Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Virus Trouble or Residual Issues From The Deleted Virus?? Virus Trouble or Residual Issues From The Deleted Virus??
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 03-25-2007, 05:00 PM   #1 (permalink)
Decently PC Literate
 
geordietx's Avatar
 
Join Date: Jan 2006
Location: Houston, Texas, y'all...
Posts: 37
OS: XP SP2 Pro

My System

Virus Trouble or Residual Issues From The Deleted Virus??
Hi, all, hope you are doing well -
Although I have not contracted anything more than a tracking cookie in well over a year, I think my luck ran out here recently. Although I practice what some may call a "high-risk" internet lifestyle (using P2P software, occasionally visiting unknown and therefore questionable websites, etc.) I have a pretty extensive antivirus routine. I regularly use avast! - both on-access and regular scanning pieces - Spbot S&D, Spyware Blaster, AdAware, and CCleaner. I also regularly utilize many other antivirus programs on an ad-hoc basis (AVG, Panda, etc.).

Recently, though, while I was web surfing, avast! informed me that I had been exposed to several viruses pretty much at the same time. All of these were general Trojans of some type. After a lot of cleaning, I finally found one pretty much unknown program that seemed to do the trick (the software is called, simply enough, Trojan Remover). No other scan reports that I have any sort of infection now, with the possible exception of Hijack This, and then depending on whose website you believe as to what is dangerous and what is not. However, my PC is still not back to normal. Although I can't really see anything when I'm surfing - seems to act fine - there are some issues. I'll bullet those out below. I have a feeling that this might be related more to the damage that was done to some files when the virus was removed and then the files were not repaired back to their original states, specifically the LSP layer (I say this because I read it in my extensive search of the web when googling for my same issues/error messages). The issues now:
1) internet connection reports that the internet connection (as opposed to the LAN) is disconnected, although I am still able to surf the net. I can enable the connection through properties, and it will connect (I can see it doing so) but the connection box itself still shows it as disconnected.
2) Several errors in the event viewer related to DNS and PNRP, I imagine it would help to detail those out specifically, but they are lengthy and I won't do so until/unless you tell me you need them. They mostly have to do with 'addresses incompatible with protocols used'....
3) The service IPv6 hangs upon starting, usually but not always. In fact, all of this stuff is usually, but not always.
4) Trying to follow directions, although I have attempted to fix this problem myself, as stated, I have tried four times now to run an online Panda Activescan. About 20% or so into the scan, my entire IE shuts down, including Panda and whatever else happened to be open at the time. Not sure if this is related to the virus or not, because I seem to remember a PC I owned a few computers back had a similar problem.

Just below is the Hijack This log, just for kicks I ran it through TrendMicro's new Beta, and that product told me that this file: "d:\windows\system32\nwprovau.dll" file was the result of "Breaking of Internet access by New.Net or WebHancer"; however, I cannot support this anywhere else on the web. Furthermore, I tried to remove it via Hijack This and it just returns on reboot.

I also run it through one of the HJT auto-analyzers available and it returned so much wrong information that it had to make me question what happens to people who use it and then discover their PC won't work? It would have had me remove several components of avast! - my main antivirus tool - and it also reported that some Nero modules were malware, as well as telling me that ctfmon.exe was a virus - and I know that this is a MS file that has something to do with language - unless, of course, the real file has been replaced with this fake. If that were the case, I'm sure one of the many other programs I have run would have identified a problem, and they didn't << deep, heavy sigh >>

So, any insight you can provide would be very much appreciated. I know that it's tricky to jump in after somebody has attempted to clean their system and ultimately failed. But at least I tried, it was a great learning experience, most of the knowledge I have I learned from reading many, many Hijack This files on this very website and then trying to guess what the problem and fix would be, then reading what it actually was. I'll be there soon! Thanks.

PS I tried to leave the formatting and coloring in on the Hijack This file auto-analyzer version just so you could see, but somehow the TSF website just reverted it back to normal text....

Logfile of HijackThis v1.99.1
Scan saved at 6:53:32 PM, on 3/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Winamp\winampa.exe
D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\PROGRA~1\Avast4\ashDisp.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Wireless\Linksys EasyLink Advisor\LinksysAgent.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\ATI\SUPPORT\3-04_rw_enu\ATIRW.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Avast4\aswUpdSv.exe
D:\Program Files\Avast4\ashServ.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PowerPanel\upssrv.exe
D:\PowerPanel\upsio.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\System32\snmp.exe
D:\Downloads\Hive Closer on Logoff\uphclean.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\mqsvc.exe
D:\WINDOWS\system32\mqtgsvc.exe
D:\Program Files\Glarysoft Process Manager\procmgr.exe
D:\Program Files\MSN Messenger\livecall.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\mmc.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\svchost.exe
D:\Downloads\Hijack This\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Blah, Blah, Blah
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\DOWNLO~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] "D:\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VolPanel] "D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Wireless\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\ATI\SUPPORT\3-04_rw_enu\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O15 - Trusted Zone: http://www.juno.co.uk
O15 - Trusted Zone: http://safety.live.com
O15 - Trusted Zone: http://profile.myspace.com
O15 - Trusted Zone: www.myspace.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160235476531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6F69E6E-BDB2-439F-9730-E4EA180AB2A1}: NameServer = 24.93.41.125,24.93.41.126
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - D:\DOWNLO~1\CacheMan\CachemanXP\CachemanXP.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: UPS Service (CyberPowerUPS) - Cyber Power Systems, Inc. - D:\PowerPanel\upssrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - I:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpamBayes Service (pop3proxy) - Unknown owner - D:\Downloads\SpamBayes 1.0.4\SpamBayes\bin\sb_service.exe
__________________
Geordie in Texas
geordietx is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-30-2007, 05:33 AM   #2 (permalink)
Decently PC Literate
 
geordietx's Avatar
 
Join Date: Jan 2006
Location: Houston, Texas, y'all...
Posts: 37
OS: XP SP2 Pro

My System

Thumbs Down Re: Virus Trouble or Residual Issues From The Deleted Virus??
Since it appears I'm not going to get a response or even the courtesy of any type of reply , I went ahead and did a repair install. This has turned out to be worse than I even imagined, and I had imagined some pretty horrible outcomes. I am now stuck in some sort of Windows Update HELL where it thinks I need to reboot, I do, it attempts to install again, the installation fails, and the cycle starts over again by it telling me I need to reboot. The problem is I can't download any further updates and my system is now back to the unpatched SP2 state that comes on one of the later XP Pro SP2 disks. And even though I've tried every one of the fixes I could find by googling (and this is not an uncommon problem) NONE of them have worked for me. If anyone has any insight into what I could do, and would like to share their knowledge, I sure would appreciate it.
__________________
Geordie in Texas
geordietx is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-30-2007, 06:41 AM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 18,676
OS: WinXP and Win98se


Re: Virus Trouble or Residual Issues From The Deleted Virus??
Hello geordietx,

Any lack of response by our Security Team was not due to any discourtesy, but rather the overwhelming number of HijackThis logs that are currently posted in this forum. There are only so many of us volunteering our time and we can only do so much.

The fixes you have done on your own have left us with nothing to see, and we cannot remove what we cannot see.

It may have helped had you read the sticky threads at the top of the HijackThis Help Forum:

TrendMicro's HijackThis version2 Beta

(Updated!) IMPORTANT - Read This Before Posting A Log This thread would have advised you to politely 'bump' your thread if no reply has been received after 48 hrs of posting. It also would have advised you to download our tool of choice:

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
---------------------------------------------------------

Please download that tool now and run a scan:

Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

-----------------------------------------------------------------

Let's hold off on any online scan until necessary since you're stuck at unpatched SP2.


Please include the following in your next reply:

main.txt
an attached extra.txt
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-09-2007, 04:10 PM   #4 (permalink)
Decently PC Literate
 
geordietx's Avatar
 
Join Date: Jan 2006
Location: Houston, Texas, y'all...
Posts: 37
OS: XP SP2 Pro

My System

Re: Virus Trouble or Residual Issues From The Deleted Virus??
My apologies if you feel that I was venting on you. I realize that you are volunteers there, and I could have taken the high road and didn't. Then again, I feel reprimanded now, so I hope everyone feels better. My frustration was more from the fact that I didn't know if I was going to get a response or when. In my mind, five days is about three or four days longer than acceptable when you are looking for (admittedly free) assistance for a PC that is pretty much dead in the water. I think it would be very helpful if you would, when the forum gets behind like this, put a sticky or an autoreply or something indicating to the user about how long they can expect to wait for a response. I did a search in the forums for unanswered threads, and there were hundreds, if not thousands. I had no faith I would even get a reply in any amount of time and no information to go on.

I cannot reply to this post as your facility is complaining that this is too long, so it will be in two pieces. Several times, I have been blocked by what appear to be very low maximums in TSF's allowables for posting.

Back to the subject matter, a lot has happened since I posted. Because I could not just do without a PC for an indefinite period of time (and I read your message on double posting to various forums and agree with you that it is a colossal waste of time for everybody) I had to do some more work on my own to try to set things right. When I realized that I was not going to be able to fix this, I cleared off a petition on my 2nd hard drive and reinstalled XP Pro SP2, and began the process of the installs of the software then. Although I know that a separate partition on a separate drive is, for all practical purposes, another PC, there were some surprising things that happened that make me question that. #1 was the fact that all references to the network were gone in the old partition, and I mean ALL of them. Yet when I installed drivers for the NIC's in the new partition, this jump-started something in the old partition, and the two ethernet cards began working again. I have steadily been adding back in the software and have noticed other interactions between the old and the new partitions.

So here is where I stand at this moment. I have my old installation and it doesn't work, because I can't get most updates down from MS, and IE7 is dead in the water. This link explains why; it would be helpful if this were a little more widely publicized, I think. I had never heard it before.
http://support.microsoft.com/kb/917964
But IE7 is not listed in the add/remove programs, so per Mr. Gates & Company directions, I will need to use the recovery tool to uninstall IE7, ostensibly do the repair install yet again, then reinstall IE7. A lot of work, and I don't think it would take anyways, because it won't let me install anything as it thinks I have pending installs. And it did, at some point, allow some updates to come through and install, but it appears to be stuck again at a single security update. That's where we stand now, and I do believe that I am not infected by any malware currently. This has all been caused by the eradication of the Trojans, I think. I will complete the DSS scan (and by the way, I DID attempt to follow your online instructions, but somehow didn't see step 5; I thought they ended at step 4.) Here is the DSS scan, and again, I think this is not so much a Hijack This problem at this point. I will defer to the experts. Thanks for your assistance. Oh, as an aside, Microsoft's Onecare antivirus/firewall solution was just something that I was trying. I will be uninstalling that shortly and reinstalling Avast! or similar antimalware.
Thanks again.

(DSS File in separate post due to TSF system limitations)
Attached Files
File Type: txt extra.txt (13.3 KB, 1 views)
__________________
Geordie in Texas
geordietx is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-09-2007, 04:20 PM   #5 (permalink)
Decently PC Literate
 
geordietx's Avatar
 
Join Date: Jan 2006
Location: Houston, Texas, y'all...
Posts: 37
OS: XP SP2 Pro

My System

Re: Virus Trouble or Residual Issues From The Deleted Virus??
Ok, I'm attempting to follow your directions, but receiving the following message from the forum when trying to attach just the DSS scan as requested:

The text that you have entered is too long (148575 characters). Please shorten it to 100000 characters long.

I'll try attaching as an attachment, but I'll bet it goes over TSF's file attachments maximums. So, if that doesn't work, I'll attempt to split the DSS scan into two pieces. If I still can't get it to go, you'll have to tell me how to proceed. This is a big hassle.


-- Last 5 Restore Point(s) --
24: 2007-04-09 17:16:18 UTC - RP46 - Deckard's System Scanner Restore Point
23: 2007-04-09 10:58:39 UTC - RP45 - Restore Operation
22: 2007-04-08 09:51:48 UTC - RP44 - System Checkpoint
21: 2007-04-07 09:01:39 UTC - RP43 - Software Distribution Service 2.0
20: 2007-04-07 05:16:08 UTC - RP42 - Installed Windows Internet Explorer 7.


-- First Restore Point --
1: 2007-04-03 02:16:29 UTC - RP23 - Installed User Profile Hive Cleanup Service


Performed disk cleanup.


-- HijackThis (run as Mike.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:18:16 AM, on 4-9-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\tcpsvcs.exe
I:\Program Files\UPHClean\uphclean.exe
I:\WINDOWS\system32\MsPMSPSv.exe
I:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
I:\Program Files\Microsoft Windows OneCare Live\winss.exe
I:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
I:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
I:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
I:\WINDOWS\system32\Rundll32.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\Program Files\Winamp\winampa.exe
I:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
I:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
I:\Program Files\MSN Messenger\MsnMsgr.Exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
I:\Program Files\MSN Messenger\usnsvc.exe
I:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
I:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
I:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\MSN Messenger\livecall.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Documents and Settings\Mike\Desktop\DSS.exe
I:\PROGRA~1\HIJACK~1\Mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.click2houston.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - I:\Program Files\Internet Explorer\IE7pro\IE7pro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - I:\Program Files\MSN Messenger\htc.8.1.0178.00.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VolPanel] "I:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [OneCareUI] "I:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "I:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "I:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - I:\Program Files\Internet Explorer\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - I:\Program Files\Internet Explorer\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175521686812
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 LBeepKE - i:\windows\system32\drivers\lbeepke.sys
R3 ATIDACXX (ATI DTV Wonder Analog Audio Capture Device) - i:\windows\system32\drivers\atidacxx.sys
R3 ATIDDCXX (ATI DTV Wonder Digital BDA Capture Device) - i:\windows\system32\drivers\atiddcxx.sys
R3 ATIDTUXX (ATI DTV Wonder Digital And Analog Tuner Device) - i:\windows\system32\drivers\atidtuxx.sys
R3 ATIDVCXX (ATI DTV Wonder Analog AV Capture Device) - i:\windows\system32\drivers\atidvcxx.sys
R3 ATIDXBXX (ATI DTV Wonder Analog AV Crossbar Device) - i:\windows\system32\drivers\atidxbxx.sys
R3 CTUSFSYN (Creative SoundFont Synthesizer) - i:\windows\system32\drivers\ctusfsyn.sys
R3 EL90X (3Com EtherLink XL 90X Adapter Driver) - i:\windows\system32\drivers\el90xnd5.sys
R3 LHidUsbK (SetPoint USB Receiver Device Driver) - i:\windows\system32\drivers\lhidusbk.sys
R3 LUsbKbd (SetPoint USB Keyboard Filter) - i:\windows\system32\drivers\lusbkbd.sys
R3 P17xfi (Sound Blaster X-Fi Xtreme Audio) - i:\windows\system32\drivers\p17xfi.sys
R3 p17xfilt - i:\windows\system32\drivers\p17xfilt.sys
R3 pfc (Padus ASPI Shell) - i:\windows\system32\drivers\pfc.sys
R3 XUIF (X10 USB Wireless Transceiver) - i:\windows\system32\drivers\x10ufx2.sys

S3 emupia (E-mu Plug-in Architecture Driver) - i:\windows\system32\drivers\emupia2k.sys
S3 MPE (BDA MPE Filter) - i:\windows\system32\drivers\mpe.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Iprip (RIP Listener) - i:\windows\system32\svchost.exe -k netsvcs
R2 msfwsvc (OneCare Firewall) - "i:\program files\microsoft windows onecare live\firewall\msfwsvc.exe"
R2 OneCareMP (OneCare AntiSpyware and AntiVirus) - "i:\program files\microsoft windows onecare live\antivirus\msmpeng.exe"
R2 SimpTcp (Simple TCP/IP Services) - i:\windows\system32\tcpsvcs.exe
R2 UPHClean (User Profile Hive Cleanup) - i:\program files\uphclean\uphclean.exe
R2 winss (Windows Live OneCare) - i:\program files\microsoft windows onecare live\winss.exe

S3 p2pgasvc (Peer Networking Group Authentication) - i:\windows\system32\svchost.exe -k p2psvc


-- Scheduled Tasks -------------------------------------------------------------

2007-04-09 04:04:35 384 --ah----- I:\WINDOWS\Tasks\MP Scheduled Signature Update.job<MPSCHE~3.JOB>
2007-04-09 04:04:35 378 --ah----- I:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-09 04:04:35 402 --ah----- I:\WINDOWS\Tasks\MP Scheduled Quick Scan.job<MPSCHE~2.JOB>
2007-04-06 04:40:41 284 --a------ I:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-03-09 and 2007-04-09 -----------------------------

2007-04-09 03:10:06 524288 --ah----- I:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-08 21:47:29 0 d-------- I:\Program Files\PC Wizard 2006<PCWIZA~1>
2007-04-08 21:13:05 0 d-------- I:\Program Files\MSI
2007-04-08 06:16:03 0 d-------- I:\Program Files\Linksys EasyLink Advisor(2)<LINKSY~1>
2007-04-08 05:53:17 0 d-------- I:\Documents and Settings\Mike\Application Data\GTek
2007-04-08 05:53:16 0 d-------- I:\Documents and Settings\All Users\Application Data\GTek
2007-04-08 0545 0 d-------- I:\WINDOWS\system32\NtmsData
2007-04-08 02:51:46 4718592 --a------ I:\Documents and Settings\Mike\ntuser.dat
2007-04-08 02:51:46 229376 --a------ I:\Documents and Settings\LocalService\ntuser.dat
2007-04-07 14:59:47 0 d-------- I:\Program Files\Z-Soft Uninstaller<Z-SOFT~1>
2007-04-07 03:01:33 18944 --a------ I:\WINDOWS\system32\simptcp.dll
2007-04-07 03:01:29 35328 --a------ I:\WINDOWS\system32\iprip.dll
2007-04-06 23:18:40 0 d-------- I:\Program Files\Shareaza
2007-04-06 22:30:28 0 d-------- I:\Documents and Settings\Mike\Application Data\IE7pro
2007-04-06 07:45:59 0 d-------- I:\Documents and Settings\Mike\Application Data\Apple Computer<APPLEC~1>
2007-04-06 07:45:53 1755 --a------ I:\Documents and Settings\All Users\Application Data\QTSBandwidthCache<QTSBAN~1>
2007-04-06 04:40:38 0 d-------- I:\Program Files\Apple Software Update<APPLES~1>
2007-04-06 04:40:27 0 d-------- I:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-04-06 04:37:47 0 d-------- I:\Program Files\QuickTime<QUICKT~1>
2007-04-06 03:54:25 0 d-------- I:\Program Files\Registrar Lite<REGIST~1>
2007-04-06 01:03:50 59264 --a------ I:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-04-04 18:13:42 0 d-------- I:\Program Files\RegScrubXP<REGSCR~1>
2007-04-04 13:49:33 0 d-------- I:\Documents and Settings\Mike\Contacts
2007-04-04 13:48:39 0 d-------- I:\Program Files\MSN Messenger<MSNMES~1>
2007-04-04 08:42:49 0 d-------- I:\Documents and Settings\Mike\Application Data\DivX
2007-04-03 15:26:29 116472 -----n--- I:\WINDOWS\system32\pxcpyi64.exe
2007-04-03 15:26:02 0 d-------- I:\Program Files\DivX
2007-04-03 01:00:44 118520 -----n--- I:\WINDOWS\system32\pxinsi64.exe
2007-04-03 01:00:44 129784 -----n--- I:\WINDOWS\system32\pxafs.dll
2007-04-03 01:00:35 0 d-------- I:\Program Files\Winamp
2007-04-03 00:48:19 120832 -ra------ I:\WINDOWS\system32\sfms32.dll
2007-04-03 00:48:19 162176 -ra------ I:\WINDOWS\system32\drivers\ctusfsyn.sys
2007-04-03 00:48:16 409600 --a------ I:\WINDOWS\system32\wrap_oal.dll
2007-04-03 00:48:16 86016 --a------ I:\WINDOWS\system32\OpenAL32.dll
2007-04-03 00:34:35 0 d-------- I:\Documents and Settings\Mike\Application Data\Creative
2007-04-03 00:31:40 0 d-------- I:\WINDOWS\pss
2007-04-03 00:26:58 25088 -----n--- I:\WINDOWS\system32\CTSVCCTL.EXE
2007-04-03 00:26:58 44032 -----n--- I:\WINDOWS\system32\CTSVCCDA.EXE
2007-04-03 00:26:42 0 d-------- I:\Program Files\Common Files\Creative
2007-04-03 00:26:41 0 d--h----- I:\Program Files\Creative Installation Information<CREATI~1>
2007-04-03 00:22:43 1587712 --a------ I:\WINDOWS\system32\drivers\p17xfilt.sys
2007-04-03 00:22:27 197632 -ra------ I:\WINDOWS\SF32.exe
2007-04-03 00:22:26 139264 -ra------ I:\WINDOWS\system32\EAX.DLL
2007-04-03 00:22:26 986 -ra------ I:\WINDOWS\SB0792.reg
2007-04-03 00:22:26 990 -ra------ I:\WINDOWS\SB0790.reg
2007-04-03 00:22:26 53248 -ra------ I:\WINDOWS\resdef.exe
2007-04-03 00:22:26 663675 -ra------ I:\WINDOWS\OALInst.exe
2007-04-03 00:22:25 137728 -ra------ I:\WINDOWS\system32\P17res.dll
2007-04-03 00:22:25 53248 -ra------ I:\WINDOWS\system32\P17CPI.dll
2007-04-03 00:22:24 1173504 --a------ I:\WINDOWS\system32\drivers\P17xfi.sys
2007-04-03 00:22:23 8704 -ra------ I:\WINDOWS\system32\drivers\Pfmodnt.sys
2007-04-03 00:18:04 0 d-------- I:\Program Files\Creative
2007-04-03 00:04:07 0 d-------- I:\Program Files\CCleaner
2007-04-02 23:43:33 0 d-------- I:\Documents and Settings\Mike\Application Data\Help
2007-04-02 19:20:28 262144 --a------ I:\WINDOWS\system32\default_user_class.dat<DEFAUL~1.DAT>
2007-04-02 19:17:18 0 d-------- I:\Documents and Settings\Mike\Application Data\Logitech
2007-04-02 19:16:30 0 d-------- I:\Program Files\UPHClean
2007-04-02 19:12:26 13568 --a------ I:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-04-02 19:12:09 71936 --a------ I:\WINDOWS\system32\drivers\LMouKE.Sys
2007-04-02 19:12:09 55936 --a------ I:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-04-02 19:11:33 36736 --a------ I:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-04-02 19:11:33 3712 --a------ I:\WINDOWS\system32\drivers\LBeepKE.sys
2007-04-02 19:11:32 69632 --a------ I:\WINDOWS\system32\KemXML.dll
2007-04-02 19:11:32 110592 --a------ I:\WINDOWS\system32\KemWnd.dll
2007-04-02 19:11:32 131072 --a------ I:\WINDOWS\system32\KemUtil.dll
2007-04-02 19:11:32 155648 --a------ I:\WINDOWS\system32\kemutb.dll
2007-04-02 19:11:24 14848 --a------ I:\WINDOWS\system32\drivers\LUsbKbd.sys
2007-04-02 19:11:24 27136 --a------ I:\WINDOWS\system32\drivers\LHidKE.Sys
2007-04-02 19:11:24 94208 --a------ I:\WINDOWS\KHALMNPR.Exe
2007-04-02 19:11:24 0 d-------- I:\Program Files\Logitech
2007-04-02 19:11:23 0 d-------- I:\Program Files\Common Files\Logitech
2007-04-02 18:57:07 0 d-------- I:\Program Files\Intel
2007-04-02 17:49:35 0 d-------- I:\Program Files\Driver Detective<DRIVER~1>
2007-04-02 17:49:35 0 d-------- I:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters<PCDRIV~1>
2007-04-02 17:21:10 0 d-------- I:\Program Files\AusLogics Disk Defrag<AUSLOG~1>
2007-04-02 16:41:30 0 d-------- I:\Program Files\MSBuild
2007-04-02 16:38:38 0 d-------- I:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-04-02 16:38:05 0 d-------- I:\Program Files\Reference Assemblies<REFERE~1>
2007-04-02 16:37:13 14048 -----n--- I:\WINDOWS\system32\spmsg2.dll
2007-04-02 16:36:37 5504 --a------ I:\WINDOWS\system32\drivers\MSTEE.sys
2007-04-02 16:36:36 15360 --a------ I:\WINDOWS\system32\drivers\MPE.sys
2007-04-02 16:36:34 10880 --a------ I:\WINDOWS\system32\drivers\NdisIP.sys
2007-04-02 16:36:33 15360 --a------ I:\WINDOWS\system32\drivers\StreamIP.sys
2007-04-02 16:36:32 11136 --a------ I:\WINDOWS\system32\drivers\SLIP.sys
2007-04-02 16:36:30 19328 --a------ I:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-04-02 16:36:29 85376 --a------ I:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-04-02 16:36:28 17024 --a------ I:\WINDOWS\system32\drivers\CCDECODE.sys
2007-04-02 16:36:19 363520 --a------ I:\WINDOWS\system32\PsisDecd.dll
2007-04-02 16:36:18 11776 --a------ I:\WINDOWS\system32\drivers\BdaSup.sys
2007-04-02 16:36:11 53760 --a------ I:\WINDOWS\system32\vfwwdm32.dll
2007-04-02 16:35:38 0 d-------- I:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-04-02 16:34:52 0 d-------- I:\WINDOWS\system32\URTTEMP
2007-04-02 16:33:31 36352 -----n--- I:\WINDOWS\system32\tsgqec.dll
2007-04-02 16:33:31 288768 -----n--- I:\WINDOWS\system32\rhttpaa.dll
2007-04-02 16:33:31 116736 -----n--- I:\WINDOWS\system32\aaclient.dll
2007-04-02 09:22:43 0 d-------- I:\WINDOWS\Sun
2007-04-02 09:22:42 0 d-------- I:\Documents and Settings\Mike\Application Data\Sun
2007-04-02 09:20:17 0 d-------- I:\Program Files\Java
2007-04-02 09:20:05 0 d-------- I:\Program Files\Common Files\Java
2007-04-02 08:59:01 0 d-------- I:\Documents and Settings\All Users\Application Data\NVIDIA Corporation<NVIDIA~1>
2007-04-02 08:58:50 499712 --a------ I:\WINDOWS\system32\msvcp71.dll
2007-04-02 08:58:50 1060864 --a------ I:\WINDOWS\system32\MFC71.dll
2007-04-02 08:58:50 60416 --a------ I:\WINDOWS\system32\DSETUP.dll
2007-04-02 08:58:50 671744 --a------ I:\WINDOWS\system32\DolbyHph.dll
2007-04-02 08:58:50 89088 --a------ I:\WINDOWS\system32\atl71.dll
2007-04-02 08:58:49 9856 --a------ I:\WINDOWS\system32\drivers\pfc.sys
2007-04-02 08:58:49 4608 --a------ I:\WINDOWS\system32\drivers\nvport.sys
2007-04-02 08:58:15 348160 --a------ I:\WINDOWS\system32\msvcr71.dll
2007-04-02 08:54:16 0 d-------- I:\Documents and Settings\Mike\Application Data\Google
2007-04-02 08:46:00 0 d-------- I:\Documents and Settings\All Users\Application Data\Google
2007-04-02 08:33:55 0 d-------- I:\Program Files\Google
2007-04-02 08:33:45 0 d-------- I:\Program Files\Common Files\xing shared<XINGSH~1>
2007-04-02 08:33:34 0 d-------- I:\Program Files\Real
2007-04-02 08:33:34 0 d-------- I:\Program Files\Common Files\Real
2007-04-02 08:32:50 0 d-------- I:\Documents and Settings\Mike\Application Data\Real
2007-04-02 08:24:28 127208 --a------ I:\WINDOWS\system32\mucltui.dll
2007-04-02 08:23:31 10752 -ra------ I:\WINDOWS\system32\SPIRun.dll
2007-04-02 08:23:31 137728 -ra------ I:\WINDOWS\system32\OemSpi.dll
2007-04-02 08:23:31 11264 -ra------ I:\WINDOWS\InRes.DLL
2007-04-02 08:19:44 0 d--h----- I:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-02 06:33:21 81024 --a------ I:\WINDOWS\system32\drivers\msfwdrv.sys
2007-04-02 06:33:20 105856 --a------ I:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-04-02 06:32:51 0 d------c- I:\WINDOWS\system32\DRVSTORE
2007-04-02 06:32:51 67784 --a------ I:\WINDOWS\system32\drivers\MpFilter.sys
2007-04-02 06:32:07 0 d-------- I:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-02 06:25:28 0 d--hs---- I:\RECYCLER
2007-04-02 06:22:11 0 d-------- I:\Program Files\Microsoft Windows OneCare Live<MICROS~2>
2007-04-02 06:13:36 262144 --a------ I:\Documents and Settings\All Users\ntuser.dat
2007-04-02 06:13:30 0 d-------- I:\WINDOWS\network diagnostic<NETWOR~1>
2007-04-02 05:43:27 0 d-------- I:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-04-02 05:42:40 0 d-------- I:\WINDOWS\system32\LogFiles
2007-04-02 05:42:40 0 d-------- I:\WINDOWS\system32\drivers\UMDF
2007-04-02 05:42:15 0 d-------- I:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-04-02 05:33:35 0 d-------- I:\Music
2007-04-02 05:27:24 23856 --a------ I:\WINDOWS\system32\spupdsvc.exe
2007-04-02 05:27:24 0 d-------- I:\WINDOWS\system32\PreInstall<PREINS~1>
2007-04-02 05:27:23 0 d--h----- I:\WINDOWS\$hf_mig$
2007-04-02 05:13:27 0 d-------- I:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-04-02 05:12:26 153631 --a------ I:\WINDOWS\system32\drivers\el90xnd5.sys
2007-04-02 04:09:53 0 d-------- I:\WINDOWS\Profiles
2007-04-02 04:09:25 0 d-------- I:\WINDOWS\system32\Adobe
2007-04-02 04:09:25 0 d-------- I:\Program Files\Common Files\Adobe
2007-04-02 04:09:25 0 d-------- I:\Documents and Settings\Mike\Application Data\InterTrust<INTERT~1>
2007-04-02 04:09:25 0 d-------- I:\Documents and Settings\Mike\Application Data\Adobe
2007-04-02 04:03:15 0 d-------- I:\Documents and Settings\All Users\Application Data\NVIDIA
2007-04-02 03:57:18 0 d-------- I:\Documents and Settings\All Users\Application Data\nView_Profiles<NVIEW_~1>
2007-04-02 03:54:31 208896 --a------ I:\WINDOWS\system32\nvudisp.exe
2007-04-02 03:54:31 0 d-------- I:\WINDOWS\nview
2007-04-02 03:54:22 208896 --a------ I:\WINDOWS\system32\NVUNINST.EXE
2007-04-02 03:54:15 0 d-------- I:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-04-02 03:54:09 0 d-------- I:\NVIDIA
2007-04-02 03:49:43 0 d-------- I:\Documents and Settings\All Users\Application Data\Creative
2007-04-02 03:49:42 6400 --a------ I:\WINDOWS\system32\drivers\splitter.sys
2007-04-02 03:49:41 82944 --a------ I:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-02 03:49:40 52864 --a------ I:\WINDOWS\system32\drivers\DMusic.sys
2007-04-02 03:49:36 54272 --a------ I:\WINDOWS\system32\drivers\swmidi.sys
2007-04-02 03:49:35 142464 --a------ I:\WINDOWS\system32\drivers\aec.sys
2007-04-02 03:49:34 172416 --a------ I:\WINDOWS\system32\drivers\kmixer.sys
2007-04-02 03:49:33 60800 --a------ I:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-02 03:49:33 2944 --a------ I:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-02 03:49:31 4992 --a------ I:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-02 03:49:31 7552 --a------ I:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-02 03:49:29 5376 --a------ I:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-02 03:49:23 4096 --a------ I:\WINDOWS\system32\ksuser.dll
2007-04-02 03:49:23 145792 --a------ I:\WINDOWS\system32\drivers\portcls.sys
2007-04-02 03:49:23 60288 --a------ I:\WINDOWS\system32\drivers\drmk.sys
2007-04-02 02:54:55 0 d-------- I:\WINDOWS\system32\Data
2007-04-02 02:54:51 108032 --a------ I:\WINDOWS\system32\mfcuia32.dll
2007-04-02 02:54:50 149504 --a------ I:\WINDOWS\system32\mfcans32.dll
2007-04-02 02:52:51 22423 --a------ I:\WINDOWS\system32\drivers\oasisusb.sys
2007-04-02 02:52:51 24384 --a------ I:\WINDOWS\system32\drivers\nmusb.sys
2007-04-02 02:46:03 41984 --a------ I:\WINDOWS\CTREGRUN.EXE
2007-04-02 02:45:59 306688 --a------ I:\WINDOWS\IsUninst.exe
2007-04-01 23:27:03 0 d-------- I:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-04-01 23:27:02 0 d-------- I:\WINDOWS\Prefetch
2007-04-01 23:26:44 229376 --a------ I:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-01 23:24:15 0 d-------- I:\WINDOWS\system32\xircom
2007-04-01 23:24:15 0 d-------- I:\Program Files\microsoft frontpage<MICROS~1>
2007-04-01 23:24:05 229376 ---h----- I:\Documents and Settings\Default User\NTUSER.DAT
2007-04-01 23:23:49 112128 --a------ I:\WINDOWS\system32\mapi32.dll
2007-04-01 23:23:14 0 d--hs---- I:\Documents and Settings\All Users\DRM
2007-04-01 23:23:06 0 dr------- I:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-04-01 23:23:06 0 d---s---- I:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-04-01 23:22:54 0 d--h----- I:\Program Files\WindowsUpdate<WINDOW~3>
2007-04-01 23:22:43 0 d-------- I:\WINDOWS\system32\DirectX
2007-04-01 23:22:40 11264 --a------ I:\WINDOWS\system32\atrace.dll
2007-04-01 23:22:39 12288 --a------ I:\WINDOWS\system32\nmevtmsg.dll
2007-04-01 23:22:39 64512 --a------ I:\WINDOWS\system32\acctres.dll
2007-04-01 23:22:38 0 d---s---- I:\WINDOWS\Tasks
2007-04-01 23:22:38 16384 --a------ I:\WINDOWS\system32\icfgnt5.dll
2007-04-01 23:22:38 0 d-------- I:\Program Files\Common Files\MSSoap
2007-04-01 23:22:37 0 d-------- I:\WINDOWS\system32\Macromed
2007-04-01 23:22:37 0 d-------- I:\WINDOWS\srchasst
2007-04-01 23:22:36 173536 --a------ I:\WINDOWS\system32\wuweb.dll
2007-04-01 23:22:36 41240 --a------ I:\WINDOWS\system32\wups.dll
2007-04-01 23:22:36 127256 --a------ I:\WINDOWS\system32\wucltui.dll
2007-04-01 23:22:36 6656 --a------ I:\WINDOWS\system32\wuauserv.dll
2007-04-01 23:22:36 194328 --a------ I:\WINDOWS\system32\wuaueng1.dll
2007-04-01 23:22:36 1343768 --a------ I:\WINDOWS\system32\wuaueng.dll
2007-04-01 23:22:36 172312 --a------ I:\WINDOWS\system32\wuauclt1.exe
2007-04-01 23:22:36 124184 --a------ I:\WINDOWS\system32\wuauclt.exe
2007-04-01 23:22:36 465176 --a------ I:\WINDOWS\system32\wuapi.dll
2007-04-01 23:22:36 18944 --a------ I:\WINDOWS\system32\qmgrprxy.dll
2007-04-01 23:22:36 382464 --a------ I:\WINDOWS\system32\qmgr.dll
2007-04-01 23:22:36 7168 --a------ I:\WINDOWS\system32\bitsprx3.dll
2007-04-01 23:22:36 8192 --a------ I:\WINDOWS\system32\bitsprx2.dll
2007-04-01 23:22:36 0 d-------- I:\Program Files\Movie Maker<MOVIEM~1>
2007-04-01 23:22:35 45568 --a------ I:\WINDOWS\system32\safrslv.dll
2007-04-01 23:22:35 29696 --a------ I:\WINDOWS\system32\safrdm.dll
2007-04-01 23:22:35 43520 --a------ I:\WINDOWS\system32\safrcdlg.dll
2007-04-01 23:22:35 43520 --a------ I:\WINDOWS\system32\racpldlg.dll
2007-04-01 23:22:34 170496 --a------ I:\WINDOWS\system32\srsvc.dll
2007-04-01 23:22:34 239104 --a------ I:\WINDOWS\system32\srrstr.dll
2007-04-01 23:22:34 67584 --a------ I:\WINDOWS\system32\srclient.dll
2007-04-01 23:22:34 0 d-------- I:\WINDOWS\system32\Restore
2007-04-01 23:22:34 28672 --a------ I:\WINDOWS\system32\nmmkcert.dll
2007-04-01 23:22:34 69632 --a------ I:\WINDOWS\system32\msconf.dll
2007-04-01 23:22:34 32768 --a------ I:\WINDOWS\system32\mnmsrvc.exe
2007-04-01 23:22:34 34560 --a------ I:\WINDOWS\system32\mnmdd.dll
2007-04-01 23:22:34 32768 --a------ I:\WINDOWS\system32\isrdbg32.dll
2007-04-01 23:22:34 81920 --a------ I:\WINDOWS\system32\ils.dll
2007-04-01 23:22:34 23040 --a------ I:\WINDOWS\system32\fltmc.exe
2007-04-01 23:22:34 16896 --a------ I:\WINDOWS\system32\fltlib.dll
2007-04-01 23:22:34 73472 --a------ I:\WINDOWS\system32\drivers\sr.sys
2007-04-01 23:22:34 128896 --a------ I:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-01 23:22:32 190976 --a------ I:\WINDOWS\system32\schedsvc.dll
2007-04-01 23:22:32 12288 --a------ I:\WINDOWS\system32\mstinit.exe
2007-04-01 23:22:32 274944 --a------ I:\WINDOWS\system32\mstask.dll
2007-04-01 23:22:32 105984 --a------ I:\WINDOWS\system32\msoert2.dll
2007-04-01 23:22:32 252928 --a------ I:\WINDOWS\system32\msoeacct.dll
2007-04-01 23:22:32 81920 --a------ I:\WINDOWS\system32\isign32.dll
2007-04-01 23:22:32 48128 --a------ I:\WINDOWS\system32\inetres.dll
2007-04-01 23:22:32 679424 --a------ I:\WINDOWS\system32\inetcomm.dll
2007-04-01 23:22:32 274432 --a------ I:\WINDOWS\system32\inetcfg.dll
2007-04-01 23:22:32 65536 --a------ I:\WINDOWS\system32\icwphbk.dll
2007-04-01 23:22:32 73728 --a------ I:\WINDOWS\system32\icwdial.dll
2007-04-01 23:22:11 21640 --a------ I:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-04-01 23:22:00 0 d-------- I:\WINDOWS\Registration<REGIST~1>
2007-04-01 23:21:54 0 d-------- I:\Program Files\Online Services<ONLINE~1>
2007-04-01 23:21:49 0 d-------- I:\Program Files\Messenger<MESSEN~1>
2007-04-01 23:21:48 5632 --a------ I:\WINDOWS\system32\write.exe
2007-04-01 23:21:48 0 d-------- I:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-04-01 23:21:46 35328 --a------ I:\WINDOWS\system32\winchat.exe
2007-04-01 23:21:46 138752 --a------ I:\WINDOWS\system32\sndvol32.exe
2007-04-01 23:21:46 44544 --a------ I:\WINDOWS\system32\hticons.dll
2007-04-01 23:21:46 73216 --a------ I:\WINDOWS\system32\avwav.dll
2007-04-01 23:21:46 227840 --a------ I:\WINDOWS\system32\avtapi.dll
2007-04-01 23:21:46 16384 --a------ I:\WINDOWS\system32\avmeter.dll
2007-04-01 23:21:45 605696 --a------ I:\WINDOWS\system32\getuname.dll
2007-04-01 23:21:45 80384 --a------ I:\WINDOWS\system32\charmap.exe
2007-04-01 23:21:44 119808 --a------ I:\WINDOWS\system32\winmine.exe
2007-04-01 23:21:44 1161 --a------ I:\WINDOWS\system32\usrlogon.cmd
2007-04-01 23:21:44 16896 --a------ I:\WINDOWS\system32\tsshutdn.exe
2007-04-01 23:21:44 16384 --a------ I:\WINDOWS\system32\tskill.exe
2007-04-01 23:21:44 14848 --a------ I:\WINDOWS\system32\tsdiscon.exe
2007-04-01 23:21:44 14848 --a------ I:\WINDOWS\system32\tscon.exe
2007-04-01 23:21:44 54272 --a------ I:\WINDOWS\system32\stclient.dll
2007-04-01 23:21:44 56832 --a------ I:\WINDOWS\system32\sol.exe
2007-04-01 23:21:44 14848 --a------ I:\WINDOWS\system32\shadow.exe
2007-04-01 23:21:44 15872 --a------ I:\WINDOWS\system32\rwinsta.exe
2007-04-01 23:21:44 9728 --a------ I:\WINDOWS\system32\reset.exe
2007-04-01 23:21:44 33792 --a------ I:\WINDOWS\system32\regini.exe
2007-04-01 23:21:44 4096 --a------ I:\WINDOWS\system32\rdpcfgex.dll
2007-04-01 23:21:44 22016 --a------ I:\WINDOWS\system32\qwinsta.exe
2007-04-01 23:21:44 16896 --a------ I:\WINDOWS\system32\qappsrv.exe
2007-04-01 23:21:44 25088 --a------ I:\WINDOWS\system32\mtxlegih.dll
2007-04-01 23:21:44 4096 --a------ I:\WINDOWS\system32\mtxex.dll
2007-04-01 23:21:44 20480 --a------ I:\WINDOWS\system32\mtxdm.dll
2007-04-01 23:21:44 126976 --a------ I:\WINDOWS\system32\mshearts.exe
2007-04-01 23:21:44 20992 --a------ I:\WINDOWS\system32\msg.exe
2007-04-01 23:21:44 15360 --a------ I:\WINDOWS\system32\logoff.exe
2007-04-01 23:21:44 55296 --a------ I:\WINDOWS\system32\freecell.exe
2007-04-01 23:21:44 5120 --a------ I:\WINDOWS\system32\dcomcnfg.exe
2007-04-01 23:21:44 147456 --a------ I:\WINDOWS\system32\comsnap.dll
2007-04-01 23:21:44 97792 --a------ I:\WINDOWS\system32\comrepl.dll
2007-04-01 23:21:44 25600 --a------ I:\WINDOWS\system32\comaddin.dll
2007-04-01 23:21:44 15872 --a------ I:\WINDOWS\system32\cdmodem.dll
2007-04-01 23:21:44 114688 --a------ I:\WINDOWS\system32\calc.exe
2007-04-01 23:21:41 131584 --a------ I:\WINDOWS\system32\sndrec32.exe
2007-04-01 23:21:41 183808 --a------ I:\WINDOWS\system32\accwiz.exe
2007-04-01 23:21:40 11776 --a------ I:\WINDOWS\system32\xolehlp.dll
2007-04-01 23:21:40 44544 --a------ I:\WINDOWS\system32\tscupgrd.exe
2007-04-01 23:21:40 93696 --a------ I:\WINDOWS\system32\tscfgwmi.dll
2007-04-01 23:21:40 295424 --a------ I:\WINDOWS\system32\termsrv.dll
2007-04-01 23:21:40 538624 --a------ I:\WINDOWS\system32\spider.exe
2007-04-01 23:21:40 140800 --a------ I:\WINDOWS\system32\sessmgr.exe
2007-04-01 23:21:40 60416 --a------ I:\WINDOWS\system32\remotepg.dll
2007-04-01 23:21:40 67072 --a------ I:\WINDOWS\system32\rdshost.exe
2007-04-01 23:21:40 13824 --a------ I:\WINDOWS\system32\rdsaddin.exe
2007-04-01 23:21:40 87176 --a------ I:\WINDOWS\system32\rdpwsx.dll
2007-04-01 23:21:40 19968 --a------ I:\WINDOWS\system32\rdpsnd.dll
2007-04-01 23:21:40 62464 --a------ I:\WINDOWS\system32\rdpclip.exe
2007-04-01 23:21:40 147968 --a------ I:\WINDOWS\system32\rdchost.dll
2007-04-01 23:21:40 20480 --a------ I:\WINDOWS\system32\qprocess.exe
2007-04-01 23:21:40 91136 --a------ I:\WINDOWS\system32\mtxoci.dll
2007-04-01 23:21:40 1866240 --a------ I:\WINDOWS\system32\mstscax.dll
2007-04-01 23:21:40 600576 --a------ I:\WINDOWS\system32\mstsc.exe
2007-04-01 23:21:40 343040 --a------ I:\WINDOWS\system32\mspaint.exe
2007-04-01 23:21:40 161280 --a------ I:\WINDOWS\system32\msdtcuiu.dll
2007-04-01 23:21:40 956416 --a------ I:\WINDOWS\system32\msdtctm.dll
2007-04-01 23:21:40 426496 --a------ I:\WINDOWS\system32\msdtcprx.dll
2007-04-01 23:21:40 58880 --a------ I:\WINDOWS\system32\msdtclog.dll
2007-04-01 23:21:40 0 d-------- I:\WINDOWS\system32\MsDtc
2007-04-01 23:21:40 6144 --a------ I:\WINDOWS\system32\msdtc.exe
2007-04-01 23:21:40 123392 --a------ I:\WINDOWS\system32\mplay32.exe
2007-04-01 23:21:40 11264 --a------ I:\WINDOWS\system32\icaapi.dll
2007-04-01 23:21:40 347136 --a------ I:\WINDOWS\system32\hypertrm.dll
2007-04-01 23:21:40 21896 --a------ I:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-01 23:21:40 12040 --a------ I:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-01 23:21:40 139528 --a------ I:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-01 23:21:40 0 d-------- I:\WINDOWS\system32\Com
2007-04-01 23:21:40 102912 --a------ I:\WINDOWS\system32\clipbrd.exe
2007-04-01 23:21:40 38912 --a------ I:\WINDOWS\system32\cfgbkend.dll
2007-04-01 23:21:40 0 d-------- I:\Program Files\Windows NT<WINDOW~1>
2007-04-01 23:21:39 60416 --a------ I:\WINDOWS\system32\colbact.dll
2007-04-01 23:21:39 110080 --a------ I:\WINDOWS\system32\clbcatex.dll
2007-04-01 23:21:39 85504 --a------ I:\WINDOWS\system32\catsrvps.dll
2007-04-01 23:21:38 540160 --a------ I:\WINDOWS\system32\comuid.dll
2007-04-01 23:21:38 1267200 --a------ I:\WINDOWS\system32\comsvcs.dll
2007-04-01 23:21:38 498688 --a------ I:\WINDOWS\system32\clbcatq.dll
2007-04-01 23:21:38 625152 --a------ I:\WINDOWS\system32\catsrvut.dll
2007-04-01 23:21:38 225792 --a------ I:\WINDOWS\system32\catsrv.dll
2007-04-01 23:21:37 56320 --a------ I:\WINDOWS\system32\servdeps.dll
2007-04-01 23:21:37 17408 --a------ I:\WINDOWS\system32\mmfutil.dll
2007-04-01 23:21:37 58880 --a------ I:\WINDOWS\system32\licwmi.dll
2007-04-01 23:21:37 196864 --a------ I:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-01 23:21:37 185344 --a------ I:\WINDOWS\system32\cmprops.dll
2007-04-01 23:21:36 40840 --a------ I:\WINDOWS\system32\drivers\termdd.sys
2007-04-01 20:15:03 17408 --a------ I:\WINDOWS\system32\winshfhc.dll
2007-04-01 20:15:03 71680 --a------ I:\WINDOWS\system32\blastcln.exe
2007-04-01 20:15:02 4096 --a------ I:\WINDOWS\system32\wmvdmoe2.dll
2007-04-01 20:15:02 4096 --a------ I:\WINDOWS\system32\wmvdmod.dll
2007-04-01 20:15:02 303616 --a------ I:\WINDOWS\system32\wmstream.dll
2007-04-01 20:15:01 1329152 --a------ I:\WINDOWS\system32\WMSPDMOE.dll
2007-04-01 20:15:01 603648 --a------ I:\WINDOWS\system32\WMSPDMOD.dll
2007-04-01 20:15:01 4096 --a------ I:\WINDOWS\system32\wmsdmoe2.dll
2007-04-01 20:15:01 115200 --a------ I:\WINDOWS\system32\wmsdmoe.dll
2007-04-01 20:15:01 4096 --a------ I:\WINDOWS\system32\wmsdmod.dll
2007-04-01 20:15:01 20480 --a------ I:\WINDOWS\system32\wmpui.dll
2007-04-01 20:15:01 99840 --a------ I:\WINDOWS\system32\wmpshell.dll
2007-04-01 20:15:01 314880 --a------ I:\WINDOWS\system32\wmpdxm.dll
2007-04-01 20:15:01 242688 --a------ I:\WINDOWS\system32\wmpasf.dll
2007-04-01 20:15:00 8231936 --a------ I:\WINDOWS\system32\wmploc.dll
2007-04-01 20:15:00 20480 --a------ I:\WINDOWS\system32\wmpcore.dll
2007-04-01 20:15:00 20480 --a------ I:\WINDOWS\system32\wmpcd.dll
2007-04-01 20:15:00 937984 --a------ I:\WINDOWS\system32\WMNetMgr.dll
2007-04-01 20:15:00 157184 --a------ I:\WINDOWS\system32\wmidx.dll
2007-04-01 20:15:00 227328 --a------ I:\WINDOWS\system32\wmerror.dll
2007-04-01 20:15:00 37376 --a------ I:\WINDOWS\system32\wmdmps.dll
2007-04-01 20:15:00 33792 --a------ I:\WINDOWS\system32\wmdmlog.dll
2007-04-01 20:15:00 222208 --a------ I:\WINDOWS\system32\WMASF.dll
2007-04-01 20:15:00 1117696 --a------ I:\WINDOWS\system32\WMADMOE.dll
2007-04-01 20:14:59 757248 --a------ I:\WINDOWS\system32\WMADMOD.dll
2007-04-01 20:14:59 246814 --a------ I:\WINDOWS\system32\strmdll.dll
2007-04-01 20:14:59 151552 --a------ I:\WINDOWS\system32\shmedia.dll
2007-04-01 20:14:58 321536 --a------ I:\WINDOWS\system32\mswmdm.dll
2007-04-01 20:14:58 414720 --a------ I:\WINDOWS\system32\msscp.dll
2007-04-01 20:14:58 175616 --a------ I:\WINDOWS\system32\mspmsp.dll
2007-04-01 20:14:58 27136 --a------ I:\WINDOWS\system32\mspmsnsv.dll
2007-04-01 20:14:58 179712 --a------ I:\WINDOWS\system32\msnetobj.dll
2007-04-01 20:14:58 4126 --a------ I:\WINDOWS\system32\msdxmlc.dll
2007-04-01 20:14:57 4096 --a------ I:\WINDOWS\system32\MPG4DMOD.dll
2007-04-01 20:14:57 4096 --a------ I:\WINDOWS\system32\MP4SDMOD.dll
2007-04-01 20:14:57 4096 --a------ I:\WINDOWS\system32\MP43DMOD.dll
2007-04-01 20:14:57 100864 --a------ I:\WINDOWS\system32\logagent.exe
2007-04-01 20:14:57 11264 --a------ I:\WINDOWS\system32\LAPRXY.dll
2007-04-01 20:14:57 498742 --a------ I:\WINDOWS\system32\dxmasf.dll
2007-04-01 20:14:57 991744 --a------ I:\WINDOWS\system32\drmv2clt.dll
2007-04-01 20:14:57 87040 --a------ I:\WINDOWS\system32\drmstor.dll
2007-04-01 20:14:56 299520 --a------ I:\WINDOWS\system32\drmclien.dll
2007-04-01 20:14:56 229376 --a------ I:\WINDOWS\system32\cewmdm.dll
2007-04-01 20:14:56 542720 --a------ I:\WINDOWS\system32\blackbox.dll
2007-04-01 20:14:56 7168 --a------ I:\WINDOWS\system32\asferror.dll
2007-04-01 20:14:44 40448 --a------ I:\WINDOWS\system32\osuninst.exe
2007-04-01 20:14:43 18944 --a------ I:\WINDOWS\vmmreg32.dll
2007-04-01 20:14:43 18176 --a------ I:\WINDOWS\system32\vga64k.dll
2007-04-01 20:14:43 51456 --a------ I:\WINDOWS\system32\vga256.dll
2007-04-01 20:14:42 347136 --a------ I:\WINDOWS\system32\tourstart.exe<TOURST~1.EXE>
2007-04-01 20:14:42 209408 --a------ I:\WINDOWS\system32\drivers\update.sys
2007-04-01 20:14:41 11776 --a------ I:\WINDOWS\system32\spnpinst.exe
2007-04-01 20:14:37 15360 --a------ I:\WINDOWS\system32\pentnt.exe
2007-04-01 20:14:37 20511 --a------ I:\WINDOWS\system32\odtext32.dll
2007-04-01 20:14:37 20510 --a------ I:\WINDOWS\system32\odpdx32.dll
2007-04-01 20:14:37 20510 --a------ I:\WINDOWS\system32\odfox32.dll
2007-04-01 20:14:37 20510 --a------ I:\WINDOWS\system32\odexl32.dll
2007-04-01 20:14:37 20511 --a------ I:\WINDOWS\system32\oddbse32.dll
2007-04-01 20:14:34 348189 --a------ I:\WINDOWS\system32\msxbde40.dll
2007-04-01 20:14:34 253952 --a------ I:\WINDOWS\system32\msvcrt20.dll
2007-04-01 20:14:34 258077 --a------ I:\WINDOWS\system32\mstext40.dll
2007-04-01 20:14:34 552989 --a------ I:\WINDOWS\system32\msrepl40.dll
2007-04-01 20:14:34 28746 --a------ I:\WINDOWS\system32\msrecr40.dll
2007-04-01 20:14:34 421919 --a------ I:\WINDOWS\system32\msrd2x40.dll
2007-04-01 20:14:34 73802 --a------ I:\WINDOWS\system32\msrclr40.dll
2007-04-01 20:14:34 7168 --a------ I:\WINDOWS\system32\msr2cenu.dll
2007-04-01 20:14:34 69632 --a------ I:\WINDOWS\system32\msr2c.dll
2007-04-01 20:14:34 348189 --a------ I:\WINDOWS\system32\mspbde40.dll
2007-04-01 20:14:33 213023 --a------ I:\WINDOWS\system32\msltus40.dll
2007-04-01 20:14:33 319517 --a------ I:\WINDOWS\system32\msexcl40.dll
2007-04-01 20:14:33 512029 --a------ I:\WINDOWS\system32\msexch40.dll
2007-04-01 20:14:33 4224 --a------ I:\WINDOWS\system32\drivers\mnmdd.sys
2007-04-01 20:14:32 51712 --a------ I:\WINDOWS\system32\migpwd.exe
2007-04-01 20:14:32 25088 --a------ I:\WINDOWS\system32\lnkstub.exe
2007-04-01 20:14:31 92224 --a------ I:\WINDOWS\system32\krnl386.exe
2007-04-01 20:14:31 183808 --a------ I:\WINDOWS\system32\ir50_qcx.dll
2007-04-01 20:14:31 200192 --a------ I:\WINDOWS\system32\ir50_qc.dll
2007-04-01 20:14:31 755200 --a------ I:\WINDOWS\system32\ir50_32.dll
2007-04-01 20:14:31 338432 --a------ I:\WINDOWS\system32\ir41_qcx.dll
2007-04-01 20:14:31 120320 --a------ I:\WINDOWS\system32\ir41_qc.dll
2007-04-01 20:14:30 590336 --a------ I:\WINDOWS\system32\d3dramp.dll
2007-04-01 20:14:30 27136 --a------ I:\WINDOWS\system32\ctl3d32.dll
2007-04-01 20:14:27 51200 --a------ I:\WINDOWS\system32\wmerrenu.dll
2007-04-01 20:14:21 438784 --a------ I:\WINDOWS\system32\xpob2res.dll
2007-04-01 20:14:20 2897920 --a------ I:\WINDOWS\system32\xpsp2res.dll
2007-04-01 20:14:19 187392 --a------ I:\WINDOWS\system32\xpsp1res.dll
2007-04-01 20:14:18 69886 --a------ I:\WINDOWS\system32\edit.com
2007-04-01 20:14:12 195072 --a------ I:\WINDOWS\system32\msutb.dll
2007-04-01 20:14:12 25088 --a------ I:\WINDOWS\system32\mslbui.dll
2007-04-01 20:14:12 159232 --a------ I:\WINDOWS\system32\MSIMTF.dll
2007-04-01 20:14:12 15360 --a------ I:\WINDOWS\system32\ctfmon.exe
2007-04-01 20:14:11 69120 --a------ I:\WINDOWS\system32\MSCTFP.dll
2007-04-01 20:14:11 294400 --a------ I:\WINDOWS\system32\MSCTF.dll
2007-04-01 20:14:10 6656 --a------ I:\WINDOWS\system32\kbdinmal.dll
2007-04-01 20:14:10 6656 --a------ I:\WINDOWS\system32\kbdinben.dll
2007-04-01 20:14:10 6144 --a------ I:\WINDOWS\system32\kbdinbe1.dll
2007-04-01 20:14:00 337920 --a------ I:\WINDOWS\system32\zipfldr.dll
2007-04-01 20:13:59 50176 --a------ I:\WINDOWS\system32\xmlprovi.dll
2007-04-01 20:13:59 129536 --a------ I:\WINDOWS\system32\xmlprov.dll
2007-04-01 20:13:59 174200 --a------ I:\WINDOWS\system32\xenroll.dll
2007-04-01 20:13:59 30720 --a------ I:\WINDOWS\system32\xcopy.exe
2007-04-01 20:13:59 91648 --a------ I:\WINDOWS\system32\xactsrv.dll
2007-04-01 20:13:58 378368 --a------ I:\WINDOWS\system32\wzcdlg.dll
2007-04-01 20:13:58 32256 --a------ I:\WINDOWS\system32\wupdmgr.exe
2007-04-01 20:13:58 18432 --a------ I:\WINDOWS\system32\wtsapi32.dll
2007-04-01 20:13:58 50688 --a------ I:\WINDOWS\system32\wstdecod.dll
2007-04-01 20:13:58 22528 --a------ I:\WINDOWS\system32\wsock32.dll
2007-04-01 20:13:58 42496 --a------ I:\WINDOWS\system32\wsnmp32.dll
2007-04-01 20:13:58 19968 --a------ I:\WINDOWS\system32\wshtcpip.dll
2007-04-01 20:13:58 11776 --a------ I:\WINDOWS\system32\WshRm.dll
2007-04-01 20:13:58 7168 --a------ I:\WINDOWS\system32\wshnetbs.dll
2007-04-01 20:13:58 11776 --a------ I:\WINDOWS\system32\wshisn.dll
2007-04-01 20:13:58 14336 --a------ I:\WINDOWS\system32\wship6.dll
2007-04-01 20:13:58 65536 --a------ I:\WINDOWS\system32\wshext.dll
2007-04-01 20:13:58 28672 --a------ I:\WINDOWS\system32\wshcon.dll
2007-04-01 20:13:58 9216 --a------ I:\WINDOWS\system32\wshatm.dll
2007-04-01 20:13:58 596992 --a------ I:\WINDOWS\system32\wsecedit.dll
2007-04-01 20:13:58 81408 --a------ I:\WINDOWS\system32\wscsvc.dll
2007-04-01 20:13:58 114688 --a------ I:\WINDOWS\system32\wscript.exe
2007-04-01 20:13:58 13824 --a------ I:\WINDOWS\system32\wscntfy.exe
2007-04-01 20:13:58 19968 --a------ I:\WINDOWS\system32\ws2help.dll
2007-04-01 20:13:58 82944 --a------ I:\WINDOWS\system32\ws2_32.dll
2007-04-01 20:13:58 12032 --a------ I:\WINDOWS\system32\drivers\ws2ifsl.sys
2007-04-01 20:13:57 32256 --a------ I:\WINDOWS\system32\wpnpinst.exe
2007-04-01 20:13:57 32256 --a------ I:\WINDOWS\system32\wpabaln.exe
2007-04-01 20:13:57 10368 --a------ I:\WINDOWS\system32\wowexec.exe
2007-04-01 20:13:57 2736 --a------ I:\WINDOWS\system32\wowdeb.exe
2007-04-01 20:13:57 264192 --a------ I:\WINDOWS\system32\wow32.dll
2007-04-01 20:13:57 55808 --a------ I:\WINDOWS\system32\wmiscmgr.dll
2007-04-01 20:13:57 18944 --a------ I:\WINDOWS\system32\wmiprop.dll
2007-04-01 20:13:56 5632 --a------ I:\WINDOWS\system32\wmi.dll
2007-04-01 20:13:56 92672 --a------ I:\WINDOWS\system32\wlnotify.dll
2007-04-01 20:13:56 172032 --a------ I:\WINDOWS\system32\wldap32.dll
2007-04-01 20:13:56 132096 --a------ I:\WINDOWS\system32\wkssvc.dll
2007-04-01 20:13:56 5632 --a------ I:\WINDOWS\system32\winver.exe
2007-04-01 20:13:56 176640 --a------ I:\WINDOWS\system32\wintrust.dll
2007-04-01 20:13:56 18944 --a------ I:\WINDOWS\system32\winstrm.dll
2007-04-01 20:13:56 53760 --a------ I:\WINDOWS\system32\winsta.dll
2007-04-01 20:13:56 291840 --a------ I:\WINDOWS\system32\winsrv.dll
2007-04-01 20:13:56 2112 --a------ I:\WINDOWS\system32\winspool.exe
2007-04-01 20:13:56 2864 --a------ I:\WINDOWS\system32\winsock.dll
2007-04-01 20:13:56 4352 --a------ I:\WINDOWS\system32\drivers\wmilib.sys
2007-04-01 20:13:55 283648 --a------ I:\WINDOWS\winhlp32.exe
2007-04-01 20:13:55 256192 --a------ I:\WINDOWS\winhelp.exe
2007-04-01 20:13:55 99328 --a------ I:\WINDOWS\system32\winscard.dll
2007-04-01 20:13:55 16896 --a------ I:\WINDOWS\system32\winrnr.dll
2007-04-01 20:13:55 764928 --a------ I:\WINDOWS\system32\winntbbu.dll
2007-04-01 20:13:55 5120 --a------ I:\WINDOWS\system32\winnls.dll
2007-04-01 20:13:55 11776 --a------ I:\WINDOWS\system32\winmsd.exe
2007-04-01 20:13:55 176128 --a------ I:\WINDOWS\system32\winmm.dll
2007-04-01 20:13:55 502272 --a------ I:\WINDOWS\system32\winlogon.exe
2007-04-01 20:13:55 32768 --a------ I:\WINDOWS\system32\winipsec.dll
2007-04-01 20:13:55 351232 --a------ I:\WINDOWS\system32\winhttp.dll
2007-04-01 20:13:55 8192 --a------ I:\WINDOWS\system32\winhlp32.exe
2007-04-01 20:13:55 9216 --a------ I:\WINDOWS\system32\winfax.dll
2007-04-01 20:13:55 937984 --a------ I:\WINDOWS\system32\winbrand.dll
2007-04-01 20:13:55 13312 --a------ I:\WINDOWS\system32\win87em.dll
2007-04-01 20:13:55 101888 --a------ I:\WINDOWS\system32\win32spl.dll
2007-04-01 20:13:54 1843584 --a------ I:\WINDOWS\system32\win32k.sys
2007-04-01 20:13:54 18432 --a------ I:\WINDOWS\system32\win.com
2007-04-01 20:13:54 9216 --a------ I:\WINDOWS\system32\wifeman.dll
2007-04-01 20:13:54 145408 --a------ I:\WINDOWS\system32\wiavusd.dll
2007-04-01 20:13:54 111104 --a------ I:\WINDOWS\system32\wiavideo.dll
2007-04-01 20:13:54 589312 --a------ I:\WINDOWS\system32\wiashext.dll
2007-04-01 20:13:54 75776 --a------ I:\WINDOWS\system32\wiascr.dll
2007-04-01 20:13:54 124416 --a------ I:\WINDOWS\system32\wiadss.dll
2007-04-01 20:13:54 463360 --a------ I:\WINDOWS\system32\wiadefui.dll
2007-04-01 20:13:54 433664 --a------ I:\WINDOWS\system32\wiaacmgr.exe
2007-04-01 20:13:54 65536 --a------ I:\WINDOWS\system32\wextract.exe
2007-04-01 20:13:54 135680 --a------ I:\WINDOWS\system32\webvw.dll
2007-04-01 20:13:54 40448 --a------ I:\WINDOWS\system32\webhits.dll
2007-04-01 20:13:54 68096 --a------ I:\WINDOWS\system32\webclnt.dll
2007-04-01 20:13:53 49152 --a------ I:\WINDOWS\system32\wdigest.dll
2007-04-01 20:13:51 208896 --a------ I:\WINDOWS\system32\wavemsp.dll
2007-04-01 20:13:51 17664 --a------ I:\WINDOWS\system32\watchdog.sys
2007-04-01 20:13:51 22016 --a------ I:\WINDOWS\system32\w32topl.dll
2007-04-01 20:13:51 49664 --a------ I:\WINDOWS\system32\w32tm.exe
2007-04-01 20:13:51 174592 --a------ I:\WINDOWS\system32\w32time.dll
2007-04-01 20:13:51 1129 --a------ I:\WINDOWS\system32\vwipxspx.exe
2007-04-01 20:13:51 19456 --a------ I:\WINDOWS\system32\vwipxspx.dll
2007-04-01 20:13:51 289792 --a------ I:\WINDOWS\system32\vssvc.exe
2007-04-01 20:13:51 430592 --a------ I:\WINDOWS\system32\vssapi.dll
2007-04-01 20:13:51 33792 --a------ I:\WINDOWS\system32\vssadmin.exe
2007-04-01 20:13:51 16896 --a------ I:\WINDOWS\system32\vss_ps.dll
2007-04-01 20:13:51 34560 --a------ I:\WINDOWS\system32\drivers\wanarp.sys
2007-04-01 20:13:51 52352 --a------ I:\WINDOWS\system32\drivers\volsnap.sys
2007-04-01 20:13:50 4608 --a------ I:\WINDOWS\system32\vjoy.dll
2007-04-01 20:13:50 9344 --a------ I:\WINDOWS\system32\vga.dll
2007-04-01 20:13:50 20535 --a------ I:\WINDOWS\system32\vfpodbc.dll
2007-04-01 20:13:50 18944 --a------ I:\WINDOWS\system32\version.dll
2007-04-01 20:13:50 98304 --a------ I:\WINDOWS\system32\verifier.exe
2007-04-01 20:13:50 13312 --a------ I:\WINDOWS\system32\verifier.dll
2007-04-01 20:13:50 9008 --a------ I:\WINDOWS\system32\ver.dll
2007-04-01 20:13:50 51712 --a------ I:\WINDOWS\system32\vdmredir.dll
2007-04-01 20:13:50 26112 --a------ I:\WINDOWS\system32\vdmdbg.dll
2007-04-01 20:13:50 7680 --a------ I:\WINDOWS\system32\vcdex.dll
2007-04-01 20:13:50 413696 --a------ I:\WINDOWS\system32\vbscript.dll
2007-04-01 20:13:50 30749 --a------ I:\WINDOWS\system32\vbajet32.dll
2007-04-01 20:13:50 79744 --a------ I:\WINDOWS\system32\drivers\videoprt.sys
2007-04-01 20:13:50 20992 --a------ I:\WINDOWS\system32\drivers\vga.sys
2007-04-01 20:13:49 218624 --a------ I:\WINDOWS\system32\uxtheme.dll
2007-04-01 20:13:49 50176 --a------ I:\WINDOWS\system32\utilman.exe
2007-04-01 20:13:49 25600 --a------ I:\WINDOWS\system32\utildll.dll
2007-04-01 20:13:49 406528 --a------ I:\WINDOWS\system32\usp10.dll
2007-04-01 20:13:49 24576 --a------ I:\WINDOWS\system32\userinit.exe
2007-04-01 20:13:49 723456 --a------ I:\WINDOWS\system32\userenv.dll
2007-04-01 20:13:49 577536 --a------ I:\WINDOWS\system32\user32.dll
2007-04-01 20:13:49 47872 --a------ I:\WINDOWS\system32\user.exe
2007-04-01 20:13:49 16896 --a------ I:\WINDOWS\system32\usbmon.dll
2007-04-01 20:13:49 17920 --a------ I:\WINDOWS\system32\ureg.dll
2007-04-01 20:13:49 18432 --a------ I:\WINDOWS\system32\ups.exe
2007-04-01 20:13:49 239616 --a------ I:\WINDOWS\system32\upnpui.dll
2007-04-01 20:13:49 185344 --a------ I:\WINDOWS\system32\upnphost.dll
2007-04-01 20:13:49 16896 --a------ I:\WINDOWS\system32\upnpcont.exe
2007-04-01 20:13:49 132608 --a------ I:\WINDOWS\system32\upnp.dll
2007-04-01 20:13:49 12672 --a------ I:\WINDOWS\system32\drivers\usb8023.sys
2007-04-01 20:13:48 25600 --a------ I:\WINDOWS\twunk_32.exe
2007-04-01 20:13:48 316416 --a------ I:\WINDOWS\system32\untfs.dll
2007-04-01 20:13:48 4096 --a------ I:\WINDOWS\system32\unlodctr.exe
2007-04-01 20:13:48 13824 --a------ I:\WINDOWS\system32\uniplat.dll
2007-04-01 20:13:48 74240 --a------ I:\WINDOWS\system32\unimdmat.dll
2007-04-01 20:13:48 123392 --a------ I:\WINDOWS\system32\umpnpmgr.dll
2007-04-01 20:13:48 13312 --a------ I:\WINDOWS\system32\umdmxfrm.dll
2007-04-01 20:13:48 35840 --a------ I:\WINDOWS\system32\umandlg.dll
2007-04-01 20:13:48 275456 --a------ I:\WINDOWS\system32\ulib.dll
2007-04-01 20:13:48 82432 --a------ I:\WINDOWS\system32\ufat.dll
2007-04-01 20:13:48 25600 --a------ I:\WINDOWS\system32\udhisapi.dll
2007-04-01 20:13:48 36352 --a------ I:\WINDOWS\system32\typeperf.exe
2007-04-01 20:13:48 177856 --a------ I:\WINDOWS\system32\typelib.dll
2007-04-01 20:13:48 101376 --a------ I:\WINDOWS\system32\txflog.dll
2007-04-01 20:13:48 67584 --a------ I:\WINDOWS\system32\osuninst.dll
2007-04-01 20:13:48 66176 --a------ I:\WINDOWS\system32\drivers\udfs.sys
2007-04-01 20:13:47 49680 --a------ I:\WINDOWS\twunk_16.exe
2007-04-01 20:13:47 50688 --a------ I:\WINDOWS\twain_32.dll
2007-04-01 20:13:47 94784 --a------ I:\WINDOWS\twain.dll
2007-04-01 20:13:47 15872 --a------ I:\WINDOWS\system32\w3ssl.dll
2007-04-01 20:13:47 44032 --a------ I:\WINDOWS\system32\twext.dll
2007-04-01 20:13:47 12168 --a------ I:\WINDOWS\system32\tsddd.dll
2007-04-01 20:13:47 15360 --a------ I:\WINDOWS\system32\tsd32.dll
2007-04-01 20:13:46 52224 --a------ I:\WINDOWS\system32\tsappcmp.dll
2007-04-01 20:13:46 90624 --a------ I:\WINDOWS\system32\trkwks.dll
2007-04-01 20:13:46 11264 --a------ I:\WINDOWS\system32\tree.com
2007-04-01 20:13:46 31232 --a------ I:\WINDOWS\system32\traffic.dll
2007-04-01 20:13:46 31744 --a------ I:\WINDOWS\system32\tracert6.exe
2007-04-01 20:13:46 12288 --a------ I:\WINDOWS\system32\tracert.exe
2007-04-01 20:13:46 259584 --a------ I:\WINDOWS\system32\tracerpt.exe
2007-04-01 20:13:46 13888 --a------ I:\WINDOWS\system32\toolhelp.dll
2007-04-01 20:13:46 7168 --a------ I:\WINDOWS\system32\tlntsvrp.dll
2007-04-01 20:13:46 73216 --a------ I:\WINDOWS\system32\tlntsvr.exe
2007-04-01 20:13:46 78336 --a------ I:\WINDOWS\system32\tlntsess.exe
2007-04-01 20:13:46 61440 --a------ I:\WINDOWS\system32\tlntadmn.exe
2007-04-01 20:13:45 385536 --a------ I:\WINDOWS\system32\themeui.dll
2007-04-01 20:13:45 16896 --a------ I:\WINDOWS\system32\tftp.exe
2007-04-01 20:13:45 358400 --a------ I:\WINDOWS\system32\termmgr.dll
2007-04-01 20:13:45 862 --a------ I:\WINDOWS\system32\termcap
2007-04-01 20:13:45 75776 --a------ I:\WINDOWS\system32\telnet.exe
2007-04-01 20:13:45 19456 --a------ I:\WINDOWS\system32\tcpsvcs.exe
2007-04-01 20:13:45 45568 --a------ I:\WINDOWS\system32\tcpmonui.dll
2007-04-01 20:13:45 45568 --a------ I:\WINDOWS\system32\tcpmon.dll
2007-04-01 20:13:45 14848 --a------ I:\WINDOWS\system32\tcpmib.dll
2007-04-01 20:13:45 12288 --a------ I:\WINDOWS\system32\tcmsetup.exe
2007-04-01 20:13:45 135680 --a------ I:\WINDOWS\system32\taskmgr.exe
2007-04-01 20:13:45 15360 --a------ I:\WINDOWS\system32\taskman.exe
2007-04-01 20:13:45 72192 --a------ I:\WINDOWS\system32\tasklist.exe
2007-04-01 20:13:45 72192 --a------ I:\WINDOWS\system32\taskkill.exe
2007-04-01 20:13:45 78848 --a------ I:\WINDOWS\system32\tapiui.dll
2007-04-01 20:13:45 249344 --a------ I:\WINDOWS\system32\tapisrv.dll
2007-04-01 20:13:45 5632 --a------ I:\WINDOWS\system32\tapiperf.dll
2007-04-01 20:13:45 18560 --a------ I:\WINDOWS\system32\drivers\tdi.sys
2007-04-01 20:13:45 225664 --a------ I:\WINDOWS\system32\drivers\tcpip6.sys
2007-04-01 20:13:45 359808 --a------ I:\WINDOWS\sys