Thread: system32.exe, Grey Loud, and other problems
View Single Post
Old 02-23-2007, 06:20 AM   #6 (permalink)
neonknightmare
Registered User
 
Join Date: Feb 2007
Posts: 16
OS: xp


OK, here is the results of the scans. As you might imagine, many things were not there after reinstalling Windows.
Question: Is nbdos.exe the nasty virus I must watch out for in the future?

virus total scan:

AntiVir 7.3.1.38 02.23.2007 TR/Agent.1332736
Authentium 4.93.8 02.23.2007 no virus found
Avast 4.7.936.0 02.23.2007 no virus found
AVG 386 02.23.2007 no virus found
BitDefender 7.2 02.23.2007 DeepScan:Generic.Malware.G!SKI!!FLMWX!Bprng.76C44EDE
CAT-QuickHeal 9.00 02.22.2007 no virus found
ClamAV devel-20060426 02.22.2007 no virus found
DrWeb 4.33 02.23.2007 no virus found
eSafe 7.0.14.0 02.23.2007 no virus found
eTrust-Vet 30.4.3424 02.23.2007 no virus found
Ewido 4.0 02.22.2007 no virus found
FileAdvisor 1 02.23.2007 no virus found
Fortinet 2.85.0.0 02.23.2007 suspicious
F-Prot 4.3.1.45 02.22.2007 no virus found
F-Secure 6.70.13030.0 02.23.2007 no virus found
Ikarus T3.1.0.31 02.23.2007 Backdoor.VB.EV
Kaspersky 4.0.2.24 02.23.2007 no virus found
McAfee 4969 02.22.2007 no virus found
Microsoft 1.2204 02.23.2007 no virus found
NOD32v2 2076 02.22.2007 no virus found
Norman 5.80.02 02.23.2007 no virus found
Panda 9.0.0.4 02.23.2007 no virus found
Prevx1 V2 02.23.2007 no virus found
Sophos 4.14.0 02.21.2007 no virus found
Sunbelt 2.2.907.0 02.22.2007 VIPRE.Suspicious
Symantec 10 02.23.2007 no virus found
TheHacker 6.1.6.063 02.23.2007 no virus found
UNA 1.83 02.22.2007 no virus found
VBA32 3.11.2 02.22.2007 no virus found
VirusBuster 4.3.19:9 02.22.2007 no virus found
--------------------------------------------------------------------

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.9

Scan started at 6:16:31 AM 2/23/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...
--------------------------------------------------------------------

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\ourroom\Desktop
[2/23/2007]
[6:28:49 AM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Fssg
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users\Application Data\Kodak
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Move Networks
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\All Users.windows\Application Data\Adobe
C:\Documents and Settings\All Users.windows\Application Data\Adobe Systems
C:\Documents and Settings\All Users.windows\Application Data\Macromedia
C:\Documents and Settings\All Users.windows\Application Data\Microsoft
C:\Documents and Settings\All Users.windows\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Corel
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User.windows\Application Data\Microsoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Adobe
C:\Documents and Settings\Dennetts Hardware\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Ahead
C:\Documents and Settings\Dennetts Hardware\Application Data\Apple Computer
C:\Documents and Settings\Dennetts Hardware\Application Data\Azureus
C:\Documents and Settings\Dennetts Hardware\Application Data\Bittorrent
C:\Documents and Settings\Dennetts Hardware\Application Data\Corel
C:\Documents and Settings\Dennetts Hardware\Application Data\Creative
C:\Documents and Settings\Dennetts Hardware\Application Data\F?nts
C:\Documents and Settings\Dennetts Hardware\Application Data\Glarysoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Google
C:\Documents and Settings\Dennetts Hardware\Application Data\Help
C:\Documents and Settings\Dennetts Hardware\Application Data\Hewlett-packard
C:\Documents and Settings\Dennetts Hardware\Application Data\Identities
C:\Documents and Settings\Dennetts Hardware\Application Data\Intertrust
C:\Documents and Settings\Dennetts Hardware\Application Data\Jasc Software Inc
C:\Documents and Settings\Dennetts Hardware\Application Data\Lavasoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Macromedia
C:\Documents and Settings\Dennetts Hardware\Application Data\Microsoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla
C:\Documents and Settings\Dennetts Hardware\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Real
C:\Documents and Settings\Dennetts Hardware\Application Data\Reallusion
C:\Documents and Settings\Dennetts Hardware\Application Data\Seven Zip
C:\Documents and Settings\Dennetts Hardware\Application Data\Smart Recorder
C:\Documents and Settings\Dennetts Hardware\Application Data\Smartftp
C:\Documents and Settings\Dennetts Hardware\Application Data\Sonic
C:\Documents and Settings\Dennetts Hardware\Application Data\Sun
C:\Documents and Settings\Dennetts Hardware\Application Data\Systweak
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mantec
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mbols
C:\Documents and Settings\Dennetts Hardware\Application Data\Ulead Systems
C:\Documents and Settings\Dennetts Hardware\Application Data\Uniblue
C:\Documents and Settings\Dennetts Hardware\Application Data\Utorrent
C:\Documents and Settings\Dennetts Hardware\Application Data\Vso -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\W?nsxs
C:\Documents and Settings\Dennetts Hardware\Application Data\?dobe
C:\Documents and Settings\Dennetts Hardware\Application Data\?pppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\??ppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft
C:\Documents and Settings\Dennetts Hardware\Application Data\??sks
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem32
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft
C:\Documents and Settings\Dennetts Hardware\Application Data\?asks
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Localservice\Application Data\Netmon
C:\Documents and Settings\Localservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Ourroom\Application Data\Adobe
C:\Documents and Settings\Ourroom\Application Data\Identities
C:\Documents and Settings\Ourroom\Application Data\Limewire
C:\Documents and Settings\Ourroom\Application Data\Macromedia
C:\Documents and Settings\Ourroom\Application Data\Microsoft
C:\Documents and Settings\Ourroom\Application Data\Mozilla
C:\Documents and Settings\Ourroom\Application Data\Smartftp
C:\Documents and Settings\Ourroom\Application Data\Winrar -- EMPTY Directory
NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\ourroom\Desktop
[2/23/2007]
[6:28:49 AM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Fssg
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users\Application Data\Kodak
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Move Networks
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\All Users.windows\Application Data\Adobe
C:\Documents and Settings\All Users.windows\Application Data\Adobe Systems
C:\Documents and Settings\All Users.windows\Application Data\Macromedia
C:\Documents and Settings\All Users.windows\Application Data\Microsoft
C:\Documents and Settings\All Users.windows\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Corel
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User.windows\Application Data\Microsoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Adobe
C:\Documents and Settings\Dennetts Hardware\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Ahead
C:\Documents and Settings\Dennetts Hardware\Application Data\Apple Computer
C:\Documents and Settings\Dennetts Hardware\Application Data\Azureus
C:\Documents and Settings\Dennetts Hardware\Application Data\Bittorrent
C:\Documents and Settings\Dennetts Hardware\Application Data\Corel
C:\Documents and Settings\Dennetts Hardware\Application Data\Creative
C:\Documents and Settings\Dennetts Hardware\Application Data\F?nts
C:\Documents and Settings\Dennetts Hardware\Application Data\Glarysoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Google
C:\Documents and Settings\Dennetts Hardware\Application Data\Help
C:\Documents and Settings\Dennetts Hardware\Application Data\Hewlett-packard
C:\Documents and Settings\Dennetts Hardware\Application Data\Identities
C:\Documents and Settings\Dennetts Hardware\Application Data\Intertrust
C:\Documents and Settings\Dennetts Hardware\Application Data\Jasc Software Inc
C:\Documents and Settings\Dennetts Hardware\Application Data\Lavasoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Macromedia
C:\Documents and Settings\Dennetts Hardware\Application Data\Microsoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla
C:\Documents and Settings\Dennetts Hardware\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Real
C:\Documents and Settings\Dennetts Hardware\Application Data\Reallusion
C:\Documents and Settings\Dennetts Hardware\Application Data\Seven Zip
C:\Documents and Settings\Dennetts Hardware\Application Data\Smart Recorder
C:\Documents and Settings\Dennetts Hardware\Application Data\Smartftp
C:\Documents and Settings\Dennetts Hardware\Application Data\Sonic
C:\Documents and Settings\Dennetts Hardware\Application Data\Sun
C:\Documents and Settings\Dennetts Hardware\Application Data\Systweak
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mantec
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mbols
C:\Documents and Settings\Dennetts Hardware\Application Data\Ulead Systems
C:\Documents and Settings\Dennetts Hardware\Application Data\Uniblue
C:\Documents and Settings\Dennetts Hardware\Application Data\Utorrent
C:\Documents and Settings\Dennetts Hardware\Application Data\Vso -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\W?nsxs
C:\Documents and Settings\Dennetts Hardware\Application Data\?dobe
C:\Documents and Settings\Dennetts Hardware\Application Data\?pppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\??ppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft
C:\Documents and Settings\Dennetts Hardware\Application Data\??sks
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem32
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft
C:\Documents and Settings\Dennetts Hardware\Application Data\?asks
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Localservice\Application Data\Netmon
C:\Documents and Settings\Localservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Ourroom\Application Data\Adobe
C:\Documents and Settings\Ourroom\Application Data\Identities
C:\Documents and Settings\Ourroom\Application Data\Limewire
C:\Documents and Settings\Ourroom\Application Data\Macromedia
C:\Documents and Settings\Ourroom\Application Data\Microsoft
C:\Documents and Settings\Ourroom\Application Data\Mozilla
C:\Documents and Settings\Ourroom\Application Data\Smartftp
C:\Documents and Settings\Ourroom\Application Data\Winrar -- EMPTY Directory
-------------------------------------------------------------------------

ComboScan v20070221.16 run by ourroom on 2007-02-23 at 07:04:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as ourroom.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:04:12 AM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\ourroom\Desktop\comboscan.exe
C:\Documents and Settings\ourroom\Desktop\hijackthis\ourroom.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://microsoft.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing)


