- C:\Windows\system32\OptionalFeatures.exe
2008-06-17 13:15:02 ----A---- C:\Windows\system32\LangCleanupSysprepAction.dll
2008-06-17 13:15:02 ----A---- C:\Windows\system32\icaapi.dll
2008-06-17 13:15:01 ----A---- C:\Windows\system32\usbperf.dll
2008-06-17 13:15:01 ----A---- C:\Windows\system32\spopk.dll
2008-06-17 13:15:01 ----A---- C:\Windows\system32\serialui.dll
2008-06-17 13:15:01 ----A---- C:\Windows\system32\sbunattend.exe
2008-06-17 13:15:01 ----A---- C:\Windows\system32\dmutil.dll
2008-06-17 13:15:00 ----A---- C:\Windows\system32\NcdProp.dll
2008-06-17 13:14:58 ----A---- C:\Windows\system32\odbcconf.dll
2008-06-17 13:14:58 ----A---- C:\Windows\system32\cofiredm.dll
2008-06-17 13:14:57 ----A---- C:\Windows\system32\msfeedssync.exe
2008-06-17 13:14:57 ----A---- C:\Windows\system32\hbaapi.dll
2008-06-17 13:14:55 ----A---- C:\Windows\system32\rasctrs.dll
2008-06-17 13:14:55 ----A---- C:\Windows\system32\msobjs.dll
2008-06-17 13:14:55 ----A---- C:\Windows\system32\ieencode.dll
2008-06-17 13:14:55 ----A---- C:\Windows\system32\corpol.dll
2008-06-17 13:14:54 ----A---- C:\Windows\system32\hnetmon.dll
2008-06-17 13:14:53 ----A---- C:\Windows\system32\midimap.dll
2008-06-17 13:14:52 ----A---- C:\Windows\system32\vdmdbg.dll
2008-06-17 13:14:52 ----A---- C:\Windows\system32\InfDefaultInstall.exe
2008-06-17 13:14:51 ----A---- C:\Windows\system32\winipsec.dll
2008-06-17 13:14:51 ----A---- C:\Windows\system32\url.dll
2008-06-17 13:14:51 ----A---- C:\Windows\system32\nlsbres.dll
2008-06-17 13:14:51 ----A---- C:\Windows\system32\LogonUI.exe
2008-06-17 13:14:51 ----A---- C:\Windows\system32\iprtprio.dll
2008-06-17 13:14:51 ----A---- C:\Windows\system32\esentprf.dll
2008-06-17 13:14:49 ----A---- C:\Windows\system32\sdspres.dll
2008-06-17 13:14:48 ----A---- C:\Windows\system32\osbaseln.dll
2008-06-17 13:14:48 ----A---- C:\Windows\system32\cfgmgr32.dll
2008-06-17 13:14:47 ----A---- C:\Windows\system32\msisip.dll
2008-06-17 13:14:46 ----A---- C:\Windows\system32\msmmsp.dll
2008-06-17 13:14:45 ----A---- C:\Windows\system32\dispex.dll
2008-06-17 13:14:44 ----A---- C:\Windows\system32\winusb.dll
2008-06-17 13:14:44 ----A---- C:\Windows\system32\rdpcfgex.dll
2008-06-17 13:14:38 ----A---- C:\Windows\system32\Nlsdl.dll
2008-06-17 13:14:37 ----A---- C:\Windows\system32\spwmp.dll
2008-06-17 13:14:37 ----A---- C:\Windows\system32\riched32.dll
2008-06-17 13:14:37 ----A---- C:\Windows\system32\msidle.dll
2008-06-17 13:14:37 ----A---- C:\Windows\system32\idndl.dll
2008-06-17 13:14:34 ----A---- C:\Windows\system32\KBDKOR.DLL
2008-06-17 13:14:34 ----A---- C:\Windows\system32\KBDJPN.DLL
2008-06-17 13:14:32 ----A---- C:\Windows\system32\iscsilog.dll
2008-06-17 13:14:30 ----A---- C:\Windows\system32\vga256.dll
2008-06-17 13:14:30 ----A---- C:\Windows\system32\tsddd.dll
2008-06-17 13:14:30 ----A---- C:\Windows\system32\framebuf.dll
2008-06-17 13:14:30 ----A---- C:\Windows\system32\dxmasf.dll
2008-06-17 13:14:29 ----A---- C:\Windows\system32\wmploc.DLL
2008-06-17 13:14:28 ----A---- C:\Windows\system32\vga64k.dll
2008-06-17 13:14:27 ----A---- C:\Windows\system32\vga.dll
2008-06-17 13:14:26 ----A---- C:\Windows\system32\dmdskres2.dll
2008-06-17 13:14:26 ----A---- C:\Windows\system32\bootstr.dll
2008-06-17 13:14:25 ----A---- C:\Windows\system32\spwizres.dll
2008-06-17 13:14:25 ----A---- C:\Windows\system32\f3ahvoas.dll
2008-06-17 13:14:21 ----A---- C:\Windows\system32\gatherWiredInfo.vbs
2008-06-17 13:14:18 ----A---- C:\Windows\system32\gatherWirelessInfo.vbs
2008-06-17 13:14:17 ----A---- C:\Windows\system32\fsmgmt.msc
2008-06-17 13:14:05 ----A---- C:\Windows\system32\perfmon.msc
2008-06-17 13:14:04 ----A---- C:\Windows\system32\vsp1cln.exe
2008-06-17 13:13:25 ----A---- C:\Windows\system32\xmllite.dll
2008-06-17 13:13:24 ----A---- C:\Windows\system32\wbemcomn.dll
2008-06-17 13:13:19 ----A---- C:\Windows\system32\SmiInstaller.dll
2008-06-17 13:13:19 ----A---- C:\Windows\system32\SmiEngine.dll
2008-06-17 13:13:14 ----A---- C:\Windows\system32\wdscore.dll
2008-06-17 13:13:14 ----A---- C:\Windows\system32\PkgMgr.exe
2008-06-17 13:13:02 ----A---- C:\Windows\system32\drvstore.dll
2008-06-17 13:13:01 ----A---- C:\Windows\system32\mspatcha.dll
2008-06-17 13:13:01 ----A---- C:\Windows\system32\msdelta.dll
2008-06-17 13:13:01 ----A---- C:\Windows\system32\dpx.dll
2008-06-16 10:53:03 ----D---- C:\Users\Owner\AppData\Roaming\LimeWire
2008-06-15 16:31:33 ----D---- C:\Users\Owner\AppData\Roaming\Apple Computer
2008-06-15 16:29:46 ----D---- C:\Program Files\Bonjour
2008-06-15 16:28:30 ----D---- C:\Program Files\QuickTime
2008-06-15 16:28:28 ----D---- C:\ProgramData\Apple Computer
2008-06-15 16:26:31 ----D---- C:\ProgramData\Apple
2008-06-15 16:26:31 ----D---- C:\Program Files\Common Files\Apple
2008-06-15 16:01:20 ----A---- C:\Windows\system32\psisdecd.dll
2008-06-15 16:01:20 ----A---- C:\Windows\system32\EncDec.dll
2008-06-13 12:25:10 ----D---- C:\Program Files\Microsoft Silverlight
2008-06-11 08:47:52 ----A---- C:\Windows\system32\quartz.dll
2008-05-28 11:17:22 ----HD---- C:\$AVG8.VAULT$
2008-05-27 14:20:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-05-27 14:20:47 ----A---- C:\Windows\system32\gameux.dll
2008-05-27 09:53:07 ----A---- C:\Windows\system32\avgrsstx.dll.old
2008-05-27 09:53:07 ----A---- C:\Windows\system32\avgrsstx.dll
2008-05-27 09:52:51 ----D---- C:\ProgramData\avg8
2008-05-27 09:52:51 ----D---- C:\Program Files\AVG

