Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Infected with amaena virus/trojan Infected with amaena virus/trojan
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 04-20-2007, 12:16 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 7
OS: XP


Infected with amaena virus/trojan
Hi, I have become infected with the amaena virus/trojan. Pop-ups keep showing up and/or redirecting my current browser to a site of theirs. Norton seems to see some WinFixer (I think that is it, it varies) and deletes it, but they keep coming back. Here is my DSS Main, and VundoFix logs:

Deckard's System Scanner v20070411.38
Run by Tay on 2007-04-20 at 01:07:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; access is denied.


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Tay.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:08:38 AM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NVTray\NVTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Tay\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HIJACK~1\Tay.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\vhbmandm.dll (file missing)
O2 - BHO: (no name) - {351294F4-DF8D-4A21-8EFE-D9E6BE49EE1F} - C:\WINDOWS\system32\awvvt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {856E36A9-A123-418A-A2CC-A05B3BF11AB9} - C:\WINDOWS\system32\ddcyyaw.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A112652E-C28C-40FC-8300-934563DD34C3} - C:\WINDOWS\system32\jkkll.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVTray] C:\Program Files\NVTray\NVTray.exe
O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll
O20 - Winlogon Notify: ddcyyaw - C:\WINDOWS\SYSTEM32\ddcyyaw.dll
O20 - Winlogon Notify: mljjhih - C:\WINDOWS\SYSTEM32\mljjhih.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys
R0 JRAID - c:\windows\system32\drivers\jraid.sys
R0 speedfan - c:\windows\system32\speedfan.sys
R2 PfModNT - c:\windows\system32\pfmodnt.sys
R3 ctgame (Game Port) - c:\windows\system32\drivers\ctgame.sys
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys
R3 RivaTuner32 - c:\program files\rivatuner v2.0 final release\rivatuner32.sys
R3 yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - c:\windows\system32\drivers\yk51x86.sys

S3 ENTECH - c:\windows\system32\drivers\entech.sys
S3 ET5Drv - c:\windows\system32\drivers\et5drv.sys
S3 gdrv - c:\windows\gdrv.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R0 Nla (Network Location Awareness (NLA)) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
R0 SENS (System Event Notification) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
R0 Symantec Core LC - \systemroot\"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing)
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe"
R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe"
R3 NSCService (Norton Protection Center Service) - "c:\program files\common files\symantec shared\security console\nscsrvce.exe"

S0 NVSvc (NVIDIA Display Driver Service) - \systemroot\c:\windows\system32\nvsvc32.exe (file missing)
S0 SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
S3 ccISPwdSvc (Symantec Internet Security Password Validation) - "c:\program files\norton internet security\ccpwdsvc.exe"
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-04-13 20:20:45 544 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Tay.job<NORTON~1.JOB>


-- Files created between 2007-03-20 and 2007-04-20 -----------------------------

2007-04-20 01:06:44 123972 --a------ C:\WINDOWS\system32\wpdlovjg.dll
2007-04-20 01:06:44 1373003 ---hs---- C:\WINDOWS\system32\tvvwa.bak1<TVVWA~1.BAK>
2007-04-20 01:06:24 281172 ---hs---- C:\WINDOWS\system32\awvvt.dll
2007-04-20 00:51:01 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-04-20 00:37:12 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-19 17:04:26 0 d-------- C:\Documents and Settings\Tay\Application Data\Apple Computer<APPLEC~1>
2007-04-19 16:29:35 0 d-------- C:\Documents and Settings\Tay\Application Data\Lavasoft
2007-04-19 16:28:14 26694 --a------ C:\WINDOWS\system32\ddcyyaw.dll
2007-04-19 16:02:44 26694 --a------ C:\WINDOWS\system32\awtuvus.dll
2007-04-19 15:41:18 26694 --a------ C:\WINDOWS\system32\mljjhih.dll
2007-04-19 15:10:40 10909 --a------ C:\WINDOWS\system32\ckl009.dat
2007-04-19 14:34:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-04-19 14:33:05 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-04-19 04:43:55 0 d-------- C:\Program Files\Bonjour
2007-04-19 04:26:49 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-04-19 04:26:49 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-04-19 04:24:27 96256 --a------ C:\WINDOWS\system32\drivers\sptd8109.sys
2007-04-19 04:24:27 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-19 03:12:15 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>
2007-04-19 02:48:00 0 d-------- C:\Documents and Settings\Tay\Application Data\ICAClient<ICACLI~1>
2007-04-19 02:47:56 0 d-------- C:\Program Files\Citrix
2007-04-13 16:34:31 0 d-------- C:\Documents and Settings\Tay\Application Data\acccore
2007-04-13 16:34:16 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP<AOLOCP~1>
2007-04-13 16:34:15 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-04-13 16:33:42 0 d-------- C:\Program Files\Common Files\AOL
2007-04-13 16:33:23 0 d-------- C:\Program Files\AIM6
2007-04-13 16:33:20 335 --a------ C:\WINDOWS\nsreg.dat
2007-04-13 16:31:04 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>
2007-04-12 08:38:04 0 d-------- C:\Documents and Settings\Tay\Application Data\Help
2007-04-10 23:35:38 0 d-------- C:\Program Files\Video Card Stability Test<VIDEOC~1>
2007-04-10 16:50:43 0 d-------- C:\Documents and Settings\Tay\Application Data\HP
2007-04-10 16:50:27 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-04-10 16:49:16 0 d-------- C:\Program Files\Common Files\HP
2007-04-10 16:47:40 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-04-10 16:47:20 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-04-10 16:46:45 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-04-10 16:46:42 49664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-04-10 16:46:26 77824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-04-10 16:46:25 38400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-04-10 16:46:07 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-04-10 16:45:40 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-04-10 16:45:40 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-04-10 16:45:40 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-04-10 16:45:40 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-04-10 16:45:40 65536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-04-10 16:45:40 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-04-10 16:44:34 0 d-------- C:\Program Files\HP
2007-04-10 16:44:03 118668 --a------ C:\WINDOWS\hpoins09.dat
2007-04-10 15:29:04 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-04-10 15:29:04 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-04-10 15:29:04 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-04-10 15:29:04 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-04-10 15:29:04 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-04-10 15:29:03 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-04-10 00:52:01 0 d-------- C:\Program Files\RivaTuner v2.0 Final Release<RIVATU~1.0FI>
2007-04-09 23:33:15 0 d-------- C:\Program Files\NVTray
2007-04-09 23:21:44 0 d-------- C:\WINDOWS\NV39242020.TMP<NV3924~1.TMP>
2007-04-09 23:21:13 0 d-------- C:\NVIDIA
2007-04-09 09:49:29 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-09 09:48:54 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-04-04 18:21:14 0 d-------- C:\Program Files\SpeedFan
2007-04-04 18:16:14 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-04 10:30:42 0 d-------- C:\Documents and Settings\Tay\Application Data\River Past G4<RIVERP~1>
2007-04-04 04:31:53 163426 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe<VIDEOC~1.EXE>
2007-04-04 04:31:52 0 d-------- C:\Program Files\River Past<RIVERP~1>
2007-04-04 04:31:52 0 d-------- C:\Program Files\Common Files\River Past<RIVERP~1>
2007-04-04 04:31:52 0 d-------- C:\Documents and Settings\All Users\Application Data\River Past G4<RIVERP~1>
2007-04-04 04:19:07 24576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-04-04 04:19:07 344064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-04-04 04:19:07 487424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-04-04 04:19:07 974848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-04-04 04:19:07 1700352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-04-04 04:19:07 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-04-04 04:19:06 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-04-04 04:19:06 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-04 04:19:06 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-04-04 04:19:06 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-04-04 04:19:06 638976 --a------ C:\WINDOWS\system32\divx.dll
2007-04-04 04:19:06 0 d-------- C:\Program Files\AVSMedia
2007-04-04 04:18:38 0 d--h----- C:\WINDOWS\system32\win32GI
2007-04-04 04:18:38 22040 ---h----- C:\Documents and Settings\Tay\Application Data\addon.dat
2007-04-04 04:02:29 0 d-------- C:\Program Files\Combined Community Codec Pack<COMBIN~1>
2007-04-04 02:08:13 0 d-------- C:\Program Files\Lavasoft
2007-04-04 02:07:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-04 01:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-04-03 19:18:54 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-04-03 19:13:46 0 d-------- C:\Program Files\Common Files\Macrovision Shared<MACROV~1>
2007-04-03 18:28:27 0 d-------- C:\Documents and Settings\Tay\Application Data\vlc
2007-04-03 16:18:32 0 d-------- C:\Documents and Settings\Tay\Application Data\Ahead
2007-04-03 16:17:38 0 d-------- C:\Program Files\Nero
2007-04-03 16:17:38 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-03 16:17:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-04-03 16:07:12 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-04-03 16:06:30 0 d-------- C:\WINDOWS\system32\Futuremark<FUTURE~1>
2007-04-03 16:06:30 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-04-03 16:06:30 5632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-04-03 16:06:30 21664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-04-03 16:05:38 0 d-------- C:\Program Files\Futuremark<FUTURE~1>
2007-04-03 14:40:27 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-04-03 14:34:42 0 d-------- C:\Documents and Settings\Tay\Application Data\Ventrilo
2007-04-03 14:31:07 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-03 14:31:02 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-04-03 14:30:07 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-03 14:27:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-04-03 14:27:50 0 d-------- C:\Documents and Settings\Tay\Application Data\Azureus
2007-04-03 14:25:26 0 d-------- C:\WINDOWS\Sun
2007-04-03 14:25:26 0 d-------- C:\Documents and Settings\Tay\Application Data\Sun
2007-04-03 14:25:18 0 d-------- C:\Program Files\Google
2007-04-03 14:25:18 0 d-------- C:\Documents and Settings\Tay\Application Data\Google
2007-04-03 14:24:49 0 d-------- C:\Program Files\Java
2007-04-03 14:24:14 0 d-------- C:\Program Files\Common Files\Java
2007-04-03 14:22:51 0 d-------- C:\Documents and Settings\Tay\Application Data\allTunes
2007-04-03 14:14:34 0 d-------- C:\Program Files\VideoLAN
2007-04-03 14:14:20 0 d-------- C:\Program Files\Ventrilo
2007-04-03 14:09:54 0 d-------- C:\Program Files\Valve
2007-04-03 14:09:42 0 d-------- C:\Program Files\Spellcrafting-3.0<SPELLC~1.0>
2007-04-03 14:08:59 0 d-------- C:\Program Files\PokerStars<POKERS~1>
2007-04-03 14:05:40 0 d-------- C:\Program Files\Fraps
2007-04-03 14:04:59 0 d-------- C:\Program Files\Azureus
2007-04-03 03:49:29 0 d-------- C:\Program Files\Intel Corporation<INTELC~1>
2007-04-03 00:23:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-04-03 00:19:15 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2007-04-03 00:17:59 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-04-03 00:17:22 132096 --a------ C:\WINDOWS\system32\wkssvc.dll
2007-04-03 00:17:22 721920 --a------ C:\WINDOWS\system32\lsasrv.dll
2007-04-03 00:16:24 37888 -----n--- C:\WINDOWS\system32\olecnv32.dll
2007-04-02 23:57:51 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-02 23:56:24 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-02 23:44:28 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-04-02 23:44:26 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-02 23:38:27 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-04-02 23:38:05 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-02 23:34:59 0 d-------- C:\Documents and Settings\Tay\Application Data\Symantec
2007-04-02 23:31:46 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-04-02 23:31:27 0 d-------- C:\Program Files\Norton Internet Security<NORTON~1>
2007-04-02 23:30:38 87768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-02 23:30:38 108168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-02 23:30:34 0 d-------- C:\Program Files\Symantec
2007-04-02 23:30:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-04-02 23:30:22 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-02 23:27:19 4501 --a------ C:\WINDOWS\gdrv.sys
2007-04-02 23:19:02 17920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-02 23:18:42 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-04-02 23:18:40 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
2007-04-02 23:18:19 0 d-------- C:\WINDOWS\SHELLNEW
2007-04-02 23:16:20 0 dr-h----- C:\MSOCache
2007-04-02 23:01:14 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000000-00001102-00000004-10021102}.dat<DVCSTA~2.DAT>
2007-04-02 23:01:14 288 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000000-00001102-00000004-10021102}.dat<DVCSTA~1.DAT>
2007-04-02 23:01:00 41984 -----n--- C:\WINDOWS\Ctregrun.exe
2007-04-02 23:00:25 0 d-------- C:\Documents and Settings\Tay\Application Data\Creative
2007-04-02 22:59:05 90112 -----n--- C:\WINDOWS\Updreg.EXE
2007-04-02 22:59:04 84992 -----n--- C:\WINDOWS\system32\SFCVRT32.DLL
2007-04-02 22:59:04 108032 -----n--- C:\WINDOWS\system32\MFCUIA32.DLL
2007-04-02 22:59:04 149504 -----n--- C:\WINDOWS\system32\MFCANS32.DLL
2007-04-02 22:59:04 54784 -----n--- C:\WINDOWS\system32\INETWH32.DLL
2007-04-02 22:59:04 82432 -----n--- C:\WINDOWS\system32\CTWFLT32.DLL
2007-04-02 22:59:04 26768 -----n--- C:\WINDOWS\system32\CTL3D.DLL
2007-04-02 22:59:04 24976 -----n--- C:\WINDOWS\CTRES.DLL
2007-04-02 22:59:04 53552 -----n--- C:\WINDOWS\CTCCW.DLL
2007-04-02 22:59:03 1048576 -----n--- C:\WINDOWS\system32\SFMAN.DAT
2007-04-02 22:59:03 0 d-------- C:\WINDOWS\system32\Defaults
2007-04-02 22:58:38 0 d-------- C:\WINDOWS\system32\Data
2007-04-02 22:58:38 20480 --a------ C:\WINDOWS\INRES.DLL
2007-04-02 22:58:32 139968 --a------ C:\WINDOWS\system32\drivers\HAP16V2K.SYS
2007-04-02 22:58:32 822416 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
2007-04-02 22:58:32 116000 --a------ C:\WINDOWS\system32\drivers\emupia2k.sys
2007-04-02 22:58:32 135248 --a------ C:\WINDOWS\system32\drivers\CTSFM2K.SYS
2007-04-02 22:58:32 232723 --a------ C:\WINDOWS\system32\ctstatic.dat
2007-04-02 22:58:32 224644 --a------ C:\WINDOWS\system32\CTSBASW.DAT
2007-04-02 22:58:31 6144 --a------ C:\WINDOWS\system32\drivers\CTPRXY2K.SYS
2007-04-02 22:58:31 183600 --a------ C:\WINDOWS\system32\drivers\CTOSS9X.SYS
2007-04-02 22:58:31 184656 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2007-04-02 22:58:31 12160 --a------ C:\WINDOWS\system32\drivers\ctgame.sys
2007-04-02 22:58:31 497376 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2007-04-02 22:58:31 135040 --a------ C:\WINDOWS\system32\drivers\CTAC32K.SYS
2007-04-02 22:58:31 248091 --a------ C:\WINDOWS\system32\ctsbas2w.dat
2007-04-02 22:58:31 190720 --a------ C:\WINDOWS\system32\ctdlang.dat
2007-04-02 22:58:31 53674 --a------ C:\WINDOWS\system32\ctdaught.dat
2007-04-02 22:58:31 110820 --a------ C:\WINDOWS\system32\CTBASICW.DAT
2007-04-02 22:58:31 138816 --a------ C:\WINDOWS\system32\ctbas2w.dat
2007-04-02 22:58:24 270336 --a------ C:\WINDOWS\system32\SFMS32.DLL
2007-04-02 22:58:24 36864 --a------ C:\WINDOWS\system32\sfman32.dll
2007-04-02 22:58:24 36864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2007-04-02 22:58:24 110592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2007-04-02 22:58:24 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-04-02 22:58:24 49152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2007-04-02 22:58:24 20480 --a------ C:\WINDOWS\system32\ENSDEF.EXE
2007-04-02 22:58:24 77824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2007-04-02 22:58:24 159744 --a------ C:\WINDOWS\system32\ct_oal.dll
2007-04-02 22:58:24 176128 --a------ C:\WINDOWS\READREG.EXE
2007-04-02 22:58:24 184320 --a------ C:\WINDOWS\PSCONV.EXE
2007-04-02 22:58:24 49152 --a------ C:\WINDOWS\MIDIDEF.EXE
2007-04-02 22:58:24 94208 --a------ C:\WINDOWS\DEVREG.DLL
2007-04-02 22:58:24 49152 --a------ C:\WINDOWS\CTDCRES.DLL
2007-04-02 22:58:23 45056 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL
2007-04-02 22:58:23 110592 --a------ C:\WINDOWS\system32\CTSCAL.DLL
2007-04-02 22:58:23 655360 --a------ C:\WINDOWS\system32\ctsblfx.dll
2007-04-02 22:58:23 155648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
2007-04-02 22:58:23 28672 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2007-04-02 22:58:23 36864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL
2007-04-02 22:58:20 110592 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
2007-04-02 22:58:20 139264 --a------ C:\WINDOWS\system32\CTDCIFCE.DLL
2007-04-02 22:58:20 393216 --a------ C:\WINDOWS\system32\CTDC0001.DLL
2007-04-02 22:58:20 319488 --a------ C:\WINDOWS\system32\CTDC0000.DLL
2007-04-02 22:58:20 495616 --a------ C:\WINDOWS\system32\ctaudfx.dll
2007-04-02 22:58:20 110592 --a------ C:\WINDOWS\system32\CTASIO.DLL
2007-04-02 22:58:20 61440 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2007-04-02 22:58:19 126976 --a------ C:\WINDOWS\system32\commonfx.dll
2007-04-02 22:58:19 53248 --a------ C:\WINDOWS\system32\AC3API.DLL
2007-04-02 22:58:19 65536 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-02 22:58:11 184 --a------ C:\WINDOWS\system32\e000001.dat
2007-04-02 22:58:01 286512 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2007-04-02 22:58:01 77824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2007-04-02 22:58:01 831600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2007-04-02 22:57:58 12288 --a------ C:\WINDOWS\system32\AHQCpURes.dll<AHQCPU~1.DLL>
2007-04-02 22:56:46 25088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2007-04-02 22:56:46 44032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2007-04-02 22:56:46 62976 --a------ C:\WINDOWS\system32\CTDetres.dll
2007-04-02 22:56:44 331776 -----n--- C:\WINDOWS\system32\CTMEDENG.DLL
2007-04-02 22:56:43 24576 --a------ C:\WINDOWS\system32\CTMERes.DLL
2007-04-02 22:55:56 16432 -----n--- C:\WINDOWS\system32\PFMODNT.SYS
2007-04-02 22:55:56 0 d-------- C:\Program Files\Creative
2007-04-02 22:52:18 0 d-------- C:\WINDOWS\pss
2007-04-02 22:49:32 185116 --a------ C:\WINDOWS\system32\drivers\ET5Drv.sys
2007-04-02 22:49:24 0 d--hs---- C:\RECYCLER
2007-04-02 22:46:02 0 d-------- C:\WINDOWS\NV180400.TMP
2007-04-02 22:44:29 0 d-------- C:\Documents and Settings\Tay\Application Data\AdobeUM
2007-04-02 22:44:24 0 d-------- C:\Documents and Settings\Tay\Application Data\Adobe
2007-04-02 22:44:23 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-02 22:44:14 720896 --a------ C:\WINDOWS\iun6002.exe
2007-04-02 22:44:14 0 d-------- C:\Program Files\ResChanger 2005<RESCHA~1>
2007-04-02 22:43:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-04-02 22:43:06 0 d-------- C:\WINDOWS\Cache
2007-04-02 22:40:40 0 d-------- C:\WINDOWS\nview
2007-04-02 22:40:39 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-02 22:40:23 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-02 22:38:33 61440 --a------ C:\WINDOWS\system32\ycc.dll
2007-04-02 22:34:31 0 d-------- C:\WINDOWS\system32\Lang
2007-04-02 22:32:25 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-02 22:32:23 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-02 22:32:22 135168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-04-02 22:32:22 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-02 22:32:22 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-04-02 22:32:18 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-02 22:32:17 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-02 22:32:16 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-02 22:32:15 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-02 22:32:14 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-02 22:32:12 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-02 22:32:10 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-02 22:32:09 385024 -r------- C:\WINDOWS\system32\JMRaidTool.exe<JMRAID~1.EXE>
2007-04-02 22:32:09 0 d-------- C:\WINDOWS\JM
2007-04-02 22:32:08 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-02 22:32:06 244608 --a------ C:\WINDOWS\system32\drivers\yk51x86.sys
2007-04-02 22:32:06 43264 -ra------ C:\WINDOWS\system32\drivers\jraid.sys
2007-04-02 22:32:06 6912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys
2007-04-02 22:32:06 0 d-------- C:\Program Files\GIGABYTE
2007-04-02 22:32:04 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-02 22:31:57 0 d-------- C:\WINDOWS\system32\RTCOM
2007-04-02 22:31:54 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-02 22:31:53 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-02 22:31:49 86016 -r------- C:\WINDOWS\SoundMan.exe
2007-04-02 22:31:48 2879488 -r------- C:\WINDOWS\SkyTel.exe
2007-04-02 22:31:47 364544 -r------- C:\WINDOWS\RtlUpd.exe
2007-04-02 22:31:46 4279296 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2007-04-02 22:31:43 9709568 -r------- C:\WINDOWS\RTLCPL.exe
2007-04-02 22:31:25 16208384 -r------- C:\WINDOWS\RTHDCPL.exe
2007-04-02 22:31:24 2158592 -r------- C:\WINDOWS\MicCal.exe
2007-04-02 22:31:22 69632 -r------- C:\WINDOWS\Alcmtr.exe
2007-04-02 22:31:21 2808832 -r------- C:\WINDOWS\alcwzrd.exe
2007-04-02 22:31:21 0 d-------- C:\Program Files\Realtek
2007-04-02 22:31:20 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-02 22:31:18 487424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-04-02 22:31:14 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-04-02 22:31:00 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-02 22:29:12 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-04-02 22:29:11 0 d-------- C:\Program Files\Intel
2007-04-02 22:20:43 3145728 --ah----- C:\Documents and Settings\Tay\NTUSER.DAT
2007-04-02 22:19:44 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-04-02 22:19:43 0 d-------- C:\WINDOWS\Prefetch
2007-04-02 22:19:42 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-02 22:19:26 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-02 22:16:52 0 d-------- C:\WINDOWS\system32\xircom
2007-04-02 22:16:52 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-04-02 22:16:43 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-02 22:16:35 0 -rahs---- C:\MSDOS.SYS
2007-04-02 22:16:35 0 -rahs---- C:\IO.SYS
2007-04-02 22:16:35 0 --a------ C:\CONFIG.SYS
2007-04-02 22:16:35 0 --a------ C:\AUTOEXEC.BAT
2007-04-02 22:16:24 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-02 22:15:54 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-02 22:15:47 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-04-02 22:15:47 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-04-02 22:15:38 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-04-02 22:15:23 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-02 22:15:04 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-02 22:14:55 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-02 22:14:54 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-02 22:14:51 0 d---s---- C:\WINDOWS\Tasks
2007-04-02 22:14:51 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-02 22:14:50 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-02 22:14:46 0 d-------- C:\WINDOWS\srchasst
2007-04-02 22:14:45 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-02 22:14:42 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-02 22:14:42 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-02 22:14:42 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-02 22:14:42 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-02 22:14:42 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-02 22:14:41 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-02 22:14:41 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-02 22:14:41 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-02 22:14:41 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-02 22:14:41 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-02 22:14:41 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-02 22:14:41 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-02 22:14:41 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-02 22:14:36 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-04-02 22:14:33 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-02 22:14:33 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-02 22:14:33 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-02 22:14:33 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-02 22:14:29 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-02 22:14:29 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-02 22:14:28 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-02 22:14:28 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-02 22:14:28 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-02 22:14:28 0 d-------- C:\WINDOWS\system32\Restore
2007-04-02 22:14:28 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-02 22:14:26 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-02 22:14:26 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-02 22:14:26 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-02 22:14:26 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-02 22:14:26 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-02 22:14:26 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-02 22:14:23 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-02 22:14:23 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-02 22:14:22 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-02 22:14:22 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-02 22:14:18 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-02 22:14:18 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-02 22:14:18 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-02 22:14:18 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-02 22:14:17 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-02 22:14:17 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-02 22:14:17 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-02 22:13:52 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-04-02 22:13:42 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-04-02 22:13:37 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-04-02 22:13:32 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-02 22:13:28 5632 --a------ C:\WINDOWS\system32\write.exe
2007-04-02 22:13:28 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-04-02 22:13:20 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-02 22:13:20 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-02 22:13:19 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-02 22:13:19 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-02 22:13:19 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-02 22:13:19 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-02 22:13:13 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-02 22:13:13 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-02 22:13:13 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-02 22:13:12 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-02 22:13:12 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-02 22:13:12 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-02 22:13:12 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-02 22:13:12 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-02 22:13:12 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-02 22:13:12 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-02 22:13:11 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-02 22:13:11 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-02 22:13:11 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-02 22:13:11 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-02 22:13:11 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-02 22:13:11 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-02 22:13:11 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-02 22:13:11 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-02 22:13:11 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-02 22:13:11 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-02 22:13:11 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-02 22:13:11 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-02 22:13:10 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-02 22:13:10 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-02 22:13:10 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-02 22:13:10 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-02 22:13:10 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-02 22:13:10 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-02 22:13:09 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-02 22:13:09 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-02 22:12:47 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-02 22:12:47 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-02 22:12:47 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-02 22:12:47 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-02 22:12:46 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-02 22:12:46 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-02 22:12:46 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-02 22:12:46 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-02 22:12:46 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-02 22:12:46 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-04-02 22:12:45 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-02 22:12:45 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-02 22:12:45 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-02 22:12:45 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-02 22:12:45 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-02 22:12:45 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-02 22:12:45 407552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-02 22:12:45 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-02 22:12:44 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-02 22:12:44 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-02 22:12:44 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-02 22:12:44 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-02 22:12:44 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-02 22:12:44 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-02 22:12:44 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-02 22:12:44 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-02 22:12:44 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-02 22:12:43 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-02 22:12:43 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-02 22:12:43 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-02 22:12:43 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-02 22:12:43 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-02 22:12:43 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-02 22:12:43 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-02 22:12:43 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-02 22:12:42 0 d-------- C:\WINDOWS\system32\Com
2007-04-02 22:12:42 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-02 22:12:42 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-02 22:12:42 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-02 22:12:41 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-02 22:12:41 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-02 22:12:41 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-02 22:12:41 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-02 22:12:41 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-02 22:12:35 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-02 22:12:34 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-02 22:12:34 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-02 22:12:34 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-02 22:12:29 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-02 22:12:28 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-02 16:41:07 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-02 16:40:42 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-02 16:40:16 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-02 16:39:59 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-02 16:39:12 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-04-02 16:39:11 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-02 16:39:08 0 dr------- C:\Program Files<PROGRA~1>
2007-04-02 16:39:08 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-04-02 16:39:06 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-02 16:39:06 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-02 16:39:06 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-02 16:39:04 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-02 16:39:04 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-02 16:39:02 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-02 16:39:02 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-02 16:39:02 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-02 16:39:02 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-02 16:39:02 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-02 16:39:02 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-02 16:39:02 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-02 16:39:01 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-02 16:39:01 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-02 16:39:00 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-02 16:39:00 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-02 16:39:00 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-02 16:38:59 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-02 16:38:59 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-02 16:38:59 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-02 16:38:59 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-02 16:38:59 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-02 16:38:59 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-02 16:38:59 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-02 16:38:59 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-02 16:38:59 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-02 16:38:59 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-02 16:38:59 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-02 16:38:59 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-02 16:38:58 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-02 16:38:57 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-02 16:38:56 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-02 16:38:56 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-02 16:38:56 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-02 16:38:56 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-02 16:38:56 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-02 16:38:56 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-02 16:38:55 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-02 16:38:55 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-02 16:38:55 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-02 16:38:55 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-02 16:38:55 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-02 16:38:54 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-02 16:38:54 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-02 16:38:54 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-02 16:38:54 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-02 16:38:54 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-02 16:38:54 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-02 16:38:53 68768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-02 16:38:52 69120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-02 16:38:50 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-02 16:38:45 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-04-02 16:36:55 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-04-02 16:36:55 0 d-------- C:\WINDOWS\system32\CatRoot
2007-04-02 16:36:22 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-04-02 16:36:22 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-04-02 16:28:21 0 d-------- C:\WINDOWS
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\WinSxS
2007-04-02 16:28:21 0 dr------- C:\WINDOWS\Web
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\twain_32
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\wins
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\wbem
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\usmt
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\spool
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\ShellExt
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\Setup
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\ras
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\oobe
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\npp
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\mui
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\inetsrv
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\IME
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\icsxml
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\ias
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\export
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\drivers
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-02 16:28:21 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\dhcp
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\config
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\3076
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\2052
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\1054
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\1042
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\1041
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\1037
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\1033
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\1031
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\1028
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system32\1025
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\system
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\security
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\repair
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\PeerNet
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\pchealth
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\mui
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\msapps
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\msagent
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\Media
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\java
2007-04-02 16:28:21 0 d--h----- C:\WINDOWS\inf
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\ime
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\Help
2007-04-02 16:28:21 0 dr--s---- C:\WINDOWS\Fonts
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\ehome
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\Debug
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\Cursors
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\Config
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\AppPatch
2007-04-02 16:28:21 0 d-------- C:\WINDOWS\addins
2007-03-28 18:51:54 538256 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-03-28 18:51:52 161424 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-03-28 18:51:48 189584 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 18:51:42 24208 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 18:51:36 31888 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 18:51:32 28304 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 18:51:26 97936 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 18:51:20 12944 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-03-21 20:54:16 69632 --a------ C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-21 20:54:16 48560 --a------ C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-21 20:54:16 77312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL


-- Find3M Report ---------------------------------------------------------------

2007-04-17 01:32:09 0 d---s---- C:\Documents and Settings\Tay\Application Data\Microsoft<MICROS~1>
2007-04-05 09:28:08 0 d-------- C:\Documents and Settings\Tay\Application Data\Macromedia<MACROM~1>
2007-04-02 22:21:00 0 d-------- C:\Documents and Settings\Tay\Application Data\Identities<IDENTI~1>
2007-04-02 16:38:45 62 --ahs---- C:\Documents and Settings\Tay\Application Data\desktop.ini
2007-03-17 08:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 10:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 10:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 10:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-02-05 15:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"NVTray"="C:\\Program Files\\NVTray\\NVTray.exe"
"Aim6"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"GBB36X Configure"="C:\\WINDOWS\\system32\\JMRaidTool.exe boot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /run"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RivaTunerStartupDaemon"="\"C:\\Program Files\\RivaTuner v2.0 Final Release\\RivaTuner.exe\" /S"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Microsoft System Service"="taskmgr1.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Generic Host Process"="C:\\WINDOWS\\system32\\scvhost.exe"
"Microsoft System Service"="taskmgr1.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDVDDet"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChanger 2005]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ResChanger2005"
"hkey"="HKCU"
"command"="C:\\Program Files\\ResChanger 2005\\ResChanger2005.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{856E36A9-A123-418A-A2CC-A05B3BF11AB9}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvt
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyyaw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjhih

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


-- End of Deckard's System Scanner: finished at 2007-04-20 at 01:09:07 ---------

and Vundo:


VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.11

Scan started at 12:51:01 AM 4/20/2007

Listing files found while scanning....

C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\llkkj.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\llkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\llkkj.tmp
C:\WINDOWS\system32\llkkj.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Has been deleted!

Performing Repairs to the registry.
Done!


Also, the extra.txt is attached.

Thanks for any help!
Attached Files
File Type: txt extra.txt (20.0 KB, 0 views)
Last edited by Gigem : 04-20-2007 at 12:17 AM.
Gigem is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-20-2007, 05:57 PM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: Infected with amaena virus/trojan
1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-21-2007, 11:25 AM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 7
OS: XP


Re: Infected with amaena virus/trojan
Ok here is the Combo one:

"Tay" - 07-04-21 12:17:58 Service Pack 2
ComboFix 07-04-21.2V - Running from: C:\Documents and Settings\Tay\Desktop\


((((((((((((((((((((((((((((((( Files Created from 2007-03-21 to 2007-04-21 ))))))))))))))))))))))))))))))))))


2007-04-20 11:59 1,390,633 ---hs---- C:\WINDOWS\system32\tvvwa.ini2
2007-04-20 01:07 <DIR> d-------- C:\Deckard
2007-04-20 01:06 123,972 --a------ C:\WINDOWS\system32\wpdlovjg.dll
2007-04-20 00:51 <DIR> d-------- C:\VundoFix Backups
2007-04-20 00:37 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-19 17:04 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\Apple Computer
2007-04-19 16:29 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\Lavasoft
2007-04-19 15:10 10,909 --a------ C:\WINDOWS\system32\ckl009.dat
2007-04-19 14:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-04-19 14:33 <DIR> d-------- C:\Program Files\QuickTime
2007-04-19 04:43 <DIR> d-------- C:\Program Files\Bonjour
2007-04-19 04:26 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-04-19 04:26 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-04-19 04:24 96,256 --a------ C:\WINDOWS\system32\drivers\sptd8109.sys
2007-04-19 04:24 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-19 03:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-04-19 02:48 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\ICAClient
2007-04-19 02:47 <DIR> d-------- C:\Program Files\Citrix
2007-04-13 16:34 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\acccore
2007-04-13 16:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-04-13 16:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-04-13 16:33 335 --a------ C:\WINDOWS\nsreg.dat
2007-04-13 16:33 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-04-13 16:33 <DIR> d-------- C:\Program Files\AIM6
2007-04-13 16:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-04-12 08:38 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\Help
2007-04-10 23:35 <DIR> d-------- C:\Program Files\Video Card Stability Test
2007-04-10 16:50 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\HP
2007-04-10 16:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-04-10 16:49 <DIR> d-------- C:\Program Files\Common Files\HP
2007-04-10 16:47 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-04-10 16:47 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-04-10 16:46 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-04-10 16:46 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-04-10 16:46 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-04-10 16:46 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-04-10 16:46 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-04-10 16:45 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-04-10 16:45 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-04-10 16:45 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-04-10 16:45 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-04-10 16:45 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-04-10 16:45 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-04-10 16:44 118,668 --a------ C:\WINDOWS\hpoins09.dat
2007-04-10 16:44 <DIR> d-------- C:\Program Files\HP
2007-04-10 15:29 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-04-10 15:29 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-04-10 15:29 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-04-10 15:29 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-04-10 15:29 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-04-10 15:29 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-04-10 00:52 <DIR> d-------- C:\Program Files\RivaTuner v2.0 Final Release
2007-04-09 23:33 <DIR> d-------- C:\Program Files\NVTray
2007-04-09 23:21 <DIR> d-------- C:\WINDOWS\NV39242020.TMP
2007-04-09 23:21 <DIR> d-------- C:\NVIDIA
2007-04-09 09:49 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-09 09:48 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-04-04 18:21 <DIR> d-------- C:\Program Files\SpeedFan
2007-04-04 18:16 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-04 10:30 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\River Past G4
2007-04-04 04:31 163,426 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2007-04-04 04:31 <DIR> d-------- C:\Program Files\River Past
2007-04-04 04:31 <DIR> d-------- C:\Program Files\Common Files\River Past
2007-04-04 04:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G4
2007-04-04 04:19 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-04-04 04:19 638,976 --a------ C:\WINDOWS\system32\divx.dll
2007-04-04 04:19 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-04 04:19 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-04-04 04:19 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-04-04 04:19 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-04-04 04:19 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-04-04 04:19 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-04-04 04:19 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-04-04 04:19 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-04-04 04:19 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-04-04 04:19 <DIR> d-------- C:\Program Files\AVSMedia
2007-04-04 04:18 22,040 ---h----- C:\DOCUME~1\Tay\APPLIC~1\addon.dat
2007-04-04 04:18 <DIR> d--h----- C:\WINDOWS\system32\win32GI
2007-04-04 04:02 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2007-04-04 02:08 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-04 02:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-04 01:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-04-03 19:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-04-03 19:13 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-04-03 18:28 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\vlc
2007-04-03 16:18 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\Ahead
2007-04-03 16:17 <DIR> d-------- C:\Program Files\Nero
2007-04-03 16:17 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-03 16:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-04-03 16:07 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-04-03 16:06 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-04-03 16:06 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-04-03 16:06 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-04-03 16:06 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-04-03 16:05 <DIR> d-------- C:\Program Files\Futuremark
2007-04-03 14:40 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-04-03 14:34 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\Ventrilo
2007-04-03 14:31 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-03 14:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-04-03 14:30 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-03 14:27 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\Azureus
2007-04-03 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-03 14:25 <DIR> d-------- C:\Program Files\Google
2007-04-03 14:25 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\Google
2007-04-03 14:22 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\allTunes
2007-04-03 14:14 <DIR> d-------- C:\Program Files\VideoLAN
2007-04-03 14:14 <DIR> d-------- C:\Program Files\Ventrilo
2007-04-03 14:09 <DIR> d-------- C:\Program Files\Valve
2007-04-03 14:09 <DIR> d-------- C:\Program Files\Spellcrafting-3.0
2007-04-03 14:08 <DIR> d-------- C:\Program Files\PokerStars
2007-04-03 14:05 <DIR> d-------- C:\Program Files\Fraps
2007-04-03 14:04 <DIR> d-------- C:\Program Files\Azureus
2007-04-03 03:49 <DIR> d-------- C:\Program Files\Intel Corporation
2007-04-03 00:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-03 00:19 225,664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2007-04-03 00:17 721,920 --a------ C:\WINDOWS\system32\lsasrv.dll
2007-04-03 00:17 132,096 --a------ C:\WINDOWS\system32\wkssvc.dll
2007-04-03 00:17 1,843,584 --a------ C:\WINDOWS\system32\win32k.sys
2007-04-03 00:16 37,888 --------- C:\WINDOWS\system32\olecnv32.dll
2007-04-03 00:02 34,304 --------- C:\WINDOWS\system32\_000013_.tmp.dll
2007-04-03 00:01 721,920 --------- C:\WINDOWS\system32\_000014_.tmp.dll
2007-04-03 00:01 132,096 --------- C:\WINDOWS\system32\_000011_.tmp.dll
2007-04-02 23:57 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-02 23:56 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-02 23:44 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-02 23:44 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-02 23:38 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-02 23:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-02 23:34 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\Symantec
2007-04-02 23:31 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-04-02 23:31 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-04-02 23:30 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-02 23:30 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-02 23:30 <DIR> d-------- C:\Program Files\Symantec
2007-04-02 23:30 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-02 23:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-04-02 23:27 4,501 --a------ C:\WINDOWS\gdrv.sys
2007-04-02 23:19 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-02 23:18 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-02 23:18 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-02 23:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-04-02 23:16 <DIR> dr-h----- C:\MSOCache
2007-04-02 23:01 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-04-02 23:01 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000000-00001102-00000004-10021102}.dat
2007-04-02 23:01 288 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000000-00001102-00000004-10021102}.dat
2007-04-02 23:00 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\Creative
2007-04-02 22:59 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-04-02 22:59 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
2007-04-02 22:59 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
2007-04-02 22:59 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL
2007-04-02 22:59 53,552 --------- C:\WINDOWS\CTCCW.DLL
2007-04-02 22:59 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL
2007-04-02 22:59 24,976 --------- C:\WINDOWS\CTRES.DLL
2007-04-02 22:59 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL
2007-04-02 22:59 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL
2007-04-02 22:59 1,048,576 --------- C:\WINDOWS\system32\SFMAN.DAT
2007-04-02 22:59 <DIR> d-------- C:\WINDOWS\system32\Defaults
2007-04-02 22:58 94,208 --a------ C:\WINDOWS\DEVREG.DLL
2007-04-02 22:58 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-04-02 22:58 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2007-04-02 22:58 822,416 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
2007-04-02 22:58 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2007-04-02 22:58 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2007-04-02 22:58 655,360 --a------ C:\WINDOWS\system32\ctsblfx.dll
2007-04-02 22:58 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-02 22:58 61,440 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2007-04-02 22:58 6,144 --a------ C:\WINDOWS\system32\drivers\CTPRXY2K.SYS
2007-04-02 22:58 53,674 --a------ C:\WINDOWS\system32\ctdaught.dat
2007-04-02 22:58 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL
2007-04-02 22:58 497,376 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2007-04-02 22:58 495,616 --a------ C:\WINDOWS\system32\ctaudfx.dll
2007-04-02 22:58 49,152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2007-04-02 22:58 49,152 --a------ C:\WINDOWS\MIDIDEF.EXE
2007-04-02 22:58 49,152 --a------ C:\WINDOWS\CTDCRES.DLL
2007-04-02 22:58 45,056 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL
2007-04-02 22:58 393,216 --a------ C:\WINDOWS\system32\CTDC0001.DLL
2007-04-02 22:58 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
2007-04-02 22:58 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2007-04-02 22:58 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL
2007-04-02 22:58 319,488 --a------ C:\WINDOWS\system32\CTDC0000.DLL
2007-04-02 22:58 286,512 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2007-04-02 22:58 28,672 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2007-04-02 22:58 270,336 --a------ C:\WINDOWS\system32\SFMS32.DLL
2007-04-02 22:58 248,091 --a------ C:\WINDOWS\system32\ctsbas2w.dat
2007-04-02 22:58 232,723 --a------ C:\WINDOWS\system32\ctstatic.dat
2007-04-02 22:58 224,644 --a------ C:\WINDOWS\system32\CTSBASW.DAT
2007-04-02 22:58 20,480 --a------ C:\WINDOWS\system32\ENSDEF.EXE
2007-04-02 22:58 20,480 --a------ C:\WINDOWS\INRES.DLL
2007-04-02 22:58 190,720 --a------ C:\WINDOWS\system32\ctdlang.dat
2007-04-02 22:58 184,656 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2007-04-02 22:58 184,320 --a------ C:\WINDOWS\PSCONV.EXE
2007-04-02 22:58 184 --a------ C:\WINDOWS\system32\e000001.dat
2007-04-02 22:58 183,600 --a------ C:\WINDOWS\system32\drivers\CTOSS9X.SYS
2007-04-02 22:58 176,128 --a------ C:\WINDOWS\READREG.EXE
2007-04-02 22:58 159,744 --a------ C:\WINDOWS\system32\ct_oal.dll
2007-04-02 22:58 155,648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
2007-04-02 22:58 139,968 --a------ C:\WINDOWS\system32\drivers\HAP16V2K.SYS
2007-04-02 22:58 139,264 --a------ C:\WINDOWS\system32\CTDCIFCE.DLL
2007-04-02 22:58 138,816 --a------ C:\WINDOWS\system32\ctbas2w.dat
2007-04-02 22:58 135,248 --a------ C:\WINDOWS\system32\drivers\CTSFM2K.SYS
2007-04-02 22:58 135,040 --a------ C:\WINDOWS\system32\drivers\CTAC32K.SYS
2007-04-02 22:58 126,976 --a------ C:\WINDOWS\system32\commonfx.dll
2007-04-02 22:58 12,160 --a------ C:\WINDOWS\system32\drivers\ctgame.sys
2007-04-02 22:58 116,000 --a------ C:\WINDOWS\system32\drivers\emupia2k.sys
2007-04-02 22:58 110,820 --a------ C:\WINDOWS\system32\CTBASICW.DAT
2007-04-02 22:58 110,592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2007-04-02 22:58 110,592 --a------ C:\WINDOWS\system32\CTSCAL.DLL
2007-04-02 22:58 110,592 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
2007-04-02 22:58 110,592 --a------ C:\WINDOWS\system32\CTASIO.DLL
2007-04-02 22:58 <DIR> d-------- C:\WINDOWS\system32\Data
2007-04-02 22:57 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2007-04-02 22:56 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll
2007-04-02 22:56 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2007-04-02 22:56 331,776 --------- C:\WINDOWS\system32\CTMEDENG.DLL
2007-04-02 22:56 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2007-04-02 22:56 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL
2007-04-02 22:55 16,432 --------- C:\WINDOWS\system32\PFMODNT.SYS
2007-04-02 22:55 <DIR> d-------- C:\Program Files\Creative
2007-04-02 22:52 <DIR> d-------- C:\WINDOWS\pss
2007-04-02 22:49 185,116 --a------ C:\WINDOWS\system32\drivers\ET5Drv.sys
2007-04-02 22:49 <DIR> d--hs---- C:\RECYCLER
2007-04-02 22:46 <DIR> d-------- C:\WINDOWS\NV180400.TMP
2007-04-02 22:44 720,896 --a------ C:\WINDOWS\iun6002.exe
2007-04-02 22:44 <DIR> d-------- C:\Program Files\ResChanger 2005
2007-04-02 22:44 <DIR> d-------- C:\DOCUME~1\Tay\APPLIC~1\AdobeUM
2007-04-02 22:43 <DIR> d-------- C:\WINDOWS\Cache
2007-04-02 22:40 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-02 22:40 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-02 22:40 <DIR> d-------- C:\WINDOWS\nview
2007-04-02 22:38 61,440 --a------ C:\WINDOWS\system32\ycc.dll
2007-04-02 22:34 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-04-02 22:32 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-02 22:32 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-02 22:32 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-02 22:32 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys
2007-04-02 22:32 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-02 22:32 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-02 22:32 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-02 22:32 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-02 22:32 43,264 -ra------ C:\WINDOWS\system32\drivers\jraid.sys
2007-04-02 22:32 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-04-02 22:32 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-02 22:32 385,024 -r------- C:\WINDOWS\system32\JMRaidTool.exe
2007-04-02 22:32 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-02 22:32 244,608 --a------ C:\WINDOWS\system32\drivers\yk51x86.sys
2007-04-02 22:32 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-02 22:32 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-02 22:32 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-02 22:32 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-04-02 22:32 <DIR> d-------- C:\WINDOWS\JM
2007-04-02 22:32 <DIR> d-------- C:\Program Files\GIGABYTE
2007-04-02 22:31 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2007-04-02 22:31 86,016 -r------- C:\WINDOWS\SoundMan.exe
2007-04-02 22:31 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-04-02 22:31 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-02 22:31 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-04-02 22:31 4,279,296 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2007-04-02 22:31 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-02 22:31 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2007-04-02 22:31 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-02 22:31 2,879,488 -r------- C:\WINDOWS\SkyTel.exe
2007-04-02 22:31 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2007-04-02 22:31 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2007-04-02 22:31 16,208,384 -r------- C:\WINDOWS\RTHDCPL.exe
2007-04-02 22:31 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-02 22:31 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-04-02 22:31 <DIR> d-------- C:\Program Files\Realtek
2007-04-02 22:31 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-02 22:29 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-02 22:29 <DIR> d-------- C:\Program Files\Intel
2007-04-02 22:20 3,145,728 --ah----- C:\DOCUME~1\Tay\NTUSER.DAT
2007-04-02 22:19 262,144 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-02 22:19 225,280 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-02 22:19 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-02 22:19 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-02 22:16 262,144 --ah----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-02 22:16 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-02 22:16 0 -rahs---- C:\MSDOS.SYS
2007-04-02 22:16 0 -rahs---- C:\IO.SYS
2007-04-02 22:16 0 --a------ C:\CONFIG.SYS
2007-04-02 22:16 0 --a------ C:\AUTOEXEC.BAT
2007-04-02 22:16 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-02 22:16 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-02 22:15 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-02 22:15 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-02 22:15 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-02 22:15 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-02 22:15 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-02 22:15 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-02 22:14 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-02 22:14 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-02 22:14 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-02 22:14 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-02 22:14 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-02 22:14 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-02 22:14 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-02 22:14 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-02 22:14 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-02 22:14 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-02 22:14 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-02 22:14 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-02 22:14 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-02 22:14 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-02 22:14 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-02 22:14 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-02 22:14 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-02 22:14 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-02 22:14 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-02 22:14 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-02 22:14 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-02 22:14 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-02 22:14 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-02 22:14 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-02 22:14 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-02 22:14 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-02 22:14 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-02 22:14 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-02 22:14 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-02 22:14 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-02 22:14 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-02 22:14 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-02 22:14 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-02 22:14 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-02 22:14 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-02 22:14 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-02 22:14 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-02 22:14 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-02 22:14 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-02 22:14 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-02 22:14 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-02 22:14 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-02 22:14 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-02 22:14 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-02 22:14 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-02 22:14 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-02 22:14 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-02 22:14 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-02 22:14 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-02 22:13 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-02 22:13 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-02 22:13 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-02 22:13 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-02 22:13 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-02 22:13 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-02 22:13 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-02 22:13 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-02 22:13 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-02 22:13 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-02 22:13 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-02 22:13 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-02 22:13 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-02 22:13 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-02 22:13 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-02 22:13 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-02 22:13 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-02 22:13 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-02 22:13 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-02 22:13 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-02 22:13 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-02 22:13 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-02 22:13 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-02 22:13 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-02 22:13 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-02 22:13 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-02 22:13 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-02 22:13 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-02 22:13 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-02 22:13 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-02 22:13 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-02 22:13 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-02 22:13 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-02 22:13 138,752 --a------ C:\WINDOWS\sys