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.3.0) - C:\WINDOWS\system32\drivers\AegisP.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3R hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\usbaudio.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbstor (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
3R WUSB54GPV4SRV (Linksys Home Wireless-G USB Adaptor Driver) - C:\WINDOWS\system32\drivers\rt2500usb.sys
3R GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - C:\WINDOWS\system32\GTNDIS5.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
4S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{076B68ED-8FBA-44CF-A42D-89CE76D0729A}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3S TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
3S WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
2R WUSB54Gv42SVC - "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe"
2S WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Files created between 2007-01-23 and 2007-02-23 ------------------------------

2007-02-23 06:45:22 0 d-------- C:\bintheredunthat<BINTHE~1>
2007-02-23 06:39:34 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-23 06:28:49 106 --a------ C:\delete.bat
2007-02-23 06:16:31 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-23 06:14:52 0 d-------- C:\SDFix
2007-02-23 06:10:05 0 d-------- C:\bfu
2007-02-22 21:13:53 0 d-------- C:\Documents and Settings\ourroom\Shared
2007-02-22 21:13:51 0 d-------- C:\Documents and Settings\ourroom\Incomplete<INCOMP~1>
2007-02-22 21:13:35 0 d-------- C:\Documents and Settings\ourroom\Application Data\LimeWire
2007-02-22 20:49:11 0 d-------- C:\Documents and Settings\ourroom\Application Data\SmartFTP
2007-02-22 20:10:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems<ADOBES~1>
2007-02-22 20:09:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2007-02-22 20:04:41 0 d-------- C:\Documents and Settings\ourroom\Application Data\Adobe
2007-02-22 19:45:11 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-02-22 19:25:55 0 d-------- C:\Documents and Settings\ourroom\Application Data\WinRAR
2007-02-22 19:23:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-22 19:10:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-22 19:04:04 0 d-------- C:\WINDOWS\Prefetch
2007-02-22 18:58:07 9216 -----n--- C:\WINDOWS\system32\proxycfg.exe
2007-02-22 18:58:07 59392 -----n--- C:\WINDOWS\system32\logman.exe
2007-02-22 18:58:02 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-02-22 18:58:02 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-02-22 18:58:02 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-02-22 18:58:02 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-02-22 18:58:02 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-02-22 18:58:02 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-02-22 18:58:02 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-02-22 18:58:02 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-02-22 18:58:02 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-02-22 18:58:02 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-02-22 18:58:02 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-22 18:58:02 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-02-22 18:58:02 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-02-22 18:58:02 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-02-22 18:58:02 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-02-22 18:58:02 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-02-22 18:58:02 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-02-22 18:58:02 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-02-22 18:58:02 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-02-22 18:58:02 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-02-22 18:58:02 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-02-22 18:58:02 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-02-22 18:58:02 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys
2007-02-22 18:58:02 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys
2007-02-22 18:58:02 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-02-22 18:58:02 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys
2007-02-22 18:58:02 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-02-22 18:58:02 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-02-22 18:58:02 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-02-22 18:58:02 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-02-22 18:58:02 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-02-22 18:58:02 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-02-22 18:58:02 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-02-22 18:58:01 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-02-22 18:58:01 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-02-22 18:58:01 15488 -----n--- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-02-22 18:58:01 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-02-22 18:58:01 29056 -----n--- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-02-22 18:58:01 36096 -----n--- C:\WINDOWS\system32\drivers\intelppm.sys
2007-02-22 18:58:01 263040 -----n--- C:\WINDOWS\system32\drivers\http.sys
2007-02-22 18:58:01 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-02-22 18:58:01 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-02-22 18:58:01 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-02-22 18:58:01 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys
2007-02-22 18:58:01 25600 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys
2007-02-22 18:58:01 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-02-22 18:58:01 124800 -----n--- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-22 18:58:01 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-02-22 18:58:01 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys
2007-02-22 18:58:01 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys
2007-02-22 18:58:01 274304 -----n--- C:\WINDOWS\system32\drivers\bthport.sys
2007-02-22 18:58:01 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys
2007-02-22 18:58:01 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-02-22 18:58:01 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys
2007-02-22 18:58:01 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-02-22 18:58:01 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-02-22 18:58:01 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-02-22 18:58:01 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-02-22 18:58:01 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-02-22 18:58:00 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-02-22 18:58:00 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-02-22 18:58:00 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys
2007-02-22 18:58:00 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys
2007-02-22 18:58:00 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-02-22 18:58:00 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys
2007-02-22 18:58:00 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys
2007-02-22 18:58:00 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-02-22 18:58:00 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys
2007-02-22 18:58:00 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll
2007-02-22 18:58:00 10240 -----n--- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-02-22 18:58:00 11136 -----n--- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-02-22 18:58:00 67584 -----n--- C:\WINDOWS\system32\drivers\sdbus.sys
2007-02-22 18:58:00 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-02-22 18:58:00 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-02-22 18:58:00 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-02-22 18:58:00 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys
2007-02-22 18:58:00 1897408 -----n--- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-02-22 18:58:00 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-02-22 18:58:00 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-02-22 18:58:00 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-02-22 18:57:59 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-02-22 18:57:59 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-02-22 18:57:59 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-02-22 18:57:59 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-02-22 18:57:59 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-02-22 18:57:59 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-02-22 18:57:59 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys
2007-02-22 18:57:59 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys
2007-02-22 18:57:59 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-02-22 18:57:59 13824 -----n--- C:\WINDOWS\system32\cmsetacl.dll
2007-02-22 18:57:59 50688 -----n--- C:\WINDOWS\system32\btpanui.dll
2007-02-22 18:57:59 30208 -----n--- C:\WINDOWS\system32\bthserv.dll
2007-02-22 18:57:59 20992 -----n--- C:\WINDOWS\system32\bthci.dll
2007-02-22 18:57:59 71680 -----n--- C:\WINDOWS\system32\blastcln.exe
2007-02-22 18:57:59 7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll
2007-02-22 18:57:59 8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll
2007-02-22 18:57:59 14336 -----n--- C:\WINDOWS\system32\auditusr.exe
2007-02-22 18:57:59 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll
2007-02-22 18:57:59 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll
2007-02-22 18:57:59 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll
2007-02-22 18:57:59 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll
2007-02-22 18:57:59 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll
2007-02-22 18:57:59 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll
2007-02-22 18:57:59 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll
2007-02-22 18:57:58 81920 -----n--- C:\WINDOWS\system32\ieencode.dll
2007-02-22 18:57:58 24576 -----n--- C:\WINDOWS\system32\httpapi.dll
2007-02-22 18:57:58 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll
2007-02-22 18:57:58 60416 -----n--- C:\WINDOWS\system32\fwcfg.dll
2007-02-22 18:57:58 193024 -----n--- C:\WINDOWS\system32\fsquirt.exe
2007-02-22 18:57:58 22528 -----n--- C:\WINDOWS\system32\fltmc.exe
2007-02-22 18:57:58 16896 -----n--- C:\WINDOWS\system32\fltlib.dll
2007-02-22 18:57:58 2113536 -----n--- C:\WINDOWS\system32\dxdiagn.dll
2007-02-22 18:57:58 1689088 -----n--- C:\WINDOWS\system32\d3d9.dll
2007-02-22 18:57:57 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll
2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdukx.dll
2007-02-22 18:57:57 7680 -----n--- C:\WINDOWS\system32\kbdsmsno.dll
2007-02-22 18:57:57 7680 -----n--- C:\WINDOWS\system32\kbdsmsfi.dll
2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdno1.dll
2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdmlt48.dll
2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdmlt47.dll
2007-02-22 18:57:57 5632 -----n--- C:\WINDOWS\system32\kbdmaori.dll
2007-02-22 18:57:57 6656 -----n--- C:\WINDOWS\system32\kbdinmal.dll
2007-02-22 18:57:57 6656 -----n--- C:\WINDOWS\system32\kbdinben.dll
2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdinbe1.dll
2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdfi1.dll
2007-02-22 18:57:56 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll
2007-02-22 18:57:56 27136 -----n--- C:\WINDOWS\system32\mspmsnsv.dll
2007-02-22 18:57:56 118784 -----n--- C:\WINDOWS\system32\msdadiag.dll
2007-02-22 18:57:56 4096 -----n--- C:\WINDOWS\system32\MP4SDMOD.dll
2007-02-22 18:57:56 4096 -----n--- C:\WINDOWS\system32\MP43DMOD.dll
2007-02-22 18:57:55 49152 -----n--- C:\WINDOWS\system32\powercfg.exe
2007-02-22 18:57:55 48640 -----n--- C:\WINDOWS\system32\pnrpnsp.dll
2007-02-22 18:57:55 526848 -----n--- C:\WINDOWS\system32\p2psvc.dll
2007-02-22 18:57:55 88064 -----n--- C:\WINDOWS\system32\p2pnetsh.dll
2007-02-22 18:57:55 312320 -----n--- C:\WINDOWS\system32\p2pgraph.dll
2007-02-22 18:57:55 86016 -----n--- C:\WINDOWS\system32\p2pgasvc.dll
2007-02-22 18:57:55 116224 -----n--- C:\WINDOWS\system32\p2p.dll
2007-02-22 18:57:55 4274816 -----n--- C:\WINDOWS\system32\nv4_disp.dll
2007-02-22 18:57:54 15872 -----n--- C:\WINDOWS\system32\w3ssl.dll
2007-02-22 18:57:54 44032 -----n--- C:\WINDOWS\system32\twext.dll
2007-02-22 18:57:54 75776 -----n--- C:\WINDOWS\system32\strmfilt.dll
2007-02-22 18:57:54 8192 -----n--- C:\WINDOWS\system32\smbinst.exe
2007-02-22 18:57:54 73796 -----n--- C:\WINDOWS\system32\slserv.exe
2007-02-22 18:57:54 32866 -----n--- C:\WINDOWS\system32\slrundll.exe
2007-02-22 18:57:54 188508 -----n--- C:\WINDOWS\system32\slgen.dll
2007-02-22 18:57:54 286792 -----n--- C:\WINDOWS\system32\slextspk.dll
2007-02-22 18:57:54 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll
2007-02-22 18:57:54 29184 -----n--- C:\WINDOWS\system32\sdhcinst.dll
2007-02-22 18:57:54 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll
2007-02-22 18:57:53 603648 -----n--- C:\WINDOWS\system32\WMSPDMOD.dll
2007-02-22 18:57:53 4096 -----n--- C:\WINDOWS\system32\wmsdmoe2.dll
2007-02-22 18:57:53 314880 -----n--- C:\WINDOWS\system32\wmpdxm.dll
2007-02-22 18:57:53 242688 -----n--- C:\WINDOWS\system32\wmpasf.dll
2007-02-22 18:57:53 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-02-22 18:57:53 227328 -----n--- C:\WINDOWS\system32\wmerror.dll
2007-02-22 18:57:53 17408 -----n--- C:\WINDOWS\system32\winshfhc.dll
2007-02-22 18:57:52 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-22 18:57:52 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-22 18:57:52 108032 -----n--- C:\WINDOWS\system32\wshbth.dll
2007-02-22 18:57:52 81408 -----n--- C:\WINDOWS\system32\wscsvc.dll
2007-02-22 18:57:52 13824 -----n--- C:\WINDOWS\system32\wscntfy.exe
2007-02-22 18:57:52 4096 -----n--- C:\WINDOWS\system32\wmvdmoe2.dll
2007-02-22 18:57:52 1329152 -----n--- C:\WINDOWS\system32\WMSPDMOE.dll
2007-02-22 18:57:51 438784 -----n--- C:\WINDOWS\system32\xpob2res.dll
2007-02-22 18:57:51 50176 -----n--- C:\WINDOWS\system32\xmlprovi.dll
2007-02-22 18:57:51 129536 -----n--- C:\WINDOWS\system32\xmlprov.dll
2007-02-22 18:57:51 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-02-22 18:57:51 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-22 18:57:51 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-22 18:57:51 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-22 18:57:51 32866 -----n--- C:\WINDOWS\slrundll.exe
2007-02-22 18:50:55 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-22 18:40:08 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-02-22 18:40:07 374752 --a------ C:\WINDOWS\system32\WUSBGXP.sys
2007-02-22 18:40:07 339488 --a------ C:\WINDOWS\system32\WUSB20XP.sys
2007-02-22 18:40:07 245376 --a------ C:\WINDOWS\system32\rt2500usb.sys<RT2500~1.SYS>
2007-02-22 18:40:07 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-02-22 18:40:07 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2007-02-22 18:40:04 17992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2007-02-22 18:40:04 17992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2007-02-22 18:31:11 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-02-22 18:31:10 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-02-22 18:31:08 52864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-02-22 18:31:07 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-02-22 18:31:06 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-02-22 18:31:04 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-02-22 18:31:03 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-02-22 18:31:02 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-02-22 18:30:50 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-02-22 18:30:48 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-02-22 18:30:47 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-02-22 18:30:44 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-02-22 18:30:43 59264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2007-02-22 18:30:42 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-22 18:30:42 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-22 18:24:10 1048576 --ah----- C:\Documents and Settings\ourroom\NTUSER.DAT
2007-02-22 18:22:27 229376 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2007-02-22 18:22:26 229376 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2007-02-22 18:16:58 229376 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2007-02-22 18:13:49 24576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-02-22 18:12:06 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-02-22 18:11:10 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-02-22 18:09:51 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-02-22 18:09:51 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-02-22 18:09:51 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-02-22 18:09:51 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-02-22 18:09:51 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-02-22 18:09:43 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-02-22 18:09:43 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-02-22 18:09:43 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-02-22 18:09:43 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-02-22 18:09:42 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-02-22 18:09:41 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-02-22 18:09:41 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-02-22 18:09:41 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-02-22 18:09:41 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-02-22 18:09:41 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-02-22 18:09:38 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-22 18:09:38 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-02-22 18:09:34 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-02-22 18:09:33 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-02-22 18:09:33 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-02-22 18:09:33 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-02-22 18:09:33 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-02-22 18:09:33 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-02-22 18:09:33 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-02-22 18:09:33 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-02-22 18:09:33 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-02-22 18:09:33 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-02-22 18:09:32 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-02-22 18:09:32 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-02-22 18:09:32 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-02-22 18:09:32 678400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-02-22 18:09:20 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-22 18:08:12 5632 --a------ C:\WINDOWS\system32\write.exe
2007-02-22 18:08:06 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-02-22 18:08:06 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-02-22 18:08:06 345088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-02-22 18:08:06 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-02-22 18:08:05 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-02-22 18:08:05 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-02-22 18:08:05 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-02-22 18:08:05 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-02-22 18:08:05 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-02-22 18:07:59 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-02-22 18:07:59 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-02-22 18:07:59 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-02-22 18:07:58 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-02-22 18:07:58 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-02-22 18:07:58 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-02-22 18:07:58 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-02-22 18:07:58 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-02-22 18:07:58 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-02-22 18:07:57 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-22 18:07:57 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-02-22 18:07:57 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-02-22 18:07:57 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-02-22 18:07:57 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-02-22 18:07:57 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-02-22 18:07:57 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-02-22 18:07:57 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-02-22 18:07:57 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-02-22 18:07:57 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-02-22 18:07:57 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-02-22 18:07:57 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-02-22 18:07:57 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-02-22 18:07:56 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-02-22 18:07:56 90112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-02-22 18:07:56 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-02-22 18:07:56 949248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-02-22 18:07:56 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-02-22 18:07:56 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-02-22 18:07:56 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-02-22 18:07:55 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-02-22 18:07:55 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-02-22 18:07:54 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-02-22 18:07:54 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-02-22 18:07:54 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-02-22 18:07:54 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-02-22 18:07:54 82432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-02-22 18:07:54 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-02-22 18:07:54 62464 --a------ C:\WINDOWS\system32\colbact.dll
2007-02-22 18:07:54 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-02-22 18:07:54 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-02-22 18:07:54 229888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-02-22 18:07:53 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-02-22 18:07:53 501248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-02-22 18:07:47 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-02-22 18:07:47 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-02-22 18:07:47 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-02-22 18:07:47 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-02-22 18:07:47 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-02-22 18:07:46 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-02-22 18:07:46 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-02-22 18:07:46 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-02-22 18:07:46 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-02-22 18:07:46 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-02-22 18:07:46 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-02-22 18:07:45 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-02-22 18:07:45 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-02-22 18:07:45 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-02-22 18:07:45 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-02-22 18:07:45 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-02-22 18:07:45 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-02-22 18:07:45 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-02-22 18:07:45 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-02-22 18:07:45 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-02-22 18:07:45 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-02-22 18:07:45 407552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-02-22 18:07:44 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-02-22 18:07:44 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-02-22 18:07:44 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-02-22 18:07:44 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-02-22 18:07:44 628224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-02-22 18:07:43 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-02-22 18:07:41 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-02-22 18:07:36 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-02-22 18:07:36 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-02-22 13:37:34 0 d-------- C:\068f143c3f22844b0d1240e523037b<068F14~1>
2007-02-22 11:53:45 0 d-------- C:\Program Files\s?stem
2007-02-22 11:53:05 32177 --ahs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe<YAZZLE~2.EXE>
2007-02-22 11:52:16 0 d-------- C:\ffd38e13e662ce6d2c83768d99e805fd<FFD38E~1>
2007-02-22 11:34:49 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-02-22 11:26:13 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-02-22 11:25:56 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-02-22 11:25:22 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-02-22 11:25:04 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-02-22 11:24:52 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-02-22 11:24:36 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-02-22 11:22:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-02-22 11:22:45 0 d--hs---- C:\WINDOWS\RGVubmV0dHMgSGFyZHdhcmU<RGVUBM~1>
2007-02-22 11:19:51 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-02-22 11:19:51 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-02-22 11:19:51 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-02-22 11:19:50 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-02-22 11:19:49 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-02-22 11:19:48 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-02-22 11:19:48 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-02-22 11:19:48 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-02-22 11:19:48 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-02-22 11:19:46 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-02-22 11:19:46 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-02-22 11:19:45 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-02-22 11:19:42 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-02-22 11:19:42 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-02-22 11:19:42 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-02-22 11:19:42 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-02-22 11:19:41 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-02-22 11:19:41 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-02-22 11:19:41 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-02-22 11:19:41 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-02-22 11:19:41 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-02-22 11:19:41 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-02-22 11:19:41 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-02-22 11:19:40 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-02-22 11:19:40 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-02-22 11:19:40 68768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-02-22 11:19:40 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-02-22 11:19:40 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-02-22 11:19:40 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-02-22 11:19:40 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-02-22 11:19:39 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-02-22 11:19:39 69120 --a------ C:\WINDOWS\notepad.exe
2007-02-22 11:19:38 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-02-22 11:19:27 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents<DOCUME~1>
2007-02-22 11:18:19 0 d-------- C:\Program Files\Common Files\{4CFAAFF2-0958-1033-1202-030119060001}<{4CFAA~1>
2007-02-22 11:14:21 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Systweak
2007-02-21 21:24:14 0 d-------- C:\8f2399186ff3a900dfb1da8dc820210d<8F2399~1>
2007-02-21 19:10:22 0 d-------- C:\Program Files\Common Files\{3CFAAFF2-0958-1033-1202-030119060001}<{3CFAA~1>
2007-02-21 19:10:18 92997 --a------ C:\Documents and Settings\Dennetts Hardware\bcw2.exe
2007-02-21 19:10:13 25088 --a------ C:\Documents and Settings\Dennetts Hardware\bcwin32.exe
2007-02-21 19:10:11 25600 --a------ C:\lddxxxbdla.exe<LDDXXX~1.EXE>
2007-02-21 16:33:27 0 d-------- C:\7df1ac5d04c72c2a7d4291a91491<7DF1AC~1>
2007-02-21 12:48:00 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-02-21 08:18:39 0 d-------- C:\WINDOWS\Sytem32
2007-02-20 19:21:36 0 d-------- C:\Program Files\Lavasoft
2007-02-20 18:30:33 385536 --a------ C:\is67lolawa.exe<IS67LO~1.EXE>
2007-02-20 18:12:09 0 d-------- C:\Program Files\DiskTrix
2007-02-20 10:32:55 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
2007-02-20 10:32:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1>
2007-02-20 10:30:35 0 d-------- C:\KAV
2007-02-19 21:27:57 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-02-19 18:34:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-02-19 17:14:57 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Uniblue
2007-02-19 13:38:51 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-02-19 13:37:51 0 d-------- C:\Program Files\F-Secure
2007-02-19 13:09:53 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\GlarySoft<GLARYS~1>
2007-02-19 13:05:13 0 d-------- C:\Program Files\Glary Utilities<GLARYU~1>
2007-02-19 12:26:19 670 --a------ C:\ICSdata.dat
2007-02-19 12:26:03 0 d-------- C:\Program Files\InfoClock Screensaver<INFOCL~1>
2007-02-19 12:26:03 0 d-------- C:\DESfiles
2007-02-17 16:47:55 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-17 10:15:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol<JOYMEE~1>
2007-02-17 10:14:42 0 d-------- C:\Program Files\funk fast wave<FUNKFA~1>
2007-02-17 10:14:09 0 d-------- C:\Program Files\Torrent101<TORREN~1>
2007-02-12 11:36:25 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Azureus
2007-02-12 10:24:07 0 d-------- C:\WINDOWS\vbSkinner<VBSKIN~1>
2007-02-12 09:34:53 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\uTorrent
2007-02-12 09:34:49 0 d-------- C:\Program Files\uTorrent
2007-02-06 12:57:56 0 d-------- C:\Program Files\iPod
2007-02-06 12:57:44 0 d-------- C:\Program Files\iTunes
2007-02-03 11:44:48 0 d-------- C:\Program Files\Reallusion<REALLU~1>
2007-02-02 22:49:44 5767168 --a------ C:\Documents and Settings\Dennetts Hardware\ntuser.dat
2007-02-01 18:57:50 0 d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files<SMARTF~1.0SE>
2007-02-01 16:51:09 0 d-------- C:\Program Files\SuperCleaner<SUPERC~1>
2007-01-31 22:05:08 47360 --a------ C:\Documents and Settings\Dennetts Hardware\Application Data\pcouffin.sys
2007-01-31 22:05:08 87608 --a------ C:\Documents and Settings\Dennetts Hardware\Application Data\ezpinst.exe
2007-01-31 22:05:07 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Vso
2007-01-31 22:05:04 0 d-------- C:\Program Files\DVDFab Platinum 3<DVDFAB~1>
2007-01-31 21:34:48 0 d-------- C:\WINDOWS\WBEM
2007-01-31 21:34:46 0 d-------- C:\WINDOWS\system32\en-US
2007-01-31 21:33:08 0 d--h---c- C:\WINDOWS\ie7
2007-01-31 21:30:17 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-01-31 20:19:14 0 d-------- C:\Program Files\FLVPlayer<FLVPLA~1>
2007-01-31 17:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-01-31 16:11:21 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\BitTorrent<BITTOR~1>
2007-01-31 15:27:31 0 d-------- C:\Program Files\Common Files\Creative
2007-01-31 15:20:03 0 d-------- C:\WINDOWS\system32\Data
2007-01-31 14:56:00 0 d-------- C:\Program Files\Dell Computer<DELLCO~1>
2007-01-31 14:55:42 0 d-------- C:\Program Files\PianoFX
2007-01-31 14:55:06 0 d-------- C:\Program Files\Common Files\Sonic
2007-01-31 14:54:48 0 d-------- C:\WINDOWS\system32\dla
2007-01-31 14:52:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-01-31 14:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-01-31 14:51:52 0 d-------- C:\Program Files\Microsoft Money<MICROS~3>
2007-01-31 1305 0 d-------- C:\Program Files\SmartFTP Client 2.0<SMARTF~1.0>
2007-01-31 11:59:16 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Ahead
2007-01-31 11:57:04 0 d-------- C:\Program Files\Nero
2007-01-31 11:57:03 0 d-------- C:\Program Files\Common Files\Ahead
2007-01-31 09:44:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems<ADOBES~1>
2007-01-31 09:32:27 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Smart Recorder<SMARTR~1>
2007-01-30 20:15:24 0 d--h----- C:\Program Files\Creative Installation Information<CREATI~1>
2007-01-30 20:11:43 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Creative
2007-01-30 19:54:52 0 d-------- C:\Program Files\Creative
2007-01-29 20:05:25 0 d-------- C:\WINDOWS\system32\NtmsData
2007-01-29 17:35:33 0 d-------- C:\WINDOWS\Profiles
2007-01-29 17:35:31 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\InterTrust<INTERT~1>
2007-01-29 17:33:51 0 d-------- C:\WINDOWS\system32\hauppauge<HAUPPA~1>
2007-01-29 17:33:38 0 d-------- C:\MyVideos
2007-01-29 17:33:25 0 d-------- C:\Program Files\WinTV
2007-01-29 17:15:27 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles<NVIEW_~1>
2007-01-29 17:09:01 0 d-------- C:\WINDOWS\nview
2007-01-29 13:19:54 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-01-29 13:18:05 0 d-------- C:\Program Files\Ulead Systems<ULEADS~1>
2007-01-29 12:38:41 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\WinRAR
2007-01-29 08:49:13 245376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys<RT2500~1.SYS>
2007-01-29 08:48:47 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor<LINKSY~1>


-- Find3M Report ----------------------------------------------------------------

2007-02-23 07:02:35 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 05:37:26 0 d-------- C:\Program Files\Attitude POSitive<ATTITU~1>
2007-02-23 05:26:11 0 d-------- C:\Program Files\Java
2007-02-22 21:03:22 0 d---s---- C:\Documents and Settings\ourroom\Application Data\Microsoft<MICROS~1>
2007-02-22 20:35:09 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-22 19:53:43 0 d-------- C:\Documents and Settings\ourroom\Application Data\Macromedia<MACROM~1>
2007-02-22 19:50:46 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2007-02-22 19:50:46 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2007-02-22 19:10:27 0 d-------- C:\Documents and Settings\ourroom\Application Data\Mozilla
2007-02-22 18:55:36 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-22 18:55:23 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-22 18:55:16 0 d-------- C:\Program Files\Common Files\s?stem
2007-02-22 18:55:16 0 d-------- C:\Program Files\Common Files\??stem
2007-02-22 18:24:25 0 d-------- C:\Documents and Settings\ourroom\Application Data\Identities<IDENTI~1>
2007-02-22 11:19:27 62 --ahs---- C:\Documents and Settings\ourroom\Application Data\desktop.ini
2007-02-21 14:47:20 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-20 19:45:24 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-20 19:44:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-20 18:10:58 0 d-------- C:\Program Files\UI
2007-02-20 18:10:58 0 d-------- C:\Program Files\scripts
2007-02-20 18:10:58 0 d-------- C:\Program Files\plugins
2007-02-20 18:10:56 0 d-------- C:\Program Files\Replay7
2007-02-20 18:05:12 0 d-------- C:\Program Files\Data
2007-02-20 18:05:11 0 d-------- C:\Program Files\MainRetail3<MAINRE~1>
2007-02-20 18:05:09 0 d-------- C:\Program Files\Common Files\mqkz
2007-02-20 17:11:38 0 d-------- C:\Program Files\Grisoft
2007-02-16 06:46:51 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-16 06:46:13 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-01 16:11:38 0 d-------- C:\Program Files\MUSICMATCH<MUSICM~1>
2007-02-01 12:14:31 0 d-------- C:\Program Files\LimeWire
2007-02-01 06:26:18 0 d-------- C:\Program Files\??sks
2007-01-31 14:03:34 0 d-------- C:\Program Files\Yahoo!
2007-01-30 11:51:16 0 d-------- C:\Program Files\Jasc Software Inc<JASCSO~1>
2007-01-30 11:48:25 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-01-30 11:45:48 0 d-------- C:\Program Files\Amor SWF to Video Converter<AMORSW~1>
2007-01-29 17:35:31 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-29 17:35:31 0 d-------- C:\Program Files\Common Files\?dobe
2007-01-29 13:18:20 0 d-------- C:\Program Files\Common Files\Ulead Systems<ULEADS~1>
2007-01-17 11:02:19 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-01-12 10:44:01 0 d-------- C:\Program Files\Luxor Mahjong<LUXORM~1>
2007-01-03 15:19:56 171008 --ahs---- C:\Program Files\Common Files\Yazzle1122OinAdmin.exe<YAZZLE~1.EXE>
2006-11-25 13:54:02 449024 --a------ C:\WINDOWS\system32\InfoClock Screensaver.scr<INFOCL~1.SCR>


-- Registry Dump ----------------------------------------------------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NWEReboot"=""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
---------------------------------------------------------------------------

I was unable to attach supplementary text. Kept timing out. Here is the text

ComboScan v20070221.16 run by ourroom on 2007-02-23 at 07:04:04
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.40GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 1022 MiB / 716.86 MiB
Pagefile Memory (total/avail): 2460.81 MiB / 2290.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1999.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.46 GiB total, 39.68 GiB free.
D: is Fixed (FAT32) - 93.34 GiB total, 31.01 GiB free.
E: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.



-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\ourroom\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STEVEANDCAREN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ourroom
LOGONSERVER=\\STEVEANDCAREN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ourroom\LOCALS~1\Temp
TMP=C:\DOCUME~1\ourroom\LOCALS~1\Temp
USERDOMAIN=STEVEANDCAREN
USERNAME=ourroom
USERPROFILE=C:\Documents and Settings\ourroom
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

ourroom (admin)
Administrator (new local, admin)


-- Add/Remove Programs ----------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
HijackThis 1.99.1 --> C:\Documents and Settings\ourroom\Desktop\hijackthis\HijackThis.exe /uninstall
InfoClock Screensaver 1.6.7 --> "C:\Program Files\InfoClock Screensaver\unins000.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
LimeWire PRO 4.13.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
SmartFTP Client 2.0 (remove only) --> "C:\Program Files\SmartFTP Client 2.0\uninst-sftp.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- End of ComboScan: finished at 2007-02-23 at 07:04:45 -------------------------


HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5


-- End of ComboScan: finished at 2007-02-23 at 07:04:45 -------------------------
neonknightmare is offline