List of drivers

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\system32\System32\Drivers\avgmfx86.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 AvgWfpX;AVG8 Firewall Driver x86; C:\Windows\system32\System32\Drivers\avgwfpx.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-08-26 85969]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-01-31 1608192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-18 1729632]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2006-12-09 2206720]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-04 59392]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-02-02 182328]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 UVCFTR;UVCFTR; C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-01-26 17712]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-01-31 1608192]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 KR10I;KR10I; C:\Windows\system32\system32\drivers\kr10i.sys []
S4 KR10N;KR10N; C:\Windows\system32\system32\drivers\kr10n.sys []
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\system32\drivers\kr3npxp.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []

List of services

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 873752]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231192]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-15 40960]
R2 pinger;pinger; C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TlntSvr;Telnet; C:\Windows\System32\tlntsvr.exe [2008-01-19 75776]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2006-12-20 428152]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 118784]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-02 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

noahdfear · 2008/08/26

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
KillAll::
File::
C:\Windows\system32\dyxmxuzq.exe
Dirlook::
C:\ProgramData\fmlafwdk
Folder::
C:\Program Files\yksbsib
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
 "StrCfg "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
 "sysmsgact "=-
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

jimscriv · 2008/08/26

Dave,

My fingers are crossed...

Jim

ComboFix 08-08-26.02 - Owner 2008-08-26 22:25:56.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1121 [GMT -4:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Users\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\system32\dyxmxuzq.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\yksbsib
C:\Program Files\yksbsib\sysmsgact.dll
C:\Windows\system32\dyxmxuzq.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.

2008-08-26 21:52 . 2008-08-26 21:52 <DIR> d-------- C:\rsit
2008-08-26 18:47 . 2008-08-26 19:35 250 --a------ C:\Windows\gmer.ini
2008-08-26 09:11 . 2008-08-26 18:58 242,157,987 --a------ C:\Windows\MEMORY.DMP
2008-08-25 07:22 . 2008-08-25 07:22 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-08-25 07:22 . 2008-08-25 07:22 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-25 07:22 . 2008-08-25 07:22 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-25 07:22 . 2008-08-25 07:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 07:22 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-25 07:22 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-24 20:53 . 2008-08-24 20:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 15:24 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-21 15:24 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-21 15:24 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-21 15:24 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-21 15:23 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-21 15:23 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-21 15:23 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-21 15:23 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-21 15:23 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-20 22:01 . 2008-08-21 10:31 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-20 22:01 . 2008-08-21 10:31 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-20 21:56 . 2008-08-20 21:56 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-08-20 21:56 . 2008-08-20 21:56 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-08-20 21:36 . 2008-08-21 01:25 <DIR> d-------- C:\Users\Owner\.housecall6.6
2008-08-20 20:33 . 2008-08-20 20:33 351 --a------ C:\Windows\wininit.ini
2008-08-20 20:01 . 2008-08-20 20:01 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-20 13:19 . 2008-08-20 13:19 <DIR> d-------- C:\Users\All Users\fmlafwdk
2008-08-20 13:19 . 2008-08-20 13:19 <DIR> d-------- C:\ProgramData\fmlafwdk
2008-08-15 03:05 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 10:31 . 2008-06-26 21:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 10:31 . 2008-06-27 00:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 10:31 . 2008-04-10 01:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 10:31 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 10:31 . 2008-04-18 01:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-08 17:51 . 2008-08-08 17:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-05 21:08 . 2008-08-05 21:08 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-08-04 10:52 . 2008-08-04 10:52 <DIR> d-------- C:\Program Files\iPod
2008-08-04 10:51 . 2008-08-04 10:52 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 02:31 --------- d-----w C:\Users\Owner\AppData\Roaming\OpenOffice.org2
2008-08-24 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-21 00:22 --------- d-----w C:\Program Files\TOSHIBA Games
2008-08-21 00:20 --------- d-----w C:\ProgramData\WildTangent
2008-08-21 00:12 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-21 00:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 22:33 --------- d-----w C:\Program Files\Microsoft Works
2008-08-20 17:25 --------- d-----w C:\Users\Owner\AppData\Roaming\LimeWire
2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 07:06 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-15 07:01 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 14:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 20:34 --------- d-----w C:\Program Files\NetZero
2008-07-13 21:52 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-13 21:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-07-13 21:47 --------- d-----w C:\Program Files\Java
2008-07-12 01:27 --------- d-----w C:\Users\Owner\AppData\Roaming\Apple Computer
2008-07-11 21:33 --------- d-----w C:\Program Files\Safari
2008-07-10 13:35 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-07 00:53 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-07-07 00:52 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-07 00:52 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-07-03 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-27 12:34 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-26 13:50 174 --sha-w C:\Program Files\desktop.ini
2008-06-26 13:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-26 13:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2007-03-02 07:11 262,144 ----a-w C:\ProgramData\ntuser.dat
1999-03-25 18:30 2,336,256 ----a-w C:\Program Files\DATA1.MSI
1999-03-25 18:26 47,633,547 ----a-w C:\Program Files\OFFICE1.CAB
1999-03-23 13:43 2,626 ----a-w C:\Program Files\SETUP.INI
1999-03-19 19:48 11,776 ----a-w C:\Program Files\README.DOC
1999-03-01 22:00 165,376 ----a-w C:\Program Files\MSOWC.MSI
1999-02-24 19:35 20,596 ----a-w C:\Program Files\LICENSE.TXT
1999-01-21 01:15 87,676 ----a-w C:\Program Files\MSOWC.CAB
1998-12-10 19:25 17,610 ----a-w C:\Program Files\SETUP.HLP
2007-08-11 02:58 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-11 02:58 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-11 02:58 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-04-25 19:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007042520070426\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\ProgramData\fmlafwdk ----

2008-08-20 13:19 61440 --a------ C:\ProgramData\fmlafwdk\befyzmtq.exe

((((((((((((((((((((((((((((( snapshot_2008-08-26_22.08.32.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-26 22:27:07 191,048 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-27 02:28:25 191,048 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-08-26 22:59:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-27 02:30:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-26 22:59:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-27 02:30:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-08-26 23:00:40 10,498 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4279044303-1500377311-1548387830-1000_UserData.bin
+ 2008-08-27 02:31:43 10,538 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4279044303-1500377311-1548387830-1000_UserData.bin
- 2008-08-26 23:00:40 69,188 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-27 02:31:43 69,228 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-26 22:30:03 66,956 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-27 02:31:35 67,162 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 18:22 417792]
"NetZero_uoltray "= "C:\Program Files\NetZero\exec.exe" [2007-03-06 20:00 1629184]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\Windows\system32\igfxtray.exe" [2007-01-31 18:40 131072]
"HotKeysCmds "= "C:\Windows\system32\hkcmd.exe" [2007-01-31 18:40 151552]
"Persistence "= "C:\Windows\system32\igfxpers.exe" [2007-01-31 18:40 126976]
"Camera Assistant Software "= "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 12:30 405504]
"HWSetup "= "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 12:06 413696]
"SVPWUTIL "= "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 15:08 438272]
"KeNotify "= "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 21:14 34352]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 09:36 835584]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 20:53 1232152]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-01-18 18:46 4349952 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe "= "NDSTray.exe" [BU]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-08-09 17:10:31 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{40218C9C-94C6-49EA-8E6F-7ADD9D44E0C5} "= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{A6241025-C433-492B-BFCA-3470F261F93A} "= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{6193023F-A2FE-4C8C-BADD-2DA5B29AA15F} "= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{B2518376-0FAB-4250-B589-F8D22971C0D1} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7411EFD-1CD7-4DB3-9225-46931C240A1F} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E212F31-2D05-47B1-A4CE-B14D58F0E450} "= UDP:C:\Program Files\United Systems\Appraisal Studio\Startup.exe:Appraisal Studio
"{F59E7A65-3CAF-4DDD-9C33-B940527E1FB3} "= TCP:C:\Program Files\United Systems\Appraisal Studio\Startup.exe:Appraisal Studio
"TCP Query User{7A07B640-31F8-435D-8381-B73AAC1E1B9A}C:\\program files\\internet explorer\\iexplore.exe "= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{50D18D6E-F79A-4237-B9C0-9412EA2882C6}C:\\program files\\internet explorer\\iexplore.exe "= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3ACBFEB9-DBDC-4DDC-A406-2C16B3B0ADBC} "= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F9401706-E297-4923-8D99-367F900818FF} "= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{C14A7B68-D707-4CFD-88CC-8B539330F5E9} "= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{657B6607-FB1E-4E7C-A6C7-1909C1B246E5} "= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C74B5A31-8189-49FC-8F7D-ABF51AFBE883} "= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{792B315A-5D07-4890-9B23-FCDE5EE0636A} "= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{212D81EB-8A97-4747-AECF-79AE9D7BCCB2}C:\\program files\\itunes\\itunes.exe "= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{2D42A829-3CDB-4EAD-B7FF-8735D9BA7439}C:\\program files\\itunes\\itunes.exe "= TCP:C:\program files\itunes\itunes.exe:iTunes
"{CCF8DF37-D44A-435E-AA5C-1A679A0E1DC3} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7E5A9E6F-1C9D-4391-9C4A-EA951DFFBC56} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-06 20:52]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 20:52]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 20:52]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-06 20:53]
.
Contents of the 'Scheduled Tasks' folder

2008-08-24 C:\Windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 22:30:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\System32\tlntsvr.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\System32\sdclt.exe
.
**************************************************************************
.
Completion time: 2008-08-26 22:41:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 02:41:02
ComboFix2.txt 2008-08-27 02:09:46
ComboFix3.txt 2008-08-26 22:15:32
ComboFix4.txt 2008-08-26 18:32:14

Pre-Run: 63,595,216,896 bytes free
Post-Run: 63,462,354,944 bytes free

263 --- E O F --- 2008-08-21 19:28:25

noahdfear · 2008/08/26

Looks like we killed it!

Now one more run to clean up a few leftovers.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
KillAll::
Folder::
C:\Users\All Users\fmlafwdk
C:\ProgramData\fmlafwdk
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
 "{C74B5A31-8189-49FC-8F7D-ABF51AFBE883} "=-
 "{792B315A-5D07-4890-9B23-FCDE5EE0636A} "=-
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

jimscriv · 2008/08/26

Dave,

Hows it looking now? and where can I send a donation?

Jim

ComboFix 08-08-26.02 - Owner 2008-08-26 23:11:37.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1141 [GMT -4:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Users\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\fmlafwdk
C:\ProgramData\fmlafwdk\befyzmtq.exe
C:\Users\All Users\fmlafwdk\befyzmtq.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.

2008-08-26 21:52 . 2008-08-26 21:52 <DIR> d-------- C:\rsit
2008-08-26 18:47 . 2008-08-26 19:35 250 --a------ C:\Windows\gmer.ini
2008-08-26 09:11 . 2008-08-26 18:58 242,157,987 --a------ C:\Windows\MEMORY.DMP
2008-08-25 07:22 . 2008-08-25 07:22 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-08-25 07:22 . 2008-08-25 07:22 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-25 07:22 . 2008-08-25 07:22 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-25 07:22 . 2008-08-25 07:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 07:22 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-25 07:22 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-24 20:53 . 2008-08-24 20:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 15:24 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-21 15:24 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-21 15:24 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-21 15:24 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-21 15:23 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-21 15:23 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-21 15:23 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-21 15:23 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-21 15:23 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-20 22:01 . 2008-08-21 10:31 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-20 22:01 . 2008-08-21 10:31 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-20 21:56 . 2008-08-20 21:56 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-08-20 21:56 . 2008-08-20 21:56 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-08-20 21:36 . 2008-08-21 01:25 <DIR> d-------- C:\Users\Owner\.housecall6.6
2008-08-20 20:33 . 2008-08-20 20:33 351 --a------ C:\Windows\wininit.ini
2008-08-20 20:01 . 2008-08-20 20:01 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-15 03:05 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 10:31 . 2008-06-26 21:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 10:31 . 2008-06-27 00:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 10:31 . 2008-04-10 01:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 10:31 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 10:31 . 2008-04-18 01:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-08 17:51 . 2008-08-08 17:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-05 21:08 . 2008-08-05 21:08 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-08-04 10:52 . 2008-08-04 10:52 <DIR> d-------- C:\Program Files\iPod
2008-08-04 10:51 . 2008-08-04 10:52 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 02:31 --------- d-----w C:\Users\Owner\AppData\Roaming\OpenOffice.org2
2008-08-24 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-21 00:22 --------- d-----w C:\Program Files\TOSHIBA Games
2008-08-21 00:20 --------- d-----w C:\ProgramData\WildTangent
2008-08-21 00:12 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-21 00:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 22:33 --------- d-----w C:\Program Files\Microsoft Works
2008-08-20 17:25 --------- d-----w C:\Users\Owner\AppData\Roaming\LimeWire
2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 07:06 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-15 07:01 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 14:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 20:34 --------- d-----w C:\Program Files\NetZero
2008-07-13 21:52 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-13 21:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-07-13 21:47 --------- d-----w C:\Program Files\Java
2008-07-12 01:27 --------- d-----w C:\Users\Owner\AppData\Roaming\Apple Computer
2008-07-11 21:33 --------- d-----w C:\Program Files\Safari
2008-07-10 13:35 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-07 00:53 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-07-07 00:52 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-03 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-27 12:34 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-26 13:50 174 --sha-w C:\Program Files\desktop.ini
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-03-02 07:11 262,144 ----a-w C:\ProgramData\ntuser.dat
1999-03-25 18:30 2,336,256 ----a-w C:\Program Files\DATA1.MSI
1999-03-25 18:26 47,633,547 ----a-w C:\Program Files\OFFICE1.CAB
1999-03-23 13:43 2,626 ----a-w C:\Program Files\SETUP.INI
1999-03-19 19:48 11,776 ----a-w C:\Program Files\README.DOC
1999-03-01 22:00 165,376 ----a-w C:\Program Files\MSOWC.MSI
1999-02-24 19:35 20,596 ----a-w C:\Program Files\LICENSE.TXT
1999-01-21 01:15 87,676 ----a-w C:\Program Files\MSOWC.CAB
1998-12-10 19:25 17,610 ----a-w C:\Program Files\SETUP.HLP
2007-08-11 02:58 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-11 02:58 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-11 02:58 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-04-25 19:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007042520070426\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-08-26_22.08.32.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-26 22:27:07 191,048 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-27 03:13:49 191,048 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-08-26 22:59:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-27 03:15:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-26 22:59:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-27 03:15:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-08-26 23:03:27 101,350 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-27 02:37:45 101,350 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-26 23:03:27 595,684 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-27 02:37:45 595,684 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-26 23:00:40 10,498 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4279044303-1500377311-1548387830-1000_UserData.bin
+ 2008-08-27 03:17:10 10,594 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4279044303-1500377311-1548387830-1000_UserData.bin
- 2008-08-26 23:00:40 69,188 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-27 03:17:10 69,244 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-26 22:30:03 66,956 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-27 03:17:03 67,328 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 18:22 417792]
"NetZero_uoltray "= "C:\Program Files\NetZero\exec.exe" [2007-03-06 20:00 1629184]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\Windows\system32\igfxtray.exe" [2007-01-31 18:40 131072]
"HotKeysCmds "= "C:\Windows\system32\hkcmd.exe" [2007-01-31 18:40 151552]
"Persistence "= "C:\Windows\system32\igfxpers.exe" [2007-01-31 18:40 126976]
"Camera Assistant Software "= "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 12:30 405504]
"HWSetup "= "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 12:06 413696]
"SVPWUTIL "= "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 15:08 438272]
"KeNotify "= "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 21:14 34352]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 09:36 835584]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 20:53 1232152]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-01-18 18:46 4349952 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe "= "NDSTray.exe" [BU]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-08-09 17:10:31 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{40218C9C-94C6-49EA-8E6F-7ADD9D44E0C5} "= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{A6241025-C433-492B-BFCA-3470F261F93A} "= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{6193023F-A2FE-4C8C-BADD-2DA5B29AA15F} "= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{B2518376-0FAB-4250-B589-F8D22971C0D1} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7411EFD-1CD7-4DB3-9225-46931C240A1F} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E212F31-2D05-47B1-A4CE-B14D58F0E450} "= UDP:C:\Program Files\United Systems\Appraisal Studio\Startup.exe:Appraisal Studio
"{F59E7A65-3CAF-4DDD-9C33-B940527E1FB3} "= TCP:C:\Program Files\United Systems\Appraisal Studio\Startup.exe:Appraisal Studio
"TCP Query User{7A07B640-31F8-435D-8381-B73AAC1E1B9A}C:\\program files\\internet explorer\\iexplore.exe "= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{50D18D6E-F79A-4237-B9C0-9412EA2882C6}C:\\program files\\internet explorer\\iexplore.exe "= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3ACBFEB9-DBDC-4DDC-A406-2C16B3B0ADBC} "= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F9401706-E297-4923-8D99-367F900818FF} "= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{C14A7B68-D707-4CFD-88CC-8B539330F5E9} "= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{657B6607-FB1E-4E7C-A6C7-1909C1B246E5} "= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{212D81EB-8A97-4747-AECF-79AE9D7BCCB2}C:\\program files\\itunes\\itunes.exe "= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{2D42A829-3CDB-4EAD-B7FF-8735D9BA7439}C:\\program files\\itunes\\itunes.exe "= TCP:C:\program files\itunes\itunes.exe:iTunes
"{CCF8DF37-D44A-435E-AA5C-1A679A0E1DC3} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7E5A9E6F-1C9D-4391-9C4A-EA951DFFBC56} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-06 20:52]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 20:52]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 20:52]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-06 20:53]
.
Contents of the 'Scheduled Tasks' folder

2008-08-24 C:\Windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 23:15:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\System32\tlntsvr.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\System32\sdclt.exe
.
**************************************************************************
.
Completion time: 2008-08-26 23:26:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 03:25:29
ComboFix2.txt 2008-08-27 02:41:19
ComboFix3.txt 2008-08-27 02:09:46
ComboFix4.txt 2008-08-26 22:15:32
ComboFix5.txt 2008-08-27 03:10:27

Pre-Run: 63,348,330,496 bytes free
Post-Run: 63,686,574,080 bytes free

235 --- E O F --- 2008-08-21 19:28:25

noahdfear · 2008/08/26

Looks great!

Please download JavaRa and save the file to your desktop.

Right click and Extract All

Once extracted, open and run JavaRa.exe

Click Search For Updates

Select Update Using jucheck.exe

Click Search

If a newer version is found, allow it to be installed **There is a newer version. If none found, use the Web Update option and get Java Runtime Environment (JRE) 6 Update7

When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed. If anything is reported as not removed, reboot and try again.

When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go

Exit the tool when complete.

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Now lets check for leftovers. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Post the Kaspersky log and one more fresh HijackThis log.

As for donations, you have a couple of options. Whichever you choose will be greatly appreciated.

1. It would be great to see you become a Contributing Member to help support this site. Contributing members get a few added benefits as well.

2. I have a paypal link here.

jimscriv · 2008/08/27

Dave,

I've run Kapersky twice (2 hours each time) but when I save the scan report as a .txt or .html file to the desktop, or any other folder, it does not appear to be saved. When I try to save the file a second time to the same location it says that the "file already exists, overwrite?" I have other .txt files on my desktop, why in gods name can't I see or get to this file! The scan reveals 5 instances of infection BTW.

Jim

jimscriv · 2008/08/27

Here's a new HJT log, if it helps.

Jim

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:32 PM, on 8/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\NetZero\exec.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\NetZero\exec.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.metacrawler.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ****** Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\******\******toolbar1.dll
O3 - Toolbar: &****** - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\******\******toolbar1.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ****** Updater Service (gusvc) - ****** - C:\Program Files\******\Common\****** Updater\******UpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

noahdfear · 2008/08/27

Jim, I have no explanation for the behavior with the KAV scan.

If the infected files are in any of the following locations, there's no need for the report.

C:\Qoobox
C:\System Volume Information
Your antivirus quarantine

If in any other location, just post the path and filenames here.

jimscriv · 2008/08/27

Dave,

The text box doesn't allow resizing of the field enough to see the whole path, here's what I could get= 4 items noting file name C:\users\owner\AppData\LocalLow\sun\java\deployment\cache6\6.0\... with a threat named Trojan-Downloader.java.openstream.ac

and 1 item with a path of C:\users\owner\documents\limewire\saved\archies-sugar, sugar... (presumably an mp3 downloaded by my kids) This one is interesting as I had already uninstalled Lime Wire.

So 5 items in total, I hope that there's enough info here for you.

Jim

noahdfear · 2008/08/27

That's plenty of info. Uninstalling Limewire removes the program, not the content that was downloaded. If you just want to remove the one item, you'll have to drill down to and identify it, otherwise, just delete the C:\users\owner\documents\limewire folder. You might also find a folder belonging to Limewire named incomplete, though I don't know it's location on a Vista machine.

The 4 files reported are Java temps files. Did JavaRa report all old Java files removed? If old Java is completely removed, those are current temp files that can be removed via the Java Plug-in in the Control Panel.

Lets finish up. I'd like to get the items removed by ComboFix, so please right click on the folder C:\Qoobox and Send To>Compressed (Zipped) Folder.
Upload the C:\Qoobox.zip file to my submission channel for analysis. Leave a link back to this topic please. If it's too large to upload, see if you can attach it to an email to me. Thanks!

Once submitted, delete the Qoobox.zip file.

Now open MBAM and remove any item quarantined. Do the same with AVG.
You may wish to remove the C:\rsit folder, which contains the logs from RSIT.
Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.

Run ATF Cleaner once again as previously described.

That should finish things up. How's the computer running now?

jimscriv · 2008/08/27

Dave,

Qoozip file submitted, and all other requests completed. I havent had any phony warnings all day, so the machine appears to be running normally. I think that the tech that had me turn off user account control combined with the Lime Wire downloads made for a virulent infection. I'll wait for your all clear and then I'll make a donation and consider this issue RESOLVED!!! Your help has been of immeasurable value, I depend on this PC for my living so the thought of bringing it in to the generally less than competent Geek Squad terrified me.

noahdfear · 2008/08/27

File received (and blasted by Windows Live Mail .... lol). Thank you!

Glad things are back to normal, and that you're better protected again, with UAC back on and Limewire removed. I'd say you're good to go and will mark this one resolved.

Glad I was able to help!

Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

Log in or Sign up

Solved Another trojan-spy.win32.greenscreen victim

jimscriv Inactive Thread Starter

jimscriv Inactive Thread Starter

jimscriv Inactive Thread Starter

jimscriv Inactive Thread Starter

noahdfear Inactive

jimscriv Inactive Thread Starter

noahdfear Inactive

jimscriv Inactive Thread Starter

noahdfear Inactive

jimscriv Inactive Thread Starter

jimscriv Inactive Thread Starter

noahdfear Inactive

jimscriv Inactive Thread Starter

noahdfear Inactive

jimscriv Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved Another trojan-spy.win32.greenscreen victim

jimscriv Inactive Thread Starter

jimscriv Inactive Thread Starter

jimscriv Inactive Thread Starter

jimscriv Inactive Thread Starter

noahdfear Inactive

jimscriv Inactive Thread Starter

noahdfear Inactive

jimscriv Inactive Thread Starter

noahdfear Inactive

jimscriv Inactive Thread Starter

jimscriv Inactive Thread Starter

noahdfear Inactive

jimscriv Inactive Thread Starter

noahdfear Inactive

jimscriv Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches