Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Constant Ads And Trojans Constant Ads And Trojans
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 04-22-2007, 10:11 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 5
OS: Windows XP


Constant Ads And Trojans
Hi, and thanks for spending some time helping me. I have just started getting many ads every mintue or so. Also, I am using AVG and i am starting to get many virus trojan detected.

Here is my HiJackThis Log:

Quote:
Logfile of HijackThis v1.99.1
Scan saved at 9:00:01 PM, on 4/22/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wpabaln.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis\analyse.exe.exe

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\frmkjctj.dll (file missing)
O2 - BHO: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\System32\fccaxya.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AF495B35-1613-4F48-9DDF-F0A36ADFF83D} - C:\WINDOWS\System32\gebcb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rra...X/RraainAX.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O20 - Winlogon Notify: fccaxya - C:\WINDOWS\SYSTEM32\fccaxya.dll
O20 - Winlogon Notify: gebcb - C:\WINDOWS\System32\gebcb.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Here is my Panda ActiveScan: (Sorry if it looks all retarded)
Quote:
Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UWA7P_0001_N91M0809NetInstaller.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@ad.yieldmanager[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@com[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@errorsafe[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@hitbox[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@mediaplex[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@stats1.reliablestats[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@tribalfusion[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@winantispyware[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@winantivirus[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@www.errorsafe[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@www.winantiviruspro[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@zedo[1].txt
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\LeetSauce\Local Settings\Temporary Internet Files\Content.IE5\OV0BAJG5\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.exe]
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\b122.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pvdjgjeh.dll
Thanks in advance, hopely you experts know how to solve this problem this loser doesn't know how to solve.
C0mputerl0ser is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-23-2007, 08:00 PM   #2 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 5
OS: Windows XP


Re: Constant Ads And Trojans
"Update" I now have a folder in my programs file called Ipwindows and Outerinfo. And now im getting banners from WinAntiVirus + Sysprotect.
Last edited by C0mputerl0ser : 04-23-2007 at 08:01 PM.
C0mputerl0ser is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-24-2007, 05:28 AM   #3 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 3,247
OS: XP


Re: Constant Ads And Trojans
Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information.



Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.


If we have helped you in anyway,please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-24-2007, 10:58 AM   #4 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 3,247
OS: XP


Re: Constant Ads And Trojans
Hello and welcome to TSF

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding..

--------------------------------------------------------------------------------------------
Download

Download ComboFix from here or here

**Save it to your desktop**

----------------------------------------------------------------------------------------------

Spywareguard

Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean.
  • Right click the running icon of Spywareguard located in the system tray
  • Go to Menu > File > Exit and confirm the programs close.

--------------------------------------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Ipwindows
Outerinfo

----------------------------------------------------------------------------------------------

Run ComboFix

Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Deletions

Click Start->Run and copy/paste the following text into the Run box and click OK:

regsvr32 /u occache.dll


Delete the following Files indicated in RED

c:\windows\downloaded program files\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\system32\pvdjgjeh.dll

Now, click Start>Run and copy/paste the following text into the Run box and click OK:

regsvr32 occache.dll

----------------------------------------------------------------------------------------------

IMPORTANT!:


Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.

**Note** If you're having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/downlo...p1a_en_x86.exe


Thank you for your cooperation.

-----------------------------------------------------------------------------------------------

Deckark System Scanner

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

----------------------------------------------------------------------------------------------

Logs Required
C:\Combofix.txt
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<-----Attached

Also let me know how your system is behaving.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information.



Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.


If we have helped you in anyway,please consider Donating
Last edited by Ried : 04-24-2007 at 11:18 AM.
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-24-2007, 05:37 PM   #5 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 5
OS: Windows XP


Re: Constant Ads And Trojans
Sorry, just got back from school.

Heres combofix :
Quote:
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\LeetSauce\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\gxjurpnn.dll
C:\WINDOWS\system32\pvdjgjeh.dll
C:\WINDOWS\system32\lmgkemif.dll
C:\WINDOWS\system32\vturppn.dll
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\fccaxya.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\LEETSA~1
C:\qoobox\purity\C\DOCUME~1\LEETSA~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\LEETSA~1\APPLIC~1\YSTEM3~1
C:\qoobox\purity\C\Program Files\Common Files\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 ))))))))))))))))))))))))))))))))))


