Solved Explorer has generated errors and will be closed by windows...

[Resolved] Explorer has generated errors and will be closed by windows...

I know this thread was already touched but it was long time ago and nothing is working for me.

The message appears when my system is starting and i have nothing on my desktop just empty screen. Of course i do everything by Task Mgr. So far i tried many thinks, i expanded another explorer.exe from windows installer - didnt work, i checked for spywares and viruses and it found some and after erasing them and restarting, the desktop appeared for second and then again dissapeard with the message.
Doctor Watson is showing me many errors with explorer.exe and rundll32.exe
for example :
Application exception occurred:
App: explorer.exe (pid=900)
When: 2008-10-30 @ 13:59:24.557
Exception number: c06d007f

Application exception occurred:
App: rundll32.exe (pid=1064)
When: 2008-10-30 @ 15:05:25.915
Exception number: c06d007f

Here's the log:

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\csrss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\nvsvc32.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\WINNT\system32\internat.exe
F:\WINNT\system32\taskmgr.exe
F:\Program Files\Opera\Opera.exe
H:\RSIT.exe
H:\avg_iswt_stf_all_8_198a1385.exe
F:\DOCUME~1\yty\LOCALS~1\Temp\7zS20.tmp\avgsetup.exe
F:\WINNT\system32\msiexec.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\msiexec.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\MsiExec.exe
F:\DOCUME~1\yty\LOCALS~1\Temp\Rar$EX01.238\yty.exe

O2 - BHO: (no name) - {2FEC8027-8F2A-4331-9E7B-379D38359F24} - F:\WINNT\system32\aghymugh.dll
O2 - BHO: (no name) - {4B67715F-7371-4582-85F2-578475660814} - F:\WINNT\system32\jkkHYppm.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {9C1DA696-398F-4265-9404-0E375BF117EE} - F:\WINNT\system32\tuvTnMFy.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] F:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINNT\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O20 - AppInit_DLLs: yqxbay.dll
O20 - Winlogon Notify: tuvTnMFy - F:\WINNT\SYSTEM32\tuvTnMFy.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINNT\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 4032 bytes

======Scheduled tasks folder======

F:\WINNT\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FEC8027-8F2A-4331-9E7B-379D38359F24}]
F:\WINNT\system32\aghymugh.dll [2008-10-30 155136]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B67715F-7371-4582-85F2-578475660814}]
F:\WINNT\system32\jkkHYppm.dll [2008-10-30 243712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C1DA696-398F-4265-9404-0E375BF117EE}]
F:\WINNT\system32\tuvTnMFy.dll [2008-10-30 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - F:\WINNT\system32\msdxm.ocx [2005-03-31 844560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager "=mobsync.exe /logon []
"NeroCheck "=F:\WINNT\system32\NeroCheck.exe [2001-07-09 155648]
"NvCplDaemon "=F:\WINNT\system32\NvCpl.dll [2006-11-17 7700480]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=F:\WINNT\system32\NvMcTray.dll [2006-11-17 86016]
"ISTray "=F:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe "=F:\WINNT\system32\internat.exe [1999-12-07 20752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
F:\Program Files\VIAudioi\SBADeck\ADeck.exe [2004-07-13 7937024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
F:\Program Files\DNA\btdna.exe [2008-10-29 342336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
F:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
F:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
F:\Program Files\Java\jre6\bin\jusched.exe [2008-10-29 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv "=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "yqxbay.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvTnMFy]
F:\WINNT\system32\tuvTnMFy.dll [2008-10-30 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9C1DA696-398F-4265-9404-0E375BF117EE} "=F:\WINNT\system32\tuvTnMFy.dll [2008-10-30 34304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
F:\WINNT\system32\jkkHYppm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\Program Files\BitTorrent\bittorrent.exe "= "F:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 ltmodem5;LT Modem Driver; F:\WINNT\system32\DRIVERS\ltmdmnt.sys [1999-10-23 413712]
R3 MODEMCSA;Unimodem Streaming Filter Device; F:\WINNT\system32\drivers\MODEMCSA.sys [1999-09-25 16144]
R3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; F:\WINNT\system32\DRIVERS\NetMotCM.sys [2004-02-09 15360]
R3 nv;nv; F:\WINNT\system32\DRIVERS\nv4_mini.sys [2006-11-17 3994688]
R3 uhcd;Microsoft USB Universal Host Controller Driver; F:\WINNT\system32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; F:\WINNT\system32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); F:\WINNT\system32\drivers\viaudios.sys [2004-06-18 152192]
S3 CCDECODE;Closed Caption Decoder; F:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 MPE;BDA MPE Filter; F:\WINNT\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 SLIP;BDA Slip De-Framer; F:\WINNT\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; F:\WINNT\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 USBSTOR;USB Mass Storage Driver; F:\WINNT\system32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; F:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; F:\WINNT\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-30 611664]
R2 NVSvc;NVIDIA Display Driver Service; F:\WINNT\system32\nvsvc32.exe [2006-11-17 159811]
S2 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2008-10-29 152984]
S2 sdAuxService;PC Tools Auxiliary Service; F:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S2 sdCoreService;PC Tools Security Service; F:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]

 

Hi Viciu080
Welcome to WindowsBBS

Your RSIT log was cut off, make sure you post the whole contents of any logs asked for, some you may have to use 2 posts.

Please do the following.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

 

Thank You very mych Geri

You're the only one ready to help me

I will keep this advice for next time because i did registry restore and its fine now but again thank you very much

peace

 

Ok i did everythink and here's the log.

What do You think about it??

ComboFix 08-11-04.02 - yty 2008-11-04 20:51:23.1 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.1.1033.18.117 [GMT -8:00]
Uruchomiony z: C:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\winnt\rundll32.exe
f:\winnt\system32\bgtefkas.dll
f:\winnt\system32\dyqulxpj.dll
f:\winnt\system32\hmkpen.dll
f:\winnt\system32\jpxluqyd.ini
f:\winnt\system32\mppYHkkj.ini
f:\winnt\system32\mppYHkkj.ini2
f:\winnt\system32\nwhzzc.dll
f:\winnt\system32\orrteorx.dll
f:\winnt\system32\sakfetgb.ini
f:\winnt\system32\tlkskvxx.dll
f:\winnt\system32\xroetrro.ini
f:\winnt\system32\yablotyu.dll
f:\winnt\Web\default.htt

.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-05 do 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-04 18:14 . 08-11-04 18:14 16,384 --a----t- f:\winnt\system32\Perflib_Perfdata_4ac.dat
2008-11-03 20:47 . 08-11-03 20:47 <DIR> d-------- f:\program files\Winamp
2008-11-03 20:31 . 08-11-03 20:31 881 --a------ f:\winnt\ODBC.INI
2008-11-03 20:29 . 08-11-03 20:29 <DIR> d-------- f:\winnt\ShellNew
2008-11-03 20:29 . 08-11-03 20:29 <DIR> d-------- f:\documents and settings\yty.RTR-85CC5C77527\Application Data\Microsoft Web Folders
2008-11-02 18:36 . 08-11-02 18:36 <DIR> d-------- f:\program files\Native Instruments
2008-11-02 16:49 . 08-11-03 21:40 742,946 ---h----- f:\winnt\ShellIconCache
2008-11-02 12:12 . 08-11-02 12:12 <DIR> d-------- f:\program files\Common Files\Adaptec Shared
2008-11-02 12:01 . 01-05-11 13:18 420,240 --a------ f:\winnt\system32\mpg4c32.dll
2008-11-02 12:01 . 02-12-11 15:16 384,512 --a------ f:\winnt\system32\mp4sdmod.dll
2008-11-02 12:01 . 01-05-16 17:54 276,840 --a------ f:\winnt\system32\wmv8ds32.ax
2008-11-02 12:01 . 01-05-16 17:54 264,552 --a------ f:\winnt\system32\wmvds32.ax
2008-11-02 12:01 . 01-05-11 13:18 264,528 --a------ f:\winnt\system32\mpg4ds32.ax
2008-11-02 12:01 . 01-03-26 04:41 245,760 --a------ f:\winnt\system32\mp4sds32.ax
2008-11-02 12:01 . 01-05-16 17:54 227,960 --a------ f:\winnt\system32\msadds32.ax
2008-11-02 12:01 . 01-05-16 17:54 76,120 --a------ f:\winnt\system32\msscds32.ax
2008-11-02 11:42 . 08-11-02 11:42 <DIR> d-------- f:\program files\Elaborate Bytes
2008-11-02 11:33 . 08-11-02 11:33 <DIR> d-------- f:\program files\DAEMON Tools Toolbar
2008-11-02 11:30 . 08-11-02 11:30 <DIR> d-------- f:\documents and settings\yty.RTR-85CC5C77527\Application Data\DAEMON Tools
2008-11-02 11:30 . 08-11-02 11:30 717,296 --a------ f:\winnt\system32\drivers\sptd.sys
2008-11-02 02:36 . 08-11-03 19:58 3,609 --a------ f:\winnt\bestplayer.bpp
2008-11-02 02:36 . 08-11-03 19:58 1,404 --a------ f:\winnt\bestplayer.ini
2008-11-02 02:36 . 08-11-03 19:58 0 --a------ f:\winnt\bestplayer.bbt
2008-11-01 20:43 . 08-11-01 20:43 <DIR> d-------- f:\documents and settings\yty.RTR-85CC5C77527\Application Data\BitTorrent
2008-10-31 17:32 . 08-10-31 17:32 <DIR> d---s---- f:\winnt\Cookies
2008-10-31 16:14 . 08-10-31 16:14 <DIR> d-------- f:\program files\Spyware Doctor
2008-10-31 16:14 . 08-10-31 16:14 <DIR> d-------- f:\documents and settings\yty.RTR-85CC5C77527\Application Data\PC Tools
2008-10-31 16:14 . 02-05-15 16:16 462,848 --a------ f:\winnt\system32\msaatext.dll
2008-10-31 16:14 . 02-05-15 16:16 360,448 --a------ f:\winnt\system32\oleacc.dll
2008-10-31 16:14 . 02-05-15 16:16 360,448 --a------ f:\winnt\system32\dllcache\oleacc.dll
2008-10-31 16:14 . 02-05-15 16:16 356,352 --a------ f:\winnt\system32\oleaccrc.dll
2008-10-31 16:14 . 02-05-15 16:16 356,352 --a------ f:\winnt\system32\dllcache\oleaccrc.dll
2008-10-31 16:14 . 08-08-25 12:36 81,288 --a------ f:\winnt\system32\drivers\iksyssec.sys
2008-10-31 16:14 . 08-08-25 12:36 66,952 --a------ f:\winnt\system32\drivers\iksysflt.sys
2008-10-31 16:14 . 08-08-25 12:36 40,840 --a------ f:\winnt\system32\drivers\ikfilesec.sys
2008-10-31 16:14 . 08-06-02 16:19 29,576 --a------ f:\winnt\system32\drivers\kcom.sys
2008-10-31 12:50 . 03-06-19 12:05 148,208 --a------ f:\winnt\system32\drivers\portcls.sys
2008-10-31 12:50 . 03-06-19 12:05 148,208 --a------ f:\winnt\system32\dllcache\portcls.sys
2008-10-31 12:50 . 03-06-19 12:05 21,264 --a------ f:\winnt\system32\wdmaud.drv
2008-10-31 12:50 . 02-05-13 16:43 15,399 -ra------ f:\winnt\system32\drivers\netmotcm.sys
2008-10-31 12:32 . 08-10-31 12:32 <DIR> d--h----- f:\winnt\PIF
2008-10-31 12:15 . 08-10-31 12:15 <DIR> d-------- f:\documents and settings\yty.RTR-85CC5C77527
2008-10-31 12:15 . 99-11-30 23:38 44,816 --a------ f:\winnt\system32\CNBJMON.DLL
2008-10-31 12:15 . 99-05-28 13:43 25,679 --a------ f:\winnt\system32\CNBJHLP.HLP
2008-10-31 12:15 . 99-05-28 13:43 787 --a------ f:\winnt\system32\CNBJHLP.CNT
2008-10-31 12:04 . 08-10-31 12:04 <DIR> d-------- f:\winnt\tmp
2008-10-31 00:17 . 08-10-31 00:17 <DIR> d-------- f:\documents and settings\All Users\Application Data\avg8
2008-10-30 23:59 . 08-10-30 23:59 16,384 --a------ f:\winnt\system32\Perflib_Perfdata_280.dat
2008-10-30 23:58 . 08-10-30 23:59 16,384 --a------ f:\winnt\system32\Perflib_Perfdata_478.dat
2008-10-30 23:58 . 08-10-30 23:59 16,384 --a------ f:\winnt\system32\Perflib_Perfdata_3d0.dat
2008-10-30 23:57 . 08-10-30 23:57 16,384 --a------ f:\winnt\system32\Perflib_Perfdata_218.dat
2008-10-30 23:14 . 08-10-30 23:14 16,384 --a------ f:\winnt\system32\Perflib_Perfdata_20c.dat
2008-10-30 20:39 . 08-10-30 20:39 <DIR> d-------- F:\rsit
2008-10-30 20:24 . 08-10-30 20:24 <DIR> d--h----- f:\winnt\$NtUpdateRollupPackUninstall$
2008-10-30 19:32 . 03-06-19 12:05 243,472 --a------ f:\winnt\explorer.exe
2008-10-30 19:31 . 99-12-07 16:43 10,000 --a------ f:\winnt\system32\rundll32.exe
2008-10-30 15:19 . 08-10-30 15:19 <DIR> d-------- f:\winnt\system32\Kaspersky Lab
2008-10-30 15:19 . 08-10-30 15:19 <DIR> d-------- f:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-10-30 14:13 . 08-10-30 14:13 <DIR> d-------- f:\documents and settings\All Users\Application Data\Lavasoft
2008-10-30 14:12 . 08-10-30 14:12 <DIR> d-------- f:\program files\Common Files\Wise Installation Wizard
2008-10-30 13:53 . 99-11-01 16:42 801,072 --a------ f:\winnt\system32\dllcache\3cpciadi.sys
2008-10-30 11:39 . 08-10-30 11:39 <DIR> d-------- f:\winnt\DrWatson
2008-10-30 10:16 . 08-10-30 10:17 243,712 --a------ f:\winnt\system32\jkkHYppm.dll
2008-10-30 06:26 . 08-10-30 06:26 16,384 --a------ f:\winnt\system32\Perflib_Perfdata_2ec.dat
2008-10-29 19:28 . 08-10-29 19:28 160 --a------ f:\winnt\system32\test.aok
2008-10-29 19:28 . 08-10-29 19:28 159 --a------ f:\winnt\system32\temp_0000_65-19.aok
2008-10-29 19:27 . 04-01-11 08:02 258,048 --a------ f:\winnt\system32\GplMpgDec.ax
2008-10-29 19:27 . 07-04-12 14:19 129,024 --a------ f:\winnt\system32\AVERM.dll
2008-10-29 19:27 . 06-09-26 13:57 28,672 --a------ f:\winnt\system32\AVEQT.dll
2008-10-29 16:38 . 08-10-29 16:38 54,156 --ah----- f:\winnt\QTFont.qfn
2008-10-29 16:38 . 08-10-29 16:38 1,409 --a------ f:\winnt\QTFont.for
2008-10-29 15:23 . 08-10-29 15:23 <DIR> d-------- f:\winnt\Sun
2008-10-29 15:21 . 08-10-29 15:21 410,976 --a------ f:\winnt\system32\deploytk.dll
2008-10-29 15:20 . 08-10-29 15:20 <DIR> d-------- f:\program files\Java
2008-10-29 14:02 . 08-10-29 14:02 <DIR> d-------- f:\documents and settings\All Users\Application Data\Apple Computer
2008-10-29 13:23 . 03-06-19 12:05 21,552 --a------ f:\winnt\system32\dllcache\usbstor.sys
2008-10-29 12:49 . 08-10-29 12:49 <DIR> d-------- f:\program files\DC++
2008-10-29 12:11 . 08-10-29 12:11 <DIR> d-------- f:\documents and settings\All Users\Application Data\nView_Profiles
2008-10-29 12:07 . 08-10-29 12:07 <DIR> d-------- f:\winnt\nview
2008-10-29 12:07 . 08-10-29 12:07 <DIR> d-------- F:\NVIDIA
2008-10-29 12:07 . 06-11-17 19:21 208,896 --a------ f:\winnt\system32\NVUNINST.EXE
2008-10-29 12:07 . 06-11-17 17:29 208,896 --a------ f:\winnt\system32\nvudisp.exe
2008-10-29 12:07 . 08-11-04 14:20 89,134 --a------ f:\winnt\system32\nvapps.xml
2008-10-29 12:07 . 06-11-17 17:29 17,056 --a------ f:\winnt\system32\nvdisp.nvu
2008-10-29 08:28 . 08-10-29 08:28 <DIR> d-------- f:\winnt\Logs
2008-10-29 08:28 . 08-10-29 08:28 <DIR> d--h----- f:\winnt\$MSI30UninstallMSI30-KB884016$
2008-10-29 08:17 . 08-10-29 08:17 <DIR> d-------- f:\documents and settings\SYSTEM
2008-10-29 07:31 . 08-11-04 20:49 132 --a------ f:\winnt\winamp.ini
2008-10-29 07:26 . 08-10-29 07:26 <DIR> d-------- f:\program files\DirectShow Pack
2008-10-29 06:36 . 08-10-29 06:36 <DIR> d-------- f:\program files\MarBit
2008-10-29 06:08 . 08-10-29 06:08 <DIR> d-------- f:\program files\DNA
2008-10-29 06:08 . 08-10-29 06:08 <DIR> d-------- f:\program files\BitTorrent
2008-10-28 19:33 . 02-07-23 18:29 146,944 --a------ f:\winnt\system32\msconfig.exe
2008-10-28 19:33 . 02-07-23 18:29 18,368 --a------ f:\winnt\system32\msconfig.chm
2008-10-28 19:21 . 03-06-19 13:05 550,672 --a------ f:\winnt\system32\comctl32.dll
2008-10-28 19:21 . 05-04-08 03:54 450,832 --a------ f:\winnt\system32\wininet.dll
2008-10-28 19:21 . 99-12-07 09:00 88,336 --a------ f:\winnt\system32\umpnpmgr.dll
2008-10-28 19:19 . 05-05-06 04:45 1,713,280 --a------ f:\winnt\system32\NTKRNLPA.EXE
2008-10-28 19:19 . 05-05-06 04:45 1,690,432 --a------ f:\winnt\system32\NTOSKRNL.EXE
2008-10-28 19:19 . 03-06-19 13:05 626,960 --a------ f:\winnt\system32\oleaut32.dll
2008-10-28 19:19 . 05-04-08 04:51 432,976 --a------ f:\winnt\system32\drivers\mrxsmb.sys
2008-10-28 19:19 . 05-09-23 03:03 245,008 --a------ f:\winnt\system32\winsrv.dll
2008-10-28 19:19 . 05-04-21 01:03 183,248 --a------ f:\winnt\system32\drivers\rdbss.sys
2008-10-28 19:19 . 05-01-12 12:39 138,000 --a------ f:\winnt\system32\faxui.dll
2008-10-28 19:19 . 03-06-19 13:05 97,040 --a------ f:\winnt\system32\win32spl.dll
2008-10-28 19:19 . 06-07-06 03:45 96,528 --a------ f:\winnt\system32\dnsrslvr.dll
2008-10-28 19:19 . 04-12-02 06:07 89,328 --a------ f:\winnt\system32\drivers\mup.sys
2008-10-28 19:19 . 05-04-08 04:54 83,728 --a------ f:\winnt\system32\spoolss.dll
2008-10-28 19:19 . 05-04-08 04:51 48,400 --a------ f:\winnt\system32\spoolsv.exe
2008-10-28 19:16 . 07-01-05 08:49 22,752 --a------ f:\winnt\system32\spupdsvc.exe
2008-10-28 19:14 . 08-10-28 19:14 <DIR> d-------- f:\winnt\mui
2008-10-28 19:14 . 05-04-21 01:03 251,760 --a------ f:\winnt\system32\drivers\SRV.SYS
2008-10-28 19:14 . 05-04-21 01:08 100,112 --a------ f:\winnt\system32\WKSSVC.DLL
2008-10-28 19:14 . 08-10-28 19:14 957 --a------ f:\winnt\setup.inf
2008-10-28 19:14 . 08-10-28 19:14 283 --a------ f:\winnt\setup.rpt
2008-10-28 19:01 . 00-08-29 00:00 401,462 --a------ f:\winnt\system32\msvcp60.dll
2008-10-28 18:56 . 08-10-28 18:56 <DIR> d-------- f:\program files\Opera
2008-10-28 18:53 . 08-10-28 18:53 <DIR> d-------- f:\program files\ffdshow
2008-10-28 17:13 . 08-10-28 17:13 <DIR> d-------- f:\winnt\system32\BITS
2008-10-28 17:13 . 05-05-04 14:45 2,890,240 --a------ f:\winnt\system32\msi.dll
2008-10-28 17:13 . 05-05-04 14:45 884,736 --a------ f:\winnt\system32\msimsg.dll
2008-10-28 17:13 . 04-12-22 07:27 331,776 --a------ f:\winnt\system32\winhttp.dll
2008-10-28 17:13 . 05-05-04 14:45 271,360 --a------ f:\winnt\system32\msihnd.dll
2008-10-28 17:13 . 03-06-19 13:05 244,224 --a------ f:\winnt\system32\qmgr.dll
2008-10-28 17:13 . 05-05-04 14:45 78,848 --a------ f:\winnt\system32\msiexec.exe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 20:12 58,000 ----a-w f:\winnt\system32\drivers\cdr4_2K.sys
2008-11-02 20:12 57,344 ----a-w f:\winnt\uneng.exe
2008-11-02 20:12 49,152 ----a-w f:\winnt\system32\cdrtc.dll
2008-11-02 20:12 45,056 ----a-w f:\winnt\system32\cdral.dll
2008-11-02 20:12 23,420 ----a-w f:\winnt\system32\drivers\cdralw2k.sys
2008-10-29 00:43 --------- d-----w f:\program files\VIAudioi
2008-10-29 00:41 --------- d--h--w f:\program files\InstallShield Installation Information
2008-10-29 00:28 --------- d-----w f:\program files\Common Files\InstallShield
2008-10-29 00:18 --------- d-----w f:\program files\microsoft frontpage
2008-10-29 00:17 271 ---h--w f:\program files\desktop.ini
2008-10-29 00:17 21,952 ---h--w f:\program files\folder.htt
2008-10-29 00:15 --------- d-----w f:\program files\Accessories
2008-09-29 15:43 84,936 ----a-w f:\winnt\system32\ElbyVCD.dll
2008-09-24 10:29 29,184 ----a-w f:\winnt\system32\drivers\VClone.sys
1999-12-07 17:00 32,528 ----a-w f:\winnt\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe "= "internat.exe" [99-12-07 09:00 20752 f:\winnt\system32\internat.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "f:\winnt\system32\NvCpl.dll" [06-11-17 17:29 7700480]
"NvMediaCenter "= "f:\winnt\system32\NvMcTray.dll" [06-11-17 17:29 86016]
"VirtualCloneDrive "= "f:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [08-06-29 14:01 52168]
"WinampAgent "= "f:\program files\Winamp\Winampa.exe" [03-04-01 18:20 12288]
"Synchronization Manager "= "mobsync.exe" [03-06-19 13:05 111376 f:\winnt\system32\mobsync.exe]
"nwiz "= "nwiz.exe" [06-11-17 17:29 1622016 f:\winnt\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe "= "internat.exe" [99-12-07 09:00 20752 f:\winnt\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop "= "f:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 13:05 186640]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "= mmdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv "=2 (0x2)


*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 20:57:54
Windows 5.0.2195 Service Pack 4 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-04 20:59:03
ComboFix-quarantined-files.txt 2008-11-05 04:59:00

Przed: 1*163*198*464 bytes free
Po: 1,232,650,240 bytes free

215

 

Hi
OK please do this.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

f:\winnt\system32\jkkHYppm.dll


Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now a on line scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

I cant scan because every time scaner jams. I have to stop and all ive got is this:

Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics
Files scanned 30093
Threat name 2
Infected objects 5
Suspicious objects 0
Duration of the scan 01:22:01

I had some list files infected but it disappeard after saving log. I'll try to run scaner again 10th time

 

This is log from ComboFix:

2008-10-28 16:17:01 A------- 5,296 F:\Qoobox\Quarantine\F\WINNT\Web\default.htt.vir
2008-10-30 10:17:03 A------- 0 F:\Qoobox\Quarantine\F\WINNT\system32\mppYHkkj.ini.vir
2008-10-30 10:17:03 A------- 419,913 F:\Qoobox\Quarantine\F\WINNT\system32\mppYHkkj.ini2.vir
2008-10-30 15:05:28 A------- 69,120 F:\Qoobox\Quarantine\F\WINNT\system32\orrteorx.dll.vir
2008-10-30 15:05:36 A------- 1,461,168 F:\Qoobox\Quarantine\F\WINNT\system32\xroetrro.ini.vir
2008-10-30 17:10:20 A------- 69,120 F:\Qoobox\Quarantine\F\WINNT\system32\dyqulxpj.dll.vir
2008-10-30 17:10:38 A------- 1,458,639 F:\Qoobox\Quarantine\F\WINNT\system32\jpxluqyd.ini.vir
2008-10-30 19:31:30 A------- 10,000 F:\Qoobox\Quarantine\F\WINNT\rundll32.exe.vir
2008-10-30 22:58:53 A------- 101,376 F:\Qoobox\Quarantine\F\WINNT\system32\tlkskvxx.dll.vir
2008-10-30 22:58:55 A------- 101,376 F:\Qoobox\Quarantine\F\WINNT\system32\nwhzzc.dll.vir
2008-10-31 00:30:04 A------- 68,608 F:\Qoobox\Quarantine\F\WINNT\system32\bgtefkas.dll.vir
2008-10-31 00:30:13 A------- 1,463,817 F:\Qoobox\Quarantine\F\WINNT\system32\sakfetgb.ini.vir
2008-10-31 00:31:00 A------- 101,376 F:\Qoobox\Quarantine\F\WINNT\system32\yablotyu.dll.vir
2008-10-31 00:31:02 A------- 101,376 F:\Qoobox\Quarantine\F\WINNT\system32\hmkpen.dll.vir
2008-11-04 20:50:20 A------- 57 F:\Qoobox\Quarantine\catchme.log
2008-11-04 20:57:03 A------- 5,034 F:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-04 20:58:20 A------- 2 F:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-11-04 20:58:20 A------- 2 F:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-11-04 20:58:20 A------- 2 F:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat

I deleted those files and Kaspersky didnt find anything, now my system is runnig very slow and i get low virtual memory warning

 

Hi
Ok please do this.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool.
• At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
• If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of log.txt here in your next reply.

Thanks
Geri

 

Logfile of random's system information tool 1.04 (written by random/random)
Run by yty at 2008-11-13 06:37:20
Microsoft Windows 2000 Professional Service Pack 4
System drive F: has 1 GB (6%) free of 19 GB
Total RAM: 191 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:37:53, on 2008-11-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\csrss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\nvsvc32.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Spyware Doctor\pctsAuxs.exe
F:\Program Files\Spyware Doctor\pctsSvc.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\WINNT\system32\internat.exe
F:\Program Files\Spyware Doctor\update.exe
F:\Program Files\Opera\Opera.exe
C:\RSIT.exe
F:\Program Files\trend micro\yty.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] F:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINNT\web\related.htm
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINNT\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 3045 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - F:\Program Files\Java\jre6\bin\ssv.dll [2008-11-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - F:\WINNT\system32\msdxm.ocx [2005-03-31 844560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager "=mobsync.exe /logon []
"NvCplDaemon "=F:\WINNT\system32\NvCpl.dll [2006-11-17 7700480]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=F:\WINNT\system32\NvMcTray.dll [2006-11-17 86016]
"NeroCheck "=F:\WINNT\system32\NeroCheck.exe [2001-07-09 155648]
"ISTray "=F:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe "=F:\WINNT\system32\internat.exe [1999-12-07 20752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv "=2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - F:\WINNT\system32\Notepad.exe %1
.js - open - F:\WINNT\system32\WScript.exe "%1" %*
.vbs - edit - F:\WINNT\system32\Notepad.exe %1
.vbs - open - F:\WINNT\system32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2008-11-13 06:37:21 ----D---- F:\Program Files\trend micro
2008-11-12 18:53:44 ----D---- F:\Program Files\Common Files\NSV
2008-11-12 18:00:51 ----A---- F:\WINNT\system32\picn20.dll
2008-11-12 18:00:48 ----A---- F:\WINNT\system32\imagx5.dll
2008-11-12 18:00:48 ----A---- F:\WINNT\system32\imagr5.dll
2008-11-12 18:00:47 ----A---- F:\WINNT\system32\ImagXpr5.dll
2008-11-12 18:00:44 ----D---- F:\Program Files\Common Files\Ahead
2008-11-12 18:00:44 ----A---- F:\WINNT\system32\NeroCheck.exe
2008-11-12 18:00:37 ----D---- F:\Program Files\Ahead
2008-11-06 22:50:23 ----HD---- F:\Program Files\Uninstall Information
2008-11-06 22:50:23 ----D---- F:\WINNT\Pliki Instalatora aktualizacji Windows Update
2008-11-06 22:50:12 ----A---- F:\WINNT\Active Setup Log.txt
2008-11-06 22:50:12 ----A---- F:\WINNT\Active Setup Log.BAK
2008-11-06 12:37:06 ----D---- F:\Program Files\Gadu-Gadu
2008-11-05 19:17:01 ----A---- F:\WINNT\system32\javaws.exe
2008-11-05 19:17:01 ----A---- F:\WINNT\system32\javaw.exe
2008-11-05 19:17:01 ----A---- F:\WINNT\system32\java.exe
2008-11-05 19:15:34 ----D---- F:\Documents and Settings\yty.RTR-85CC5C77527\Application Data\Sun
2008-11-04 20:59:09 ----D---- F:\WINNT\temp
2008-11-04 20:59:04 ----A---- F:\ComboFix.txt
2008-11-04 20:50:26 ----A---- F:\WINNT\zip.exe
2008-11-04 20:50:26 ----A---- F:\WINNT\VFIND.exe
2008-11-04 20:50:26 ----A---- F:\WINNT\SWXCACLS.exe
2008-11-04 20:50:26 ----A---- F:\WINNT\SWSC.exe
2008-11-04 20:50:26 ----A---- F:\WINNT\SWREG.exe
2008-11-04 20:50:26 ----A---- F:\WINNT\sed.exe
2008-11-04 20:50:26 ----A---- F:\WINNT\NIRCMD.exe
2008-11-04 20:50:26 ----A---- F:\WINNT\grep.exe
2008-11-04 20:50:26 ----A---- F:\WINNT\fdsv.exe
2008-11-04 20:50:20 ----D---- F:\WINNT\ERDNT
2008-11-04 20:50:20 ----D---- F:\Qoobox
2008-11-03 20:47:32 ----D---- F:\Program Files\Winamp
2008-11-03 20:31:09 ----A---- F:\WINNT\ODBC.INI
2008-11-03 20:30:04 ----D---- F:\Program Files\Common Files\Designer
2008-11-03 20:29:51 ----D---- F:\WINNT\ShellNew
2008-11-03 20:29:26 ----D---- F:\Program Files\Microsoft Office
2008-11-03 20:29:26 ----D---- F:\Documents and Settings\yty.RTR-85CC5C77527\Application Data\Microsoft Web Folders
2008-11-02 18:36:38 ----D---- F:\Program Files\Native Instruments
2008-11-02 12:12:34 ----D---- F:\Program Files\Common Files\Adaptec Shared
2008-11-02 12:12:34 ----A---- F:\WINNT\uneng.exe
2008-11-02 12:12:34 ----A---- F:\WINNT\system32\cdrtc.dll
2008-11-02 12:12:34 ----A---- F:\WINNT\system32\cdral.dll
2008-11-02 12:12:27 ----A---- F:\WINNT\system32\wmpui.dll
2008-11-02 12:12:27 ----A---- F:\WINNT\system32\wmpshell.dll
2008-11-02 12:12:27 ----A---- F:\WINNT\system32\wmploc.dll
2008-11-02 12:12:27 ----A---- F:\WINNT\system32\wmpdxm.dll
2008-11-02 12:12:27 ----A---- F:\WINNT\system32\wmpcore.dll
2008-11-02 12:12:27 ----A---- F:\WINNT\system32\wmpcd.dll
2008-11-02 12:12:27 ----A---- F:\WINNT\system32\wmpasf.dll
2008-11-02 12:12:27 ----A---- F:\WINNT\system32\wmp.dll
2008-11-02 12:12:27 ----A---- F:\WINNT\system32\wmerror.dll
2008-11-02 12:12:27 ----A---- F:\WINNT\system32\asferror.dll
2008-11-02 12:12:19 ----A---- F:\WINNT\system32\wmdmps.dll
2008-11-02 12:12:19 ----A---- F:\WINNT\system32\wmdmlog.dll
2008-11-02 12:12:19 ----A---- F:\WINNT\system32\mswmdm.dll
2008-11-02 12:12:19 ----A---- F:\WINNT\system32\msscp.dll
2008-11-02 12:12:19 ----A---- F:\WINNT\system32\mspmsp.dll
2008-11-02 12:12:19 ----A---- F:\WINNT\system32\mspmsnsv.dll
2008-11-02 12:12:19 ----A---- F:\WINNT\system32\CEWMDM.dll
2008-11-02 12:12:17 ----A---- F:\WINNT\system32\wmvdmoe2.dll
2008-11-02 12:12:17 ----A---- F:\WINNT\system32\wmvdmod.dll
2008-11-02 12:12:17 ----A---- F:\WINNT\system32\wmspdmoe.dll
2008-11-02 12:12:17 ----A---- F:\WINNT\system32\wmspdmod.dll
2008-11-02 12:12:17 ----A---- F:\WINNT\system32\wmsdmoe2.dll
2008-11-02 12:12:17 ----A---- F:\WINNT\system32\wmsdmod.dll
2008-11-02 12:12:17 ----A---- F:\WINNT\system32\wmadmod.dll
2008-11-02 12:12:17 ----A---- F:\WINNT\system32\mpg4dmod.dll
2008-11-02 12:12:17 ----A---- F:\WINNT\system32\mp43dmod.dll
2008-11-02 12:12:16 ----A---- F:\WINNT\system32\wmvcore.dll
2008-11-02 12:12:16 ----A---- F:\WINNT\system32\wmnetmgr.dll
2008-11-02 12:12:16 ----A---- F:\WINNT\system32\wmidx.dll
2008-11-02 12:12:16 ----A---- F:\WINNT\system32\wmasf.dll
2008-11-02 12:12:16 ----A---- F:\WINNT\system32\wmadmoe.dll
2008-11-02 12:12:16 ----A---- F:\WINNT\system32\logagent.exe
2008-11-02 12:12:16 ----A---- F:\WINNT\system32\laprxy.dll
2008-11-02 12:12:15 ----A---- F:\WINNT\system32\msnetobj.dll
2008-11-02 12:12:15 ----A---- F:\WINNT\system32\drmv2clt.dll
2008-11-02 12:12:15 ----A---- F:\WINNT\system32\drmstor.dll
2008-11-02 12:12:15 ----A---- F:\WINNT\system32\drmclien.dll
2008-11-02 12:12:15 ----A---- F:\WINNT\system32\blackbox.dll
2008-11-02 12:01:14 ----A---- F:\WINNT\system32\mp4sdmod.dll
2008-11-02 12:01:11 ----A---- F:\WINNT\system32\mpg4c32.dll
2008-11-02 11:42:34 ----D---- F:\Program Files\Elaborate Bytes
2008-11-02 11:33:16 ----D---- F:\Program Files\DAEMON Tools Toolbar
2008-11-02 11:30:25 ----D---- F:\Documents and Settings\yty.RTR-85CC5C77527\Application Data\DAEMON Tools
2008-11-02 10:45:05 ----D---- F:\Documents and Settings\yty.RTR-85CC5C77527\Application Data\Macromedia
2008-11-02 10:45:05 ----D---- F:\Documents and Settings\yty.RTR-85CC5C77527\Application Data\Adobe
2008-11-02 09:49:07 ----D---- F:\Documents and Settings\yty.RTR-85CC5C77527\Application Data\Opera
2008-11-02 02:36:29 ----A---- F:\WINNT\bestplayer.ini
2008-11-01 20:43:10 ----D---- F:\Documents and Settings\yty.RTR-85CC5C77527\Application Data\BitTorrent
2008-10-31 17:32:23 ----SD---- F:\WINNT\History
2008-10-31 17:32:23 ----SD---- F:\WINNT\Cookies
2008-10-31 17:32:22 ----SD---- F:\WINNT\Temporary Internet Files
2008-10-31 16:14:27 ----A---- F:\WINNT\system32\oleaccrc.dll
2008-10-31 16:14:27 ----A---- F:\WINNT\system32\oleacc.dll
2008-10-31 16:14:27 ----A---- F:\WINNT\system32\msaatext.dll
2008-10-31 16:14:26 ----D---- F:\Program Files\Spyware Doctor
2008-10-31 16:14:26 ----D---- F:\Documents and Settings\yty.RTR-85CC5C77527\Application Data\PC Tools
2008-10-31 16:08:48 ----HD---- F:\WINNT\$MSI31Uninstall_KB893803v2$
2008-10-31 12:32:41 ----HD---- F:\WINNT\PIF
2008-10-31 12:15:11 ----D---- F:\Documents and Settings\yty.RTR-85CC5C77527\Application Data\Identities
2008-10-31 12:15:03 ----SD---- F:\Documents and Settings\yty.RTR-85CC5C77527\Application Data\Microsoft
2008-10-31 12:15:01 ----A---- F:\WINNT\system32\CNBJMON.DLL
2008-10-31 12:04:12 ----D---- F:\WINNT\tmp
2008-10-31 11:51:35 ----SHD---- F:\Config.Msi
2008-10-31 00:17:02 ----D---- F:\Documents and Settings\All Users\Application Data\avg8
2008-10-30 20:39:23 ----D---- F:\rsit
2008-10-30 20:24:02 ----HD---- F:\WINNT\$NtUpdateRollupPackUninstall$
2008-10-30 19:32:23 ----A---- F:\WINNT\explorer.exe
2008-10-30 19:31:59 ----A---- F:\WINNT\system32\rundll32.exe
2008-10-30 15:30:40 ----D---- F:\WINNT\RegisteredPackages
2008-10-30 15:19:06 ----D---- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-30 15:19:05 ----D---- F:\WINNT\system32\Kaspersky Lab
2008-10-30 14:13:15 ----D---- F:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-30 14:12:43 ----D---- F:\Program Files\Common Files\Wise Installation Wizard
2008-10-30 11:39:50 ----D---- F:\WINNT\DrWatson
2008-10-30 10:26:38 ----A---- F:\WINNT\ntbtlog.txt
2008-10-30 10:17:20 ----A---- F:\WINNT\system32\1b74d12e-.txt
2008-10-29 19:27:14 ----A---- F:\WINNT\system32\AVERM.dll
2008-10-29 19:27:14 ----A---- F:\WINNT\system32\AVEQT.dll
2008-10-29 18:12:01 ----D---- F:\WINNT\system32\appmgmt
2008-10-29 15:23:01 ----D---- F:\WINNT\Sun
2008-10-29 15:21:45 ----A---- F:\WINNT\system32\deploytk.dll
2008-10-29 15:20:57 ----D---- F:\Program Files\Java
2008-10-29 14:02:57 ----D---- F:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-29 12:49:02 ----D---- F:\Program Files\DC++
2008-10-29 12:11:07 ----D---- F:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-29 12:07:30 ----D---- F:\WINNT\nview
2008-10-29 12:07:30 ----A---- F:\WINNT\system32\nvudisp.exe
2008-10-29 12:07:15 ----A---- F:\WINNT\system32\NVUNINST.EXE
2008-10-29 12:07:00 ----D---- F:\NVIDIA
2008-10-29 08:36:28 ----A---- F:\WINNT\system32\d3dx10_39.dll
2008-10-29 08:36:28 ----A---- F:\WINNT\system32\D3DCompiler_39.dll
2008-10-29 08:36:26 ----A---- F:\WINNT\system32\D3DX9_39.dll
2008-10-29 08:36:25 ----A---- F:\WINNT\system32\d3dx10_38.dll
2008-10-29 08:36:25 ----A---- F:\WINNT\system32\D3DCompiler_38.dll
2008-10-29 08:36:23 ----A---- F:\WINNT\system32\D3DX9_38.dll
2008-10-29 08:36:22 ----A---- F:\WINNT\system32\d3dx10_37.dll
2008-10-29 08:36:22 ----A---- F:\WINNT\system32\D3DCompiler_37.dll
2008-10-29 08:36:21 ----A---- F:\WINNT\system32\D3DX9_37.dll
2008-10-29 08:36:21 ----A---- F:\WINNT\system32\d3dx10_36.dll
2008-10-29 08:36:20 ----A---- F:\WINNT\system32\D3DCompiler_36.dll
2008-10-29 08:36:19 ----A---- F:\WINNT\system32\d3dx9_36.dll
2008-10-29 08:36:18 ----A---- F:\WINNT\system32\d3dx10_35.dll
2008-10-29 08:36:18 ----A---- F:\WINNT\system32\D3DCompiler_35.dll
2008-10-29 08:36:17 ----A---- F:\WINNT\system32\d3dx9_35.dll
2008-10-29 08:36:16 ----A---- F:\WINNT\system32\d3dx10_34.dll
2008-10-29 08:36:15 ----A---- F:\WINNT\system32\d3dx9_34.dll
2008-10-29 08:36:15 ----A---- F:\WINNT\system32\D3DCompiler_34.dll
2008-10-29 08:36:14 ----A---- F:\WINNT\system32\d3dx10_33.dll
2008-10-29 08:36:14 ----A---- F:\WINNT\system32\D3DCompiler_33.dll
2008-10-29 08:36:13 ----A---- F:\WINNT\system32\d3dx9_33.dll
2008-10-29 08:36:11 ----A---- F:\WINNT\system32\d3dx9_32.dll
2008-10-29 08:36:09 ----A---- F:\WINNT\system32\d3dx9_31.dll
2008-10-29 08:36:08 ----A---- F:\WINNT\system32\d3dx9_30.dll
2008-10-29 08:36:07 ----A---- F:\WINNT\system32\d3dx9_29.dll
2008-10-29 08:36:05 ----A---- F:\WINNT\system32\d3dx9_28.dll
2008-10-29 08:36:03 ----A---- F:\WINNT\system32\d3dx9_27.dll
2008-10-29 08:36:01 ----A---- F:\WINNT\system32\d3dx9_26.dll
2008-10-29 08:36:00 ----A---- F:\WINNT\system32\d3dx9_25.dll
2008-10-29 08:35:59 ----A---- F:\WINNT\system32\d3dx9_24.dll
2008-10-29 08:35:26 ----A---- F:\WINNT\system32\wstdecod.dll
2008-10-29 08:35:26 ----A---- F:\WINNT\system32\psisdecd.dll
2008-10-29 08:35:26 ----A---- F:\WINNT\system32\msvidctl.dll
2008-10-29 08:35:25 ----A---- F:\WINNT\system32\quartz.dll
2008-10-29 08:35:25 ----A---- F:\WINNT\system32\msyuv.dll
2008-10-29 08:35:25 ----A---- F:\WINNT\system32\ddraw.dll
2008-10-29 08:35:24 ----A---- F:\WINNT\system32\dxdiagn.dll
2008-10-29 08:35:24 ----A---- F:\WINNT\system32\dxdiag.exe
2008-10-29 08:35:24 ----A---- F:\WINNT\system32\d3d9.dll
2008-10-29 08:35:24 ----A---- F:\WINNT\system32\d3d8.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\qedit.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\qdvd.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\qdv.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\qcap.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\qasf.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\mswebdvd.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\gcdef.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\dpwsockx.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\dpvoice.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\dpnsvr.exe
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\dpnet.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\dpmodemx.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\dinput8.dll
2008-10-29 08:35:23 ----A---- F:\WINNT\system32\devenum.dll
2008-10-29 08:35:22 ----A---- F:\WINNT\system32\dsound.dll
2008-10-29 08:35:22 ----A---- F:\WINNT\system32\dsdmoprp.dll
2008-10-29 08:35:22 ----A---- F:\WINNT\system32\dmusic.dll
2008-10-29 08:35:22 ----A---- F:\WINNT\system32\dinput.dll
2008-10-29 08:35:22 ----A---- F:\WINNT\system32\diactfrm.dll
2008-10-29 08:35:20 ----A---- F:\WINNT\system32\dx8vb.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\qedwipes.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\msdmo.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\mciqtz32.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\ksuser.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\encapi.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dx7vb.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dswave.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dsound3d.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dsdmo.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dpvvox.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dpvsetup.exe
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dpvacm.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dpnlobby.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dpnhupnp.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dpnhpast.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dpnaddr.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dplayx.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dplaysvr.exe
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dmsynth.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dmstyle.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dmscript.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dmloader.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dmime.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dmcompos.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\dmband.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\d3dim700.dll
2008-10-29 08:35:19 ----A---- F:\WINNT\system32\amstream.dll
2008-10-29 08:35:18 ----A---- F:\WINNT\system32\pid.dll
2008-10-29 08:35:18 ----A---- F:\WINNT\system32\dxdllreg.exe
2008-10-29 08:35:18 ----A---- F:\WINNT\system32\dimap.dll
2008-10-29 08:35:18 ----A---- F:\WINNT\system32\d3dxof.dll
2008-10-29 08:35:18 ----A---- F:\WINNT\system32\d3drm.dll
2008-10-29 08:35:18 ----A---- F:\WINNT\system32\d3dramp.dll
2008-10-29 08:35:18 ----A---- F:\WINNT\system32\d3dpmesh.dll
2008-10-29 08:35:18 ----A---- F:\WINNT\system32\d3dim.dll
2008-10-29 08:35:18 ----A---- F:\WINNT\system32\d3d8thk.dll
2008-10-29 08:28:48 ----HD---- F:\WINNT\$MSI30UninstallMSI30-KB884016$
2008-10-29 08:28:35 ----D---- F:\WINNT\system32\directx
2008-10-29 08:28:34 ----D---- F:\WINNT\Logs
2008-10-29 07:31:37 ----A---- F:\WINNT\winamp.ini
2008-10-29 07:26:19 ----D---- F:\Program Files\DirectShow Pack
2008-10-29 06:36:01 ----D---- F:\Program Files\MarBit
2008-10-29 06:08:32 ----D---- F:\Program Files\DNA
2008-10-29 06:08:31 ----D---- F:\Program Files\BitTorrent
2008-10-28 19:33:48 ----D---- F:\WINNT\pss
2008-10-28 19:33:36 ----A---- F:\WINNT\system32\msconfig.exe
2008-10-28 19:22:44 ----A---- F:\WINNT\system32\shell32.dll
2008-10-28 19:22:38 ----A---- F:\WINNT\system32\mfc42u.dll
2008-10-28 19:22:38 ----A---- F:\WINNT\system32\mfc40u.dll
2008-10-28 19:22:32 ----A---- F:\WINNT\system32\ntdsa.dll
2008-10-28 19:22:25 ----A---- F:\WINNT\system32\user32.dll
2008-10-28 19:22:25 ----A---- F:\WINNT\system32\mf3216.dll
2008-10-28 19:22:25 ----A---- F:\WINNT\system32\gdi32.dll
2008-10-28 19:22:13 ----A---- F:\WINNT\system32\tapisrv.dll
2008-10-28 19:22:07 ----A---- F:\WINNT\system32\netman.dll
2008-10-28 19:22:01 ----A---- F:\WINNT\system32\mswsock.dll
2008-10-28 19:22:01 ----A---- F:\WINNT\system32\msafd.dll
2008-10-28 19:22:01 ----A---- F:\WINNT\system32\dnsapi.dll
2008-10-28 19:21:40 ----A---- F:\WINNT\system32\umpnpmgr.dll
2008-10-28 19:20:54 ----D---- F:\WINNT\system32\Windows Media
2008-10-28 19:20:23 ----A---- F:\WINNT\system32\mtxclu.dll
2008-10-28 19:20:22 ----A---- F:\WINNT\system32\msdtcprx.dll
2008-10-28 19:20:21 ----A---- F:\WINNT\system32\comsvcs.dll
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\UNTFS.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\srvsvc.dll
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\SERVICES.EXE
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\SAMSRV.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\samlib.dll
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\RASMAN.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\RASDLG.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\RASAPI32.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\OLECNV32.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\NTVDM.EXE
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\NTLANMAN.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\NDDENB32.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\MSV1_0.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\MSGSVC.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\msasn1.dll
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\LSASS.EXE
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\LOCALSPL.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\GRPCONV.EXE
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\FONTVIEW.EXE
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\CSRSRV.DLL
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\CHKDSK.EXE
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\AUTOCHK.EXE
2008-10-28 19:20:20 ----A---- F:\WINNT\system32\ADVAPI32.DLL
2008-10-28 19:20:19 ----A---- F:\WINNT\system32\NTDLL.DLL
2008-10-28 19:20:15 ----D---- F:\WINNT\msiinst.tmp
2008-10-28 19:19:41 ----A---- F:\WINNT\system32\NTOSKRNL.EXE
2008-10-28 19:19:40 ----A---- F:\WINNT\system32\NTKRNLPA.EXE
2008-10-28 19:19:24 ----A---- F:\WINNT\system32\oleaut32.dll
2008-10-28 19:19:18 ----A---- F:\WINNT\system32\dnsrslvr.dll
2008-10-28 19:19:07 ----A---- F:\WINNT\system32\win32spl.dll
2008-10-28 19:19:07 ----A---- F:\WINNT\system32\spoolsv.exe
2008-10-28 19:19:07 ----A---- F:\WINNT\system32\spoolss.dll
2008-10-28 19:19:07 ----A---- F:\WINNT\system32\faxui.dll
2008-10-28 19:19:02 ----A---- F:\WINNT\system32\winsrv.dll
2008-10-28 19:16:43 ----A---- F:\WINNT\system32\MRT.exe
2008-10-28 19:16:34 ----A---- F:\WINNT\system32\spupdsvc.exe
2008-10-28 19:16:31 ----D---- F:\WINNT\system32\ReinstallBackups
2008-10-28 19:15:44 ----A---- F:\WINNT\system32\webvw.dll
2008-10-28 19:15:44 ----A---- F:\WINNT\system32\linkinfo.dll
2008-10-28 19:15:38 ----A---- F:\WINNT\system32\nwprovau.dll
2008-10-28 19:15:38 ----A---- F:\WINNT\system32\nwapi32.dll
2008-10-28 19:15:22 ----A---- F:\WINNT\system32\sp3res.dll
2008-10-28 19:15:22 ----A---- F:\WINNT\system32\lsasrv.dll
2008-10-28 19:15:13 ----A---- F:\WINNT\system32\mswstr10.dll
2008-10-28 19:15:06 ----A---- F:\WINNT\system32\rasadhlp.dll
2008-10-28 19:15:02 ----A---- F:\WINNT\system32\oledlg.dll
2008-10-28 19:14:42 ----A---- F:\WINNT\system32\WKSSVC.DLL
2008-10-28 19:14:25 ----D---- F:\WINNT\mui
2008-10-28 19:13:59 ----A---- F:\WINNT\system32\rasmans.dll
2008-10-28 19:13:59 ----A---- F:\WINNT\system32\polstore.dll
2008-10-28 19:13:59 ----A---- F:\WINNT\system32\polagent.dll
2008-10-28 19:13:59 ----A---- F:\WINNT\system32\oakley.dll
2008-10-28 19:13:59 ----A---- F:\WINNT\system32\ipsecmon.exe
2008-10-28 19:13:54 ----A---- F:\WINNT\system32\KERNEL32.DLL
2008-10-28 19:13:48 ----A---- F:\WINNT\system32\iphlpapi.dll
2008-10-28 19:13:48 ----A---- F:\WINNT\system32\dhcpcsvc.dll
2008-10-28 19:01:48 ----A---- F:\WINNT\system32\msvcp60.dll
2008-10-28 18:59:42 ----A---- F:\WINNT\updcustom.dll.log
2008-10-28 18:56:33 ----D---- F:\Program Files\Opera
2008-10-28 18:53:42 ----D---- F:\Program Files\ffdshow
2008-10-28 17:13:38 ----A---- F:\WINNT\system32\msisip.dll
2008-10-28 17:13:38 ----A---- F:\WINNT\system32\msimsg.dll
2008-10-28 17:13:38 ----A---- F:\WINNT\system32\msihnd.dll
2008-10-28 17:13:38 ----A---- F:\WINNT\system32\msiexec.exe
2008-10-28 17:13:38 ----A---- F:\WINNT\system32\msi.dll
2008-10-28 17:13:28 ----D---- F:\WINNT\system32\BITS
2008-10-28 17:13:24 ----N---- F:\WINNT\system32\spmsg.dll
2008-10-28 17:13:22 ----A---- F:\WINNT\system32\winhttp.dll
2008-10-28 17:13:22 ----A---- F:\WINNT\system32\qmgrprxy.dll
2008-10-28 17:13:22 ----A---- F:\WINNT\system32\qmgr.dll
2008-10-28 17:11:14 ----D---- F:\Program Files\SkanerOnline
2008-10-28 17:09:04 ----D---- F:\Program Files\WinRAR
2008-10-28 17:08:21 ----A---- F:\WINNT\system32\wucltui.dll.mui
2008-10-28 17:08:21 ----A---- F:\WINNT\system32\wuaueng.dll.mui
2008-10-28 17:08:21 ----A---- F:\WINNT\system32\wuapi.dll.mui
2008-10-28 17:08:20 ----D---- F:\WINNT\system32\SoftwareDistribution
2008-10-28 17:07:55 ----D---- F:\Documents and Settings\All Users\Application Data\TEMP
2008-10-28 17:07:40 ----D---- F:\Program Files\Ace Utilities
2008-10-28 17:06:53 ----D---- F:\WINNT\SoftwareDistribution
2008-10-28 17:06:47 ----A---- F:\WINNT\system32\wuweb.dll
2008-10-28 17:06:47 ----A---- F:\WINNT\system32\wups2.dll
2008-10-28 17:06:47 ----A---- F:\WINNT\system32\wups.dll
2008-10-28 17:06:47 ----A---- F:\WINNT\system32\wucltui.dll
2008-10-28 17:06:47 ----A---- F:\WINNT\system32\wuaueng1.dll
2008-10-28 17:06:47 ----A---- F:\WINNT\system32\wuauclt1.exe
2008-10-28 17:06:47 ----A---- F:\WINNT\system32\wuapi.dll
2008-10-28 16:45:34 ----D---- F:\WINNT\system32\Macromed
2008-10-28 16:43:38 ----A---- F:\WINNT\system32\UnAudioNT.dll
2008-10-28 16:43:36 ----D---- F:\Program Files\VIAudioi
2008-10-28 16:43:31 ----A---- F:\WINNT\IsUninst.exe
2008-10-28 16:41:17 ----HD---- F:\Program Files\InstallShield Installation Information
2008-10-28 16:41:17 ----D---- F:\WINNT\Drivers
2008-10-28 16:28:53 ----D---- F:\WINNT\system32\NVSYS
2008-10-28 16:28:49 ----D---- F:\Program Files\Common Files\InstallShield
2008-10-28 16:27:29 ----D---- F:\F
2008-10-28 16:24:32 ----D---- F:\WINNT\system32\NtmsData
2008-10-28 16:24:07 ----SHD---- F:\WINNT\Installer
2008-10-28 16:24:01 ----HD---- F:\WINNT\system32\GroupPolicy
2008-10-28 16:24:00 ----SHD---- F:\WINNT\CSC
2008-10-28 16:23:47 ----D---- F:\WINNT\system32\Microsoft
2008-10-28 16:23:47 ----A---- F:\WINNT\SchedLgU.Txt
2008-10-28 16:18:37 ----D---- F:\WINNT\system32\rpcproxy
2008-10-28 16:18:37 ----D---- F:\WINNT\system32\rocket
2008-10-28 16:18:37 ----D---- F:\WINNT\system32\inetsrv
2008-10-28 16:18:37 ----D---- F:\WINNT\mww32
2008-10-28 16:18:37 ----D---- F:\WINNT\ime
2008-10-28 16:18:37 ----D---- F:\Program Files\microsoft frontpage
2008-10-28 16:17:51 ----A---- F:\WINNT\control.ini
2008-10-28 16:17:46 ----A---- F:\WINNT\OEWABLog.txt
2008-10-28 16:17:14 ----A---- F:\WINNT\system32\mapi32.dll
2008-10-28 16:17:01 ----H---- F:\WINNT\system32\desktop.ini
2008-10-28 16:17:01 ----H---- F:\WINNT\desktop.ini
2008-10-28 16:17:01 ----H---- F:\Program Files\desktop.ini
2008-10-28 16:17:00 ----SD---- F:\WINNT\Downloaded Program Files
2008-10-28 16:17:00 ----RD---- F:\WINNT\Offline Web Pages
2008-10-28 16:16:51 ----A---- F:\WINNT\system32\nmmkcert.dll
2008-10-28 16:16:51 ----A---- F:\WINNT\system32\nmevtmsg.dll
2008-10-28 16:16:51 ----A---- F:\WINNT\system32\msconf.dll
2008-10-28 16:16:51 ----A---- F:\WINNT\system32\mnmsrvc.exe
2008-10-28 16:16:51 ----A---- F:\WINNT\system32\mnmdd.dll
2008-10-28 16:16:51 ----A---- F:\WINNT\system32\ils.dll
2008-10-28 16:16:50 ----D---- F:\Program Files\Common Files\Services
2008-10-28 16:16:49 ----SD---- F:\WINNT\Tasks
2008-10-28 16:16:49 ----A---- F:\WINNT\system32\mstinit.exe
2008-10-28 16:16:49 ----A---- F:\WINNT\system32\icwphbk.dll
2008-10-28 16:16:48 ----A---- F:\WINNT\system32\inetcfg.dll
2008-10-28 16:16:48 ----A---- F:\WINNT\system32\icwdial.dll
2008-10-28 16:16:48 ----A---- F:\WINNT\system32\icfgnt5.dll
2008-10-28 16:16:46 ----D---- F:\Program Files\NetMeeting
2008-10-28 16:16:45 ----D---- F:\Program Files\Outlook Express
2008-10-28 16:16:44 ----D---- F:\Program Files\Internet Explorer
2008-10-28 16:16:44 ----A---- F:\WINNT\system32\isign32.dll
2008-10-28 16:16:42 ----D---- F:\Program Files\Common Files\System
2008-10-28 16:15:52 ----D---- F:\WINNT\Registration
2008-10-28 16:15:51 ----A---- F:\WINNT\vbaddin.ini
2008-10-28 16:15:51 ----A---- F:\WINNT\vb.ini
2008-10-28 16:15:42 ----D---- F:\WINNT\system32\DTCLog
2008-10-28 16:15:39 ----HD---- F:\Program Files\WindowsUpdate
2008-10-28 16:15:38 ----D---- F:\Program Files\Windows Media Player
2008-10-28 16:15:36 ----A---- F:\WINNT\system32\write.exe
2008-10-28 16:15:32 ----A---- F:\WINNT\system32\sndvol32.exe
2008-10-28 16:15:31 ----A---- F:\WINNT\system32\mplay32.exe
2008-10-28 16:15:31 ----A---- F:\WINNT\system32\cdplayer.exe
2008-10-28 16:15:30 ----A---- F:\WINNT\system32\winchat.exe
2008-10-28 16:15:30 ----A---- F:\WINNT\system32\avwav.dll
2008-10-28 16:15:30 ----A---- F:\WINNT\system32\avmeter.dll
2008-10-28 16:15:28 ----A---- F:\WINNT\system32\clipbrd.exe
2008-10-28 16:15:27 ----D---- F:\Program Files\Accessories
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\xiffr3_0.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\winmine.exe
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\tifflt.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\sol.exe
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\oitwa400.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\oissq400.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\oislb400.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\oiprt400.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\jpeg2x32.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\jpeg1x32.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\imgshl.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\imgcmn.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\getuname.dll
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\freecell.exe
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\charmap.exe
2008-10-28 16:15:27 ----A---- F:\WINNT\system32\calc.exe
2008-10-28 16:15:26 ----D---- F:\Program Files\Windows NT
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\xolehlp.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\txflog.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\stclient.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\sndrec32.exe
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\packager.exe
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\mtxlegih.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\mtxex.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\mspaint.exe
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\msdtcprf.ini
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\msdtc.exe
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\hypertrm.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\hticons.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\DComExt.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\comsnap.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\comclust.exe
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\comaddin.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\catsrvps.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\avtapi.dll
2008-10-28 16:15:26 ----A---- F:\WINNT\system32\accwiz.exe
2008-10-28 16:15:25 ----A---- F:\WINNT\system32\wuauserv.dll
2008-10-28 16:15:25 ----A---- F:\WINNT\system32\wuaueng.dll
2008-10-28 16:15:25 ----A---- F:\WINNT\system32\wuauclt.exe
2008-10-28 16:15:25 ----A---- F:\WINNT\system32\oiui400.dll
2008-10-28 16:15:25 ----A---- F:\WINNT\system32\oieng400.dll
2008-10-28 16:15:25 ----A---- F:\WINNT\system32\mtxoci.dll
2008-10-28 16:15:25 ----A---- F:\WINNT\system32\msdtcui.dll
2008-10-28 16:15:25 ----A---- F:\WINNT\system32\msdtctm.dll
2008-10-28 16:15:25 ----A---- F:\WINNT\system32\msdtclog.dll
2008-10-28 16:15:24 ----D---- F:\WINNT\system32\Com
2008-10-28 16:15:24 ----A---- F:\WINNT\system32\mtxdm.dll
2008-10-28 16:15:24 ----A---- F:\WINNT\system32\comuid.dll
2008-10-28 16:15:24 ----A---- F:\WINNT\system32\comrepl.dll
2008-10-28 16:15:24 ----A---- F:\WINNT\system32\colbact.dll
2008-10-28 16:15:24 ----A---- F:\WINNT\system32\clbcatex.dll
2008-10-28 16:15:24 ----A---- F:\WINNT\system32\catsrvut.dll
2008-10-28 16:15:24 ----A---- F:\WINNT\system32\catsrv.dll
2008-10-28 16:14:40 ----D---- F:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-28 16:10:34 ----A---- F:\WINNT\ModemDet.txt
2008-10-28 16:08:05 ----A---- F:\WINNT\system32\usbui.dll
2008-10-28 16:06:46 ----A---- F:\WINNT\imsins.BAK
2008-10-28 16:06:44 ----A---- F:\WINNT\system32\PerfStringBackup.INI
2008-10-28 16:06:43 ----D---- F:\Program Files\Common Files\ODBC
2008-10-28 16:06:43 ----A---- F:\WINNT\ODBCINST.INI
2008-10-28 16:06:41 ----D---- F:\WINNT\Speech
2008-10-28 16:06:40 ----RD---- F:\Program Files
2008-10-28 16:06:40 ----D---- F:\Program Files\Common Files\Microsoft Shared
2008-10-28 16:06:40 ----D---- F:\Program Files\Common Files
2008-10-28 16:06:40 ----A---- F:\WINNT\delttsul.exe
2008-10-28 16:06:37 ----A---- F:\WINNT\system32\spxcoins.dll
2008-10-28 16:06:37 ----A---- F:\WINNT\system32\EqnClass.Dll
2008-10-28 16:06:37 ----A---- F:\WINNT\system32\dgsetup.dll
2008-10-28 16:06:37 ----A---- F:\WINNT\system32\dgrpsetu.dll
2008-10-28 16:06:37 ----A---- F:\WINNT\system32\batt.dll
2008-10-28 16:06:36 ----A---- F:\WINNT\TASKMAN.EXE
2008-10-28 16:06:36 ----A---- F:\WINNT\NOTEPAD.EXE
2008-10-28 16:06:35 ----A---- F:\WINNT\system32\storprop.dll
2008-10-28 16:06:24 ----D---- F:\WINNT\system32\CatRoot
2008-10-28 16:06:21 ----A---- F:\WINNT\setuplog.txt
2008-10-28 16:06:13 ----D---- F:\Documents and Settings
2008-10-28 16:03:39 ----SD---- F:\WINNT\Web
2008-10-28 16:03:39 ----RSHD---- F:\WINNT\system32\dllcache
2008-10-28 16:03:39 ----RSD---- F:\WINNT\Fonts
2008-10-28 16:03:39 ----HD---- F:\WINNT\inf
2008-10-28 16:03:39 ----D---- F:\WINNT\twain_32
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\wins
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\wbem
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\spool
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\ShellExt
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\Setup
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\ras
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\os2
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\npp
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\mui
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\ie_de
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\ias
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\export
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\drivers
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\dhcp
2008-10-28 16:03:39 ----D---- F:\WINNT\system32\config
2008-10-28 16:03:39 ----D---- F:\WINNT\system32
2008-10-28 16:03:39 ----D---- F:\WINNT\system
2008-10-28 16:03:39 ----D---- F:\WINNT\security
2008-10-28 16:03:39 ----D---- F:\WINNT\repair
2008-10-28 16:03:39 ----D---- F:\WINNT\msapps
2008-10-28 16:03:39 ----D---- F:\WINNT\msagent
2008-10-28 16:03:39 ----D---- F:\WINNT\Media
2008-10-28 16:03:39 ----D---- F:\WINNT\Help
2008-10-28 16:03:39 ----D---- F:\WINNT\Driver Cache
2008-10-28 16:03:39 ----D---- F:\WINNT\Debug
2008-10-28 16:03:39 ----D---- F:\WINNT\Cursors
2008-10-28 16:03:39 ----D---- F:\WINNT\Connection Wizard
2008-10-28 16:03:39 ----D---- F:\WINNT\Config
2008-10-28 16:03:39 ----D---- F:\WINNT\AppPatch
2008-10-28 16:03:39 ----D---- F:\WINNT\addins
2008-10-28 16:03:39 ----D---- F:\WINNT
2008-10-28 16:01:05 ----A---- F:\WINNT\vmmreg32.dll
2008-10-28 16:01:05 ----A---- F:\WINNT\system32\vga64k.dll
2008-10-28 16:01:05 ----A---- F:\WINNT\system32\vga256.dll
2008-10-28 16:01:04 ----A---- F:\WINNT\system32\vfpodbc.dll
2008-10-28 16:01:04 ----A---- F:\WINNT\system32\spiisupd.exe
2008-10-28 16:01:04 ----A---- F:\WINNT\system32\sp4iis.exe
2008-10-28 16:01:03 ----A---- F:\WINNT\system32\sdbapiu.dll
2008-10-28 16:01:02 ----A---- F:\WINNT\system32\pentnt.exe
2008-10-28 16:01:01 ----A---- F:\WINNT\system32\os2ss.exe
2008-10-28 16:01:01 ----A---- F:\WINNT\system32\os2srv.exe
2008-10-28 16:01:01 ----A---- F:\WINNT\system32\os2.exe
2008-10-28 16:01:01 ----A---- F:\WINNT\system32\odtext32.dll
2008-10-28 16:01:01 ----A---- F:\WINNT\system32\odpdx32.dll
2008-10-28 16:01:01 ----A---- F:\WINNT\system32\odfox32.dll
2008-10-28 16:01:01 ----A---- F:\WINNT\system32\odexl32.dll
2008-10-28 16:01:01 ----A---- F:\WINNT\system32\oddbse32.dll
2008-10-28 16:00:56 ----A---- F:\WINNT\system32\msxbde40.dll
2008-10-28 16:00:54 ----A---- F:\WINNT\system32\msvcrt20.dll
2008-10-28 16:00:54 ----A---- F:\WINNT\system32\mstext40.dll
2008-10-28 16:00:54 ----A---- F:\WINNT\system32\msrepl40.dll
2008-10-28 16:00:54 ----A---- F:\WINNT\system32\msrecr40.dll
2008-10-28 16:00:54 ----A---- F:\WINNT\system32\msrd2x40.dll
2008-10-28 16:00:54 ----A---- F:\WINNT\system32\msrclr40.dll
2008-10-28 16:00:54 ----A---- F:\WINNT\system32\msr2cenu.dll
2008-10-28 16:00:54 ----A---- F:\WINNT\system32\msr2c.dll
2008-10-28 16:00:54 ----A---- F:\WINNT\system32\mspbde40.dll
2008-10-28 16:00:54 ----A---- F:\WINNT\system32\msltus40.dll
2008-10-28 16:00:53 ----A---- F:\WINNT\system32\msexcl40.dll
2008-10-28 16:00:53 ----A---- F:\WINNT\system32\msexch40.dll
2008-10-28 16:00:53 ----A---- F:\WINNT\system32\lnkstub.exe
2008-10-28 16:00:52 ----A---- F:\WINNT\system32\migpwd.exe
2008-10-28 16:00:50 ----A---- F:\WINNT\system32\krnl386.exe
2008-10-28 16:00:50 ----A---- F:\WINNT\system32\ir50_qcx.dll
2008-10-28 16:00:50 ----A---- F:\WINNT\system32\ir50_qc.dll
2008-10-28 16:00:50 ----A---- F:\WINNT\system32\ir50_32.dll
2008-10-28 16:00:50 ----A---- F:\WINNT\system32\ir41_qcx.dll
2008-10-28 16:00:49 ----A---- F:\WINNT\system32\ir41_qc.dll
2008-10-28 16:00:49 ----A---- F:\WINNT\system32\hal.dll
2008-10-28 16:00:47 ----A---- F:\WINNT\system32\dbmsvinn.dLL
2008-10-28 16:00:47 ----A---- F:\WINNT\system32\ctl3d32.dll
2008-10-28 16:00:45 ----A---- F:\WINNT\system32\edit.com
2008-10-28 16:00:44 ----A---- F:\WINNT\system32\xenroll.dll
2008-10-28 16:00:44 ----A---- F:\WINNT\system32\xcopy.exe
2008-10-28 16:00:44 ----A---- F:\WINNT\system32\xactsrv.dll
2008-10-28 16:00:44 ----A---- F:\WINNT\system32\wzcsvc.dll
2008-10-28 16:00:44 ----A---- F:\WINNT\system32\wzcsetup.exe
2008-10-28 16:00:44 ----A---- F:\WINNT\system32\wzcsapi.dll
2008-10-28 16:00:43 ----A---- F:\WINNT\system32\wzcdlg.dll
2008-10-28 16:00:43 ----A---- F:\WINNT\system32\wupdmgr.exe
2008-10-28 16:00:43 ----A---- F:\WINNT\system32\wupdinfo.dll
2008-10-28 16:00:43 ----A---- F:\WINNT\system32\wtsapi32.dll
2008-10-28 16:00:43 ----A---- F:\WINNT\system32\wsock32.dll
2008-10-28 16:00:43 ----A---- F:\WINNT\system32\wsnmp32.dll
2008-10-28 16:00:42 ----A---- F:\WINNT\system32\wshtcpip.dll
2008-10-28 16:00:42 ----A---- F:\WINNT\system32\wshnetbs.dll
2008-10-28 16:00:42 ----A---- F:\WINNT\system32\wshisn.dll
2008-10-28 16:00:42 ----A---- F:\WINNT\system32\wshirda.dll
2008-10-28 16:00:42 ----A---- F:\WINNT\system32\wshatm.dll
2008-10-28 16:00:42 ----A---- F:\WINNT\system32\wsecedit.dll
2008-10-28 16:00:42 ----A---- F:\WINNT\system32\ws2help.dll
2008-10-28 16:00:42 ----A---- F:\WINNT\system32\ws2_32.dll
2008-10-28 16:00:41 ----A---- F:\WINNT\system32\wpnpinst.exe
2008-10-28 16:00:41 ----A---- F:\WINNT\system32\wowexec.exe
2008-10-28 16:00:41 ----A---- F:\WINNT\system32\wowdeb.exe
2008-10-28 16:00:41 ----A---- F:\WINNT\system32\wmimgmt.msc
2008-10-28 16:00:40 ----A---- F:\WINNT\winrep.exe
2008-10-28 16:00:40 ----A---- F:\WINNT\system32\wmicore.dll
2008-10-28 16:00:40 ----A---- F:\WINNT\system32\wmi.dll
2008-10-28 16:00:40 ----A---- F:\WINNT\system32\winver.exe
2008-10-28 16:00:40 ----A---- F:\WINNT\system32\winstrm.dll
2008-10-28 16:00:40 ----A---- F:\WINNT\system32\winsta.dll
2008-10-28 16:00:40 ----A---- F:\WINNT\system32\winspool.exe
2008-10-28 16:00:40 ----A---- F:\WINNT\system32\winsock.dll
2008-10-28 16:00:40 ----A---- F:\WINNT\system32\winsmon.dll
2008-10-28 16:00:40 ----A---- F:\WINNT\system32\winscard.dll
2008-10-28 16:00:40 ----A---- F:\WINNT\system32\winrnr.dll
2008-10-28 16:00:39 ----A---- F:\WINNT\system32\winnls.dll
2008-10-28 16:00:39 ----A---- F:\WINNT\system32\winmsd.exe
2008-10-28 16:00:39 ----A---- F:\WINNT\system32\winmm.dll
2008-10-28 16:00:38 ----A---- F:\WINNT\system32\winhlp32.exe
2008-10-28 16:00:37 ----A---- F:\WINNT\winhlp32.exe
2008-10-28 16:00:37 ----A---- F:\WINNT\winhelp.exe
2008-10-28 16:00:37 ----A---- F:\WINNT\system32\winfax.dll
2008-10-28 16:00:36 ----A---- F:\WINNT\system32\win87em.dll
2008-10-28 16:00:35 ----A---- F:\WINNT\win.ini
2008-10-28 16:00:35 ----A---- F:\WINNT\welcome.ini
2008-10-28 16:00:35 ----A---- F:\WINNT\welcome.exe
2008-10-28 16:00:35 ----A---- F:\WINNT\system32\win.com
2008-10-28 16:00:35 ----A---- F:\WINNT\system32\wifeman.dll
2008-10-28 16:00:35 ----A---- F:\WINNT\system32\wextract.exe
2008-10-28 16:00:34 ----A---- F:\WINNT\system32\webhits.dll
2008-10-28 16:00:27 ----A---- F:\WINNT\system32\wavemsp.dll
2008-10-28 16:00:25 ----A---- F:\WINNT\system32\w32topl.dll
2008-10-28 16:00:24 ----A---- F:\WINNT\system32\vwipxspx.exe
2008-10-28 16:00:24 ----A---- F:\WINNT\system32\vwipxspx.dll
2008-10-28 16:00:24 ----A---- F:\WINNT\system32\vjoy.dll
2008-10-28 16:00:22 ----A---- F:\WINNT\system32\vga.dll
2008-10-28 16:00:22 ----A---- F:\WINNT\system32\version.dll
2008-10-28 16:00:22 ----A---- F:\WINNT\system32\verifier.exe
2008-10-28 16:00:22 ----A---- F:\WINNT\system32\ver.dll
2008-10-28 16:00:22 ----A---- F:\WINNT\system32\vdmredir.dll
2008-10-28 16:00:22 ----A---- F:\WINNT\system32\vcdex.dll
2008-10-28 16:00:22 ----A---- F:\WINNT\system32\vbajet32.dll
2008-10-28 16:00:20 ----A---- F:\WINNT\system32\utilman.exe
2008-10-28 16:00:20 ----A---- F:\WINNT\system32\utildll.dll
2008-10-28 16:00:20 ----A---- F:\WINNT\system32\usp10.dll
2008-10-28 16:00:20 ----A---- F:\WINNT\system32\userinit.exe
2008-10-28 16:00:20 ----A---- F:\WINNT\system32\user.exe
2008-10-28 16:00:19 ----A---- F:\WINNT\upwizun.exe
2008-10-28 16:00:19 ----A---- F:\WINNT\system32\usbmon.dll
2008-10-28 16:00:19 ----A---- F:\WINNT\system32\ureg.dll
2008-10-28 16:00:19 ----A---- F:\WINNT\system32\ups.exe
2008-10-28 16:00:18 ----A---- F:\WINNT\system32\unlodctr.exe
2008-10-28 16:00:18 ----A---- F:\WINNT\system32\uniplat.dll
2008-10-28 16:00:18 ----A---- F:\WINNT\system32\unimdmat.dll
2008-10-28 16:00:18 ----A---- F:\WINNT\system32\umdmxfrm.dll
2008-10-28 16:00:17 ----A---- F:\WINNT\system32\umandlg.dll
2008-10-28 16:00:17 ----A---- F:\WINNT\system32\ulib.dll
2008-10-28 16:00:17 ----A---- F:\WINNT\system32\ufat.dll
2008-10-28 16:00:17 ----A---- F:\WINNT\system32\typelib.dll
2008-10-28 16:00:16 ----A---- F:\WINNT\twunk_32.exe
2008-10-28 16:00:16 ----A---- F:\WINNT\twunk_16.exe
2008-10-28 16:00:16 ----A---- F:\WINNT\twain_32.dll
2008-10-28 16:00:16 ----A---- F:\WINNT\twain.dll
2008-10-28 16:00:15 ----A---- F:\WINNT\system32\tsd32.dll
2008-10-28 16:00:15 ----A---- F:\WINNT\system32\trkwks.dll
2008-10-28 16:00:15 ----A---- F:\WINNT\system32\tree.com
2008-10-28 16:00:14 ----A---- F:\WINNT\system32\traffic.dll
2008-10-28 16:00:14 ----A---- F:\WINNT\system32\tracert.exe
2008-10-28 16:00:14 ----A---- F:\WINNT\system32\toolhelp.dll
2008-10-28 16:00:14 ----A---- F:\WINNT\system32\tlntsvrp.dll
2008-10-28 16:00:14 ----A---- F:\WINNT\system32\tlntsvr.exe
2008-10-28 16:00:14 ----A---- F:\WINNT\system32\tlntsess.exe
2008-10-28 16:00:14 ----A---- F:\WINNT\system32\tlntadmn.exe
2008-10-28 16:00:13 ----A---- F:\WINNT\system32\thumbvw.dll
2008-10-28 16:00:13 ----A---- F:\WINNT\system32\themes.exe
2008-10-28 16:00:13 ----A---- F:\WINNT\system32\tftp.exe
2008-10-28 16:00:12 ----A---- F:\WINNT\system32\termmgr.dll
2008-10-28 16:00:12 ----A---- F:\WINNT\system32\telnet.exe
2008-10-28 16:00:12 ----A---- F:\WINNT\system32\tcpsvcs.exe
2008-10-28 16:00:12 ----A---- F:\WINNT\system32\tcpmonui.dll
2008-10-28 16:00:12 ----A---- F:\WINNT\system32\tcpmon.ini
2008-10-28 16:00:12 ----A---- F:\WINNT\system32\tcpmon.dll
2008-10-28 16:00:12 ----A---- F:\WINNT\system32\tcpmib.dll
2008-10-28 16:00:11 ----A---- F:\WINNT\system32\tcmsetup.exe
2008-10-28 16:00:11 ----A---- F:\WINNT\system32\taskmgr.exe
2008-10-28 16:00:11 ----A---- F:\WINNT\system32\taskman.exe
2008-10-28 16:00:11 ----A---- F:\WINNT\system32\tapiui.dll
2008-10-28 16:00:11 ----A---- F:\WINNT\system32\tapiperf.dll
2008-10-28 16:00:11 ----A---- F:\WINNT\system32\tapi32.dll
2008-10-28 16:00:10 ----A---- F:\WINNT\system32\tapi3.dll
2008-10-28 16:00:10 ----A---- F:\WINNT\system32\tapi.dll
2008-10-28 16:00:10 ----A---- F:\WINNT\system32\t2embed.dll
2008-10-28 16:00:10 ----A---- F:\WINNT\system32\systray.exe
2008-10-28 16:00:10 ----A---- F:\WINNT\system.ini
2008-10-28 16:00:09 ----A---- F:\WINNT\system32\syssetup.dll
2008-10-28 16:00:09 ----A---- F:\WINNT\system32\sysocmgr.exe
2008-10-28 16:00:09 ----A---- F:\WINNT\system32\syskey.exe
2008-10-28 16:00:09 ----A---- F:\WINNT\system32\sysinv.dll
2008-10-28 16:00:09 ----A---- F:\WINNT\system32\sysedit.exe
2008-10-28 16:00:08 ----A---- F:\WINNT\system32\syncui.dll
2008-10-28 16:00:08 ----A---- F:\WINNT\system32\synceng.dll
2008-10-28 16:00:08 ----A---- F:\WINNT\system32\syncapp.exe
2008-10-28 16:00:08 ----A---- F:\WINNT\system32\svcpack.dll
2008-10-28 16:00:08 ----A---- F:\WINNT\system32\svchost.exe
2008-10-28 16:00:07 ----A---- F:\WINNT\system32\subst.exe
2008-10-28 16:00:07 ----A---- F:\WINNT\system32\strmdll.dll
2008-10-28 16:00:07 ----A---- F:\WINNT\system32\streamci.dll
2008-10-28 16:00:07 ----A---- F:\WINNT\system32\storage.dll
2008-10-28 16:00:07 ----A---- F:\WINNT\system32\stobject.dll
2008-10-28 16:00:07 ----A---- F:\WINNT\system32\stisvc.exe
2008-10-28 16:00:07 ----A---- F:\WINNT\system32\stimon.exe
2008-10-28 16:00:06 ----A---- F:\WINNT\system32\sti_ci.dll
2008-10-28 16:00:06 ----A---- F:\WINNT\system32\sti.dll
2008-10-28 16:00:05 ----A---- F:\WINNT\system32\sqlwoa.dll
2008-10-28 16:00:05 ----A---- F:\WINNT\system32\sqlwid.dll
2008-10-28 16:00:05 ----A---- F:\WINNT\system32\sqlstr.dll
2008-10-28 16:00:03 ----A---- F:\WINNT\system32\SQLSRV32.DLL
2008-10-28 16:00:03 ----A---- F:\WINNT\system32\sprestrt.exe
2008-10-28 16:00:02 ----A---- F:\WINNT\system32\sp2res.dll
2008-10-28 15:59:52 ----A---- F:\WINNT\system32\sort.exe
2008-10-28 15:59:52 ----A---- F:\WINNT\system32\softpub.dll
2008-10-28 15:59:52 ----A---- F:\WINNT\system32\snmpsnap.dll
2008-10-28 15:59:52 ----A---- F:\WINNT\system32\snmpapi.dll
2008-10-28 15:59:51 ----A---- F:\WINNT\system32\smss.exe
2008-10-28 15:59:51 ----A---- F:\WINNT\system32\smlogsvc.exe
2008-10-28 15:59:51 ----A---- F:\WINNT\system32\smlogcfg.dll
2008-10-28 15:59:51 ----A---- F:\WINNT\system32\slbrsrc.dll
2008-10-28 15:59:51 ----A---- F:\WINNT\system32\slbkygen.dll
2008-10-28 15:59:50 ----A---- F:\WINNT\system32\slbcsp.dll
2008-10-28 15:59:50 ----A---- F:\WINNT\system32\skeys.exe
2008-10-28 15:59:50 ----A---- F:\WINNT\system32\skdll.dll
2008-10-28 15:59:49 ----A---- F:\WINNT\system32\sisbkup.dll
2008-10-28 15:59:48 ----A---- F:\WINNT\system32\sigverif.exe
2008-10-28 15:59:48 ----A---- F:\WINNT\system32\sigtab.dll
2008-10-28 15:59:48 ----A---- F:\WINNT\system32\shscrap.dll
2008-10-28 15:59:48 ----A---- F:\WINNT\system32\shrpubw.exe
2008-10-28 15:59:48 ----A---- F:\WINNT\system32\shmgrate.exe
2008-10-28 15:59:48 ----A---- F:\WINNT\system32\shimgvw.dll
2008-10-28 15:59:48 ----A---- F:\WINNT\system32\shim.dll
2008-10-28 15:59:48 ----A---- F:\WINNT\system32\shell.dll
2008-10-28 15:59:47 ----A---- F:\WINNT\system32\share.exe
2008-10-28 15:59:47 ----A---- F:\WINNT\system32\sfmwshat.dll
2008-10-28 15:59:47 ----A---- F:\WINNT\system32\sfmmon.dll
2008-10-28 15:59:47 ----A---- F:\WINNT\system32\sfmatmsg.dll
2008-10-28 15:59:46 ----A---- F:\WINNT\system32\sfmapi.dll
2008-10-28 15:59:46 ----A---- F:\WINNT\system32\sfc.exe
2008-10-28 15:59:46 ----A---- F:\WINNT\system32\sfc.dll
2008-10-28 15:59:46 ----A---- F:\WINNT\system32\setver.exe
2008-10-28 15:59:46 ----A---- F:\WINNT\system32\setupdll.dll
2008-10-28 15:59:46 ----A---- F:\WINNT\system32\setupapi.dll

 

2008-10-28 15:59:46 ----A---- F:\WINNT\system32\setup.exe
2008-10-28 15:59:46 ----A---- F:\WINNT\system32\setreg.exe
2008-10-28 15:59:45 ----A---- F:\WINNT\system32\sethc.exe
2008-10-28 15:59:45 ----A---- F:\WINNT\system32\serwvdrv.dll
2008-10-28 15:59:45 ----A---- F:\WINNT\system32\services.msc
2008-10-28 15:59:45 ----A---- F:\WINNT\system32\servdeps.dll
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\serialui.dll
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\senscfg.dll
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\sensapi.dll
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\sens.dll
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\sendcmsg.dll
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\sefilshr.dll
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\security.dll
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\secur32.dll
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\secpol.msc
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\secedit.exe
2008-10-28 15:59:44 ----A---- F:\WINNT\system32\sdpblb.dll
2008-10-28 15:59:43 ----A---- F:\WINNT\system32\scripto.dll
2008-10-28 15:59:42 ----A---- F:\WINNT\system32\sclgntfy.dll
2008-10-28 15:59:41 ----A---- F:\WINNT\system32\scardsvr.exe
2008-10-28 15:59:41 ----A---- F:\WINNT\system32\scardssp.dll
2008-10-28 15:59:41 ----A---- F:\WINNT\system32\scarddlg.dll
2008-10-28 15:59:41 ----A---- F:\WINNT\system32\savedump.exe
2008-10-28 15:59:40 ----A---- F:\WINNT\system32\runonce.exe
2008-10-28 15:59:40 ----A---- F:\WINNT\system32\runas.exe
2008-10-28 15:59:40 ----A---- F:\WINNT\system32\rtutils.dll
2008-10-28 15:59:40 ----A---- F:\WINNT\system32\rtm.dll
2008-10-28 15:59:40 ----A---- F:\WINNT\system32\rtipxmib.dll
2008-10-28 15:59:40 ----A---- F:\WINNT\system32\rsvpsp.dll
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rsvpperf.dll
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rsvpmsg.dll
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rsvp.ini
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rsvp.exe
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rsnotify.exe
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rsm.exe
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rshx32.dll
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rsh.exe
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rsfsaps.dll
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rsaenh.dll
2008-10-28 15:59:39 ----A---- F:\WINNT\system32\rsabase.dll
2008-10-28 15:59:38 ----A---- F:\WINNT\system32\rpcns4.dll
2008-10-28 15:59:38 ----A---- F:\WINNT\system32\routetab.dll
2008-10-28 15:59:38 ----A---- F:\WINNT\system32\routemon.exe
2008-10-28 15:59:38 ----A---- F:\WINNT\system32\routeext.dll
2008-10-28 15:59:38 ----A---- F:\WINNT\system32\route.exe
2008-10-28 15:59:38 ----A---- F:\WINNT\system32\rnr20.dll
2008-10-28 15:59:38 ----A---- F:\WINNT\system32\riched32.dll
2008-10-28 15:59:38 ----A---- F:\WINNT\system32\rexec.exe
2008-10-28 15:59:38 ----A---- F:\WINNT\system32\resutils.dll
2008-10-28 15:59:37 ----A---- F:\WINNT\system32\replace.exe
2008-10-28 15:59:37 ----A---- F:\WINNT\system32\rend.dll
2008-10-28 15:59:37 ----A---- F:\WINNT\system32\regwizc.dll
2008-10-28 15:59:37 ----A---- F:\WINNT\system32\regwiz.exe
2008-10-28 15:59:37 ----A---- F:\WINNT\system32\regsvr32.exe
2008-10-28 15:59:37 ----A---- F:\WINNT\system32\regsvc.exe
2008-10-28 15:59:37 ----A---- F:\WINNT\system32\regedt32.exe
2008-10-28 15:59:37 ----A---- F:\WINNT\system32\regapi.dll
2008-10-28 15:59:37 ----A---- F:\WINNT\system32\redir.exe
2008-10-28 15:59:37 ----A---- F:\WINNT\regedit.exe
2008-10-28 15:59:36 ----A---- F:\WINNT\system32\recover.exe
2008-10-28 15:59:36 ----A---- F:\WINNT\system32\rcp.exe
2008-10-28 15:59:36 ----A---- F:\WINNT\system32\rcamsp.dll
2008-10-28 15:59:36 ----A---- F:\WINNT\system32\rastls.dll
2008-10-28 15:59:36 ----A---- F:\WINNT\system32\rastapi.dll
2008-10-28 15:59:36 ----A---- F:\WINNT\system32\rasser.dll
2008-10-28 15:59:36 ----A---- F:\WINNT\system32\RASSCRPT.DLL
2008-10-28 15:59:36 ----A---- F:\WINNT\system32\rassauth.dll
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rassapi.dll
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rasrad.dll
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rasppp.dll
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rasphone.exe
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rasmxs.dll
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rasmontr.dll
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rasgtwy.dll
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rasgprxy.dll
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rasdial.exe
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rasctrs.ini
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\rasctrs.dll
2008-10-28 15:59:35 ----A---- F:\WINNT\system32\raschap.dll
2008-10-28 15:59:34 ----A---- F:\WINNT\system32\rasautou.exe
2008-10-28 15:59:34 ----A---- F:\WINNT\system32\rasauto.dll
2008-10-28 15:59:34 ----A---- F:\WINNT\system32\rasauth.dll
2008-10-28 15:59:34 ----A---- F:\WINNT\system32\rasadmin.exe
2008-10-28 15:59:34 ----A---- F:\WINNT\system32\rapilib.dll
2008-10-28 15:59:33 ----A---- F:\WINNT\system32\query.dll
2008-10-28 15:59:33 ----A---- F:\WINNT\system32\qosname.dll
2008-10-28 15:59:32 ----A---- F:\WINNT\system32\qcut.dll
2008-10-28 15:59:32 ----A---- F:\WINNT\system32\pubprn.vbs
2008-10-28 15:59:32 ----A---- F:\WINNT\system32\psxss.exe
2008-10-28 15:59:32 ----A---- F:\WINNT\system32\psxdll.dll
2008-10-28 15:59:32 ----A---- F:\WINNT\system32\pstorec.dll
2008-10-28 15:59:32 ----A---- F:\WINNT\system32\dxmasf.dll
2008-10-28 15:59:31 ----A---- F:\WINNT\system32\psnppagn.dll
2008-10-28 15:59:31 ----A---- F:\WINNT\system32\pschdprf.ini
2008-10-28 15:59:31 ----A---- F:\WINNT\system32\pschdprf.dll
2008-10-28 15:59:31 ----A---- F:\WINNT\system32\psapi.dll
2008-10-28 15:59:31 ----A---- F:\WINNT\system32\proquota.exe
2008-10-28 15:59:31 ----A---- F:\WINNT\system32\progman.exe
2008-10-28 15:59:31 ----A---- F:\WINNT\system32\prodspec.ini
2008-10-28 15:59:30 ----A---- F:\WINNT\system32\printui.dll
2008-10-28 15:59:30 ----A---- F:\WINNT\system32\print.exe
2008-10-28 15:59:30 ----A---- F:\WINNT\system32\prflbmsg.dll
2008-10-28 15:59:30 ----A---- F:\WINNT\system32\powrprof.dll
2008-10-28 15:59:29 ----A---- F:\WINNT\system32\posix.exe
2008-10-28 15:59:29 ----A---- F:\WINNT\system32\pngfilt.dll
2008-10-28 15:59:29 ----A---- F:\WINNT\system32\pmspl.dll
2008-10-28 15:59:29 ----A---- F:\WINNT\system32\plustab.dll
2008-10-28 15:59:29 ----A---- F:\WINNT\system32\ping.exe
2008-10-28 15:59:29 ----A---- F:\WINNT\system32\pifmgr.dll
2008-10-28 15:59:29 ----A---- F:\WINNT\system32\pidgen.dll
2008-10-28 15:59:28 ----R---- F:\WINNT\system32\perfmon.msc
2008-10-28 15:59:28 ----A---- F:\WINNT\system32\perfwci.ini
2008-10-28 15:59:28 ----A---- F:\WINNT\system32\perfproc.dll
2008-10-28 15:59:28 ----A---- F:\WINNT\system32\perfos.dll
2008-10-28 15:59:28 ----A---- F:\WINNT\system32\perfnw.dll
2008-10-28 15:59:28 ----A---- F:\WINNT\system32\perfnet.dll
2008-10-28 15:59:28 ----A---- F:\WINNT\system32\perfmon.exe
2008-10-28 15:59:28 ----A---- F:\WINNT\system32\perffilt.ini
2008-10-28 15:59:28 ----A---- F:\WINNT\system32\perfdisk.dll
2008-10-28 15:59:28 ----A---- F:\WINNT\system32\perfctrs.dll
2008-10-28 15:59:28 ----A---- F:\WINNT\system32\perfci.ini
2008-10-28 15:59:27 ----A---- F:\WINNT\system32\pdh.dll
2008-10-28 15:59:26 ----A---- F:\WINNT\system32\pax.exe
2008-10-28 15:59:26 ----A---- F:\WINNT\system32\pautoenr.dll
2008-10-28 15:59:26 ----A---- F:\WINNT\system32\pathping.exe
2008-10-28 15:59:26 ----A---- F:\WINNT\system32\panmap.dll
2008-10-28 15:59:25 ----A---- F:\WINNT\system32\osk.exe
2008-10-28 15:59:25 ----A---- F:\WINNT\system32\opengl32.dll
2008-10-28 15:59:25 ----A---- F:\WINNT\system32\olethk32.dll
2008-10-28 15:59:25 ----A---- F:\WINNT\system32\olesvr32.dll
2008-10-28 15:59:25 ----A---- F:\WINNT\system32\olesvr.dll
2008-10-28 15:59:25 ----A---- F:\WINNT\system32\olepro32.dll
2008-10-28 15:59:24 ----A---- F:\WINNT\system32\oleprn.dll
2008-10-28 15:59:23 ----A---- F:\WINNT\system32\olecli.dll
2008-10-28 15:59:23 ----A---- F:\WINNT\system32\ole2nls.dll
2008-10-28 15:59:23 ----A---- F:\WINNT\system32\ole2disp.dll
2008-10-28 15:59:23 ----A---- F:\WINNT\system32\ole2.dll
2008-10-28 15:59:22 ----A---- F:\WINNT\system32\offfilt.dll
2008-10-28 15:59:22 ----A---- F:\WINNT\system32\odbctrac.dll
2008-10-28 15:59:22 ----A---- F:\WINNT\system32\odbcjt32.dll
2008-10-28 15:59:22 ----A---- F:\WINNT\system32\odbcji32.dll
2008-10-28 15:59:22 ----A---- F:\WINNT\system32\odbcint.dll
2008-10-28 15:59:22 ----A---- F:\WINNT\system32\odbccu32.dll
2008-10-28 15:59:22 ----A---- F:\WINNT\system32\odbccr32.dll
2008-10-28 15:59:21 ----A---- F:\WINNT\system32\ODBCCP32.DLL
2008-10-28 15:59:21 ----A---- F:\WINNT\system32\odbcconf.exe
2008-10-28 15:59:21 ----A---- F:\WINNT\system32\odbcconf.dll
2008-10-28 15:59:21 ----A---- F:\WINNT\system32\ODBCBCP.DLL
2008-10-28 15:59:21 ----A---- F:\WINNT\system32\odbcad32.exe
2008-10-28 15:59:21 ----A---- F:\WINNT\system32\odbc32gt.dll
2008-10-28 15:59:21 ----A---- F:\WINNT\system32\ODBC32.DLL
2008-10-28 15:59:21 ----A---- F:\WINNT\system32\odbc16gt.dll
2008-10-28 15:59:21 ----A---- F:\WINNT\system32\ocmanage.dll
2008-10-28 15:59:20 ----A---- F:\WINNT\system32\objsel.dll
2008-10-28 15:59:20 ----A---- F:\WINNT\system32\nwwks.dll
2008-10-28 15:59:20 ----A---- F:\WINNT\system32\nwscript.exe
2008-10-28 15:59:20 ----A---- F:\WINNT\system32\nwevent.dll
2008-10-28 15:59:20 ----A---- F:\WINNT\system32\nwcfg.dll
2008-10-28 15:59:20 ----A---- F:\WINNT\system32\nwapi16.dll
2008-10-28 15:59:20 ----A---- F:\WINNT\system32\nw16.exe
2008-10-28 15:59:20 ----A---- F:\WINNT\system32\ntvdmd.dll
2008-10-28 15:59:20 ----A---- F:\WINNT\system32\ntshrui.dll
2008-10-28 15:59:18 ----A---- F:\WINNT\system32\ntsdexts.dll
2008-10-28 15:59:18 ----A---- F:\WINNT\system32\ntsd.exe
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntprint.dll
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntmssvc.dll
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntmsoprq.msc
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntmsmgr.msc
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntmsmgr.dll
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntmsevt.dll
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntmsdba.dll
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntmsapi.dll
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntmarta.dll
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntlsapi.dll
2008-10-28 15:59:17 ----A---- F:\WINNT\system32\ntlanui2.dll
2008-10-28 15:59:15 ----A---- F:\WINNT\system32\ntlanui.dll
2008-10-28 15:59:14 ----A---- F:\WINNT\system32\ntdsxds.dll
2008-10-28 15:59:14 ----A---- F:\WINNT\system32\ntdsutil.exe
2008-10-28 15:59:14 ----A---- F:\WINNT\system32\ntdskcc.dll
2008-10-28 15:59:14 ----A---- F:\WINNT\system32\ntdsetup.dll
2008-10-28 15:59:14 ----A---- F:\WINNT\system32\ntdsbsrv.dll
2008-10-28 15:59:14 ----A---- F:\WINNT\system32\ntdsbcli.dll
2008-10-28 15:59:14 ----A---- F:\WINNT\system32\ntdsatq.dll
2008-10-28 15:59:14 ----A---- F:\WINNT\system32\ntdsapi.dll
2008-10-28 15:59:11 ----A---- F:\WINNT\system32\ntbackup.exe
2008-10-28 15:59:10 ----A---- F:\WINNT\system32\nslookup.exe
2008-10-28 15:59:10 ----A---- F:\WINNT\system32\npptools.dll
2008-10-28 15:59:10 ----A---- F:\WINNT\system32\notepad.exe
2008-10-28 15:59:09 ----A---- F:\WINNT\system32\nlsfunc.exe
2008-10-28 15:59:09 ----A---- F:\WINNT\system32\nlhtml.dll
2008-10-28 15:59:08 ----A---- F:\WINNT\system32\netui2.dll
2008-10-28 15:59:08 ----A---- F:\WINNT\system32\netui1.dll
2008-10-28 15:59:08 ----A---- F:\WINNT\system32\netui0.dll
2008-10-28 15:59:08 ----A---- F:\WINNT\system32\netstat.exe
2008-10-28 15:59:08 ----A---- F:\WINNT\system32\netshell.dll
2008-10-28 15:59:08 ----A---- F:\WINNT\system32\netsh.exe
2008-10-28 15:59:07 ----A---- F:\WINNT\system32\netrap.dll
2008-10-28 15:59:07 ----A---- F:\WINNT\system32\netplwiz.dll
2008-10-28 15:59:07 ----A---- F:\WINNT\system32\netmsg.dll
2008-10-28 15:59:06 ----A---- F:\WINNT\system32\netid.dll
2008-10-28 15:59:06 ----A---- F:\WINNT\system32\neth.dll
2008-10-28 15:59:06 ----A---- F:\WINNT\system32\netevent.dll
2008-10-28 15:59:06 ----A---- F:\WINNT\system32\netdtect.dll
2008-10-28 15:59:06 ----A---- F:\WINNT\system32\netdet.dll
2008-10-28 15:59:06 ----A---- F:\WINNT\system32\NETDDE.EXE
2008-10-28 15:59:04 ----A---- F:\WINNT\system32\netapi.dll
2008-10-28 15:59:04 ----A---- F:\WINNT\system32\net1.exe
2008-10-28 15:59:04 ----A---- F:\WINNT\system32\net.exe
2008-10-28 15:59:04 ----A---- F:\WINNT\system32\nddeapir.exe
2008-10-28 15:59:04 ----A---- F:\WINNT\system32\nddeapi.dll
2008-10-28 15:59:04 ----A---- F:\WINNT\system32\nbtstat.exe
2008-10-28 15:59:04 ----A---- F:\WINNT\system32\narrhook.dll
2008-10-28 15:59:03 ----A---- F:\WINNT\system32\narrator.exe
2008-10-28 15:59:03 ----A---- F:\WINNT\system32\mydocs.dll
2008-10-28 15:59:03 ----A---- F:\WINNT\system32\mycomput.dll
2008-10-28 15:59:03 ----A---- F:\WINNT\system32\msxmlr.dll
2008-10-28 15:59:03 ----A---- F:\WINNT\system32\msxml.dll
2008-10-28 15:59:01 ----A---- F:\WINNT\system32\mswdat10.dll
2008-10-28 15:59:01 ----A---- F:\WINNT\system32\msw3prt.dll
2008-10-28 15:59:01 ----A---- F:\WINNT\system32\msvideo.dll
2008-10-28 15:59:01 ----A---- F:\WINNT\system32\msvidc32.dll
2008-10-28 15:59:01 ----A---- F:\WINNT\system32\msvfw32.dll
2008-10-28 15:59:01 ----A---- F:\WINNT\system32\msvcrt40.dll
2008-10-28 15:59:00 ----A---- F:\WINNT\system32\msvcrt.dll
2008-10-28 15:59:00 ----A---- F:\WINNT\system32\msvcp50.dll
2008-10-28 15:59:00 ----A---- F:\WINNT\system32\msvcirt.dll
2008-10-28 15:59:00 ----A---- F:\WINNT\system32\msvbvm60.dll
2008-10-28 15:59:00 ----A---- F:\WINNT\system32\msvbvm50.dll
2008-10-28 15:58:58 ----A---- F:\WINNT\system32\msswchx.exe
2008-10-28 15:58:58 ----A---- F:\WINNT\system32\msswch.dll
2008-10-28 15:58:58 ----A---- F:\WINNT\system32\mssip32.dll
2008-10-28 15:58:58 ----A---- F:\WINNT\system32\mssign32.dll
2008-10-28 15:58:57 ----A---- F:\WINNT\system32\msrle32.dll
2008-10-28 15:58:57 ----A---- F:\WINNT\system32\msrd3x40.dll
2008-10-28 15:58:57 ----A---- F:\WINNT\system32\msprivs.dll
2008-10-28 15:58:57 ----A---- F:\WINNT\system32\msports.dll
2008-10-28 15:58:57 ----A---- F:\WINNT\system32\mspatcha.dll
2008-10-28 15:58:57 ----A---- F:\WINNT\system32\msorcl32.dll
2008-10-28 15:58:55 ----A---- F:\WINNT\system32\msobjs.dll
2008-10-28 15:58:55 ----A---- F:\WINNT\system32\msnsspc.dll
2008-10-28 15:58:55 ----A---- F:\WINNT\system32\msls31.dll
2008-10-28 15:58:55 ----A---- F:\WINNT\system32\msjtes40.dll
2008-10-28 15:58:55 ----A---- F:\WINNT\system32\msjter40.dll
2008-10-28 15:58:55 ----A---- F:\WINNT\system32\msjint40.dll
2008-10-28 15:58:54 ----A---- F:\WINNT\system32\msjetoledb40.dll
2008-10-28 15:58:54 ----A---- F:\WINNT\system32\msjet40.dll
2008-10-28 15:58:54 ----A---- F:\WINNT\system32\msiregmv.exe
2008-10-28 15:58:52 ----A---- F:\WINNT\system32\msimg32.dll
2008-10-28 15:58:52 ----A---- F:\WINNT\system32\msidpe.dll
2008-10-28 15:58:52 ----A---- F:\WINNT\system32\msidlpm.dll
2008-10-28 15:58:52 ----A---- F:\WINNT\system32\msidle.dll
2008-10-28 15:58:50 ----A---- F:\WINNT\system32\msfaxmon.dll
2008-10-28 15:58:50 ----A---- F:\WINNT\system32\msdxmlc.dll
2008-10-28 15:58:49 ----A---- F:\WINNT\system32\msdart32.dll
2008-10-28 15:58:49 ----A---- F:\WINNT\msdfmap.ini
2008-10-28 15:58:48 ----A---- F:\WINNT\system32\mscpxl32.dLL
2008-10-28 15:58:48 ----A---- F:\WINNT\system32\mscms.dll
2008-10-28 15:58:48 ----A---- F:\WINNT\system32\msclus.dll
2008-10-28 15:58:48 ----A---- F:\WINNT\system32\mscdexnt.exe
2008-10-28 15:58:48 ----A---- F:\WINNT\system32\mscat32.dll
2008-10-28 15:58:48 ----A---- F:\WINNT\system32\msaudite.dll
2008-10-28 15:58:47 ----A---- F:\WINNT\system32\msapsspc.dll
2008-10-28 15:58:47 ----A---- F:\WINNT\system32\msacm32.dll
2008-10-28 15:58:47 ----A---- F:\WINNT\system32\msacm.dll
2008-10-28 15:58:46 ----A---- F:\WINNT\system32\mrinfo.exe
2008-10-28 15:58:44 ----A---- F:\WINNT\system32\mprui.dll
2008-10-28 15:58:44 ----A---- F:\WINNT\system32\mprmsg.dll
2008-10-28 15:58:44 ----A---- F:\WINNT\system32\mprdim.dll
2008-10-28 15:58:44 ----A---- F:\WINNT\system32\mprddm.dll
2008-10-28 15:58:43 ----A---- F:\WINNT\system32\mprapi.dll
2008-10-28 15:58:43 ----A---- F:\WINNT\system32\mpnotify.exe
2008-10-28 15:58:43 ----A---- F:\WINNT\system32\mountvol.exe
2008-10-28 15:58:43 ----A---- F:\WINNT\system32\moricons.dll
2008-10-28 15:58:43 ----A---- F:\WINNT\system32\more.com
2008-10-28 15:58:42 ----A---- F:\WINNT\system32\modex.dll
2008-10-28 15:58:42 ----A---- F:\WINNT\system32\modemui.dll
2008-10-28 15:58:42 ----A---- F:\WINNT\system32\mode.com
2008-10-28 15:58:42 ----A---- F:\WINNT\system32\mobsync.exe
2008-10-28 15:58:42 ----A---- F:\WINNT\system32\mobsync.dll
2008-10-28 15:58:41 ----A---- F:\WINNT\system32\mmutilse.dll
2008-10-28 15:58:41 ----A---- F:\WINNT\system32\mmsystem.dll
2008-10-28 15:58:41 ----A---- F:\WINNT\system32\mmfutil.dll
2008-10-28 15:58:41 ----A---- F:\WINNT\system32\mmdrv.dll
2008-10-28 15:58:41 ----A---- F:\WINNT\system32\mmdet.dll
2008-10-28 15:58:41 ----A---- F:\WINNT\system32\mmcshext.dll
2008-10-28 15:58:40 ----A---- F:\WINNT\system32\mmcndmgr.dll
2008-10-28 15:58:40 ----A---- F:\WINNT\system32\mmc.exe
2008-10-28 15:58:40 ----A---- F:\WINNT\system32\mll_qic.dll
2008-10-28 15:58:40 ----A---- F:\WINNT\system32\mll_mtf.dll
2008-10-28 15:58:40 ----A---- F:\WINNT\system32\mll_hp.dll
2008-10-28 15:58:40 ----A---- F:\WINNT\system32\mimefilt.dll
2008-10-28 15:58:40 ----A---- F:\WINNT\system32\midimap.dll
2008-10-28 15:58:40 ----A---- F:\WINNT\system32\mgmtapi.dll
2008-10-28 15:58:38 ----A---- F:\WINNT\system32\mfcsubs.dll
2008-10-28 15:58:37 ----A---- F:\WINNT\system32\mfc42.dll
2008-10-28 15:58:37 ----A---- F:\WINNT\system32\mfc40.dll
2008-10-28 15:58:36 ----A---- F:\WINNT\system32\mem.exe
2008-10-28 15:58:34 ----A---- F:\WINNT\system32\mdminst.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mdhcp.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mciwave.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mciseq.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mciole32.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mciole16.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mcicda.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mciavi32.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mcdsrv32.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mcd32.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mcastmib.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mbslgn32.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mapistub.dll
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\makecab.exe
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\magnify.exe
2008-10-28 15:58:32 ----A---- F:\WINNT\system32\mag_hook.dll
2008-10-28 15:58:31 ----A---- F:\WINNT\system32\lzexpand.dll
2008-10-28 15:58:30 ----A---- F:\WINNT\system32\lz32.dll
2008-10-28 15:58:30 ----A---- F:\WINNT\system32\lusrmgr.msc
2008-10-28 15:58:30 ----A---- F:\WINNT\system32\lprmonui.dll
2008-10-28 15:58:30 ----A---- F:\WINNT\system32\lprhelp.dll
2008-10-28 15:58:30 ----A---- F:\WINNT\system32\lpr.exe
2008-10-28 15:58:30 ----A---- F:\WINNT\system32\lpq.exe
2008-10-28 15:58:30 ----A---- F:\WINNT\system32\lpk.dll
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\login.cmd
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\loghours.dll
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\logdrive.dll
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\lodctr.exe
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\locator.exe
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\localui.dll
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\localsec.dll
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\localmon.dll
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\loadperf.dll
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\loadfix.com
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\lmrt.dll
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\lmhsvc.dll
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\lights.exe
2008-10-28 15:58:29 ----A---- F:\WINNT\system32\licmgr10.dll
2008-10-28 15:58:27 ----A---- F:\WINNT\system32\label.exe
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdycl.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdusx.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdusr.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdusl.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdus.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbduk.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdsw.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdsp.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdsl1.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdsl.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdsg.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdsf.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdro.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdpo.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdpl1.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdpl.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdno.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdne.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdmac.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdla.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdit142.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdit.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdir.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdic.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdhu1.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdhu.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdgr1.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdgr.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdgae.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdfr.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdfo.dll
2008-10-28 15:58:26 ----A---- F:\WINNT\system32\kbdfi.dll
2008-10-28 15:58:25 ----A---- F:\WINNT\system32\kbdfc.dll
2008-10-28 15:58:25 ----A---- F:\WINNT\system32\kbdes.dll
2008-10-28 15:58:25 ----A---- F:\WINNT\system32\kbddv.dll
2008-10-28 15:58:25 ----A---- F:\WINNT\system32\kbdda.dll
2008-10-28 15:58:25 ----A---- F:\WINNT\system32\kbdcz2.dll
2008-10-28 15:58:25 ----A---- F:\WINNT\system32\kbdcz1.dll
2008-10-28 15:58:25 ----A---- F:\WINNT\system32\kbdcz.dll
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\kbdcr.dll
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\kbdcan.dll
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\kbdca.dll
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\kbdbr.dll
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\kbdbene.dll
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\kbdbe.dll
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\KBDAL.DLL
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\kb16.com
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\jobexec.dll
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\jet500.dll
2008-10-28 15:58:24 ----A---- F:\WINNT\system32\ixsso.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\iuengine.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\iuctl.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\itss.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\itircl.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\irmon.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\irftp.exe
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\irclass.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\ir32_32.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\ipxwan.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\ipxsap.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\ipxrtmgr.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\ipxroute.exe
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\ipxrip.dll
2008-10-28 15:58:23 ----A---- F:\WINNT\system32\ipxpromn.dll
2008-10-28 15:58:22 ----A---- F:\WINNT\system32\ipxmontr.dll
2008-10-28 15:58:22 ----A---- F:\WINNT\system32\ipsecsnp.dll
2008-10-28 15:58:22 ----A---- F:\WINNT\system32\iprtrmgr.dll
2008-10-28 15:58:22 ----A---- F:\WINNT\system32\iprtprio.dll
2008-10-28 15:58:22 ----A---- F:\WINNT\system32\iprop.dll
2008-10-28 15:58:22 ----A---- F:\WINNT\system32\ippromon.dll
2008-10-28 15:58:20 ----A---- F:\WINNT\system32\ipnathlp.dll
2008-10-28 15:58:20 ----A---- F:\WINNT\system32\ipmontr.dll
2008-10-28 15:58:20 ----A---- F:\WINNT\system32\ipconfig.exe
2008-10-28 15:58:20 ----A---- F:\WINNT\system32\iologmsg.dll
2008-10-28 15:58:20 ----A---- F:\WINNT\system32\internat.exe
2008-10-28 15:58:19 ----A---- F:\WINNT\system32\initpki.dll
2008-10-28 15:58:17 ----A---- F:\WINNT\system32\infosoft.dll
2008-10-28 15:58:17 ----A---- F:\WINNT\system32\inetpp.dll
2008-10-28 15:58:17 ----A---- F:\WINNT\system32\inetmib1.dll
2008-10-28 15:58:17 ----A---- F:\WINNT\system32\indicdll.dll
2008-10-28 15:58:16 ----A---- F:\WINNT\system32\imm32.dll
2008-10-28 15:58:16 ----A---- F:\WINNT\system32\imeshare.dll
2008-10-28 15:58:16 ----A---- F:\WINNT\system32\imagehlp.dll
2008-10-28 15:58:16 ----A---- F:\WINNT\system32\iissuba.dll
2008-10-28 15:58:10 ----A---- F:\WINNT\system32\igmpagnt.dll
2008-10-28 15:58:10 ----A---- F:\WINNT\system32\ifsutil.dll
2008-10-28 15:58:10 ----A---- F:\WINNT\system32\ifmon.dll
2008-10-28 15:58:09 ----A---- F:\WINNT\system32\iexpress.exe
2008-10-28 15:58:09 ----A---- F:\WINNT\system32\ieshwiz.exe
2008-10-28 15:58:09 ----A---- F:\WINNT\system32\iernonce.dll
2008-10-28 15:58:09 ----A---- F:\WINNT\system32\ieakui.dll
2008-10-28 15:58:09 ----A---- F:\WINNT\system32\ieaksie.dll
2008-10-28 15:58:09 ----A---- F:\WINNT\system32\ieakeng.dll
2008-10-28 15:58:09 ----A---- F:\WINNT\system32\idq.dll
2008-10-28 15:58:09 ----A---- F:\WINNT\system32\icmui.dll
2008-10-28 15:58:09 ----A---- F:\WINNT\system32\icmp.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\icm32.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iccvid.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iasuserr.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iassvcs.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iassdo.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iassam.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iasrecst.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iasrad.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iaspolcy.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iaspipe.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iasperf.ini
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iasperf.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iasnap.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iashlpr.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iasads.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\iasacct.dll
2008-10-28 15:58:08 ----A---- F:\WINNT\system32\ias.msc
2008-10-28 15:58:06 ----A---- F:\WINNT\system32\htui.dll
2008-10-28 15:58:06 ----A---- F:\WINNT\system32\hpmon.dll
2008-10-28 15:58:06 ----A---- F:\WINNT\system32\hotplug.dll
2008-10-28 15:58:06 ----A---- F:\WINNT\system32\hostname.exe
2008-10-28 15:58:06 ----A---- F:\WINNT\system32\hlink.dll
2008-10-28 15:58:05 ----A---- F:\WINNT\system32\hhsetup.dll
2008-10-28 15:58:05 ----A---- F:\WINNT\hh.exe
2008-10-28 15:58:03 ----A---- F:\WINNT\system32\help.exe
2008-10-28 15:58:03 ----A---- F:\WINNT\system32\h323msp.dll
2008-10-28 15:58:03 ----A---- F:\WINNT\system32\graphics.com
2008-10-28 15:58:03 ----A---- F:\WINNT\system32\graftabl.com
2008-10-28 15:58:03 ----A---- F:\WINNT\system32\gptext.dll
2008-10-28 15:58:03 ----A---- F:\WINNT\system32\gpkrsrc.dll
2008-10-28 15:58:03 ----A---- F:\WINNT\system32\gpkcsp.dll
2008-10-28 15:58:03 ----A---- F:\WINNT\system32\gpedit.msc
2008-10-28 15:58:03 ----A---- F:\WINNT\system32\gpedit.dll
2008-10-28 15:57:59 ----A---- F:\WINNT\system32\glu32.dll
2008-10-28 15:57:59 ----A---- F:\WINNT\system32\glmf32.dll
2008-10-28 15:57:58 ----A---- F:\WINNT\system32\gdi.exe
2008-10-28 15:57:58 ----A---- F:\WINNT\system32\ftsrch.dll
2008-10-28 15:57:58 ----A---- F:\WINNT\system32\ftp.exe
2008-10-28 15:57:58 ----A---- F:\WINNT\system32\fsmgmt.msc
2008-10-28 15:57:58 ----A---- F:\WINNT\system32\framebuf.dll
2008-10-28 15:57:57 ----A---- F:\WINNT\system32\format.com
2008-10-28 15:57:57 ----A---- F:\WINNT\system32\forcedos.exe
2008-10-28 15:57:57 ----A---- F:\WINNT\system32\fontsub.dll
2008-10-28 15:57:57 ----A---- F:\WINNT\system32\fontext.dll
2008-10-28 15:57:57 ----A---- F:\WINNT\system32\fmifs.dll
2008-10-28 15:57:57 ----A---- F:\WINNT\system32\fixmapi.exe
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\finger.exe
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\findstr.exe
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\find.exe
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\filemgmt.dll
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\feclient.dll
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\fdeploy.dll
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\fde.dll
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\fc.exe
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\faxxp32.dll
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\faxtiff.dll
2008-10-28 15:57:56 ----A---- F:\WINNT\system32\faxt30.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxsvc.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxshell.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxserv.msc
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxsend.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxroute.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxqueue.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxperf.ini
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxperf.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxocm.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxmapi.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxext32.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxevent.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxcover.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxcom.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\faxadmin.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\fastopen.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\extrac32.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\expsrv.dll
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\expand.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\exe2bin.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\eventvwr.msc
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\eventvwr.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\eula.txt
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\eudcedit.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\esentutl.exe
2008-10-28 15:57:55 ----A---- F:\WINNT\system32\esentprf.ini
2008-10-28 15:57:54 ----A---- F:\WINNT\system32\esentprf.dll
2008-10-28 15:57:52 ----A---- F:\WINNT\system32\esent.dll
2008-10-28 15:57:51 ----A---- F:\WINNT\system32\els.dll
2008-10-28 15:57:51 ----A---- F:\WINNT\system32\efsadu.dll
2008-10-28 15:57:51 ----A---- F:\WINNT\system32\edlin.exe
2008-10-28 15:57:51 ----A---- F:\WINNT\system32\dxtmsft3.dll
2008-10-28 15:57:51 ----A---- F:\WINNT\system32\dxmrtp.dll
2008-10-28 15:57:50 ----A---- F:\WINNT\system32\dtcsetup.exe
2008-10-28 15:57:50 ----A---- F:\WINNT\system32\dsuiext.dll
2008-10-28 15:57:50 ----A---- F:\WINNT\system32\dssenh.dll
2008-10-28 15:57:50 ----A---- F:\WINNT\system32\dssec.dll
2008-10-28 15:57:50 ----A---- F:\WINNT\system32\dssbase.dll
2008-10-28 15:57:50 ----A---- F:\WINNT\system32\dsquery.dll
2008-10-28 15:57:50 ----A---- F:\WINNT\system32\dskquoui.dll
2008-10-28 15:57:49 ----A---- F:\WINNT\system32\dskquota.dll
2008-10-28 15:57:49 ----A---- F:\WINNT\system32\dsfolder.dll
2008-10-28 15:57:49 ----A---- F:\WINNT\system32\dsctl.dll
2008-10-28 15:57:49 ----A---- F:\WINNT\system32\dsauth.dll
2008-10-28 15:57:49 ----A---- F:\WINNT\system32\ds32gt.dll
2008-10-28 15:57:49 ----A---- F:\WINNT\system32\ds16gt.dLL
2008-10-28 15:57:49 ----A---- F:\WINNT\system32\drwtsn32.exe
2008-10-28 15:57:49 ----A---- F:\WINNT\system32\drwatson.exe
2008-10-28 15:57:01 ----A---- F:\WINNT\system32\dpwsock.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dpserial.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dplay.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dosx.exe
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\doskey.exe
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\docprop2.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\docprop.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dmutil.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dmserver.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dmremote.exe
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dmocx.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dmintf.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dmdskres.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dmdskmgr.dll
2008-10-28 15:57:00 ----A---- F:\WINNT\system32\dmdlgs.dll
2008-10-28 15:56:59 ----A---- F:\WINNT\system32\dmconfig.dll
2008-10-28 15:56:59 ----A---- F:\WINNT\system32\dmadmin.exe
2008-10-28 15:56:59 ----A---- F:\WINNT\system32\dllhst3g.exe
2008-10-28 15:56:59 ----A---- F:\WINNT\system32\dllhost.exe
2008-10-28 15:56:59 ----A---- F:\WINNT\system32\dlcapi.dll
2008-10-28 15:56:59 ----A---- F:\WINNT\system32\diskperf.exe
2008-10-28 15:56:59 ----A---- F:\WINNT\system32\diskmgmt.msc
2008-10-28 15:56:59 ----A---- F:\WINNT\system32\diskcopy.dll
2008-10-28 15:56:59 ----A---- F:\WINNT\system32\diskcopy.com
2008-10-28 15:56:59 ----A---- F:\WINNT\system32\diskcomp.com
2008-10-28 15:56:59 ----A---- F:\WINNT\discover.exe
2008-10-28 15:56:58 ----A---- F:\WINNT\system32\diantz.exe
2008-10-28 15:56:58 ----A---- F:\WINNT\system32\dhcpsapi.dll
2008-10-28 15:56:58 ----A---- F:\WINNT\system32\dhcpmon.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\dfsshlex.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\dfrgui.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\dfrgsnap.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\dfrgres.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\dfrgntfs.exe
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\dfrgfat.exe
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\dfrg.msc
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\devmgr.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\devmgmt.msc
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\deskperf.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\deskmon.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\deskadp.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\debug.exe
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\ddrawex.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\ddmprxy.exe
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\ddeshare.exe
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\ddeml.dll
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\dcomcnfg.exe
2008-10-28 15:56:57 ----A---- F:\WINNT\system32\dciman32.dll
2008-10-28 15:56:56 ----A---- F:\WINNT\system32\dbnmpntw.dll
2008-10-28 15:56:56 ----A---- F:\WINNT\system32\dbmsspxn.dll
2008-10-28 15:56:56 ----A---- F:\WINNT\system32\dbmssocn.dll
2008-10-28 15:56:56 ----A---- F:\WINNT\system32\dbmsrpcn.dll
2008-10-28 15:56:56 ----A---- F:\WINNT\system32\dbmsadsn.dll
2008-10-28 15:56:56 ----A---- F:\WINNT\system32\dbghelp.dll
2008-10-28 15:56:56 ----A---- F:\WINNT\system32\datime.dll
2008-10-28 15:56:56 ----A---- F:\WINNT\system32\dataclen.dll
2008-10-28 15:56:55 ----RA---- F:\WINNT\system32\ctl3dv2.dll
2008-10-28 15:56:55 ----A---- F:\WINNT\system32\danim.dll
2008-10-28 15:56:55 ----A---- F:\WINNT\system32\d3dref.dll
2008-10-28 15:56:55 ----A---- F:\WINNT\system32\csrss.exe
2008-10-28 15:56:55 ----A---- F:\WINNT\system32\cscui.dll
2008-10-28 15:56:55 ----A---- F:\WINNT\system32\cscdll.dll
2008-10-28 15:56:54 ----A---- F:\WINNT\system32\CRYPTNET.DLL
2008-10-28 15:56:54 ----A---- F:\WINNT\system32\cryptext.dll
2008-10-28 15:56:54 ----A---- F:\WINNT\system32\cryptdll.dll
2008-10-28 15:56:54 ----A---- F:\WINNT\system32\cryptdlg.dll
2008-10-28 15:56:54 ----A---- F:\WINNT\system32\crtdll.dll
2008-10-28 15:56:52 ----A---- F:\WINNT\system32\corpol.dll
2008-10-28 15:56:52 ----A---- F:\WINNT\system32\convert.exe
2008-10-28 15:56:52 ----A---- F:\WINNT\system32\control.exe
2008-10-28 15:56:52 ----A---- F:\WINNT\system32\console.dll
2008-10-28 15:56:52 ----A---- F:\WINNT\system32\conime.exe
2008-10-28 15:56:52 ----A---- F:\WINNT\system32\confmsp.dll
2008-10-28 15:56:51 ----A---- F:\WINNT\system32\compstui.dll
2008-10-28 15:56:51 ----A---- F:\WINNT\system32\compobj.dll
2008-10-28 15:56:51 ----A---- F:\WINNT\system32\compmgmt.msc
2008-10-28 15:56:51 ----A---- F:\WINNT\system32\compact.exe
2008-10-28 15:56:51 ----A---- F:\WINNT\system32\comp.exe
2008-10-28 15:56:51 ----A---- F:\WINNT\system32\commdlg.dll
2008-10-28 15:56:51 ----A---- F:\WINNT\system32\command.com
2008-10-28 15:56:51 ----A---- F:\WINNT\system32\comdlg32.dll
2008-10-28 15:56:50 ----A---- F:\WINNT\system32\comcat.dll
2008-10-28 15:56:50 ----A---- F:\WINNT\system32\cnvfat.dll
2008-10-28 15:56:50 ----A---- F:\WINNT\system32\cnetcfg.dll
2008-10-28 15:56:50 ----A---- F:\WINNT\system32\cmutil.dll
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cmstp.exe
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cmprops.dll
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cmpbk32.dll
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cmnquery.dll
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cmmon32.exe
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cmmgr32.exe
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cmdl32.exe
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cmdial32.dll
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cmcfg32.dll
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cluster.exe
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\clusapi.dll
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\clipsrv.exe
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cliconfg.exe
2008-10-28 15:56:49 ----A---- F:\WINNT\system32\cliconfg.dll
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\cleanmgr.exe
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\clb.dll
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\ckcnv.exe
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\cisvc.exe
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\cipher.exe
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\ciodm.dll
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\cidaemon.exe
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\cic.dll
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\ciadv.msc
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\ciadmin.dll
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\chkntfs.exe
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\chcp.com
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\cfgmgr32.dll
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\certmgr.msc
2008-10-28 15:56:48 ----A---- F:\WINNT\system32\certmgr.dll
2008-10-28 15:56:47 ----A---- F:\WINNT\system32\certcli.dll
2008-10-28 15:56:46 ----A---- F:\WINNT\system32\cdosys.dll
2008-10-28 15:56:46 ----A---- F:\WINNT\system32\cdonts.dll
2008-10-28 15:56:46 ----A---- F:\WINNT\system32\cdm.dll
2008-10-28 15:56:46 ----A---- F:\WINNT\system32\ccfgnt.dll
2008-10-28 15:56:45 ----A---- F:\WINNT\system32\cards.dll
2008-10-28 15:56:45 ----A---- F:\WINNT\system32\capesnpn.dll
2008-10-28 15:56:45 ----A---- F:\WINNT\system32\cacls.exe
2008-10-28 15:56:45 ----A---- F:\WINNT\system32\cabview.dll
2008-10-28 15:56:42 ----A---- F:\WINNT\system32\br549.dll
2008-10-28 15:56:42 ----A---- F:\WINNT\system32\bootvrfy.exe
2008-10-28 15:56:42 ----A---- F:\WINNT\system32\bootvid.dll
2008-10-28 15:56:42 ----A---- F:\WINNT\system32\bootok.exe
2008-10-28 15:56:42 ----A---- F:\WINNT\system32\batmeter.dll
2008-10-28 15:56:42 ----A---- F:\WINNT\system32\avifile.dll
2008-10-28 15:56:41 ----A---- F:\WINNT\system32\avifil32.dll
2008-10-28 15:56:41 ----A---- F:\WINNT\system32\avicap32.dll
2008-10-28 15:56:41 ----A---- F:\WINNT\system32\avicap.dll
2008-10-28 15:56:41 ----A---- F:\WINNT\system32\autolfn.exe
2008-10-28 15:56:40 ----A---- F:\WINNT\system32\autofmt.exe
2008-10-28 15:56:39 ----A---- F:\WINNT\system32\autoconv.exe
2008-10-28 15:56:39 ----A---- F:\WINNT\system32\attrib.exe
2008-10-28 15:56:39 ----A---- F:\WINNT\system32\atmlib.dll
2008-10-28 15:56:39 ----A---- F:\WINNT\system32\atmfd.dll
2008-10-28 15:56:39 ----A---- F:\WINNT\system32\atmadm.exe
2008-10-28 15:56:39 ----A---- F:\WINNT\system32\atl.dll
2008-10-28 15:56:39 ----A---- F:\WINNT\system32\atkctrs.dll
2008-10-28 15:56:39 ----A---- F:\WINNT\system32\at.exe
2008-10-28 15:56:39 ----A---- F:\WINNT\system32\asycfilt.dll
2008-10-28 15:56:38 ----A---- F:\WINNT\system32\asfsipc.dll
2008-10-28 15:56:38 ----A---- F:\WINNT\system32\arp.exe
2008-10-28 15:56:38 ----A---- F:\WINNT\system32\appmgr.dll
2008-10-28 15:56:38 ----A---- F:\WINNT\system32\appmgmts.dll
2008-10-28 15:56:38 ----A---- F:\WINNT\system32\append.exe
2008-10-28 15:56:38 ----A---- F:\WINNT\system32\apcups.dll
2008-10-28 15:56:38 ----A---- F:\WINNT\system32\alrsvc.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\adsnw.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\adsnt.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\adsnds.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\adptif.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\admparse.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\actmovie.exe
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\activeds.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\acsmib.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\acsetupc.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\aclui.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\acledit.dll
2008-10-28 15:56:35 ----A---- F:\WINNT\system32\aaaamon.dll
2008-09-29 07:43:28 ----A---- F:\WINNT\system32\ElbyVCD.dll

======List of files/folders modified in the last 3 months======


======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_2K;Cdr4_2K; F:\WINNT\system32\drivers\Cdr4_2K.sys [2008-11-02 58000]
R1 Cdralw2k;Cdralw2k; F:\WINNT\system32\drivers\Cdralw2k.sys [2008-11-02 23420]
R1 ElbyCDIO;ElbyCDIO Driver; F:\WINNT\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 IKSysFlt;System Filter Driver; F:\WINNT\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; F:\WINNT\system32\drivers\iksyssec.sys [2008-08-25 81288]
R3 ltmodem5;LT Modem Driver; F:\WINNT\system32\DRIVERS\ltmdmnt.sys [1999-10-23 413712]
R3 MODEMCSA;Unimodem Streaming Filter Device; F:\WINNT\system32\drivers\MODEMCSA.sys [1999-09-25 16144]
R3 ndiscm;Motorola SurfBoard USB Cable Modem Windows 2000 Driver; F:\WINNT\system32\DRIVERS\NetMotCM.sys [2002-05-13 15399]
R3 nv;nv; F:\WINNT\system32\DRIVERS\nv4_mini.sys [2006-11-17 3994688]
R3 uhcd;Microsoft USB Universal Host Controller Driver; F:\WINNT\system32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; F:\WINNT\system32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 VClone;VClone; F:\WINNT\system32\DRIVERS\VClone.sys [2008-09-24 29184]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); F:\WINNT\system32\drivers\viaudios.sys [2004-06-18 152192]
S3 catchme;catchme; \??\F:\DOCUME~1\YTY~1.RTR\LOCALS~1\Temp\catchme.sys []
S3 USBSTOR;USB Mass Storage Driver; F:\WINNT\system32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S4 IntelIde;IntelIde; F:\WINNT\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NVSvc;NVIDIA Display Driver Service; F:\WINNT\system32\nvsvc32.exe [2006-11-17 159811]
R2 sdAuxService;PC Tools Auxiliary Service; F:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; F:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 WmdmPmSN;Portable Media Serial Number Service; F:\WINNT\System32\svchost.exe [1999-12-07 7952]
S4 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2008-11-05 152984]

-----------------EOF-----------------

 

Right now i have couple svchost.exe processes and this slows down my comp much, i deleted one of this files from system32\dllcache and nothing, my spyware tools cant load new database , maybe because of the spywares

 

Hi

That file is needed, if it is still in your recycle bin, please restore it.

I'm not seeing any malware jumping out at me.

When was the last time you ran a Defrag and Chkdsk?

 

Hi Geri

Im affraid the file is not there anymore, i read somewhere that this file outside the system32 dir is a virus, last time i defrag was long time ago, what about svchost.exe process? It uses most of my CPU. Should i run ComboFix again?

 

Hi

OK please go to C:\Windows\System32
Find the file svchost.exe right click on it and click copy, then go to system32\dllcache right click on a empty space and click paste.

i read somewhere that this file outside the system32 dir is a virus,
That would be true, but the dllcache is a storage folder for some of your system files.

What does it say under "User Name "

OK please do a Defrag and chkdsk. Here is how.

# 1

Disk Cleanup

Click Start, Double click My Computer,
Right-click the disk in which you want to free up space,(F: Drive)
click Properties,
click the General tab, and then click Disk Cleanup.
After it calculates click OK.
Then Click Yes.

# 2

Defragment – (Run in Safe Mode – Recommended) or Turn off virus protection and screen savers (if you have one running)

To turn off virus protection, right click on your virus protection icon down by the clock, click exit or close. click yes if asked if you want to close it.

1. Click Start, Double click My Computer.
2. Right-click the local disk volume that you want to defragment, (F: Drive) and then click Properties.
3. On the Tools tab, click Defragment Now.
4. Click Defragment.

# 3

CheckDisk

1.Double-click My Computer, and then right-click the local disk that you want to check. (F Drive)

2.Click Properties, and then click Tools.

3.Under Error-checking, click Check Now.

4.Under Check disk options, select the Scan for and attempt recovery of bad sectors check both boxes.

5.Click Start.

A window will open saying that it can not do chkdisk, will ask if you want to run it the next time you restart your computer.
Select "Yes "

Click on "Start" click on Turn off computer, Click Restart.

This will take a while, let me know if it helps your speed any.

Thanks
Geri

 

Hi Geri

I did everything, seemed to had quite mess before defrag , seems to be better now but svchost still bothers me and so other processes which use more than usual memory, how to check user name for svchost.exe, i have win2k.

Anyway thank You for everything, you were more than helpful

 

Hi
Open task manager and click on the process tab.

Let me know what processes are using memory.

 

Ok here it is:

csrss.exe
services.exe
Isass.exe
svchost.exe
spoolsv.exe
svchost.exe
Explorer.EXE - thats how its written, weird?
and sometimes wuauclt.exe appears
my web browsers use a lot of memory but its normal i think
and my CPU is always 100% used, it didnt happen before

Peace

 

Hi
OK lets see if we can get a scan using Panda.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thanks
Geri

 

Oh here's the report:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-19 13:34:52
PROTECTIONS: 0
MALWARE: 17
SUSPECTS: 12
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@tradedoubler[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@yadro[1].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\trs@gostats[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@statcounter[2].txt
00167759 Cookie/Sextracker TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@counter9.sextracker[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\trs@apmebf[1].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@sextracker[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@zedo[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@adultfriendfinder[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No F:\Documents and Settings\yty.RTR-85CC5C77527\Cookies\yty@ads.addynamix[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No F:\WINNT\PSEXESVC.EXE
02916589 Application/PassRock HackTools No 0 Yes No J:\Downloads\NT5wSP4_CTFORUM.zip[WPP_v2.1_CTFORU.zip][keyfinder.exe]
03738861 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\Pulpit\WP_Classic Windows Keygen.exe
03738861 Generic Trojan Virus/Trojan No 0 Yes No J:\Downloads\NT5wSP4_CTFORUM.zip[WPP_v2.1_CTFORU.zip][WP_Classic Windows Keygen.exe]
03834494 Generic Trojan Virus/Trojan No 0 Yes No I:\System Volume Information\_restore{AF1DA83D-3CE1-4B61-B6EE-C13B3B460E73}\RP25\A0010747.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location c; s5
;===================================================================================================================================================================================
No D:\sd4start.exe c; s5
No D:\KasperskySuperLicenses.com.rar[KaspetskySuperLicenses\Kaspersky License Keys 4 All Products (Validity Upto 2007 & 2010)\Kaspersky_without_keys.exe]
No E:\Spyware.Doctor.4.0.0.2621_CRKEXE-FFF.zip[Spyware.Doctor.4.0.0.2621_CRKEXE-FFF/swdoctor.exe] c; s5
No F:\Documents and Settings\yty.RTR-85CC5C77527\Desktop\ComboFix.exe c; s5
No F:\Documents and Settings\yty.RTR-85CC5C77527\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] c; s5
No F:\Documents and Settings\yty.RTR-85CC5C77527\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] c; s5
No F:\Documents and Settings\yty.RTR-85CC5C77527\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] c; s5
No F:\F\GoDSetup188PP362.exe c; s5
No G:\Mov\_Kodeki\DivXPro505GAINBundle.exe c; s5
No G:\Potrzebne\Inne\SmSMan\ssman.exe[G:\Potrzebne\Inne\SmSMan\ssman.exe][SSman.exe] c; s5
No G:\Potrzebne\Unpack\overnet0.52.exe[ed2kie.dll] c; s5
No G:\Potrzebne\Unpack\overnet0.52.exe[httpprotocol.dll] c; s5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description c; s5
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 c; s5
184379 MEDIUM MS08-001 c; s5
182043 HIGH MS07-064 c; s5
176383 HIGH MS07-058 c; s5
173908 HIGH MS07-051 c; s5
170907 HIGH MS07-046 c; s5
170904 HIGH MS07-043 c; s5
164915 HIGH MS07-035 c; s5
164911 HIGH MS07-031 c; s5
157262 HIGH MS07-022 c; s5
157261 HIGH MS07-021 c; s5
157260 HIGH MS07-020 c; s5
156477 HIGH MS07-017 c; s5
150249 HIGH MS07-013 c; s5
150248 HIGH MS07-012 c; s5
150247 HIGH MS07-011 c; s5
150243 HIGH MS07-008 c; s5
141034 HIGH MS06-076 c; s5
137571 HIGH MS06-070 c; s5
133385 MEDIUM MS06-063 c; s5
133379 HIGH MS06-057 c; s5
129977 MEDIUM MS06-053 c; s5
126093 HIGH MS06-051 c; s5
126092 MEDIUM MS06-050 c; s5
126091 MEDIUM MS06-049 c; s5
126087 HIGH MS06-046 c; s5
126086 MEDIUM MS06-045 c; s5
126085 HIGH MS06-044 c; s5
126082 HIGH MS06-041 c; s5
126081 HIGH MS06-040 c; s5
123421 HIGH MS06-036 c; s5
123420 HIGH MS06-035 c; s5
120825 MEDIUM MS06-032 c; s5
120824 MEDIUM MS06-031 c; s5
120823 MEDIUM MS06-030 c; s5
120818 HIGH MS06-025 c; s5
117384 MEDIUM MS06-018 c; s5
114666 HIGH MS06-015 c; s5
108742 MEDIUM MS06-006 c; s5
104567 HIGH MS06-002 c; s5
104237 HIGH MS06-001 c; s5
101056 MEDIUM MS05-055 c; s5
96574 HIGH MS05-053 c; s5
93395 HIGH MS05-051 c; s5
93394 HIGH MS05-050 c; s5
93454 MEDIUM MS05-049 c; s5
;===================================================================================================================================================================================