2007-04-22 20:05 <DIR> d-------- C:\Program Files\SpywareGuard
2007-04-22 20:01 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-22 20:00 <DIR> d-------- C:\Program Files\MRU-Blaster
2007-04-22 19:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-04-22 19:28 491,520 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-22 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-22 19:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-22 18:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-22 18:28 <DIR> d-------- C:\DOCUME~1\LEETSA~1\APPLIC~1\Lavasoft
2007-04-22 18:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 18:06 <DIR> d-------- C:\Program Files\GoGoData.com
2007-04-21 09:48 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-21 08:14 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-21 08:14 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-21 08:14 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-21 08:14 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-21 08:14 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2007-04-21 08:11 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-21 08:10 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-21 08:10 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-21 08:10 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-21 08:10 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-21 08:10 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-21 08:10 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-21 08:10 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-21 07:51 <DIR> d---s---- C:\DOCUME~1\LEETSA~1\UserData
2007-04-20 18:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-20 17:56 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-04-20 17:38 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-04-20 17:38 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-04-20 17:38 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-04-20 17:38 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-04-20 17:38 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-20 17:38 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-04-20 17:38 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-04-20 17:38 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-04-20 17:38 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-04-20 17:38 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-04-20 17:38 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-04-20 17:38 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-04-20 17:38 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-04-20 17:38 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-04-20 17:38 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-04-20 17:38 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-04-20 17:38 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-04-20 17:38 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-04-20 17:38 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-04-20 17:38 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-04-20 17:38 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-04-20 17:38 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-04-20 17:38 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-04-20 17:38 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-04-20 17:38 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-04-20 17:38 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-04-20 17:38 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-04-20 17:37 <DIR> d-------- C:\Program Files\Webzen
2007-04-20 17:37 <DIR> d-------- C:\DOCUME~1\LEETSA~1\APPLIC~1\InstallShield
2007-04-20 16:44 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-20 16:44 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-20 16:44 <DIR> d-------- C:\WINDOWS\nview
2007-04-20 16:44 <DIR> d-------- C:\NVIDIA
2007-04-20 16:34 <DIR> d-------- C:\WINDOWS\pss
2007-04-20 16:29 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-20 16:29 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-20 16:29 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-20 16:29 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-20 16:29 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-20 16:28 <DIR> d-------- C:\Program Files\Winamp
2007-04-20 16:17 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-04-20 16:14 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-04-20 16:14 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-04-20 16:14 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-04-20 16:14 8,704 -ra------ C:\WINDOWS\system32\drivers\Pfmodnt.sys
2007-04-20 16:14 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-04-20 16:14 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-04-20 16:14 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-04-20 16:14 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-04-20 16:14 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-20 16:14 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-04-20 16:14 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-20 16:14 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-04-20 16:14 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2007-04-20 16:14 648,704 --a------ C:\WINDOWS\system32\dinput.dll
2007-04-20 16:14 64,512 -ra------ C:\WINDOWS\system32\P17.dll
2007-04-20 16:14 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-04-20 16:14 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-04-20 16:14 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-04-20 16:14 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-20 16:14 53,248 -ra------ C:\WINDOWS\system32\P17CPI.dll
2007-04-20 16:14 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-20 16:14 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-20 16:14 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-04-20 16:14 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-20 16:14 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-04-20 16:14 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-20 16:14 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-20 16:14 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-04-20 16:14 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-04-20 16:14 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-04-20 16:14 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-04-20 16:14 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-04-20 16:14 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-04-20 16:14 31,744 --a------ C:\WINDOWS\system32\pid.dll
2007-04-20 16:14 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-04-20 16:14 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-04-20 16:14 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-04-20 16:14 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-04-20 16:14 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-04-20 16:14 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-04-20 16:14 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-04-20 16:14 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-04-20 16:14 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-04-20 16:14 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-04-20 16:14 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-04-20 16:14 138,752 -ra------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
2007-04-20 16:14 137,728 -ra------ C:\WINDOWS\system32\P17res.dll
2007-04-20 16:14 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-20 16:14 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll
2007-04-20 16:14 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-04-20 16:14 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-04-20 16:14 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-04-20 16:14 115,200 -ra------ C:\WINDOWS\system32\sfms32.dll
2007-04-20 16:14 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-04-20 16:14 106,496 -ra------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2007-04-20 16:14 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-04-20 16:14 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-04-20 16:14 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-04-20 16:14 1,389,056 -ra------ C:\WINDOWS\system32\drivers\P17.sys
2007-04-20 16:14 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-04-20 16:14 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-04-20 16:13 11,264 --a------ C:\WINDOWS\INRES.DLL
2007-04-20 16:13 <DIR> d-------- C:\WINDOWS\system32\Data
2007-04-20 16:12 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-20 16:12 <DIR> d-------- C:\Program Files\Creative
2007-04-20 16:11 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-20 16:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-19 21:23 77,312 -ra------ C:\WINDOWS\system32\drivers\viasraid.sys
2007-04-19 21:23 65,280 -ra------ C:\WINDOWS\system32\drivers\Rtlnic51.sys
2007-04-19 21:18 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-19 21:18 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-19 21:17 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-19 21:17 <DIR> d-------- C:\DOCUME~1\LEETSA~1\WINDOWS
2007-04-19 20:51 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-19 20:19 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-19 20:19 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-17 20:49 <DIR> d-------- C:\Program Files\SuperCleaner
2007-04-17 20:46 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-04-17 20:46 <DIR> d-------- C:\Program Files\Viewpoint
2007-04-17 20:46 <DIR> d-------- C:\Program Files\AIM
2007-04-17 20:46 <DIR> d-------- C:\DOCUME~1\LEETSA~1\APPLIC~1\Aim
2007-04-17 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-04-17 20:44 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-04-17 20:44 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-17 17:50 <DIR> d--hs---- C:\RECYCLER
2007-04-17 17:47 1,572,864 --ah----- C:\DOCUME~1\LEETSA~1\NTUSER.DAT
2007-04-17 17:47 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-17 17:46 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-17 17:46 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-17 17:46 <DIR> d--hs---- C:\System Volume Information
2007-04-17 17:43 266,240 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-17 17:43 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-17 17:43 0 -rahs---- C:\MSDOS.SYS
2007-04-17 17:43 0 -rahs---- C:\IO.SYS
2007-04-17 17:43 0 --a------ C:\CONFIG.SYS
2007-04-17 17:43 0 --a------ C:\AUTOEXEC.BAT
2007-04-17 17:43 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-17 17:43 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-17 17:42 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-17 17:42 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-17 17:42 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-17 17:42 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-17 17:40 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-17 17:40 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-17 17:39 90,624 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-17 17:39 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-17 17:39 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-17 17:39 73,728 --a------ C:\WINDOWS\system32\ils.dll
2007-04-17 17:39 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-17 17:39 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-17 17:39 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-17 17:39 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-17 17:39 61,952 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-17 17:39 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-17 17:39 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-17 17:39 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-17 17:39 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-17 17:39 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-17 17:39 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-17 17:39 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-17 17:39 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-17 17:39 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-17 17:39 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-17 17:39 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-17 17:39 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-17 17:39 249,856 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-17 17:39 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-17 17:39 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-17 17:39 218,112 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-17 17:39 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-17 17:39 158,720 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-17 17:39 155,136 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-17 17:39 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-17 17:39 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-17 17:39 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-17 17:39 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-17 17:39 <DIR> d-------- C:\WINDOWS\PCHEALTH
2007-04-17 17:39 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-17 17:39 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-17 17:38 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-17 17:38 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-17 17:38 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-17 17:38 88,576 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-17 17:38 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-17 17:38 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-17 17:38 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-17 17:38 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-17 17:38 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-17 17:38 8,704 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-17 17:38 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-17 17:38 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-17 17:38 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-17 17:38 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-17 17:38 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-17 17:38 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-17 17:38 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-17 17:38 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-17 17:38 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-17 17:38 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-17 17:38 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-17 17:38 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-17 17:38 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-04-17 17:38 503,296 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-17 17:38 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-17 17:38 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-17 17:38 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-17 17:38 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-17 17:38 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-17 17:38 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-17 17:38 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-17 17:38 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-17 17:38 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-17 17:38 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-17 17:38 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-17 17:38 385,536 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-17 17:38 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-17 17:38 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-17 17:38 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-17 17:38 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-17 17:38 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-17 17:38 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-17 17:38 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-17 17:38 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-17 17:38 22,720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-17 17:38 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-17 17:38 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-17 17:38 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-17 17:38 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-17 17:38 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-17 17:38 197,632 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-17 17:38 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-17 17:38 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-17 17:38 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-17 17:38 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-17 17:38 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-17 17:38 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-17 17:38 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-17 17:38 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-17 17:38 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-17 17:38 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-17 17:38 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-17 17:38 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-17 17:38 134,656 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-17 17:38 130,048 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-17 17:38 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-17 17:38 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-17 17:38 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-17 17:38 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-17 17:38 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-17 17:38 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-17 17:38 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-17 17:38 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-17 17:38 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-17 17:38 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-17 17:38 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-17 17:38 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-17 17:38 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-17 17:38 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-17 17:38 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-17 17:38 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-17 17:38 <DIR> d-------- C:\WINDOWS\Registration
2007-04-17 17:38 <DIR> d-------- C:\Program Files\Windows NT
2007-04-17 17:38 <DIR> d-------- C:\Program Files\Online Services
2007-04-17 17:38 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-17 17:38 <DIR> d-------- C:\Program Files\Messenger
2007-04-17 17:37 57,344 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-17 17:37 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-17 17:37 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-17 17:37 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-17 17:37 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-17 17:37 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-17 10:34 55,808 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-17 10:34 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-17 10:32 70,656 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-17 10:32 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-17 10:32 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-17 10:32 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-17 10:32 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-17 10:32 <DIR> dr------- C:\Program Files
2007-04-17 10:32 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-17 10:32 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-17 10:32 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-17 10:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-17 10:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-17 10:31 <DIR> d-------- C:\Documents and Settings
2007-04-17 10:28 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-17 10:28 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-17 10:28 <DIR> dr------- C:\WINDOWS\Web
2007-04-17 10:28 <DIR> d--h----- C:\WINDOWS\inf
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\security
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Resources
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\repair
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\mui
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\msapps
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\msagent
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Media
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\ime
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Help
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Debug
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Config
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\addins
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-17 10:32 62 --ahs---- C:\DOCUME~1\LEETSA~1\APPLIC~1\desktop.ini
2007-03-15 07:08 101438 --a------ C:\WINDOWS\b122.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\System32\frmkjctj.dll [x]
{3EB9C349-7473-48AC-A59B-42F31751974B} C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{B21F0363-961F-4E0B-97EC-8B26D9872A96} C:\WINDOWS\System32\gebcb.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTRegRun"="C:\\WINDOWS\\CTRegRun.EXE"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"GoGoTray.exe"="C:\\Program Files\\GoGoData.com\\GoGoData Toolbar\\GoGoTray.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-24 15:10:33
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-24 15:10:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-24 15:10
Heres the results off the DSS thing :
Quote:
Deckard's System Scanner v20070423.42
Run by LeetSauce on 2007-04-24 at 16:30:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2007-04-24 23:30:34 UTC - RP90 - Deckard's System Scanner Restore Point
89: 2007-04-24 23:24:13 UTC - RP89 - Installed Windows Media Player 10 KB917734_WMP10.
88: 2007-04-24 23:23:38 UTC - RP88 - Installed Windows XP KB899587.
87: 2007-04-24 23:23:12 UTC - RP87 - Installed Windows XP KB924191.
86: 2007-04-24 23:22:40 UTC - RP86 - Installed Windows XP KB922819.


-- First Restore Point --
1: 2007-04-20 04:01:39 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as LeetSauce.exe) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:31:03 PM, on 4/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Documents and Settings\LeetSauce\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\LeetSauce.exe

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\frmkjctj.dll (file missing)
O2 - BHO: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {B21F0363-961F-4E0B-97EC-8B26D9872A96} - C:\WINDOWS\System32\gebcb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rra...X/RraainAX.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070422-192435-284 O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\LEETSA~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 viasraid - c:\windows\system32\drivers\viasraid.sys <Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver; 5.1.2600.220; 5.1.2600.220>
R3 P17 (Sound Blaster Audigy) - c:\windows\system32\drivers\p17.sys <Verified; Creative Technology Ltd.; ; 5.12.01.512; 5.12.01.512>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Files created between 2007-03-24 and 2007-04-24 -----------------------------

2007-04-24 16:24:56 0 d-------- C:\ijji
2007-04-24 16:19:43 26112 --a------ C:\WINDOWS\System32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.4.0001.0; 5.4.0001.0 (srv03_qfe.030918-1543)>
2007-04-24 16:17:37 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-24 15:37:21 0 d-------- C:\WINDOWS\System32\PreInstall
2007-04-24 15:37:17 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-24 15:33:15 0 d-------- C:\WINDOWS\Prefetch
2007-04-24 15:29:45 0 d-------- C:\WINDOWS\ServicePackFiles
2007-04-24 15:29:45 0 d-------- C:\WINDOWS\ehome
2007-04-24 15:29:41 155648 -----n--- C:\WINDOWS\System32\encdec.dll
2007-04-24 15:29:41 34735 -----n--- C:\WINDOWS\System32\drivers\atinxsxx.sys <Verified; ATI Technologies Inc.; ATI WDM TVAUDIO_CROSSBAR; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 29455 -----n--- C:\WINDOWS\System32\drivers\atinxbxx.sys <Verified; ATI Technologies Inc.; ATI WDM CROSSBAR; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 36463 -----n--- C:\WINDOWS\System32\drivers\atintuxx.sys <Verified; ATI Technologies Inc.; ATI WDM TVTUNER; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 21343 -----n--- C:\WINDOWS\System32\drivers\atinttxx.sys <Verified; ATI Technologies Inc.; ATI WDM Teletext Decoder; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 26367 -----n--- C:\WINDOWS\System32\drivers\atinsnxx.sys <Verified; ATI Technologies Inc.; ATI WDM TVAUDIO; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 63663 -----n--- C:\WINDOWS\System32\drivers\atinrvxx.sys <Verified; ATI Technologies Inc.; ATI WDM RT; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 30671 -----n--- C:\WINDOWS\System32\drivers\atinraxx.sys <Verified; ATI Technologies Inc.; ATI WDM Rage Theater Audio; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 12047 -----n--- C:\WINDOWS\System32\drivers\atinpdxx.sys <Verified; ATI Technologies Inc.; ATI Specialized PCD VBI Codec; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 11615 -----n--- C:\WINDOWS\System32\drivers\atinmdxx.sys <Verified; ATI Technologies Inc.; ATI Specialized MVD VBI Codec; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 56591 -----n--- C:\WINDOWS\System32\drivers\atinbtxx.sys <Verified; ATI Technologies Inc.; ATI WDM BT829x; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 450176 -----n--- C:\WINDOWS\System32\drivers\ati2mtag.sys <Verified; ATI Technologies Inc.; ATI Radeon Family; 5.1.2600.0; 6.13.10.6153>
2007-04-24 15:29:41 327040 -----n--- C:\WINDOWS\System32\drivers\ati2mtaa.sys <Verified; ATI Technologies Inc.; ATI Rage 128 Family; 5.1.2600.0; 6.13.10.5019>
2007-04-24 15:29:41 921475 -----n--- C:\WINDOWS\System32\ati3d2ag.dll <Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver; 6.13.10.3338; 6.13.10.3338>
2007-04-24 15:29:41 844675 -----n--- C:\WINDOWS\System32\ati3d1ag.dll <Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver; 6.13.10.3338; 6.13.10.3338>
2007-04-24 15:29:41 202496 -----n--- C:\WINDOWS\System32\ati2dvag.dll <Verified; ATI Technologies Inc.; ATI Radeon Family; 5.1.2600.0; 6.13.10.6153>
2007-04-24 15:29:41 377984 -----n--- C:\WINDOWS\System32\ati2dvaa.dll <Verified; ATI Technologies Inc.; ATI Rage 128 Family; 5.1.2600.0; 6.13.10.5019>
2007-04-24 15:29:40 218112 -----n--- C:\WINDOWS\System32\sbe.dll
2007-04-24 15:28:57 238592 --a------ C:\WINDOWS\System32\compatui.dll <Verified; ; CompatUI Module; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-24 15:28:54 113152 --a------ C:\WINDOWS\System32\dfrgui.dll <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 35328 --a------ C:\WINDOWS\System32\dfrgsnap.dll <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 76288 --a------ C:\WINDOWS\System32\dfrgfat.exe <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 70656 --a------ C:\WINDOWS\System32\defrag.exe <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 1740 --a------ C:\WINDOWS\System32\dcache.bin
2007-04-24 15:28:53 103424 --a------ C:\WINDOWS\System32\dgnet.dll <Verified; Microsoft; Dgnet Module; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-24 15:28:51 498205 --a------ C:\WINDOWS\System32\dxmasf.dll
2007-04-24 15:28:44 42537 --a------ C:\WINDOWS\System32\keyboard.sys
2007-04-24 15:28:40 4126 --a------ C:\WINDOWS\System32\msdxmlc.dll
2007-04-24 15:28:28 33808 --a------ C:\WINDOWS\System32\ntio.sys
2007-04-24 15:28:21 3338 --a------ C:\WINDOWS\System32\redir.exe
2007-04-24 15:10:45 49152 --a------ C:\WINDOWS\nircmd.exe <Not Verified; NirSoft; NirCmd; 1.85; 1.85>
2007-04-23 18:57:13 0 dr-h----- C:\Documents and Settings\LeetSauce\Recent
2007-04-22 20:05:23 0 d-------- C:\Program Files\SpywareGuard
2007-04-22 20:01:31 0 d-------- C:\Program Files\SpywareBlaster
2007-04-22 20:00:21 0 d-------- C:\Program Files\MRU-Blaster
2007-04-22 19:52:49 0 dr-h----- C:\$VAULT$.AVG
2007-04-22 19:51:44 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\AVG7
2007-04-22 19:51:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-04-22 19:51:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-04-22 19:30:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-04-22 19:28:50 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-04-22 19:28:50 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-04-22 19:28:50 491520 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-04-22 19:28:50 0 d-------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-04-22 19:28:50 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-04-22 19:28:50 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-04-22 19:28:50 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-04-22 19:28:50 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-04-22 19:28:50 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-22 19:15:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-04-22 19:10:58 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-04-22 18:28:31 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Lavasoft
2007-04-22 18:28:04 0 d-------- C:\Program Files\Lavasoft
2007-04-22 18:27:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 1822 0 d-------- C:\Program Files\GoGoData.com
2007-04-21 09:48:42 0 d-------- C:\WINDOWS\System32\bits
2007-04-21 08:11:39 0 d-------- C:\WINDOWS\System32\SoftwareDistribution
2007-04-21 08:10:17 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-04-21 07:51:41 0 d---s---- C:\Documents and Settings\LeetSauce\UserData
2007-04-20 18:43:40 0 d---s---- C:\WINDOWS\System32\Microsoft
2007-04-20 18:40:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-20 17:56:50 4682 --a------ C:\WINDOWS\System32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT; 2005, 1, 5, 1; 2005, 1, 5, 1>
2007-04-20 17:49:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-04-20 17:38:51 354816 --a------ C:\WINDOWS\System32\psisdecd.dll
2007-04-20 17:38:50 470528 --a------ C:\WINDOWS\System32\qdvd.dll
2007-04-20 17:38:50 316928 --a------ C:\WINDOWS\System32\qdv.dll
2007-04-20 17:38:50 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.3.0000001.0904; 5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)>
2007-04-20 17:38:49 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.3.0000001.0904; 5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)>
2007-04-20 17:37:44 0 d-------- C:\Program Files\Webzen
2007-04-20 17:37:29 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\InstallShield
2007-04-20 16:44:38 208896 --a------ C:\WINDOWS\System32\nvudisp.exe <Not Verified; NVIDIA Corporation; NVIDIA Corporation; 1 , 0 , 1 , 55; 1 , 0 , 1 , 55>
2007-04-20 16:44:38 0 d-------- C:\WINDOWS\nview
2007-04-20 16:44:22 208896 --a------ C:\WINDOWS\System32\NVUNINST.EXE <Not Verified; NVIDIA Corporation; NVIDIA Corporation; 1 , 0 , 1 , 55; 1 , 0 , 1 , 55>
2007-04-20 16:44:06 0 d-------- C:\NVIDIA
2007-04-20 16:34:56 0 d-------- C:\WINDOWS\pss
2007-04-20 16:29:01 115880 -----n--- C:\WINDOWS\System32\pxinsi64.exe <Verified; Sonic Solutions; ; ; 3.00.33a>
2007-04-20 16:29:01 129784 -----n--- C:\WINDOWS\System32\pxafs.dll <Verified; Sonic Solutions; PxAFS Dynamic Link Library; 1, 0, 0, 0; 3.2.40.500>
2007-04-20 16:29:01 36528 -----n--- C:\WINDOWS\System32\drivers\PxHelp20.sys <Not Verified; Sonic Solutions; PxHelp20; ; 3.00.33a>
2007-04-20 16:29:01 2560 -----n--- C:\WINDOWS\System32\drivers\cdralw2k.sys <Not Verified; Sonic Solutions; Drag-to-Disc; 8.0.0.212; 8.0.0.212>
2007-04-20 16:29:01 2432 -----n--- C:\WINDOWS\System32\drivers\cdr4_xp.sys <Not Verified; Sonic Solutions; Drag-to-Disc; 8.0.0.212; 8.0.0.212>
2007-04-20 16:28:54 0 d-------- C:\Program Files\Winamp
2007-04-20 16:17:52 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System; 1.0.0.1; 1.0.1.0>
2007-04-20 16:17:15 86 --a------ C:\WINDOWS\setuplog
2007-04-20 16:14:53 1227776 --a------ C:\WINDOWS\System32\quartz.dll
2007-04-20 16:14:53 733184 --a------ C:\WINDOWS\System32\qedwipes.dll
2007-04-20 16:14:53 1798144 --a------ C:\WINDOWS\System32\qedit.dll
2007-04-20 16:14:53 13312 --a------ C:\WINDOWS\System32\msdmo.dll
2007-04-20 16:14:52 257024 --a------ C:\WINDOWS\System32\qcap.dll
2007-04-20 16:14:52 34304 --a------ C:\WINDOWS\System32\mciqtz32.dll
2007-04-20 16:14:52 132608 --a------ C:\WINDOWS\System32\devenum.dll
2007-04-20 16:14:52 64512 --a------ C:\WINDOWS\System32\amstream.dll
2007-04-20 16:14:47 90112 -----n--- C:\WINDOWS\Updreg.EXE <Not Verified; Creative Technology Ltd.; Creative Updreg; 1.0.2; 1.0.2>
2007-04-20 16:14:10 115200 -ra------ C:\WINDOWS\System32\sfms32.dll <Verified; Creative Technology Ltd; Creative Audio Product; 2.04.0050; 5.12.01.1081-2.04.0050>
2007-04-20 16:14:10 137728 -ra------ C:\WINDOWS\System32\P17res.dll <Verified; Creative Technology Ltd.; P17 Driver Resources; 5.12.01.00404; 5.12.01.00404>
2007-04-20 16:14:10 53248 -ra------ C:\WINDOWS\System32\P17CPI.dll <Verified; ; P17CPI Module; 1, 0, 0, 2; 1, 0, 0, 2>
2007-04-20 16:14:10 64512 -ra------ C:\WINDOWS\System32\P17.dll <Verified; ; P17 AudioControlX2 Module; 1.0.1.41; 1.0.1.41>
2007-04-20 16:14:10 8704 -ra------ C:\WINDOWS\System32\drivers\Pfmodnt.sys <Verified; Creative Technology Ltd.; PfModNT; 3.0.0.11; 3.0.0.11>
2007-04-20 16:14:10 1389056 -ra------ C:\WINDOWS\System32\drivers\P17.sys <Verified; Creative Technology Ltd.; ; 5.12.01.512; 5.12.01.512>
2007-04-20 16:14:10 138752 -ra------ C:\WINDOWS\System32\drivers\ctsfm2k.sys <Verified; Creative Technology Ltd; Creative Audio Product; 2.04.0050; 5.12.01.1081-2.04.0050>
2007-04-20 16:14:10 106496 -ra------ C:\WINDOWS\System32\drivers\ctoss2k.sys <Verified; Creative Technology Ltd.; Creative Audio Product; 2.04.0050; 5.12.01.1081-2.04.0050>
2007-04-20 16:14:10 133632 -ra------ C:\WINDOWS\System32\CtDvInst.dll <Verified; Creative Technology Limited; Creative Technology Limited CtDvInst; 0, 3, 0, 30; 0, 3, 0, 30>
2007-04-20 16:13:58 0 d-------- C:\WINDOWS\System32\Data
2007-04-20 16:13:58 11264 --a------ C:\WINDOWS\INRES.DLL <Not Verified; Creative Technology Limited; Creative Technology Limited inRes; 1, 0, 9, 0; 1, 0, 9, 0>
2007-04-20 16:12:11 0 d-------- C:\WINDOWS\RegisteredPackages
2007-04-20 16:12:00 0 d-------- C:\Program Files\Creative
2007-04-20 16:11:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-20 16:11:12 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-20 14:03:02 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Macromedia
2007-04-19 21:23:17 77312 -ra------ C:\WINDOWS\System32\drivers\viasraid.sys <Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver; 5.1.2600.220; 5.1.2600.220>
2007-04-19 21:23:11 65280 -ra------ C:\WINDOWS\System32\drivers\Rtlnic51.sys <Verified; Realtek Semiconductor Corporation; Realtek RTL8139/810x/8169/8110 all in one NDIS Driver; 5.606.811.2003; 5.606.811.2003 built by: WinDDK>
2007-04-19 21:18:41 0 d-------- C:\WINDOWS\System32\ReinstallBackups
2007-04-19 21:17:46 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller; 5, 51; 5, 51, 138, 0>
2007-04-19 21:17:37 0 d-------- C:\Documents and Settings\LeetSauce\WINDOWS
2007-04-19 20:19:21 24661 --a------ C:\WINDOWS\System32\spxcoins.dll <Verified; Perle Systems Ltd.; Specialix Multi-port Serial Device Class CoInstaller; 1.0.0.0007; 1.0.0.0007>
2007-04-17 20:49:14 0 d-------- C:\Program Files\SuperCleaner
2007-04-17 20:46:51 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Aim
2007-04-17 20:46:29 0 d-------- C:\Program Files\Viewpoint
2007-04-17 20:46:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-04-17 20:46:28 344064 --a------ C:\WINDOWS\System32\msvcr70.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.00.9466.0; 7.00.9466.0>
2007-04-17 20:46:27 0 d-------- C:\Program Files\AIM
2007-04-17 20:44:58 348160 --a------ C:\WINDOWS\System32\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3052.4; 7.10.3052.4>
2007-04-17 20:44:58 499712 --a------ C:\WINDOWS\System32\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3077.0; 7.10.3077.0>
2007-04-17 17:47:10 0 d--hs---- C:\WINDOWS\Installer
2007-04-17 17:47:08 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Identities
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\Templates
2007-04-17 17:47:00 0 dr------- C:\Documents and Settings\LeetSauce\Start Menu
2007-04-17 17:47:00 0 dr-h----- C:\Documents and Settings\LeetSauce\SendTo
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\PrintHood
2007-04-17 17:47:00 1572864 --ah----- C:\Documents and Settings\LeetSauce\NTUSER.DAT
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\NetHood
2007-04-17 17:47:00 0 dr------- C:\Documents and Settings\LeetSauce\My Documents <MYDOCU~1>
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\Local Settings
2007-04-17 17:47:00 0 dr------- C:\Documents and Settings\LeetSauce\Favorites
2007-04-17 17:47:00 0 d-------- C:\Documents and Settings\LeetSauce\Desktop
2007-04-17 17:47:00 0 d---s---- C:\Documents and Settings\LeetSauce\Cookies
2007-04-17 17:47:00 0 dr-h----- C:\Documents and Settings\LeetSauce\Application Data
2007-04-17 17:46:29 0 d--hs---- C:\System Volume Information
2007-04-17 17:46:28 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-17 17:46:28 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-04-17 17:46:28 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-04-17 17:46:28 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-04-17 17:46:28 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-04-17 17:46:27 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-17 17:46:27 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-04-17 17:46:27 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-04-17 17:46:27 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-04-17 17:46:27 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-04-17 17:43:31 0 d-------- C:\WINDOWS\System32\xircom
2007-04-17 17:43:31 0 d-------- C:\Program Files\microsoft frontpage
2007-04-17 17:43:20 266240 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-17 17:43:14 0 -rahs---- C:\MSDOS.SYS
2007-04-17 17:43:14 0 -rahs---- C:\IO.SYS
2007-04-17 17:43:14 0 --a------ C:\CONFIG.SYS
2007-04-17 17:43:14 0 --a------ C:\AUTOEXEC.BAT
2007-04-17 17:42:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-17 17:42:19 0 dr------- C:\WINDOWS\Offline Web Pages
2007-04-17 17:42:19 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-17 17:42:00 0 d-------- C:\WINDOWS\srchasst
2007-04-17 17:40:05 0 d-------- C:\WINDOWS\System32\Macromed
2007-04-17 17:40:05 0 d-------- C:\WINDOWS\System32\DirectX
2007-04-17 17:39:56 0 d-------- C:\Program Files\Movie Maker
2007-04-17 17:39:35 0 d-------- C:\WINDOWS\System32\Restore
2007-04-17 17:39:34 28672 --a------ C:\WINDOWS\System32\isrdbg32.dll <Verified; Intel Corporation; ISRDBG32.DLL; 0.0; 0.0>
2007-04-17 17:39:31 0 d-------- C:\WINDOWS\PCHEALTH
2007-04-17 17:39:27 0 d---s---- C:\WINDOWS\Tasks
2007-04-17 17:39:25 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-17 17:38:59 22720 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-04-17 17:38:42 0 d-------- C:\WINDOWS\Registration
2007-04-17 17:38:35 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-17 17:38:35 0 d-------- C:\Program Files\Online Services
2007-04-17 17:38:30 0 d-------- C:\Program Files\Messenger
2007-04-17 17:38:23 0 d-------- C:\Program Files\MSN Gaming Zone
2007-04-17 17:38:16 44544 --a------ C:\WINDOWS\System32\hticons.dll <Verified; Hilgraeve, Inc.; Microsoft® Windows® Operating System; 5.1.2600.0; 5.1.2600.0>
2007-04-17 17:38:15 0 d-------- C:\Program Files\Windows NT
2007-04-17 17:38:08 1161 --a------ C:\WINDOWS\System32\usrlogon.cmd
2007-04-17 17:38:07 0 d-------- C:\WINDOWS\System32\MsDtc
2007-04-17 17:38:05 0 d-------- C:\WINDOWS\System32\Com
2007-04-17 10:32:30 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-17 10:32:28 0 dr------- C:\Program Files
2007-04-17 10:32:28 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-17 10:32:18 103424 --a------ C:\WINDOWS\System32\EqnClass.Dll <Verified; Equinox Systems Inc.; Equinox Multiport Serial Coinstaller; 5.0u(58); 5.0u(58)>
2007-04-17 10:32:18 176157 --a------ C:\WINDOWS\System32\dgrpsetu.dll <Verified; Digi International, Inc.; Digi RealPort® Driver; 2.3.7; 2.3.7>
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-04-17 10:32:09 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-04-17 10:32:09 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2007-04-17 10:32:09 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-04-17 10:32:09 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-04-17 10:32:09 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-04-17 10:32:09 0 dr------- C:\Documents and Settings\All Users\Documents
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-04-17 10:31:59 0 d-------- C:\WINDOWS\System32\CatRoot2
2007-04-17 10:31:59 0 d-------- C:\WINDOWS\System32\CatRoot
2007-04-17 10:31:54 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-04-17 10:31:54 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-04-17 10:31:54 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-04-17 10:31:54 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-04-17 10:31:42 0 d-------- C:\Documents and Settings
2007-04-17 10:28:07 0 d-------- C:\WINDOWS
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\WinSxS
2007-04-17 10:28:07 0 dr------- C:\WINDOWS\Web
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\twain_32
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\system32
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\wins
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\wbem
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\usmt
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\spool
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\ShellExt
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\Setup
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\ras
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\oobe
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\npp
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\mui
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\inetsrv
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\IME
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\icsxml
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\ias
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\export
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\drivers
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\drivers\etc
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-04-17 10:28:07 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\dhcp
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\config
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\3com_dmi
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\3076
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\2052
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1054
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1042
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1041
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1037
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1033
2007-04-17 10:28: