Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Virus.Win32.delf.ak and others HiJack This
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 03-30-2007, 10:18 PM   #1 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Virus.Win32.delf.ak and others HiJack This
Hello,
I need help cleaning what appears to be some spyware / malware on my system.
New to forum - so hopefully I have included the right information for you.

I have 3 things happening.

1. Desktop display settings change on reboot from normal 1024x768 to 800x600.

2. I occassionally get redirected (I use Mozilla Firefox) to an educational website.

3. I consistently get a SEVERE RISK result when I run the Xoftspy spychecker for the Virus.Win32.Delf.ak in the Windows\System32\SVKP file and all of it's registry entries.

and

a POTENTIALLY UNWANTED result for VIEWPOINT

and

I noticed that the last folder Xoftspy scanned was the C:\Program Files\zipclix folder. Can't locate this folder. Searched for it. Found one entry in the registry. Removed it.

See Attached Snapshot of Xoftspy Report log.

I have a Pentium 4 , 3.2 ghz , 1gig memory, running Windows XP Pro SP2.

I currently run daily:

Ad-Aware Se Personal
eTrust Pest Patrol
Spybot S&D
ATF Cleaner
CWShredder
Xoftspy

CA EZ Antivirus
Zone Alarm Personal
Registry Medic
RegSeeker


The Xoftspy software is the only one that shows the Viewpoint and Win32.delf.ak results.
None of my other spyware checkers show this as a problem.

I ran the Norton Antivirus online scan. Found 2 viruses and removed them. Still getting the VIRUS.WIN32.DELF.AK results after this scan.

I have followed your 5 steps before posting this log.

1. Checked the malware listings ( I have Viewpoint) Deleted the folder
2. Ran Ad-Aware - resulted in a clean scan (downloaded the VVX2 cleaner - however can't get it to appear in the Ad-Ons section in Ad-Aware).
Ran the Panda online scan. Found some viruses and spywares. Log is attached. Xoftspy still showing the Virus.Win32.delf.ak after this scan.
3. Downloaded Spyware Blaster and Spyware Guard. Installed them.
4. Updated Windows XP Prof - all critical updates done except IE 7. Had this installed , had problems making my wireless connection work so I removed it. Am running IE 6. However, I use Firefox v1.07 . Removed v2.0 – was much slower on my system. Kept dropping connections.

Here's the Deckard's System Scanner and HiJack This log.

Any help would be appreciated.
Thanks
Saber0981


Deckard's System Scanner v20070328.36
Run by Dana on 2007-03-30 at 23:42:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2007-03-31 03:42:19 UTC - RP84 - Deckard's System Scanner Restore Point
4: 2007-03-31 02:50:43 UTC - RP83 - Software Distribution Service 2.0
3: 2007-03-31 02:41:20 UTC - RP82 - Software Distribution Service 2.0
2: 2007-03-30 01:34:33 UTC - RP81 - AftrPandaOnlineCleanupVirsSpy
1: 2007-03-30 01:33:51 UTC - RP80 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Dana.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:43:39 PM, on 3/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Ahead\InCD\InCD.exe
G:\America Online 9.0\waol.exe
G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
G:\America Online 9.0\shellmon.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
H:\MY FILES\Downloads\SOFTWAREDownlds\SpywareSW\HiJackThisVer1991\DeckardSystemScannerInclHiJack\dss.exe
H:\MYFILE~1\DOWNLO~1\SOFTWA~1\SPYWAR~1\HIJACK~1\Dana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Program FilesDM\NIERSOFT\3D Virtual Cube\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - g:\Program FilesDM\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - g:\Program FilesDM\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Zone Labs Client] g:\Program FilesDM\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QOELOADER] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RtWLan] g:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe /H
O4 - HKCU\..\Run: [AOL Fast Start] "G:\America Online 9.0\AOL.EXE" -b
O4 - Startup: SpywareGuard.lnk = G:\Program FilesDM\SpywareGuard\sgmain.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174356460203
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\FIXPGMSDOWNLOADED\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe


-- File Associations -----------------------------------------------------------

.scr - PhEdit.scr - shell\open\command - C:\Program Files\VCW VicMan's Photo Editor\vcwphoto.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys
R1 magicpvt - c:\windows\system32\drivers\magicpvt.sys
R1 MagicTune - c:\windows\system32\drivers\mtictwl.sys
R1 VETEFILE (VET File Scan Engine) - c:\windows\system32\drivers\vetefile.sys
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys
R2 NIOC (NIOC Service) - c:\windows\system32\nioc.sys
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys
R3 hap17v2k (Creative P17V HAL Driver) - c:\windows\system32\drivers\hap17v2k.sys
R3 VETEBOOT (VET Boot Scan Engine) - c:\windows\system32\drivers\veteboot.sys
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys

S3 ialm - c:\windows\system32\drivers\ialmnt5.sys
S3 PRISM_USB (D-Link Air DWL-122 Wireless USB Adapter Driver) - c:\windows\system32\drivers\prismusb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CAISafe - g:\program filesdm\ca\etrust ez armor\etrust ez antivirus\isafe.exe
R2 RetroWDSvc (Retrospect WD Service) - c:\progra~1\dantz\retros~1\wdsvc.exe
R2 VETMSGNT (VET Message Service) - g:\program filesdm\ca\etrust ez armor\etrust ez antivirus\vetmsg.exe
R2 WZCBDLService (WZCBDL Service) - "c:\program files\wzcbdl service\wzcbdls.exe"

S3 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe
S3 HP Port Resolver - c:\windows\system32\spool\drivers\w32x86\3\hpbpro.exe
S3 HP Status Server - c:\windows\system32\spool\drivers\w32x86\3\hpboid.exe


-- Files created between 2007-02-28 and 2007-03-30 -----------------------------

2007-03-29 21:24:42 0 d-------- C:\Program Files\MetaStream<METAST~1>
2007-03-29 21:12:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint<VIEWPO~1>
2007-03-29 19:25:27 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-28 16:30:35 0 d-------- C:\Documents and Settings\Dana\Application Data\Leadertech<LEADER~1>
2007-03-25 10:59:50 0 d-------- C:\Documents and Settings\Dana\Application Data\ArcSoft
2007-03-24 18:48:15 3436 --a------ C:\WINDOWS\system32\xrIvoQMb.dll
2007-03-24 18:47:37 423424 --a------ C:\WINDOWS\system32\ocuninst.exe
2007-03-24 18:08:33 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-03-24 16:38:45 0 d-------- C:\Documents and Settings\Dana\Application Data\Printer Info Cache<PRINTE~1>
2007-03-24 16:38:44 0 d-------- C:\Documents and Settings\Dana\Application Data\Image Zone Express<IMAGEZ~1>
2007-03-24 01:36:36 0 d-------- C:\I386
2007-03-22 22:30:13 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1>
2007-03-22 22:29:52 0 d-------- C:\Program Files\NCBuy
2007-03-22 20:02:58 194304 --a------ C:\WINDOWS\system32\drivers\wg111v2.sys
2007-03-22 20:02:58 13532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys
2007-03-22 20:02:57 196608 --a------ C:\WINDOWS\system32\RtlLib.dll
2007-03-22 20:02:57 155648 --a------ C:\WINDOWS\system32\IpLib.dll
2007-03-22 20:02:57 126976 --a------ C:\WINDOWS\system32\EnumDevLib.dll<ENUMDE~1.DLL>
2007-03-22 20:02:57 59136 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2007-03-21 14:20:43 0 d-------- C:\Documents and Settings\Dana\Application Data\CyberLink<CYBERL~1>
2007-03-21 14:09:31 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2007-03-21 14:09:31 102160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2007-03-21 14:09:31 16384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2007-03-21 14:09:30 0 d-------- C:\Program Files\lg_fwupdate<LG_FWU~1>
2007-03-21 1407 0 d-------- C:\Program Files\Common Files\LightScribe<LIGHTS~1>
2007-03-21 14:04:22 28672 -----n--- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-03-21 14:02:52 0 d-------- C:\Program Files\CyberLink<CYBERL~2>
2007-03-21 14:01:59 40960 --a------ C:\Program Files\Uninstall_CDS.exe<UNINST~1.EXE>
2007-03-21 14:01:58 0 d-------- C:\Program Files\CyberLink DVD Solution<CYBERL~1>
2007-03-21 13:43:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SBT
2007-03-21 13:43:28 0 d-------- C:\Program Files\Snapshot Viewer<SNAPSH~1>
2007-03-21 13:39:42 0 d-------- C:\WINDOWS\ShellNew
2007-03-21 13:38:47 0 d-------- C:\Documents and Settings\Dana\Application Data\Microsoft Web Folders<MICROS~2>
2007-03-21 11:21:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-21 06:28:56 0 d-------- C:\WINDOWS\CAVTemp
2007-03-21 04:24:48 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-03-20 20:52:58 335872 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2007-03-20 20:52:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Retrospect<RETROS~1>
2007-03-20 20:52:45 0 d-------- C:\Program Files\Dantz
2007-03-20 20:37:21 0 d-------- C:\WINDOWS\MVUNINST
2007-03-20 19:26:13 180224 --a------ C:\WINDOWS\system32\SanDisk Screen Saver.scr<SANDIS~1.SCR>
2007-03-20 18:49:54 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-03-20 18:49:54 26787 --a------ C:\WINDOWS\system32\drivers\VetMonNT.sys
2007-03-20 18:49:54 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-03-20 18:49:54 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-03-20 18:49:54 629264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-03-20 18:49:54 108592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-03-20 18:49:53 115824 --a------ C:\WINDOWS\UnVet32.exe
2007-03-20 18:49:53 243824 --a------ C:\WINDOWS\unicows.dll
2007-03-20 18:49:53 74864 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-03-20 18:49:53 74864 --a------ C:\WINDOWS\system32\iSafProd.dll
2007-03-20 18:49:53 95344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2007-03-20 18:49:53 111728 --a------ C:\WINDOWS\AVShlExt.dll
2007-03-20 18:49:49 49152 --a------ C:\WINDOWS\unezas.exe
2007-03-20 18:49:37 672832 --a------ C:\WINDOWS\system32\ppctl.dll
2007-03-20 18:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-03-20 18:49:34 0 d-------- C:\Program Files\Common Files\Scanner
2007-03-20 18:13:49 0 d-------- C:\Documents and Settings\Dana\Application Data\Lavasoft
2007-03-20 17:42:22 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-20 17:42:18 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-20 17:41:21 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-20 17:29:39 0 d-------- C:\Documents and Settings\Dana\Application Data\HP
2007-03-20 17:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-03-20 17:27:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-03-20 17:27:43 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-03-20 17:26:15 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-03-20 17:25:50 0 d-------- C:\Program Files\Common Files\HP
2007-03-20 17:24:42 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-20 17:24:28 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-03-20 17:23:52 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-03-20 17:23:49 49664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-03-20 17:23:27 77824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-03-20 17:23:26 38400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-03-20 17:23:08 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-20 17:16:05 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-03-20 17:16:05 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-03-20 17:16:05 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-03-20 17:16:05 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-03-20 17:16:05 65536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-03-20 17:16:05 282680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-03-20 17:15:35 0 d-------- C:\Program Files\HP
2007-03-20 17:15:03 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-20 17:15:02 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-20 17:14:04 117100 --a------ C:\WINDOWS\hpoins11.dat
2007-03-20 16:59:38 99965 --a------ C:\WINDOWS\UninstallFirefox.exe<UNINST~1.EXE>
2007-03-20 16:59:29 2654 --a------ C:\WINDOWS\mozver.dat
2007-03-20 16:45:22 0 d-------- C:\Program Files\WZCBDL Service<WZCBDL~1>
2007-03-20 16:45:05 0 d-------- C:\Program Files\NIOC Service<NIOCSE~1>
2007-03-20 16:22:12 155648 --a------ C:\WINDOWS\system32\ifc21.dll
2007-03-20 16:22:12 94208 --a------ C:\WINDOWS\system32\FEELIT.DLL
2007-03-20 16:22:11 29184 --a------ C:\WINDOWS\system32\LOGILANG.DLL
2007-03-20 16:22:11 17408 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2007-03-20 16:22:11 3792 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2007-03-20 16:22:11 109056 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2007-03-20 16:22:11 164352 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2007-03-20 16:22:11 0 d-------- C:\Program Files\Common Files\Logitech
2007-03-20 16:22:09 140800 -----n--- C:\WINDOWS\system32\lmoufrc.dll
2007-03-20 16:22:09 19182 --a------ C:\WINDOWS\system32\LCoInst.dll
2007-03-20 16:22:09 67440 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.sys
2007-03-20 16:22:09 5840 --a------ C:\WINDOWS\system32\drivers\LKbdFlt2.sys
2007-03-20 16:22:09 37822 --a------ C:\WINDOWS\system32\drivers\LHidUsb.Sys
2007-03-20 16:22:09 22064 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.sys
2007-03-20 16:22:09 12413 -----n--- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-03-20 16:22:09 50432 -----n--- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2007-03-20 15:24:05 0 d-------- C:\Documents and Settings\Dana\Application Data\Jasc
2007-03-20 14:35:27 79360 --a------ C:\WINDOWS\system32\sam_nv4_disp.dll<SAM_NV~1.DLL>
2007-03-20 14:35:27 32 --a------ C:\WINDOWS\system32\driver.dat
2007-03-20 14:35:25 9728 -ra------ C:\WINDOWS\system32\drivers\magicpvt.sys
2007-03-20 14:35:24 61440 --a------ C:\WINDOWS\system32\mpvthook.dll
2007-03-20 14:35:24 79360 --a------ C:\WINDOWS\system32\magicpvt.dll
2007-03-20 14:35:24 16 --a------ C:\WINDOWS\system32\magicpvt.dat
2007-03-20 14:35:24 0 d-------- C:\Program Files\MagicRotation<MAGICR~1>
2007-03-20 14:34:49 40960 --a------ C:\WINDOWS\system32\nvgpio.dll
2007-03-20 14:34:49 36864 --a------ C:\WINDOWS\system32\nvapi9x.dll
2007-03-20 14:34:49 13396 --a------ C:\WINDOWS\system32\drivers\MTiCtwl.sys
2007-03-20 14:34:37 0 d-------- C:\Program Files\SEC
2007-03-20 14:13:56 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-03-20 14:13:44 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-20 11:05:05 0 d-------- C:\Documents and Settings\Dana\Application Data\AOL
2007-03-20 11:04:55 0 d-------- C:\Program Files\Common Files\aolback
2007-03-20 11:04:18 173184 --a------ C:\WINDOWS\system32\ygpss.scr
2007-03-20 11:04:18 0 d-------- C:\Documents and Settings\Dana\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-03-20 11:04:17 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-03-20 11:04:00 86016 --a------ C:\WINDOWS\unvise32qt.exe<UNVISE~1.EXE>
2007-03-20 11:03:55 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-03-20 11:03:55 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-20 11:03:55 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime<QUICKT~1>
2007-03-20 11:03:50 0 d-------- C:\My Music<MYMUSI~1>
2007-03-20 11:03:49 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-03-20 11:03:46 0 d-------- C:\Program Files\Real
2007-03-20 11:03:45 0 d-------- C:\Program Files\Common Files\Real
2007-03-20 11:03:37 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll<SIMPLE~1.DLL>
2007-03-20 11:03:37 118784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
2007-03-20 11:03:37 10752 --a------ C:\WINDOWS\system32\aamd532.dll
2007-03-20 11:03:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks<PURENE~1>
2007-03-20 11:03:29 0 d-------- C:\Program Files\Pure Networks<PURENE~1>
2007-03-20 11:03:25 0 d-------- C:\Program Files\AOL Toolbar<AOLTOO~1>
2007-03-20 11:03:22 0 d-------- C:\Program Files\AOL Deskbar<AOLDES~1>
2007-03-20 11:03:13 0 d-------- C:\Program Files\Common Files\AolCoach
2007-03-20 11:02:53 0 d-------- C:\Program Files\Common Files\aolshare
2007-03-20 11:02:53 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-03-20 11:01:45 0 d-------- C:\Program Files\Common Files\AOL
2007-03-20 11:01:44 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 11:01:43 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>
2007-03-20 10:51:34 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-20 10:50:43 0 d-------- C:\WINDOWS\system32\LogFiles
2007-03-20 10:50:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-20 10:47:02 36352 -----n--- C:\WINDOWS\system32\tsgqec.dll
2007-03-20 10:47:02 288768 -----n--- C:\WINDOWS\system32\rhttpaa.dll
2007-03-20 10:47:02 116736 -----n--- C:\WINDOWS\system32\aaclient.dll
2007-03-20 10:44:14 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-03-20 10:27:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-20 10:17:38 0 d-------- C:\Program Files\Microsoft Digital Image 2006<MICROS~2>
2007-03-19 22:10:10 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-19 22:10:10 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-03-19 22:10:09 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-19 22:08:22 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-03-19 22:08:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-03-19 22:07:37 0 d---s---- C:\Documents and Settings\Dana\UserData
2007-03-19 21:45:34 127488 -----n--- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-19 21:45:34 5888 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-19 21:45:16 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-03-19 21:45:15 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-19 21:45:15 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-03-19 21:45:15 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-19 21:45:15 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-03-19 21:44:30 2973696 -----n--- C:\WINDOWS\NuNinst.exe
2007-03-19 21:44:28 8704 -----n--- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-03-19 21:44:28 29696 -----n--- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-03-19 21:44:28 99584 -----n--- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-03-19 21:44:28 0 d-------- C:\WINDOWS\InCD
2007-03-19 21:43:15 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-19 21:43:12 38912 --a------ C:\WINDOWS\system32\picn20.dll
2007-03-19 21:43:12 544768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-03-19 21:43:12 569344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-03-19 21:43:11 283920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-03-19 21:43:10 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-03-19 21:43:10 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-19 21:43:06 0 d-------- C:\Program Files\Ahead
2007-03-19 21:23:39 0 d-------- C:\Documents and Settings\Dana\Application Data\ACD Systems<ACDSYS~1>
2007-03-19 21:22:54 0 d-------- C:\Program Files\Common Files\ACD Systems<ACDSYS~1>
2007-03-19 21:22:54 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems<ACDSYS~1>
2007-03-19 21:21:03 0 d-------- C:\Program Files\ACD Systems<ACDSYS~1>
2007-03-19 21:19:22 0 d-------- C:\Program Files\PrintKey2000<PRINTK~1>
2007-03-19 21:16:19 0 d-------- C:\Program Files\Registry Medic<REGIST~1>
2007-03-19 20:44:39 0 d-------- C:\Program Files\StartCop
2007-03-19 20:42:46 0 d-------- C:\Documents and Settings\Dana\Application Data\Adobe
2007-03-19 20:42:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-03-19 10:10:26 41984 -----n--- C:\WINDOWS\Ctregrun.exe
2007-03-19 10:09:45 183 --a------ C:\WINDOWS\setuplog
2007-03-19 10:09:02 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-03-19 10:09:02 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-03-19 10:07:37 90112 -----n--- C:\WINDOWS\Updreg.EXE
2007-03-19 10:07:37 0 d-------- C:\WINDOWS\system32\Defaults
2007-03-19 10:07:23 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-03-19 10:07:23 81920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-03-19 1049 0 d-------- C:\WINDOWS\system32\Data
2007-03-19 1049 10240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-03-19 1048 11776 --a------ C:\WINDOWS\INRES.DLL
2007-03-19 1019 0 d-------- C:\Documents and Settings\Dana\Application Data\Creative
2007-03-19 10:05:05 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-03-19 10:04:56 0 d-------- C:\Program Files\Creative
2007-03-19 10:02:01 0 d--hs---- C:\RECYCLER
2007-03-19 03:35:11 0 d-------- C:\Program Files\Jasc Software Inc<JASCSO~1>
2007-03-19 03:32:28 0 d-------- C:\Program Files\VCW VicMan's Photo Editor<VCWVIC~1>
2007-03-19 03:20:12 0 d-------- C:\temp
2007-03-19 03:19:12 0 d-------- C:\PSFONTS
2007-03-19 03:19:11 4064 --a------ C:\WINDOWS\system32\drivers\ATMHELPR.SYS
2007-03-19 03:19:11 212352 --a------ C:\WINDOWS\system32\ATMDRVR.DLL
2007-03-19 03:19:11 0 d-------- C:\Program Files\Adobe Type Manager<ADOBET~1>
2007-03-19 03:18:14 0 d-------- C:\WINDOWS\system32\Color
2007-03-19 03:18:14 0 d-------- C:\KPCMS
2007-03-19 03:18:13 249856 --a------ C:\WINDOWS\system32\Snap32n.dll
2007-03-19 03:18:13 210944 --a------ C:\WINDOWS\system32\msvcrt10.dll
2007-03-19 03:18:13 20976 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-03-19 03:18:13 133120 --a------ C:\WINDOWS\Sprof32.dll
2007-03-19 03:18:13 212480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-03-19 03:18:13 37376 --a------ C:\WINDOWS\KPSYS32.DLL
2007-03-19 03:18:13 196608 --a------ C:\WINDOWS\KPCP32.DLL
2007-03-19 03:18:13 132096 --a------ C:\WINDOWS\KPAPI32.DLL
2007-03-19 03:18:13 27136 --a------ C:\WINDOWS\CTL3D32.DLL
2007-03-19 03:18:12 4080 --a------ C:\WINDOWS\system32\WINSIZE.DLL
2007-03-19 03:18:12 415744 --a------ C:\WINDOWS\system32\EZIMG25.DLL
2007-03-19 03:18:12 27136 --a------ C:\WINDOWS\system32\CPPENV25.DLL
2007-03-19 03:18:11 54784 --a------ C:\WINDOWS\EasyPhoto Slide Show.scr<EASYPH~1.SCR>
2007-03-19 03:18:02 0 d-------- C:\Program Files\PhotoDeluxe BE 1.1<PHOTOD~1.1>
2007-03-19 03:17:25 299520 --a------ C:\WINDOWS\uninst.exe
2007-03-19 03:17:23 0 d-------- C:\Documents and Settings\Dana\WINDOWS
2007-03-19 03:09:43 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles<NVIEW_~1>
2007-03-19 03:07:58 180224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-19 03:07:58 0 d-------- C:\WINDOWS\nview
2007-03-19 03:07:36 180224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-19 03:03:14 42368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-03-19 03:03:07 4274816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-03-19 03:03:07 1897408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-03-18 22:32:46 0 d-------- C:\WINDOWS\system32\appmgmt
2007-03-18 07:04:48 4096 --a------ C:\WINDOWS\d3dx.dat
2007-03-18 07:04:25 0 d-------- C:\Program Files\Saints & Sinners Bowling<SAINTS~1>
2007-03-18 07:04:11 0 d-------- C:\Program Files\ReflexiveArcade<REFLEX~1>
2007-03-18 03:46:29 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-18 03:46:27 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-18 03:42:38 80512 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-03-18 03:42:25 0 d-------- C:\WINDOWS\OPTIONS
2007-03-18 03:42:25 0 d-------- C:\Program Files\Realtek
2007-03-18 03:39:20 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-03-18 03:39:16 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-18 03:39:09 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-18 03:39:07 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-18 03:39:00 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-18 03:38:58 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-18 03:38:57 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-18 03:38:56 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-18 03:38:54 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-18 03:38:52 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-18 03:38:51 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-18 03:38:49 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-18 03:38:41 135168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-03-18 03:38:40 10518528 -r------- C:\WINDOWS\system32\RTLCPL.exe
2007-03-18 03:38:31 3959360 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-03-18 03:38:31 577536 -r------- C:\WINDOWS\soundman.exe
2007-03-18 03:38:29 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-18 03:38:29 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-18 03:38:28 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-18 03:38:09 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-03-18 03:37:55 307200 -r------- C:\WINDOWS\alcupd.exe
2007-03-18 03:37:55 217088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-03-18 03:37:53 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-18 03:37:43 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-18 03:37:13 135168 -ra------ C:\WINDOWS\system32\igfxres.dll
2007-03-18 03:36:18 61440 -ra------ C:\WINDOWS\system32\iAlmCoIn_v4396.dll<IALMCO~1.DLL>
2007-03-18 03:36:17 524288 -ra------ C:\WINDOWS\system32\igldev32.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuTRK.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuTHA.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuSVE.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuRUS.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuPTG.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuPTB.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuPLK.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuNOR.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuNLD.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuKOR.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuJPN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuITA.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuHUN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuHEB.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuFRC.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuFRA.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuFIN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuESP.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuENG.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuELL.dll
2007-03-18 03:36:17 114688 -ra------ C:\WINDOWS\system32\ialmudlg.exe
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuDEU.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuDAN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuCSY.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuCHT.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuCHS.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuARB.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuARA.dll
2007-03-18 03:36:16 2310144 -ra------ C:\WINDOWS\system32\iglicd32.dll
2007-03-18 03:36:16 94208 -ra------ C:\WINDOWS\system32\igfxext.exe
2007-03-18 03:36:16 40960 -ra------ C:\WINDOWS\system32\igfxexps.dll
2007-03-18 03:36:16 49152 -ra------ C:\WINDOWS\system32\ialmrem.dll
2007-03-18 03:36:14 114688 -ra------ C:\WINDOWS\system32\igfxzoom.exe
2007-03-18 03:36:14 94208 -ra------ C:\WINDOWS\system32\igfxtray.exe
2007-03-18 03:36:14 1503232 -ra------ C:\WINDOWS\system32\igfxress.dll
2007-03-18 03:36:14 114688 -ra------ C:\WINDOWS\system32\igfxpers.exe
2007-03-18 03:36:14 77824 -ra------ C:\WINDOWS\system32\hkcmd.exe
2007-03-18 03:36:13 159744 -ra------ C:\WINDOWS\system32\igfxsrvc.exe
2007-03-18 03:36:13 57344 -ra------ C:\WINDOWS\system32\igfxsrvc.dll
2007-03-18 03:36:13 147456 -ra------ C:\WINDOWS\system32\igfxpph.dll
2007-03-18 03:36:13 86016 -ra------ C:\WINDOWS\system32\igfxdo.dll
2007-03-18 03:36:13 135168 -ra------ C:\WINDOWS\system32\igfxdev.dll
2007-03-18 03:36:13 446464 -ra------ C:\WINDOWS\system32\igfxcfg.exe
2007-03-18 03:36:13 73728 -ra------ C:\WINDOWS\system32\hccutils.dll
2007-03-18 03:36:12 36990 -ra------ C:\WINDOWS\system32\ialmrnt5.dll
2007-03-18 03:36:12 118395 -ra------ C:\WINDOWS\system32\ialmdnt5.dll
2007-03-18 03:36:12 213274 -ra------ C:\WINDOWS\system32\ialmdev5.dll
2007-03-18 03:36:12 900218 -ra------ C:\WINDOWS\system32\ialmdd5.dll
2007-03-18 03:36:12 1302332 -ra------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2007-03-18 03:32:59 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-18 03:32:57 0 d-------- C:\Program Files\Intel
2007-03-18 03:30:20 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-03-18 03:29:59 0 d-------- C:\TempEI4
2007-03-18 03:26:34 3145728 --ah----- C:\Documents and Settings\Dana\NTUSER.DAT
2007-03-18 03:25:25 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-18 03:25:13 0 d-------- C:\WINDOWS\Prefetch
2007-03-18 03:25:11 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-03-18 03:21:30 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-03-18 03:17:43 0 d-------- C:\WINDOWS\system32\xircom
2007-03-18 03:17:43 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-18 03:17:29 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-03-18 03:17:19 0 -rahs---- C:\MSDOS.SYS
2007-03-18 03:17:19 0 -rahs---- C:\IO.SYS
2007-03-18 03:17:19 0 --a------ C:\CONFIG.SYS
2007-03-18 03:17:19 0 --a------ C:\AUTOEXEC.BAT
2007-03-18 03:16:59 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-18 03:15:39 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-03-18 03:15:25 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-18 03:15:25 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-18 03:15:12 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-03-18 03:14:48 0 d-------- C:\WINDOWS\system32\DirectX
2007-03-18 03:14:33 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-18 03:14:26 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-18 03:14:26 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-18 03:14:23 0 d---s---- C:\WINDOWS\Tasks
2007-03-18 03:14:23 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-18 03:14:22 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-18 03:14:20 0 d-------- C:\WINDOWS\srchasst
2007-03-18 03:14:19 0 d-------- C:\WINDOWS\system32\Macromed
2007-03-18 03:14:17 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-18 03:14:17 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-18 03:14:17 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-18 03:14:17 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-18 03:14:17 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-18 03:14:16 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-18 03:14:16 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-18 03:14:16 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-18 03:14:16 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-18 03:14:16 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-18 03:14:16 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-18 03:14:16 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-18 03:14:16 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-18 03:14:13 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-18 03:14:10 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-18 03:14:10 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-18 03:14:10 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-18 03:14:10 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-18 03:14:08 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-18 03:14:07 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-18 03:14:07 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-18 03:14:07 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-18 03:14:07 0 d-------- C:\WINDOWS\system32\Restore
2007-03-18 03:14:07 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-18 03:14:07 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-18 03:14:07 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-18 03:14:06 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-18 03:14:06 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-18 03:14:06 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-18 03:14:06 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-18 03:14:06 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-18 03:14:06 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-18 03:14:04 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-18 03:14:04 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-18 03:14:03 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-18 03:14:03 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-18 03:14:02 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-18 03:14:02 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-18 03:14:02 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-18 03:14:01 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-18 03:14:01 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-18 03:14:01 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-18 03:14:01 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-18 03:13:24 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-18 03:13:09 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-03-18 03:13:01 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-03-18 03:12:52 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-18 03:12:49 5632 --a------ C:\WINDOWS\system32\write.exe
2007-03-18 03:12:49 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-18 03:12:42 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-18 03:12:42 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-18 03:12:42 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-18 03:12:42 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-18 03:12:42 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-18 03:12:42 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-18 03:12:37 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-18 03:12:36 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-18 03:12:36 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-18 03:12:36 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-18 03:12:36 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-18 03:12:36 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-18 03:12:35 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-18 03:12:35 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-18 03:12:35 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-18 03:12:35 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-18 03:12:35 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-18 03:12:35 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-18 03:12:35 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-18 03:12:35 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-18 03:12:35 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-18 03:12:35 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-18 03:12:35 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-18 03:12:35 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-18 03:12:35 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-18 03:12:34 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-18 03:12:34 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-18 03:12:34 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-18 03:12:34 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-18 03:12:33 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-18 03:12:33 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-18 03:12:33 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-18 03:12:33 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-18 03:12:33 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-18 03:12:33 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-18 03:12:33 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-18 03:12:20 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-18 03:12:20 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-18 03:12:20 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-18 03:12:19 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-18 03:12:19 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-18 03:12:19 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-18 03:12:19 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-18 03:12:19 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-18 03:12:19 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-18 03:12:19 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-18 03:12:19 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-18 03:12:18 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-18 03:12:18 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-18 03:12:18 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-18 03:12:18 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-18 03:12:18 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-18 03:12:18 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-18 03:12:18 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-18 03:12:18 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-18 03:12:18 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-18 03:12:18 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-18 03:12:17 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-18 03:12:17 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-18 03:12:17 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-18 03:12:17 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-18 03:12:17 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-18 03:12:17 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-18 03:12:17 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-18 03:12:17 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-18 03:12:17 0 d-------- C:\WINDOWS\system32\MsDtc
2007-03-18 03:12:17 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-18 03:12:17 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-18 03:12:16 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-18 03:12:16 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-18 03:12:16 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-18 03:12:16 0 d-------- C:\WINDOWS\system32\Com
2007-03-18 03:12:16 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-18 03:12:15 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-18 03:12:15 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-18 03:12:15 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-18 03:12:15 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-18 03:12:15 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-18 03:12:15 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-18 03:12:15 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-18 03:12:10 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-18 03:12:10 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-18 03:12:10 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-18 03:12:09 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-18 03:12:09 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-18 03:12:08 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-17 22:05:15 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-17 22:04:46 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-17 22:04:12 20992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-03-17 22:04:03 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-03-17 22:03:57 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-17 22:02:41 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-03-17 22:02:40 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-17 22:02:37 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-17 22:02:36 0 dr------- C:\Program Files<PROGRA~1>
2007-03-17 22:02:34 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-17 22:02:34 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-17 22:02:34 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-17 22:02:32 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-17 22:02:32 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-17 22:02:30 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-17 22:02:30 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-17 22:02:30 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-17 22:02:30 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-17 22:02:30 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-17 22:02:30 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-17 22:02:30 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-17 22:02:29 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-17 22:02:29 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-17 22:02:29 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-17 22:02:29 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-17 22:02:29 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-17 22:02:28 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-17 22:02:28 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-17 22:02:28 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-17 22:02:28 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-17 22:02:27 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-17 22:02:25 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-17 22:02:25 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-17 22:02:25 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-17 22:02:24 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-17 22:02:24 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-17 22:02:24 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-17 22:02:24 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-17 22:02:24 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-17 22:02:24 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-17 22:02:24 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-17 22:02:24 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-17 22:02:23 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-17 22:02:23 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-17 22:02:23 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-17 22:02:23 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-17 22:02:23 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-17 22:02:23 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-17 22:02:22 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-17 22:02:22 68768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-17 22:02:22 69120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-17 22:02:21 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-17 22:02:13 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-03-17 22:01:59 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-03-17 22:01:59 0 d-------- C:\WINDOWS\system32\CatRoot
2007-03-17 22:01:35 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-03-17 22:01:34 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\WinSxS
2007-03-17 21:55:19 0 dr------- C:\WINDOWS\Web
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\twain_32
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\wins
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\wbem
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\usmt
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\spool
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\ShellExt
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\Setup
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\ras
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\oobe
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\npp
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\mui
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\inetsrv
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\IME
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\icsxml
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\ias
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\export
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\drivers
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-17 21:55:19 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\dhcp
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\config
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\3076
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\2052
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1054
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1042
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1041
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1037
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1033
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1031
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1028
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1025
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\security
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\repair
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\PeerNet
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\pchealth
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\mui
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\msapps
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\msagent
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Media
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\java
2007-03-17 21:55:19 0 d--h----- C:\WINDOWS\inf
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\ime
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Help
2007-03-17 21:55:19 0 dr--s---- C:\WINDOWS\Fonts
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\ehome
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Debug
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Cursors
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Config
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\AppPatch
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-03-21 13:54:45 0 d---s---- C:\Documents and Settings\Dana\Application Data\Microsoft<MICROS~1>
2007-03-20 18:33:50 0 d-------- C:\Documents and Settings\Dana\Application Data\Macromedia<MACROM~1>
2007-03-20 16:59:41 0 d-------- C:\Documents and Settings\Dana\Application Data\Mozilla
2007-03-18 03:26:46 0 d-------- C:\Documents and Settings\Dana\Application Data\Identities<IDENTI~1>
2007-03-17 22:02:13 62 --ahs---- C:\Documents and Settings\Dana\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PowerBar"=""
"AOL Fast Start"="\"G:\\America Online 9.0\\AOL.EXE\" -b"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"Zone Labs Client"="g:\\Program FilesDM\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"QOELOADER"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust Anti-Spam\\QSP-2.1.215.5\\QOELoader.exe\""
"CaAvTray"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"RtWLan"="g:\\Program FilesDM\\NETGEAR\\WG111v2 Configuration Utility\\RtWLan.exe /H"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"AOL Fast Start"="\"G:\\America Online 9.0\\AOL.EXE\" -b"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1174402975\\EE\\AOLHostManager.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"EM_EXEC"="G:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"MagicRotation"="C:\\Program Files\\MagicRotation\\MagicPvt.exe"
"HP Software Update"="G:\\Program FilesDM\\HP\\HP Software Update\\HPWuSchd2.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"WD Button Manager"="WDBtnMgr.exe"
"!ewido"="\"D:\\FIXPGMSDOWNLOADED\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\""
"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"D-Link Air USB Utility"="G:\\Program FilesDM\\D-Link\\Air USB Utility\\AirCFG.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SJYPKT


-- End of Deckard's System Scanner: finished at 2007-03-30 at 23:44:14 ---------
Attached Images
File Type: jpg XoftspyReportLog3202007Win32delfakvirus.jpg (484.2 KB, 3 views)
Attached Files
File Type: txt extra.txt (22.6 KB, 0 views)
File Type: txt Activescan32907Expanded.txt (6.2 KB, 3 views)
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-03-2007, 11:15 PM   #2 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
BUMP please
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-04-2007, 10:09 PM   #3 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hi Saber0981,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, here’s what we do first.

Please download DAFT and save it to your desktop:
  1. Double-click the daft.exe icon. Read the disclaimer and click OK.
  2. Click on the Scan button.
  3. Place a checkmark next to the following entries:

    .scr - PhEdit.scr - shell\open\command - C:\Program Files\VCW VicMan's Photo Editor\vcwphoto.exe %1

  4. Click the Fix button.
  5. Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile with your next post.


NEXT:

Please download haxfix.exe by Marckie and save it to your desktop:
  • Double-click on haxfix.exe to install haxfix. (standard installation path is C:\Program Files\haxfix).
  • Checkmark "Create a desktop icon".
  • Click "Next".
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.
  • Click "Finish".

    A red "DOS window" (DOS box) will open with options:
    1. Make logfile
    2. Run auto fix
    3. Run manual fix
    4. Run Goldun fix
    E. Exit Haxfix

  • Select option 1. Make logfile by typing 1 and then pressing "Enter".
  • Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt -> (c:\haxfix.txt).
  • Copy the contents of that logfile and paste it into this thread.


NEXT:

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". This will change from what we know in 2006, read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

I suggest you remove the program now. Go to Start -> Control Panel -> Add/Remove Programs and remove the following programs (if present):

Viewpoint
Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Program FilesDM\NIERSOFT\3D Virtual Cube\blank.htm


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please download OTMoveIt by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\aamd532.dll
    C:\WINDOWS\d3dx.dat
    D:\BackupsMar2007\CopyMYFILESonH\MY FILES\Downloads\SOFTWAREDownlds\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe
    E:\Documents and Settings\Dana\Desktop\ToOtherPeople\ToWALTmar2007\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe
    G:\BACKUPSeXTRA\BACKUPMYFILES\MY FILES\Downloads\SOFTWAREDownlds\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe
    E:\Documents and Settings\Dana\Desktop\ToOtherPeople\ToWALTmar2007\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe
    G:\BACKUPSeXTRA\BACKUPMYFILES\MY FILES\Downloads\SOFTWAREDownlds\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe
    H:\MY FILES\Downloads\SOFTWAREDownlds\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe
    H:\ToOtherPeople\ToWALTmar2007\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Program Files\Viewpoint

  • Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
  • Click the red MoveIt! button.
  • Copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply.
  • Close OTMoveIt.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The log from DAFT.
  2. The log from the HaxFix scan.
  3. The results report from OTMoveIt.
  4. A new DSS log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 04-04-2007 at 10:12 PM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-06-2007, 07:50 PM   #4 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hi Sempurna,
Thanks for the fast reply and the warm welcome!

I did as you instructed.

Here are the logs from DAFT, HaxFix, and OTMoveIt.
Will send the DDS log in another reply.

Still experiencing the following problems:

1. Desktop display settings change on reboot from normal 1024x768 to 800x600. The desktop appears as it should, time appears, the task bar icons (left) appear and then the display goes black and resets to 800x600.

I replaced the autoexec.bat and the config.sys with the ones from the repair folder. Thought this might help...no go.

2. Still getting the SEVERE RISK result when I run the Xoftspy spychecker for the Virus.Win32.Delf.ak in the Windows\System32\SVKP file and all of it's registry entries. (see attachment) I've read conflicting opinions about what SVKP really is. What are your thoughts? Are these additional malware entries mixed in with a valid program?

I remove these daily...they reappear the next day - sometimes 3 entries sometimes more.

3. I noticed that the last folder Xoftspy scanned was the C:\Program Files\zipclix folder. Please note the big arrow on the attached picture near top. I caught this during the scan. I've searched and can't locate a file like that. Any ideas?

DAFT LOG

DAFT Log saved on 2007-04-06 20:46:55
-----------------------------------------------------------------------
All associations okay!


HaxFix LOG

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 HAXFIX logfile - by Marckie\par
\par
version 4.39 \par
Fri 04/06/2007 20:48:38.68 \par
\par
--- Checking for Haxdoor ---\par
\par
checking for a3d files\par
a3d files not found\par
\par
checking for matching notify keys\par
no matching notify keys found \par
\par
checking for matching services\par
no matching services found \par
\par
checking for matching safeboot services\par
no matching safeboot services found \par
\par
checking for other Haxdoor-files\par
no other Haxdoor-files found\par
\par
\par
--- Checking for Goldun ---\par
\par
\par
checking for SSODL keys\par
no ssodl keys found\par
\par
checking for notify keys\par
no notify keys found\par
\par
checking for services\par
no services found\par
\par
checking for other Goldun-files\par
no other Goldun-files found\par
\par
checking iexplore.exe\par
iexplore.exe is not infected \par
\par
\par
Finished!\par
}


OTMoveIt LOG

DllUnregisterServer procedure not found in C:\WINDOWS\system32\aamd532.dll
C:\WINDOWS\system32\aamd532.dll NOT unregistered.
C:\WINDOWS\system32\aamd532.dll moved successfully.
C:\WINDOWS\d3dx.dat moved successfully.
File/Folder D:\BackupsMar2007\CopyMYFILESonH\MY FILES\Downloads\SOFTWAREDownlds\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe not found.
File/Folder E:\Documents and Settings\Dana\Desktop\ToOtherPeople\ToWALTmar2007\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe not found.
File/Folder G:\BACKUPSeXTRA\BACKUPMYFILES\MY FILES\Downloads\SOFTWAREDownlds\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe not found.
File/Folder E:\Documents and Settings\Dana\Desktop\ToOtherPeople\ToWALTmar2007\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe not found.
File/Folder G:\BACKUPSeXTRA\BACKUPMYFILES\MY FILES\Downloads\SOFTWAREDownlds\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe not found.
File/Folder H:\MY FILES\Downloads\SOFTWAREDownlds\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe not found.
File/Folder H:\ToOtherPeople\ToWALTmar2007\HTMLWebPageEditors\AceHTMLFree\acehtmlfreeware.exe not found.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology moved successfully.
C:\Program Files\Viewpoint moved successfully.
File/Folder not found.

Created on 04/06/2007 2139


Will send new DSS log in next reply.
Thanks,
Saber
Attached Images
File Type: bmp Xoftspy4082007.bmp (1.00 MB, 2 views)
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-06-2007, 07:52 PM   #5 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Here's the new DSS log.

Deckard's System Scanner v20070328.36
Run by Dana on 2007-04-06 at 21:07:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dana.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:08:00 PM, on 4/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Ahead\InCD\InCD.exe
G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ntvdm.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
H:\MY FILES\Downloads\SOFTWAREDownlds\SpywareSW\HiJackThisVer1991\DeckardSystemScannerInclHiJack\dss.exe
H:\MYFILE~1\DOWNLO~1\SOFTWA~1\SPYWAR~1\HIJACK~1\Dana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - g:\Program FilesDM\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - g:\Program FilesDM\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Zone Labs Client] g:\Program FilesDM\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QOELOADER] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RtWLan] g:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe /H
O4 - HKLM\..\Run: [WinPatrol] G:\Program FilesDM\BillP Studios\WinPatrol\winpatrol.exe
O4 - Startup: SpywareGuard.lnk = G:\Program FilesDM\SpywareGuard\sgmain.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174356460203
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\FIXPGMSDOWNLOADED\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe


-- Files created between 2007-03-06 and 2007-04-06 -----------------------------

2007-04-06 20:48:30 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-06 20:48:30 90112 --a------ C:\WINDOWS\system32\RegDACL.exe
2007-04-06 20:48:30 4096 --a------ C:\WINDOWS\system32\reboot.exe
2007-04-06 20:48:30 53248 --a------ C:\WINDOWS\system32\process.exe
2007-04-06 20:48:30 38400 --a------ C:\WINDOWS\system32\moveex.exe
2007-04-06 20:48:30 8234 --a------ C:\clean.bat
2007-04-05 10:03:43 0 d-------- C:\WINDOWS\LastGood
2007-04-05 08:42:23 0 d-------- C:\WINDOWS\pss
2007-04-03 23:59:05 0 d-------- C:\Documents and Settings\Dana\Application Data\acccore
2007-04-03 0001 0 d-------- C:\Documents and Settings\Dana\Application Data\WinPatrol<WINPAT~1>
2007-04-01 21:31:46 5632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-04-01 21:31:45 159232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-03-29 21:24:42 0 d-------- C:\Program Files\MetaStream<METAST~1>
2007-03-29 19:25:27 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-28 16:30:35 0 d-------- C:\Documents and Settings\Dana\Application Data\Leadertech<LEADER~1>
2007-03-25 10:59:50 0 d-------- C:\Documents and Settings\Dana\Application Data\ArcSoft
2007-03-24 18:48:15 3436 --a------ C:\WINDOWS\system32\xrIvoQMb.dll
2007-03-24 18:47:37 423424 --a------ C:\WINDOWS\system32\ocuninst.exe
2007-03-24 18:08:33 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-03-24 16:38:45 0 d-------- C:\Documents and Settings\Dana\Application Data\Printer Info Cache<PRINTE~1>
2007-03-24 16:38:44 0 d-------- C:\Documents and Settings\Dana\Application Data\Image Zone Express<IMAGEZ~1>
2007-03-24 01:36:36 0 d-------- C:\I386
2007-03-22 22:30:13 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1>
2007-03-22 22:29:52 0 d-------- C:\Program Files\NCBuy
2007-03-22 20:02:58 108160 --a------ C:\WINDOWS\system32\drivers\wg111v2.sys
2007-03-22 20:02:58 13532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys
2007-03-22 20:02:57 196608 --a------ C:\WINDOWS\system32\RtlLib.dll
2007-03-22 20:02:57 155648 --a------ C:\WINDOWS\system32\IpLib.dll
2007-03-22 20:02:57 126976 --a------ C:\WINDOWS\system32\EnumDevLib.dll<ENUMDE~1.DLL>
2007-03-22 20:02:57 59136 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2007-03-21 14:20:43 0 d-------- C:\Documents and Settings\Dana\Application Data\CyberLink<CYBERL~1>
2007-03-21 14:09:31 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2007-03-21 14:09:31 102160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2007-03-21 14:09:31 16384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2007-03-21 14:09:30 0 d-------- C:\Program Files\lg_fwupdate<LG_FWU~1>
2007-03-21 1407 0 d-------- C:\Program Files\Common Files\LightScribe<LIGHTS~1>
2007-03-21 14:04:22 28672 -----n--- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-03-21 14:02:52 0 d-------- C:\Program Files\CyberLink<CYBERL~2>
2007-03-21 14:01:59 40960 --a------ C:\Program Files\Uninstall_CDS.exe<UNINST~1.EXE>
2007-03-21 14:01:58 0 d-------- C:\Program Files\CyberLink DVD Solution<CYBERL~1>
2007-03-21 13:43:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SBT
2007-03-21 13:43:28 0 d-------- C:\Program Files\Snapshot Viewer<SNAPSH~1>
2007-03-21 13:39:42 0 d-------- C:\WINDOWS\ShellNew
2007-03-21 13:38:47 0 d-------- C:\Documents and Settings\Dana\Application Data\Microsoft Web Folders<MICROS~2>
2007-03-21 11:21:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-21 06:28:56 0 d-------- C:\WINDOWS\CAVTemp
2007-03-20 20:52:58 335872 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2007-03-20 20:52:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Retrospect<RETROS~1>
2007-03-20 20:52:45 0 d-------- C:\Program Files\Dantz
2007-03-20 20:37:21 0 d-------- C:\WINDOWS\MVUNINST
2007-03-20 19:26:13 180224 --a------ C:\WINDOWS\system32\SanDisk Screen Saver.scr<SANDIS~1.SCR>
2007-03-20 18:49:54 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-03-20 18:49:54 26787 --a------ C:\WINDOWS\system32\drivers\VetMonNT.sys
2007-03-20 18:49:54 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-03-20 18:49:54 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-03-20 18:49:54 629264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-03-20 18:49:54 108592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-03-20 18:49:53 115824 --a------ C:\WINDOWS\UnVet32.exe
2007-03-20 18:49:53 243824 --a------ C:\WINDOWS\unicows.dll
2007-03-20 18:49:53 74864 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-03-20 18:49:53 74864 --a------ C:\WINDOWS\system32\iSafProd.dll
2007-03-20 18:49:53 95344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2007-03-20 18:49:53 111728 --a------ C:\WINDOWS\AVShlExt.dll
2007-03-20 18:49:49 49152 --a------ C:\WINDOWS\unezas.exe
2007-03-20 18:49:37 672832 --a------ C:\WINDOWS\system32\ppctl.dll
2007-03-20 18:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-03-20 18:49:34 0 d-------- C:\Program Files\Common Files\Scanner
2007-03-20 18:13:49 0 d-------- C:\Documents and Settings\Dana\Application Data\Lavasoft
2007-03-20 17:42:22 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-20 17:42:18 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-20 17:41:21 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-20 17:29:39 0 d-------- C:\Documents and Settings\Dana\Application Data\HP
2007-03-20 17:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-03-20 17:27:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-03-20 17:27:43 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-03-20 17:26:15 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-03-20 17:25:50 0 d-------- C:\Program Files\Common Files\HP
2007-03-20 17:24:42 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-20 17:24:28 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-03-20 17:23:52 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-03-20 17:23:49 49664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-03-20 17:23:27 77824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-03-20 17:23:26 38400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-03-20 17:23:08 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-20 17:16:05 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-03-20 17:16:05 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-03-20 17:16:05 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-03-20 17:16:05 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-03-20 17:16:05 65536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-03-20 17:16:05 282680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-03-20 17:15:35 0 d-------- C:\Program Files\HP
2007-03-20 17:15:03 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-20 17:15:02 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-20 17:14:04 117100 --a------ C:\WINDOWS\hpoins11.dat
2007-03-20 16:59:38 99965 --a------ C:\WINDOWS\UninstallFirefox.exe<UNINST~1.EXE>
2007-03-20 16:59:29 2654 --a------ C:\WINDOWS\mozver.dat
2007-03-20 16:45:22 0 d-------- C:\Program Files\WZCBDL Service<WZCBDL~1>
2007-03-20 16:45:05 0 d-------- C:\Program Files\NIOC Service<NIOCSE~1>
2007-03-20 16:22:12 155648 --a------ C:\WINDOWS\system32\ifc21.dll
2007-03-20 16:22:12 94208 --a------ C:\WINDOWS\system32\FEELIT.DLL
2007-03-20 16:22:11 29184 --a------ C:\WINDOWS\system32\LOGILANG.DLL
2007-03-20 16:22:11 17408 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2007-03-20 16:22:11 3792 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2007-03-20 16:22:11 109056 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2007-03-20 16:22:11 164352 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2007-03-20 16:22:11 0 d-------- C:\Program Files\Common Files\Logitech
2007-03-20 16:22:09 140800 -----n--- C:\WINDOWS\system32\lmoufrc.dll
2007-03-20 16:22:09 19182 --a------ C:\WINDOWS\system32\LCoInst.dll
2007-03-20 16:22:09 67440 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.sys
2007-03-20 16:22:09 5840 --a------ C:\WINDOWS\system32\drivers\LKbdFlt2.sys
2007-03-20 16:22:09 37822 --a------ C:\WINDOWS\system32\drivers\LHidUsb.Sys
2007-03-20 16:22:09 22064 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.sys
2007-03-20 16:22:09 12413 -----n--- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-03-20 16:22:09 50432 -----n--- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2007-03-20 15:24:05 0 d-------- C:\Documents and Settings\Dana\Application Data\Jasc
2007-03-20 14:35:27 79360 --a------ C:\WINDOWS\system32\sam_nv4_disp.dll<SAM_NV~1.DLL>
2007-03-20 14:35:27 32 --a------ C:\WINDOWS\system32\driver.dat
2007-03-20 14:35:25 9728 -ra------ C:\WINDOWS\system32\drivers\magicpvt.sys
2007-03-20 14:35:24 61440 --a------ C:\WINDOWS\system32\mpvthook.dll
2007-03-20 14:35:24 79360 --a------ C:\WINDOWS\system32\magicpvt.dll
2007-03-20 14:35:24 16 --a------ C:\WINDOWS\system32\magicpvt.dat
2007-03-20 14:35:24 0 d-------- C:\Program Files\MagicRotation<MAGICR~1>
2007-03-20 14:34:49 40960 --a------ C:\WINDOWS\system32\nvgpio.dll
2007-03-20 14:34:49 36864 --a------ C:\WINDOWS\system32\nvapi9x.dll
2007-03-20 14:34:49 13396 --a------ C:\WINDOWS\system32\drivers\MTiCtwl.sys
2007-03-20 14:34:37 0 d-------- C:\Program Files\SEC
2007-03-20 14:13:56 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-03-20 14:13:44 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-20 11:05:05 0 d-------- C:\Documents and Settings\Dana\Application Data\AOL
2007-03-20 11:04:55 0 d-------- C:\Program Files\Common Files\aolback
2007-03-20 11:04:18 173184 --a------ C:\WINDOWS\system32\ygpss.scr
2007-03-20 11:04:18 0 d-------- C:\Documents and Settings\Dana\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-03-20 11:04:17 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-03-20 11:04:00 86016 --a------ C:\WINDOWS\unvise32qt.exe<UNVISE~1.EXE>
2007-03-20 11:03:55 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-03-20 11:03:55 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-20 11:03:55 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime<QUICKT~1>
2007-03-20 11:03:50 0 d-------- C:\My Music<MYMUSI~1>
2007-03-20 11:03:49 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-03-20 11:03:46 0 d-------- C:\Program Files\Real
2007-03-20 11:03:45 0 d-------- C:\Program Files\Common Files\Real
2007-03-20 11:03:37 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll<SIMPLE~1.DLL>
2007-03-20 11:03:37 118784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
2007-03-20 11:03:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks<PURENE~1>
2007-03-20 11:03:29 0 d-------- C:\Program Files\Pure Networks<PURENE~1>
2007-03-20 11:03:25 0 d-------- C:\Program Files\AOL Toolbar<AOLTOO~1>
2007-03-20 11:03:22 0 d-------- C:\Program Files\AOL Deskbar<AOLDES~1>
2007-03-20 11:03:13 0 d-------- C:\Program Files\Common Files\AolCoach
2007-03-20 11:02:53 0 d-------- C:\Program Files\Common Files\aolshare
2007-03-20 11:02:53 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-03-20 11:01:45 0 d-------- C:\Program Files\Common Files\AOL
2007-03-20 11:01:44 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 11:01:43 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>
2007-03-20 10:51:34 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-20 10:50:43 0 d-------- C:\WINDOWS\system32\LogFiles
2007-03-20 10:50:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-20 10:47:02 36352 -----n--- C:\WINDOWS\system32\tsgqec.dll
2007-03-20 10:47:02 288768 -----n--- C:\WINDOWS\system32\rhttpaa.dll
2007-03-20 10:47:02 116736 -----n--- C:\WINDOWS\system32\aaclient.dll
2007-03-20 10:44:14 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-03-20 10:27:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-20 10:17:38 0 d-------- C:\Program Files\Microsoft Digital Image 2006<MICROS~2>
2007-03-19 22:10:10 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-19 22:10:10 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-03-19 22:10:09 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-19 22:08:22 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-03-19 22:08:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-03-19 22:07:37 0 d---s---- C:\Documents and Settings\Dana\UserData
2007-03-19 21:45:34 127488 -----n--- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-19 21:45:34 5888 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-19 21:45:16 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-03-19 21:45:15 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-19 21:45:15 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-03-19 21:45:15 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-19 21:45:15 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-03-19 21:44:30 2973696 -----n--- C:\WINDOWS\NuNinst.exe
2007-03-19 21:44:28 8704 -----n--- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-03-19 21:44:28 29696 -----n--- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-03-19 21:44:28 99584 -----n--- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-03-19 21:44:28 0 d-------- C:\WINDOWS\InCD
2007-03-19 21:43:15 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-19 21:43:12 38912 --a------ C:\WINDOWS\system32\picn20.dll
2007-03-19 21:43:12 544768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-03-19 21:43:12 569344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-03-19 21:43:11 283920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-03-19 21:43:10 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-03-19 21:43:10 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-19 21:43:06 0 d-------- C:\Program Files\Ahead
2007-03-19 21:23:39 0 d-------- C:\Documents and Settings\Dana\Application Data\ACD Systems<ACDSYS~1>
2007-03-19 21:22:54 0 d-------- C:\Program Files\Common Files\ACD Systems<ACDSYS~1>
2007-03-19 21:22:54 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems<ACDSYS~1>
2007-03-19 21:21:03 0 d-------- C:\Program Files\ACD Systems<ACDSYS~1>
2007-03-19 21:19:22 0 d-------- C:\Program Files\PrintKey2000<PRINTK~1>
2007-03-19 21:16:19 0 d-------- C:\Program Files\Registry Medic<REGIST~1>
2007-03-19 20:44:39 0 d-------- C:\Program Files\StartCop
2007-03-19 20:42:46 0 d-------- C:\Documents and Settings\Dana\Application Data\Adobe
2007-03-19 20:42:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-03-19 10:10:26 41984 -----n--- C:\WINDOWS\Ctregrun.exe
2007-03-19 10:09:45 183 --a------ C:\WINDOWS\setuplog
2007-03-19 10:09:02 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-03-19 10:09:02 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-03-19 10:07:37 90112 -----n--- C:\WINDOWS\Updreg.EXE
2007-03-19 10:07:37 0 d-------- C:\WINDOWS\system32\Defaults
2007-03-19 10:07:23 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-03-19 10:07:23 81920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-03-19 1049 0 d-------- C:\WINDOWS\system32\Data
2007-03-19 1049 10240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-03-19 1048 11776 --a------ C:\WINDOWS\INRES.DLL
2007-03-19 1019 0 d-------- C:\Documents and Settings\Dana\Application Data\Creative
2007-03-19 10:05:05 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-03-19 10:04:56 0 d-------- C:\Program Files\Creative
2007-03-19 10:02:01 0 d--hs---- C:\RECYCLER
2007-03-19 03:35:11 0 d-------- C:\Program Files\Jasc Software Inc<JASCSO~1>
2007-03-19 03:32:28 0 d-------- C:\Program Files\VCW VicMan's Photo Editor<VCWVIC~1>
2007-03-19 03:20:12 0 d-------- C:\temp
2007-03-19 03:19:12 0 d-------- C:\PSFONTS
2007-03-19 03:19:11 4064 --a------ C:\WINDOWS\system32\drivers\ATMHELPR.SYS
2007-03-19 03:19:11 212352 --a------ C:\WINDOWS\system32\ATMDRVR.DLL
2007-03-19 03:19:11 0 d-------- C:\Program Files\Adobe Type Manager<ADOBET~1>
2007-03-19 03:18:14 0 d-------- C:\WINDOWS\system32\Color
2007-03-19 03:18:14 0 d-------- C:\KPCMS
2007-03-19 03:18:13 249856 --a------ C:\WINDOWS\system32\Snap32n.dll
2007-03-19 03:18:13 210944 --a------ C:\WINDOWS\system32\msvcrt10.dll
2007-03-19 03:18:13 20976 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-03-19 03:18:13 133120 --a------ C:\WINDOWS\Sprof32.dll
2007-03-19 03:18:13 212480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-03-19 03:18:13 37376 --a------ C:\WINDOWS\KPSYS32.DLL
2007-03-19 03:18:13 196608 --a------ C:\WINDOWS\KPCP32.DLL
2007-03-19 03:18:13 132096 --a------ C:\WINDOWS\KPAPI32.DLL
2007-03-19 03:18:13 27136 --a------ C:\WINDOWS\CTL3D32.DLL
2007-03-19 03:18:12 4080 --a------ C:\WINDOWS\system32\WINSIZE.DLL
2007-03-19 03:18:12 415744 --a------ C:\WINDOWS\system32\EZIMG25.DLL
2007-03-19 03:18:12 27136 --a------ C:\WINDOWS\system32\CPPENV25.DLL
2007-03-19 03:18:11 54784 --a------ C:\WINDOWS\EasyPhoto Slide Show.scr<EASYPH~1.SCR>
2007-03-19 03:18:02 0 d-------- C:\Program Files\PhotoDeluxe BE 1.1<PHOTOD~1.1>
2007-03-19 03:17:25 299520 --a------ C:\WINDOWS\uninst.exe
2007-03-19 03:17:23 0 d-------- C:\Documents and Settings\Dana\WINDOWS
2007-03-19 03:09:43 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles<NVIEW_~1>
2007-03-19 03:07:58 180224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-19 03:07:58 0 d-------- C:\WINDOWS\nview
2007-03-19 03:07:36 180224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-19 03:03:14 42368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-03-19 03:03:07 4274816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-03-19 03:03:07 1897408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-03-18 22:32:46 0 d-------- C:\WINDOWS\system32\appmgmt
2007-03-18 07:04:25 0 d-------- C:\Program Files\Saints & Sinners Bowling<SAINTS~1>
2007-03-18 07:04:11 0 d-------- C:\Program Files\ReflexiveArcade<REFLEX~1>
2007-03-18 03:46:29 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-18 03:46:27 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-18 03:42:38 80512 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-03-18 03:42:25 0 d-------- C:\WINDOWS\OPTIONS
2007-03-18 03:42:25 0 d-------- C:\Program Files\Realtek
2007-03-18 03:39:20 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-03-18 03:39:16 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-18 03:39:09 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-18 03:39:07 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-18 03:39:00 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-18 03:38:58 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-18 03:38:57 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-18 03:38:56 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-18 03:38:54 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-18 03:38:52 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-18 03:38:51 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-18 03:38:49 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-18 03:38:41 135168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-03-18 03:38:40 10518528 -r------- C:\WINDOWS\system32\RTLCPL.exe
2007-03-18 03:38:31 3959360 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-03-18 03:38:31 577536 -r------- C:\WINDOWS\soundman.exe
2007-03-18 03:38:29 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-18 03:38:29 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-18 03:38:28 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-18 03:38:09 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-03-18 03:37:55 307200 -r------- C:\WINDOWS\alcupd.exe
2007-03-18 03:37:55 217088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-03-18 03:37:53 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-18 03:37:43 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-18 03:37:13 135168 -ra------ C:\WINDOWS\system32\igfxres.dll
2007-03-18 03:36:18 61440 -ra------ C:\WINDOWS\system32\iAlmCoIn_v4396.dll<IALMCO~1.DLL>
2007-03-18 03:36:17 524288 -ra------ C:\WINDOWS\system32\igldev32.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuTRK.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuTHA.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuSVE.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuRUS.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuPTG.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuPTB.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuPLK.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuNOR.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuNLD.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuKOR.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuJPN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuITA.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuHUN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuHEB.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuFRC.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuFRA.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuFIN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuESP.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuENG.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuELL.dll
2007-03-18 03:36:17 114688 -ra------ C:\WINDOWS\system32\ialmudlg.exe
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuDEU.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuDAN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuCSY.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuCHT.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuCHS.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuARB.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuARA.dll
2007-03-18 03:36:16 2310144 -ra------ C:\WINDOWS\system32\iglicd32.dll
2007-03-18 03:36:16 94208 -ra------ C:\WINDOWS\system32\igfxext.exe
2007-03-18 03:36:16 40960 -ra------ C:\WINDOWS\system32\igfxexps.dll
2007-03-18 03:36:16 49152 -ra------ C:\WINDOWS\system32\ialmrem.dll
2007-03-18 03:36:14 114688 -ra------ C:\WINDOWS\system32\igfxzoom.exe
2007-03-18 03:36:14 94208 -ra------ C:\WINDOWS\system32\igfxtray.exe
2007-03-18 03:36:14 1503232 -ra------ C:\WINDOWS\system32\igfxress.dll
2007-03-18 03:36:14 114688 -ra------ C:\WINDOWS\system32\igfxpers.exe
2007-03-18 03:36:14 77824 -ra------ C:\WINDOWS\system32\hkcmd.exe
2007-03-18 03:36:13 159744 -ra------ C:\WINDOWS\system32\igfxsrvc.exe
2007-03-18 03:36:13 57344 -ra------ C:\WINDOWS\system32\igfxsrvc.dll
2007-03-18 03:36:13 147456 -ra------ C:\WINDOWS\system32\igfxpph.dll
2007-03-18 03:36:13 86016 -ra------ C:\WINDOWS\system32\igfxdo.dll
2007-03-18 03:36:13 135168 -ra------ C:\WINDOWS\system32\igfxdev.dll
2007-03-18 03:36:13 446464 -ra------ C:\WINDOWS\system32\igfxcfg.exe
2007-03-18 03:36:13 73728 -ra------ C:\WINDOWS\system32\hccutils.dll
2007-03-18 03:36:12 36990 -ra------ C:\WINDOWS\system32\ialmrnt5.dll
2007-03-18 03:36:12 118395 -ra------ C:\WINDOWS\system32\ialmdnt5.dll
2007-03-18 03:36:12 213274 -ra------ C:\WINDOWS\system32\ialmdev5.dll
2007-03-18 03:36:12 900218 -ra------ C:\WINDOWS\system32\ialmdd5.dll
2007-03-18 03:36:12 1302332 -ra------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2007-03-18 03:32:59 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-18 03:32:57 0 d-------- C:\Program Files\Intel
2007-03-18 03:30:20 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-03-18 03:29:59 0 d-------- C:\TempEI4
2007-03-18 03:26:34 3407872 --ah----- C:\Documents and Settings\Dana\NTUSER.DAT
2007-03-18 03:25:25 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-18 03:25:13 0 d-------- C:\WINDOWS\Prefetch
2007-03-18 03:25:11 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-03-18 03:21:30 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-03-18 03:17:43 0 d-------- C:\WINDOWS\system32\xircom
2007-03-18 03:17:43 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-18 03:17:29 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-03-18 03:17:19 0 -rahs---- C:\MSDOS.SYS
2007-03-18 03:17:19 0 -rahs---- C:\IO.SYS
2007-03-18 03:17:19 118 --a------ C:\CONFIG.SYS
2007-03-18 03:17:19 148 --a------ C:\AUTOEXEC.BAT
2007-03-18 03:16:59 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-18 03:15:39 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-03-18 03:15:25 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-18 03:15:25 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-18 03:15:12 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-03-18 03:14:48 0 d-------- C:\WINDOWS\system32\DirectX
2007-03-18 03:14:33 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-18 03:14:26 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-18 03:14:26 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-18 03:14:23 0 d---s---- C:\WINDOWS\Tasks
2007-03-18 03:14:23 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-18 03:14:22 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-18 03:14:20 0 d-------- C:\WINDOWS\srchasst
2007-03-18 03:14:19 0 d-------- C:\WINDOWS\system32\Macromed
2007-03-18 03:14:17 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-18 03:14:17 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-18 03:14:17 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-18 03:14:17 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-18 03:14:17 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-18 03:14:16 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-18 03:14:16 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-18 03:14:16 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-18 03:14:16 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-18 03:14:16 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-18 03:14:16 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-18 03:14:16 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-18 03:14:16 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-18 03:14:13 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-18 03:14:10 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-18 03:14:10 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-18 03:14:10 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-18 03:14:10 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-18 03:14:08 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-18 03:14:07 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-18 03:14:07 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-18 03:14:07 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-18 03:14:07 0 d-------- C:\WINDOWS\system32\Restore
2007-03-18 03:14:07 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-18 03:14:07 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-18 03:14:07 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-18 03:14:06 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-18 03:14:06 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-18 03:14:06 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-18 03:14:06 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-18 03:14:06 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-18 03:14:06 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-18 03:14:04 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-18 03:14:04 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-18 03:14:03 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-18 03:14:03 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-18 03:14:02 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-18 03:14:02 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-18 03:14:02 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-18 03:14:01 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-18 03:14:01 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-18 03:14:01 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-18 03:14:01 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-18 03:13:24 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-18 03:13:09 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-03-18 03:13:01 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-03-18 03:12:52 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-18 03:12:49 5632 --a------ C:\WINDOWS\system32\write.exe
2007-03-18 03:12:49 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-18 03:12:42 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-18 03:12:42 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-18 03:12:42 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-18 03:12:42 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-18 03:12:42 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-18 03:12:42 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-18 03:12:37 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-18 03:12:36 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-18 03:12:36 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-18 03:12:36 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-18 03:12:36 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-18 03:12:36 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-18 03:12:35 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-18 03:12:35 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-18 03:12:35 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-18 03:12:35 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-18 03:12:35 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-18 03:12:35 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-18 03:12:35 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-18 03:12:35 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-18 03:12:35 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-18 03:12:35 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-18 03:12:35 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-18 03:12:35 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-18 03:12:35 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-18 03:12:34 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-18 03:12:34 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-18 03:12:34 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-18 03:12:34 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-18 03:12:33 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-18 03:12:33 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-18 03:12:33 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-18 03:12:33 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-18 03:12:33 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-18 03:12:33 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-18 03:12:33 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-18 03:12:20 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-18 03:12:20 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-18 03:12:20 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-18 03:12:19 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-18 03:12:19 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-18 03:12:19 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-18 03:12:19 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-18 03:12:19 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-18 03:12:19 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-18 03:12:19 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-18 03:12:19 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-18 03:12:18 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-18 03:12:18 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-18 03:12:18 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-18 03:12:18 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-18 03:12:18 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-18 03:12:18 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-18 03:12:18 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-18 03:12:18 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-18 03:12:18 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-18 03:12:18 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-18 03:12:17 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-18 03:12:17 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-18 03:12:17 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-18 03:12:17 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-18 03:12:17 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-18 03:12:17 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-18 03:12:17 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-18 03:12:17 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-18 03:12:17 0 d-------- C:\WINDOWS\system32\MsDtc
2007-03-18 03:12:17 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-18 03:12:17 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-18 03:12:16 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-18 03:12:16 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-18 03:12:16 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-18 03:12:16 0 d-------- C:\WINDOWS\system32\Com
2007-03-18 03:12:16 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-18 03:12:15 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-18 03:12:15 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-18 03:12:15 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-18 03:12:15 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-18 03:12:15 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-18 03:12:15 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-18 03:12:15 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-18 03:12:10 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-18 03:12:10 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-18 03:12:10 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-18 03:12:09 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-18 03:12:09 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-18 03:12:08 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-17 22:05:15 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-17 22:04:46 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-17 22:04:12 20992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-03-17 22:04:03 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-03-17 22:03:57 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-17 22:02:41 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-03-17 22:02:40 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-17 22:02:37 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-17 22:02:36 0 dr------- C:\Program Files<PROGRA~1>
2007-03-17 22:02:34 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-17 22:02:34 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-17 22:02:34 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-17 22:02:32 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-17 22:02:32 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-17 22:02:30 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-17 22:02:30 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-17 22:02:30 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-17 22:02:30 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-17 22:02:30 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-17 22:02:30 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-17 22:02:30 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-17 22:02:29 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-17 22:02:29 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-17 22:02:29 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-17 22:02:29 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-17 22:02:29 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-17 22:02:28 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-17 22:02:28 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-17 22:02:28 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-17 22:02:28 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-17 22:02:27 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-17 22:02:25 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-17 22:02:25 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-17 22:02:25 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-17 22:02:24 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-17 22:02:24 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-17 22:02:24 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-17 22:02:24 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-17 22:02:24 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-17 22:02:24 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-17 22:02:24 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-17 22:02:24 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-17 22:02:23 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-17 22:02:23 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-17 22:02:23 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-17 22:02:23 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-17 22:02:23 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-17 22:02:23 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-17 22:02:22 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-17 22:02:22 68768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-17 22:02:22 69120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-17 22:02:21 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-17 22:02:13 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-03-17 22:01:59 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-03-17 22:01:59 0 d-------- C:\WINDOWS\system32\CatRoot
2007-03-17 22:01:35 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-03-17 22:01:34 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\WinSxS
2007-03-17 21:55:19 0 dr------- C:\WINDOWS\Web
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\twain_32
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\wins
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\wbem
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\usmt
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\spool
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\ShellExt
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\Setup
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\ras
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\oobe
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\npp
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\mui
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\inetsrv
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\IME
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\icsxml
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\ias
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\export
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\drivers
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-17 21:55:19 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\dhcp
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\config
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\3076
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\2052
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1054
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1042
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1041
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1037
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1033
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1031
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1028
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1025
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\security
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\repair
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\PeerNet
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\pchealth
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\mui
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\msapps
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\msagent
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Media
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\java
2007-03-17 21:55:19 0 d--h----- C:\WINDOWS\inf
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\ime
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Help
2007-03-17 21:55:19 0 dr--s---- C:\WINDOWS\Fonts
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\ehome
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Debug
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Cursors
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Config
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\AppPatch
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-04-06 20:21:51 0 d---s---- C:\Documents and Settings\Dana\Application Data\Microsoft<MICROS~1>
2007-03-20 18:33:50 0 d-------- C:\Documents and Settings\Dana\Application Data\Macromedia<MACROM~1>
2007-03-20 16:59:41 0 d-------- C:\Documents and Settings\Dana\Application Data\Mozilla
2007-03-18 03:26:46 0 d-------- C:\Documents and Settings\Dana\Application Data\Identities<IDENTI~1>
2007-03-17 22:02:13 62 --ahs---- C:\Documents and Settings\Dana\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PowerBar"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"Zone Labs Client"="g:\\Program FilesDM\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"QOELOADER"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust Anti-Spam\\QSP-2.1.215.5\\QOELoader.exe\""
"CaAvTray"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"RtWLan"="g:\\Program FilesDM\\NETGEAR\\WG111v2 Configuration Utility\\RtWLan.exe /H"
"WinPatrol"="G:\\Program FilesDM\\BillP Studios\\WinPatrol\\winpatrol.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"AOL Fast Start"="\"G:\\America Online 9.0\\AOL.EXE\" -b"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1174402975\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"EM_EXEC"="G:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"MagicRotation"="C:\\Program Files\\MagicRotation\\MagicPvt.exe"
"HP Software Update"="G:\\Program FilesDM\\HP\\HP Software Update\\HPWuSchd2.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"WD Button Manager"="WDBtnMgr.exe"
"!ewido"="\"D:\\FIXPGMSDOWNLOADED\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\""
"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"D-Link Air USB Utility"="G:\\Program FilesDM\\D-Link\\Air USB Utility\\AirCFG.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-06 at 21:08:24 ---------

Thanks again in advance,
Saber
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-06-2007, 07:56 PM   #6 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Just noticed a big gray box part way down the DSS log after it was posted....should this be there?

Let me know if you need me to repost the DSS log.

Saber
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 03:55 AM   #7 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hi Sabe0981,

No worries about that grey box. Nothing to worry about.

We’ll do some other scans to see if what XoftSpy is catching is really malware, or just false positives.

Let’s do this first.

Please download OTMoveIt by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\xrIvoQMb.dll
    C:\WINDOWS\unvise32qt.exe

  • Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
  • Click the red MoveIt! button.
  • Copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply.
  • Close OTMoveIt.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see.


NEXT:

Please download and save F-Secure BlackLight to your desktop.
  • Double-click blbeta.exe then accept the agreement.
  • Click Scan -> Next.
  • After the scan you'll see a list of all items found. Please click Next and then Exit. Do NOT choose rename for any items yet! I need to see the log first, because legitimate items can also be present there...
  • A log will be created on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx are numbers)
  • Please post the contents of the log in your next reply.


NEXT:

Please download GMER and save it to your desktop:
  • Unzip (extract) it to your desktop.
  • Disconnect from Internet and close all running programs.
  • There is a small chance this application may crash your computer so save any work you have open.
  • Double-click gmer.exe to run it.
  • Let the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan... click NO.
  • Click the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Then click the Scan button. Wait for the scan to finish.
  • Once done, click the Copy button.
  • This will copy the results to the clipboard. Open Notepad and press CTRL + V to paste the log, and save it to your desktop. Paste the results in your next reply.

If you're having problems with running gmer.exe, try it in Safe Mode.
This tool works in Safe Mode… other rootkit revealers don't.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:

Please download System Repair Engineer by Smallfrogs and save it to your desktop:
  • Right-click sreng2.zip, select Extract All, and extract it to its own folder.
  • Double-click SREng.exe to run it.





  • Select Smart Scan and check (tick) Verify the digital signatures of process modules.
  • Click on the Scan button.
  • When the scan is complete, click on the Save Reports button and save the log to your desktop.
  • Please attach the log in your next reply. Don’t post it.

Note: You would have to rename SREngLog.log to SREngLog.txt before attaching it. If you cannot attach the log, then please copy and paste its contents into your next reply.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The results report from OTMoveIt.
  2. The log from the BlackLight scan.
  3. The log from the GMER scan.
  4. The log from the ComboFix scan.
  5. The log from the SREng scan.
  6. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 08:30 PM   #8 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hello Sempurna,

Here's the results for the following scans

This Reply

OTMoveIt.txt
ComboFix.txt
System Repair Engineer attached to this reply
F Secure Backlight - results attached to this reply.

The FSecure Backlight scan found no problems
Attached a snapshot of the screen.
Note: Couldn't find the blbeta.exe on their website.
Downloaded and ran the beta version of fsbl.exe - hope this is what you wanted.


2nd Reply
GMER.txt

3rd Reply
HiJack This




One other note - I recently upgraded my processor. Drive letters switched today after installing Roxio Easy CD Creator . I have 3 partitions on my slave drive (was the Master drive from old PC) - the old XP installation was represented as Drive letter E - first partition on the slave drive.

Today, after installing Roxio Easy CD Creator - the old install of XP is now represented as Drive D.

Don't know if this means anything to you...but thought I should mention it.
Once everything is cleaned up and transferred - I will format the drive that the old installation is on.

OTMoveIt log

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 File/Folder C:\\WINDOWS\\system32\\xrIvoQMb.dll not found.\par
File/Folder C:\\WINDOWS\\unvise32qt.exe not found.\par
\par
Created on 04/07/2007 21:11:10\par
}


ComboFix txt

"Dana" - 07-04-07 21:31:28 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Dana\Desktop\HiJackThisTechForumStuff\Programs Ran per Tech Site\2ndGroupPgms"


((((((((((((((((((((((((((((((( Files Created from 2007-03-07 to 2007-04-07 ))))))))))))))))))))))))))))))))))


2007-04-07 09:52 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\Roxio
2007-04-07 09:51 <DIR> d-------- C:\Program Files\Roxio
2007-04-07 09:51 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-04-06 20:48 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2007-04-06 20:48 8,234 --a------ C:\clean.bat
2007-04-06 20:48 53,248 --a------ C:\WINDOWS\system32\process.exe
2007-04-06 20:48 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-06 20:48 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2007-04-06 20:48 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2007-04-05 08:42 <DIR> d-------- C:\WINDOWS\pss
2007-04-03 23:59 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\acccore
2007-04-03 00:06 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\WinPatrol
2007-04-01 21:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-04-01 21:31 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-03-30 23:42 <DIR> d-------- C:\Deckard
2007-03-29 21:24 <DIR> d-------- C:\Program Files\MetaStream
2007-03-29 19:25 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-03-28 16:30 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\Leadertech
2007-03-25 10:59 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\ArcSoft
2007-03-24 18:47 423,424 --a------ C:\WINDOWS\system32\ocuninst.exe
2007-03-24 18:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-24 16:38 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\Printer Info Cache
2007-03-24 16:38 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\Image Zone Express
2007-03-24 01:36 <DIR> d-------- C:\I386
2007-03-22 22:30 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-03-22 22:29 <DIR> d-------- C:\Program Files\NCBuy
2007-03-22 20:02 59,136 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2007-03-22 20:02 196,608 --a------ C:\WINDOWS\system32\RtlLib.dll
2007-03-22 20:02 155,648 --a------ C:\WINDOWS\system32\IpLib.dll
2007-03-22 20:02 13,532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys
2007-03-22 20:02 126,976 --a------ C:\WINDOWS\system32\EnumDevLib.dll
2007-03-22 20:02 108,160 --a------ C:\WINDOWS\system32\drivers\wg111v2.sys
2007-03-21 14:20 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\CyberLink
2007-03-21 14:10 <DIR> d-------- C:\temp\lgfwauto
2007-03-21 14:09 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2007-03-21 14:09 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2007-03-21 14:09 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2007-03-21 14:09 <DIR> d-------- C:\Program Files\lg_fwupdate
2007-03-21 14:06 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-03-21 14:04 28,672 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-03-21 14:02 <DIR> d-------- C:\Program Files\CyberLink
2007-03-21 14:01 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2007-03-21 14:01 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
2007-03-21 13:43 <DIR> d-------- C:\Program Files\Snapshot Viewer
2007-03-21 13:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
2007-03-21 13:39 <DIR> d-------- C:\WINDOWS\ShellNew
2007-03-21 13:38 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\Microsoft Web Folders
2007-03-21 11:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-21 06:28 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-03-20 20:52 335,872 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2007-03-20 20:52 <DIR> d-------- C:\Program Files\Dantz
2007-03-20 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Retrospect
2007-03-20 20:37 <DIR> d-------- C:\WINDOWS\MVUNINST
2007-03-20 19:26 180,224 --a------ C:\WINDOWS\system32\SanDisk Screen Saver.scr
2007-03-20 18:49 95,344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2007-03-20 18:49 74,864 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-03-20 18:49 74,864 --a------ C:\WINDOWS\system32\iSafProd.dll
2007-03-20 18:49 672,832 --a------ C:\WINDOWS\system32\ppctl.dll
2007-03-20 18:49 629,264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-03-20 18:49 49,152 --a------ C:\WINDOWS\unezas.exe
2007-03-20 18:49 26,787 --a------ C:\WINDOWS\system32\drivers\VetMonNT.sys
2007-03-20 18:49 243,824 --a------ C:\WINDOWS\unicows.dll
2007-03-20 18:49 21,031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-03-20 18:49 15,735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-03-20 18:49 15,478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-03-20 18:49 115,824 --a------ C:\WINDOWS\UnVet32.exe
2007-03-20 18:49 111,728 --a------ C:\WINDOWS\AVShlExt.dll
2007-03-20 18:49 108,592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-03-20 18:49 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-03-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-03-20 18:13 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\Lavasoft
2007-03-20 17:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-20 17:42 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-20 17:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-03-20 17:29 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\HP
2007-03-20 17:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-03-20 17:27 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-03-20 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-03-20 17:26 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-03-20 17:25 <DIR> d-------- C:\Program Files\Common Files\HP
2007-03-20 17:24 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-03-20 17:24 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-03-20 17:23 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-03-20 17:23 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-03-20 17:23 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-03-20 17:23 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-03-20 17:23 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-20 17:16 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-03-20 17:16 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-03-20 17:16 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-03-20 17:16 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-03-20 17:16 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-03-20 17:16 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-03-20 17:15 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-20 17:15 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-20 17:15 <DIR> d-------- C:\Program Files\HP
2007-03-20 17:14 117,100 --a------ C:\WINDOWS\hpoins11.dat
2007-03-20 16:59 99,965 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-03-20 16:59 2,654 --a------ C:\WINDOWS\mozver.dat
2007-03-20 16:45 <DIR> d-------- C:\Program Files\WZCBDL Service
2007-03-20 16:45 <DIR> d-------- C:\Program Files\NIOC Service
2007-03-20 16:23 90,112 -r------- C:\WINDOWS\bwUnin-6.1.0.155-8876480L.exe
2007-03-20 16:22 94,208 --a------ C:\WINDOWS\system32\FEELIT.DLL
2007-03-20 16:22 67,440 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.sys
2007-03-20 16:22 50,432 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2007-03-20 16:22 5,840 --a------ C:\WINDOWS\system32\drivers\LKbdFlt2.sys
2007-03-20 16:22 37,822 --a------ C:\WINDOWS\system32\drivers\LHidUsb.Sys
2007-03-20 16:22 3,792 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2007-03-20 16:22 29,184 --a------ C:\WINDOWS\system32\LOGILANG.DLL
2007-03-20 16:22 22,064 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.sys
2007-03-20 16:22 19,182 --a------ C:\WINDOWS\system32\LCoInst.dll
2007-03-20 16:22 17,408 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2007-03-20 16:22 164,352 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2007-03-20 16:22 155,648 --a------ C:\WINDOWS\system32\ifc21.dll
2007-03-20 16:22 140,800 --------- C:\WINDOWS\system32\lmoufrc.dll
2007-03-20 16:22 12,413 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-03-20 16:22 109,056 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2007-03-20 16:22 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-03-20 15:24 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\Jasc
2007-03-20 14:35 9,728 -ra------ C:\WINDOWS\system32\drivers\magicpvt.sys
2007-03-20 14:35 79,360 --a------ C:\WINDOWS\system32\sam_nv4_disp.dll
2007-03-20 14:35 79,360 --a------ C:\WINDOWS\system32\magicpvt.dll
2007-03-20 14:35 61,440 --a------ C:\WINDOWS\system32\mpvthook.dll
2007-03-20 14:35 32 --a------ C:\WINDOWS\system32\driver.dat
2007-03-20 14:35 16 --a------ C:\WINDOWS\system32\magicpvt.dat
2007-03-20 14:35 <DIR> d-------- C:\Program Files\MagicRotation
2007-03-20 14:34 40,960 --a------ C:\WINDOWS\system32\nvgpio.dll
2007-03-20 14:34 36,864 --a------ C:\WINDOWS\system32\nvapi9x.dll
2007-03-20 14:34 13,396 --a------ C:\WINDOWS\system32\drivers\MTiCtwl.sys
2007-03-20 14:34 <DIR> d-------- C:\Program Files\SEC
2007-03-20 14:13 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-20 14:13 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-03-20 11:05 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\AOL
2007-03-20 11:04 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2007-03-20 11:04 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-03-20 11:04 <DIR> d-------- C:\Program Files\Common Files\aolback
2007-03-20 11:04 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\You've Got Pictures Screensaver
2007-03-20 11:03 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-03-20 11:03 118,784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
2007-03-20 11:03 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll
2007-03-20 11:03 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-03-20 11:03 <DIR> d-------- C:\Program Files\Real
2007-03-20 11:03 <DIR> d-------- C:\Program Files\QuickTime
2007-03-20 11:03 <DIR> d-------- C:\Program Files\Pure Networks
2007-03-20 11:03 <DIR> d-------- C:\Program Files\Common Files\Real
2007-03-20 11:03 <DIR> d-------- C:\Program Files\Common Files\AolCoach
2007-03-20 11:03 <DIR> d-------- C:\Program Files\AOL Toolbar
2007-03-20 11:03 <DIR> d-------- C:\Program Files\AOL Deskbar
2007-03-20 11:03 <DIR> d-------- C:\My Music
2007-03-20 11:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-03-20 11:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
2007-03-20 11:02 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-03-20 11:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-03-20 11:01 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 11:01 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-03-20 11:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-03-20 10:51 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-03-20 10:50 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-03-20 10:50 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-20 10:47 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-03-20 10:47 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-03-20 10:47 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-03-20 10:44 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-20 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-20 10:17 <DIR> d-------- C:\Program Files\Microsoft Digital Image 2006
2007-03-19 22:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-19 22:10 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-03-19 22:10 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-03-19 22:08 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-03-19 22:08 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-19 22:07 <DIR> d---s---- C:\DOCUME~1\Dana\UserData
2007-03-19 21:45 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-19 21:45 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-19 21:45 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-19 21:45 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-03-19 21:45 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-03-19 21:45 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-19 21:45 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-03-19 21:44 99,584 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-03-19 21:44 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-03-19 21:44 29,696 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-03-19 21:44 2,973,696 --------- C:\WINDOWS\NuNinst.exe
2007-03-19 21:44 <DIR> d-------- C:\WINDOWS\InCD
2007-03-19 21:43 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-03-19 21:43 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-03-19 21:43 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-03-19 21:43 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-03-19 21:43 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-19 21:43 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-19 21:43 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-03-19 21:43 <DIR> d-------- C:\Program Files\Ahead
2007-03-19 21:23 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\ACD Systems
2007-03-19 21:22 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-03-19 21:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
2007-03-19 21:21 <DIR> d-------- C:\Program Files\ACD Systems
2007-03-19 21:19 <DIR> d-------- C:\Program Files\PrintKey2000
2007-03-19 21:16 <DIR> d-------- C:\Program Files\Registry Medic
2007-03-19 20:44 <DIR> d-------- C:\Program Files\StartCop
2007-03-19 20:42 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\Adobe
2007-03-19 20:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-19 10:10 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-03-19 10:09 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-03-19 10:09 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-03-19 10:07 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-03-19 10:07 81,920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-03-19 10:07 233,472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-03-19 10:07 <DIR> d-------- C:\WINDOWS\system32\Defaults
2007-03-19 10:06 11,776 --a------ C:\WINDOWS\INRES.DLL
2007-03-19 10:06 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-03-19 10:06 <DIR> d-------- C:\WINDOWS\system32\Data
2007-03-19 10:06 <DIR> d-------- C:\DOCUME~1\Dana\APPLIC~1\Creative
2007-03-19 10:05 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-03-19 10:04 <DIR> d-------- C:\Program Files\Creative
2007-03-19 10:02 <DIR> d--hs---- C:\RECYCLER
2007-03-19 03:35 <DIR> d-------- C:\Program Files\Jasc Software Inc
2007-03-19 03:32 <DIR> d-------- C:\Program Files\VCW VicMan's Photo Editor
2007-03-19 03:20 <DIR> d-------- C:\temp\adobe
2007-03-19 03:20 <DIR> d-------- C:\temp
2007-03-19 03:19 4,064 --a------ C:\WINDOWS\system32\drivers\ATMHELPR.SYS
2007-03-19 03:19 212,352 --a------ C:\WINDOWS\system32\ATMDRVR.DLL
2007-03-19 03:19 <DIR> d-------- C:\PSFONTS
2007-03-19 03:19 <DIR> d-------- C:\Program Files\Adobe Type Manager
2007-03-19 03:18 54,784 --a------ C:\WINDOWS\EasyPhoto Slide Show.scr
2007-03-19 03:18 415,744 --a------ C:\WINDOWS\system32\EZIMG25.DLL
2007-03-19 03:18 4,080 --a------ C:\WINDOWS\system32\WINSIZE.DLL
2007-03-19 03:18 37,376 --a------ C:\WINDOWS\KPSYS32.DLL
2007-03-19 03:18 27,136 --a------ C:\WINDOWS\system32\CPPENV25.DLL
2007-03-19 03:18 27,136 --a------ C:\WINDOWS\CTL3D32.DLL
2007-03-19 03:18 249,856 --a------ C:\WINDOWS\system32\Snap32n.dll
2007-03-19 03:18 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-03-19 03:18 210,944 --a------ C:\WINDOWS\system32\msvcrt10.dll
2007-03-19 03:18 20,976 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-03-19 03:18 196,608 --a------ C:\WINDOWS\KPCP32.DLL
2007-03-19 03:18 133,120 --a------ C:\WINDOWS\Sprof32.dll
2007-03-19 03:18 132,096 --a------ C:\WINDOWS\KPAPI32.DLL
2007-03-19 03:18 <DIR> d-------- C:\WINDOWS\system32\Color
2007-03-19 03:18 <DIR> d-------- C:\Program Files\PhotoDeluxe BE 1.1
2007-03-19 03:18 <DIR> d-------- C:\KPCMS
2007-03-19 03:17 299,520 --a------ C:\WINDOWS\uninst.exe
2007-03-19 03:17 <DIR> d-------- C:\DOCUME~1\Dana\WINDOWS
2007-03-19 03:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-03-19 03:07 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-19 03:07 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-19 03:07 <DIR> d-------- C:\WINDOWS\nview
2007-03-19 03:03 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-03-19 03:03 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-03-19 03:03 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-03-18 22:32 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-18 07:04 <DIR> d-------- C:\Program Files\Saints & Sinners Bowling
2007-03-18 07:04 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-03-18 03:46 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-18 03:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-03-18 03:42 80,512 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-03-18 03:42 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-03-18 03:42 <DIR> d-------- C:\Program Files\Realtek
2007-03-18 03:39 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-18 03:39 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-18 03:39 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-18 03:39 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-18 03:39 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-03-18 03:38 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-18 03:38 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-18 03:38 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-18 03:38 577,536 -r------- C:\WINDOWS\soundman.exe
2007-03-18 03:38 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-18 03:38 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-18 03:38 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-18 03:38 3,959,360 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-03-18 03:38 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-18 03:38 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-18 03:38 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-18 03:38 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-18 03:38 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-03-18 03:38 10,518,528 -r------- C:\WINDOWS\system32\RTLCPL.exe
2007-03-18 03:38 <DIR> d-------- C:\Program Files\Realtek AC97
2007-03-18 03:37 307,200 -r------- C:\WINDOWS\alcupd.exe
2007-03-18 03:37 217,088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-03-18 03:37 135,168 -ra------ C:\WINDOWS\system32\igfxres.dll
2007-03-18 03:37 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-18 03:37 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-03-18 03:36 94,208 -ra------ C:\WINDOWS\system32\igfxtray.exe
2007-03-18 03:36 94,208 -ra------ C:\WINDOWS\system32\igfxext.exe
2007-03-18 03:36 900,218 -ra------ C:\WINDOWS\system32\ialmdd5.dll
2007-03-18 03:36 86,016 -ra------ C:\WINDOWS\system32\igfxdo.dll
2007-03-18 03:36 77,824 -ra------ C:\WINDOWS\system32\hkcmd.exe
2007-03-18 03:36 73,728 -ra------ C:\WINDOWS\system32\hccutils.dll
2007-03-18 03:36 61,440 -ra------ C:\WINDOWS\system32\iAlmCoIn_v4396.dll
2007-03-18 03:36 57,344 -ra------ C:\WINDOWS\system32\igfxsrvc.dll
2007-03-18 03:36 524,288 -ra------ C:\WINDOWS\system32\igldev32.dll
2007-03-18 03:36 49,152 -ra------ C:\WINDOWS\system32\ialmrem.dll
2007-03-18 03:36 446,464 -ra------ C:\WINDOWS\system32\igfxcfg.exe
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\igfxexps.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuTRK.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuTHA.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuSVE.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuRUS.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuPTG.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuPTB.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuPLK.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuNOR.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuNLD.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuKOR.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuJPN.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuITA.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuHUN.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuHEB.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuFRC.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuFRA.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuFIN.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuESP.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuENG.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuELL.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuDEU.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuDAN.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuCSY.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuCHT.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuCHS.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuARB.dll
2007-03-18 03:36 40,960 -ra------ C:\WINDOWS\system32\ialmuARA.dll
2007-03-18 03:36 36,990 -ra------ C:\WINDOWS\system32\ialmrnt5.dll
2007-03-18 03:36 213,274 -ra------ C:\WINDOWS\system32\ialmdev5.dll
2007-03-18 03:36 2,310,144 -ra------ C:\WINDOWS\system32\iglicd32.dll
2007-03-18 03:36 159,744 -ra------ C:\WINDOWS\system32\igfxsrvc.exe
2007-03-18 03:36 147,456 -ra------ C:\WINDOWS\system32\igfxpph.dll
2007-03-18 03:36 135,168 -ra------ C:\WINDOWS\system32\igfxdev.dll
2007-03-18 03:36 118,395 -ra------ C:\WINDOWS\system32\ialmdnt5.dll
2007-03-18 03:36 114,688 -ra------ C:\WINDOWS\system32\igfxzoom.exe
2007-03-18 03:36 114,688 -ra------ C:\WINDOWS\system32\igfxpers.exe
2007-03-18 03:36 114,688 -ra------ C:\WINDOWS\system32\ialmudlg.exe
2007-03-18 03:36 1,503,232 -ra------ C:\WINDOWS\system32\igfxress.dll
2007-03-18 03:36 1,302,332 -ra------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2007-03-18 03:32 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-18 03:32 <DIR> d-------- C:\Program Files\Intel
2007-03-18 03:30 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-03-18 03:29 <DIR> d-------- C:\TempEI4
2007-03-18 03:26 3,670,016 --ah----- C:\DOCUME~1\Dana\NTUSER.DAT
2007-03-18 03:25 262,144 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-18 03:25 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-18 03:25 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-18 03:21 262,144 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-18 03:17 262,144 --ah----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-18 03:17 148 --a------ C:\AUTOEXEC.BAT
2007-03-18 03:17 118 --a------ C:\CONFIG.SYS
2007-03-18 03:17 0 -rahs---- C:\MSDOS.SYS
2007-03-18 03:17 0 -rahs---- C:\IO.SYS
2007-03-18 03:17 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-03-18 03:17 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-03-18 03:16 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-18 03:15 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-03-18 03:15 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-18 03:15 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-03-18 03:15 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-18 03:14 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-18 03:14 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-18 03:14 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-18 03:14 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-18 03:14 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-18 03:14 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-18 03:14 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-18 03:14 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-18 03:14 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-18 03:14 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-18 03:14 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-18 03:14 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-18 03:14 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-18 03:14 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-18 03:14 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-18 03:14 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-18 03:14 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-18 03:14 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-18 03:14 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-18 03:14 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-18 03:14 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-18 03:14 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-18 03:14 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-18 03:14 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-18 03:14 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-18 03:14 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-18 03:14 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-18 03:14 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-18 03:14 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-18 03:14 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-18 03:14 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-18 03:14 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-18 03:14 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-18 03:14 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-18 03:14 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-18 03:14 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-18 03:14 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-18 03:14 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-18 03:14 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-18 03:14 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-18 03:14 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-18 03:14 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-18 03:14 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-18 03:14 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-18 03:14 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-18 03:14 <DIR> d---s---- C:\WINDOWS\Tasks
2007-03-18 03:14 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-03-18 03:14 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-03-18 03:14 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-03-18 03:14 <DIR> d-------- C:\WINDOWS\srchasst
2007-03-18 03:14 <DIR> d-------- C:\Program Files\Movie Maker
2007-03-18 03:14 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-03-18 03:13 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-18 03:13 <DIR> d-------- C:\WINDOWS\Registration
2007-03-18 03:13 <DIR> d-------- C:\Program Files\Online Services
2007-03-18 03:12 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-18 03:12 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-18 03:12 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-18 03:12 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-18 03:12 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-18 03:12 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-18 03:12 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-18 03:12 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-18 03:12 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-18 03:12 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-18 03:12 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-18 03:12 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-18 03:12 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-18 03:12 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-18 03:12 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-18 03:12 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-18 03:12 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-18 03:12 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-18 03:12 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-18 03:12 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-18 03:12 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-18 03:12 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-18 03:12 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-18 03:12 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-18 03:12 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-18 03:12 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-18 03:12 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-18 03:12 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-18 03:12 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-18 03:12 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-18 03:12 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-18 03:12 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-18 03:12 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-18 03:12 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-18 03:12 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-18 03:12 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-18 03:12 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-18 03:12 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-18 03:12 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-18 03:12 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-18 03:12 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-18 03:12 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-18 03:12 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-18 03:12 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-18 03:12 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-18 03:12 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-18 03:12 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-18 03:12 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-18 03:12 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-18 03:12 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-18 03:12 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-18 03:12 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-18 03:12 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-18 03:12 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-18 03:12 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-18 03:12 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-18 03:12 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-18 03:12 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-18 03:12 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-18 03:12 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-18 03:12 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-18 03:12 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-18 03:12 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-18 03:12 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-18 03:12 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-18 03:12 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-18 03:12 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-18 03:12 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-18 03:12 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-18 03:12 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-18 03:12 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-18 03:12 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-18 03:12 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-18 03:12 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-18 03:12 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-18 03:12 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-18 03:12 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-18 03:12 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-18 03:12 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-18 03:12 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-18 03:12 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-18 03:12 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-18 03:12 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-18 03:12 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-18 03:12 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-03-18 03:12 <DIR> d-------- C:\WINDOWS\system32\Com
2007-03-18 03:12 <DIR> d-------- C:\Program Files\Windows NT
2007-03-18 03:12 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-03-18 03:12 <DIR> d-------- C:\Program Files\Messenger
2007-03-17 22:05 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-17 22:04 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-17 22:04 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-03-17 22:04 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-03-17 22:03 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-17 22:02 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-17 22:02 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-17 22:02 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-17 22:02 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-17 22:02 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-17 22:02 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-17 22:02 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-17 22:02 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-17 22:02 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-17 22:02 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-17 22:02 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-17 22:02 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-17 22:02 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-17 22:02 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-17 22:02 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-17 22:02 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-17 22:02 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-17 22:02 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-17 22:02 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-17 22:02 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-17 22:02 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-17 22:02 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-17 22:02 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-17 22:02 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-17 22:02 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-17 22:02 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-17 22:02 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-17 22:02 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-17 22:02 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-17 22:02 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-17 22:02 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-17 22:02 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-17 22:02 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-17 22:02 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-17 22:02 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-17 22:02 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-17 22:02 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-17 22:02 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-17 22:02 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-17 22:02 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-17 22:02 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-17 22:02 <DIR> dr------- C:\Program Files
2007-03-17 22:02 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-17 22:02 <DIR> d--hs---- C:\WINDOWS\Installer
2007-03-17 22:02 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-17 22:02 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-17 22:01 <DIR> d--hs---- C:\System Volume Information
2007-03-17 22:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-17 22:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-03-17 22:01 <DIR> d-------- C:\Documents and Settings
2007-03-17 21:55 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-17 21:55 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-03-17 21:55 <DIR> dr------- C:\WINDOWS\Web
2007-03-17 21:55 <DIR> d--h----- C:\WINDOWS\inf
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\WinSxS
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\twain_32
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\wins
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\spool
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\ras
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\npp
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\mui
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\IME
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\ias
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\export
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\config
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\3076
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\2052
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\1054
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\1042
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\1041
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\1037
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\1033
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\1031
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\1028
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32\1025
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system32
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\system
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\security
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\Resources
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\repair
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\Provisioning
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\PeerNet
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\pchealth
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\mui
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\msapps
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\msagent
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\Media
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\java
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\ime
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\Help
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\ehome
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\Debug
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\Cursors
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\Config
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\AppPatch
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS\addins
2007-03-17 21:55 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-17 22:02 62 --ahs---- C:\DOCUME~1\Dana\APPLIC~1\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PowerBar"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"Zone Labs Client"="g:\\Program FilesDM\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"QOELOADER"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust Anti-Spam\\QSP-2.1.215.5\\QOELoader.exe\""
"CaAvTray"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"RtWLan"="g:\\Program FilesDM\\NETGEAR\\WG111v2 Configuration Utility\\RtWLan.exe /H"
"WinPatrol"="G:\\Program FilesDM\\BillP Studios\\WinPatrol\\winpatrol.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"AOL Fast Start"="\"G:\\America Online 9.0\\AOL.EXE\" -b"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1174402975\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"EM_EXEC"="G:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"MagicRotation"="C:\\Program Files\\MagicRotation\\MagicPvt.exe"
"HP Software Update"="G:\\Program FilesDM\\HP\\HP Software Update\\HPWuSchd2.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"WD Button Manager"="WDBtnMgr.exe"
"!ewido"="\"D:\\FIXPGMSDOWNLOADED\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\""
"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"D-Link Air USB Utility"="G:\\Program FilesDM\\D-Link\\Air USB Utility\\AirCFG.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070406-210506-187
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Program FilesDM\NIERSOFT\3D Virtual Cube\blank.htm

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????<????4@?h??????w????h???Z??w(???*??wt?@?l?@???f?????????????????????????,??????????????????????w????g??w0??w????*??w???w?????4@????????????w????l?@????????w????t?@?h?f?????????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????<????4@?h??????w????h???Z??w(???*??wt?@?l?@???f?????????????????????????,??????????????????????w????g??w0??w????*??w???w?????4@????????????w????l?@????????w????t?@?h?f?????????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-07 21:32:35
C:\ComboFix-quarantined-files.txt ... 07-04-07 21:32


Will send the GMER results in 2nd reply.
Will Send the HiJackThis results in 3rd reply.

Thanks,
Saber
Attached Images
File Type: bmp FSecureBacklightPic.bmp (590.3 KB, 1 views)
Attached Files
File Type: txt SREngLOG.txt (22.8 KB, 1 views)
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 08:40 PM   #9 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Here's the GMER results
Also included the HiJackThis log in this reply. The GMER log wasn't as big as I first thought.

GMER results

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-07 21:29:41
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey

Code 80884EEA IoReadTransferCount

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F543A170] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F543A170] vsdatant.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN F41A0C74
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP F419D400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP F419D400
Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible F41A0BCE

---- EOF - GMER 1.0.12 ----


HiJackThis log

Deckard's System Scanner v20070328.36
Run by Dana on 2007-04-07 at 21:54:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dana.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:55, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
G:\Program FilesDM\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
G:\Program FilesDM\BillP Studios\WinPatrol\winpatrol.exe
g:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
G:\Program FilesDM\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\igfxsrvc.exe
G:\Program FilesDM\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\MY FILES\Downloads\SOFTWAREDownlds\SpywareSW\HiJackThisVer1991\DeckardSystemScannerInclHiJack\dss.exe
H:\MYFILE~1\DOWNLO~1\SOFTWA~1\SPYWAR~1\HIJACK~1\Dana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - g:\Program FilesDM\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - g:\Program FilesDM\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Zone Labs Client] g:\Program FilesDM\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QOELOADER] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [RtWLan] g:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe /H
O4 - HKLM\..\Run: [WinPatrol] G:\Program FilesDM\BillP Studios\WinPatrol\winpatrol.exe
O4 - Startup: SpywareGuard.lnk = G:\Program FilesDM\SpywareGuard\sgmain.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174356460203
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - D:\FIXPGMSDOWNLOADED\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe


-- Files created between 2007-03-07 and 2007-04-07 -----------------------------

2007-04-07 21:48:31 2368 --a------ C:\WINDOWS\system32\SVKP.sys
2007-04-07 09:52:59 0 d-------- C:\Documents and Settings\Dana\Application Data\Roxio
2007-04-07 09:51:55 0 d-------- C:\Program Files\Roxio
2007-04-07 09:51:11 0 d-------- C:\Program Files\Common Files\Roxio Shared<ROXIOS~1>
2007-04-06 20:48:30 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-06 20:48:30 90112 --a------ C:\WINDOWS\system32\RegDACL.exe
2007-04-06 20:48:30 4096 --a------ C:\WINDOWS\system32\reboot.exe
2007-04-06 20:48:30 53248 --a------ C:\WINDOWS\system32\process.exe
2007-04-06 20:48:30 38400 --a------ C:\WINDOWS\system32\moveex.exe
2007-04-06 20:48:30 8234 --a------ C:\clean.bat
2007-04-05 08:42:23 0 d-------- C:\WINDOWS\pss
2007-04-03 23:59:05 0 d-------- C:\Documents and Settings\Dana\Application Data\acccore
2007-04-03 0001 0 d-------- C:\Documents and Settings\Dana\Application Data\WinPatrol<WINPAT~1>
2007-04-01 21:31:46 5632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-04-01 21:31:45 159232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-03-29 21:24:42 0 d-------- C:\Program Files\MetaStream<METAST~1>
2007-03-29 19:25:27 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-28 16:30:35 0 d-------- C:\Documents and Settings\Dana\Application Data\Leadertech<LEADER~1>
2007-03-25 10:59:50 0 d-------- C:\Documents and Settings\Dana\Application Data\ArcSoft
2007-03-24 18:47:37 423424 --a------ C:\WINDOWS\system32\ocuninst.exe
2007-03-24 18:08:33 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-03-24 16:38:45 0 d-------- C:\Documents and Settings\Dana\Application Data\Printer Info Cache<PRINTE~1>
2007-03-24 16:38:44 0 d-------- C:\Documents and Settings\Dana\Application Data\Image Zone Express<IMAGEZ~1>
2007-03-24 01:36:36 0 d-------- C:\I386
2007-03-22 22:30:13 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1>
2007-03-22 22:29:52 0 d-------- C:\Program Files\NCBuy
2007-03-22 20:02:58 108160 --a------ C:\WINDOWS\system32\drivers\wg111v2.sys
2007-03-22 20:02:58 13532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys
2007-03-22 20:02:57 196608 --a------ C:\WINDOWS\system32\RtlLib.dll
2007-03-22 20:02:57 155648 --a------ C:\WINDOWS\system32\IpLib.dll
2007-03-22 20:02:57 126976 --a------ C:\WINDOWS\system32\EnumDevLib.dll<ENUMDE~1.DLL>
2007-03-22 20:02:57 59136 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2007-03-21 14:20:43 0 d-------- C:\Documents and Settings\Dana\Application Data\CyberLink<CYBERL~1>
2007-03-21 14:09:31 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2007-03-21 14:09:31 102160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2007-03-21 14:09:31 16384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2007-03-21 14:09:30 0 d-------- C:\Program Files\lg_fwupdate<LG_FWU~1>
2007-03-21 1407 0 d-------- C:\Program Files\Common Files\LightScribe<LIGHTS~1>
2007-03-21 14:04:22 28672 -----n--- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-03-21 14:02:52 0 d-------- C:\Program Files\CyberLink<CYBERL~2>
2007-03-21 14:01:59 40960 --a------ C:\Program Files\Uninstall_CDS.exe<UNINST~1.EXE>
2007-03-21 14:01:58 0 d-------- C:\Program Files\CyberLink DVD Solution<CYBERL~1>
2007-03-21 13:43:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SBT
2007-03-21 13:43:28 0 d-------- C:\Program Files\Snapshot Viewer<SNAPSH~1>
2007-03-21 13:39:42 0 d-------- C:\WINDOWS\ShellNew
2007-03-21 13:38:47 0 d-------- C:\Documents and Settings\Dana\Application Data\Microsoft Web Folders<MICROS~2>
2007-03-21 11:21:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-21 06:28:56 0 d-------- C:\WINDOWS\CAVTemp
2007-03-20 20:52:58 335872 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2007-03-20 20:52:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Retrospect<RETROS~1>
2007-03-20 20:52:45 0 d-------- C:\Program Files\Dantz
2007-03-20 20:37:21 0 d-------- C:\WINDOWS\MVUNINST
2007-03-20 19:26:13 180224 --a------ C:\WINDOWS\system32\SanDisk Screen Saver.scr<SANDIS~1.SCR>
2007-03-20 18:49:54 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-03-20 18:49:54 26787 --a------ C:\WINDOWS\system32\drivers\VetMonNT.sys
2007-03-20 18:49:54 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-03-20 18:49:54 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-03-20 18:49:54 629264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-03-20 18:49:54 108592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-03-20 18:49:53 115824 --a------ C:\WINDOWS\UnVet32.exe
2007-03-20 18:49:53 243824 --a------ C:\WINDOWS\unicows.dll
2007-03-20 18:49:53 74864 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-03-20 18:49:53 74864 --a------ C:\WINDOWS\system32\iSafProd.dll
2007-03-20 18:49:53 95344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2007-03-20 18:49:53 111728 --a------ C:\WINDOWS\AVShlExt.dll
2007-03-20 18:49:49 49152 --a------ C:\WINDOWS\unezas.exe
2007-03-20 18:49:37 672832 --a------ C:\WINDOWS\system32\ppctl.dll
2007-03-20 18:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-03-20 18:49:34 0 d-------- C:\Program Files\Common Files\Scanner
2007-03-20 18:13:49 0 d-------- C:\Documents and Settings\Dana\Application Data\Lavasoft
2007-03-20 17:42:22 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-20 17:42:18 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-20 17:41:21 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-20 17:29:39 0 d-------- C:\Documents and Settings\Dana\Application Data\HP
2007-03-20 17:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-03-20 17:27:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-03-20 17:27:43 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-03-20 17:26:15 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-03-20 17:25:50 0 d-------- C:\Program Files\Common Files\HP
2007-03-20 17:24:42 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-20 17:24:28 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-03-20 17:23:52 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-03-20 17:23:49 49664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-03-20 17:23:27 77824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-03-20 17:23:26 38400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-03-20 17:23:08 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-20 17:16:05 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-03-20 17:16:05 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-03-20 17:16:05 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-03-20 17:16:05 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-03-20 17:16:05 65536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-03-20 17:16:05 282680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-03-20 17:15:35 0 d-------- C:\Program Files\HP
2007-03-20 17:15:03 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-20 17:15:02 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-20 17:14:04 117100 --a------ C:\WINDOWS\hpoins11.dat
2007-03-20 16:59:38 99965 --a------ C:\WINDOWS\UninstallFirefox.exe<UNINST~1.EXE>
2007-03-20 16:59:29 2654 --a------ C:\WINDOWS\mozver.dat
2007-03-20 16:45:22 0 d-------- C:\Program Files\WZCBDL Service<WZCBDL~1>
2007-03-20 16:45:05 0 d-------- C:\Program Files\NIOC Service<NIOCSE~1>
2007-03-20 16:22:12 155648 --a------ C:\WINDOWS\system32\ifc21.dll
2007-03-20 16:22:12 94208 --a------ C:\WINDOWS\system32\FEELIT.DLL
2007-03-20 16:22:11 29184 --a------ C:\WINDOWS\system32\LOGILANG.DLL
2007-03-20 16:22:11 17408 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2007-03-20 16:22:11 3792 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2007-03-20 16:22:11 109056 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2007-03-20 16:22:11 164352 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2007-03-20 16:22:11 0 d-------- C:\Program Files\Common Files\Logitech
2007-03-20 16:22:09 140800 -----n--- C:\WINDOWS\system32\lmoufrc.dll
2007-03-20 16:22:09 19182 --a------ C:\WINDOWS\system32\LCoInst.dll
2007-03-20 16:22:09 67440 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.sys
2007-03-20 16:22:09 5840 --a------ C:\WINDOWS\system32\drivers\LKbdFlt2.sys
2007-03-20 16:22:09 37822 --a------ C:\WINDOWS\system32\drivers\LHidUsb.Sys
2007-03-20 16:22:09 22064 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.sys
2007-03-20 16:22:09 12413 -----n--- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-03-20 16:22:09 50432 -----n--- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2007-03-20 15:24:05 0 d-------- C:\Documents and Settings\Dana\Application Data\Jasc
2007-03-20 14:35:27 79360 --a------ C:\WINDOWS\system32\sam_nv4_disp.dll<SAM_NV~1.DLL>
2007-03-20 14:35:27 32 --a------ C:\WINDOWS\system32\driver.dat
2007-03-20 14:35:25 9728 -ra------ C:\WINDOWS\system32\drivers\magicpvt.sys
2007-03-20 14:35:24 61440 --a------ C:\WINDOWS\system32\mpvthook.dll
2007-03-20 14:35:24 79360 --a------ C:\WINDOWS\system32\magicpvt.dll
2007-03-20 14:35:24 16 --a------ C:\WINDOWS\system32\magicpvt.dat
2007-03-20 14:35:24 0 d-------- C:\Program Files\MagicRotation<MAGICR~1>
2007-03-20 14:34:49 40960 --a------ C:\WINDOWS\system32\nvgpio.dll
2007-03-20 14:34:49 36864 --a------ C:\WINDOWS\system32\nvapi9x.dll
2007-03-20 14:34:49 13396 --a------ C:\WINDOWS\system32\drivers\MTiCtwl.sys
2007-03-20 14:34:37 0 d-------- C:\Program Files\SEC
2007-03-20 14:13:56 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-03-20 14:13:44 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-20 11:05:05 0 d-------- C:\Documents and Settings\Dana\Application Data\AOL
2007-03-20 11:04:55 0 d-------- C:\Program Files\Common Files\aolback
2007-03-20 11:04:18 173184 --a------ C:\WINDOWS\system32\ygpss.scr
2007-03-20 11:04:18 0 d-------- C:\Documents and Settings\Dana\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-03-20 11:04:17 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-03-20 11:03:55 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-03-20 11:03:55 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-20 11:03:55 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime<QUICKT~1>
2007-03-20 11:03:50 0 d-------- C:\My Music<MYMUSI~1>
2007-03-20 11:03:49 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-03-20 11:03:46 0 d-------- C:\Program Files\Real
2007-03-20 11:03:45 0 d-------- C:\Program Files\Common Files\Real
2007-03-20 11:03:37 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll<SIMPLE~1.DLL>
2007-03-20 11:03:37 118784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
2007-03-20 11:03:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks<PURENE~1>
2007-03-20 11:03:29 0 d-------- C:\Program Files\Pure Networks<PURENE~1>
2007-03-20 11:03:25 0 d-------- C:\Program Files\AOL Toolbar<AOLTOO~1>
2007-03-20 11:03:22 0 d-------- C:\Program Files\AOL Deskbar<AOLDES~1>
2007-03-20 11:03:13 0 d-------- C:\Program Files\Common Files\AolCoach
2007-03-20 11:02:53 0 d-------- C:\Program Files\Common Files\aolshare
2007-03-20 11:02:53 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-03-20 11:01:45 0 d-------- C:\Program Files\Common Files\AOL
2007-03-20 11:01:44 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 11:01:43 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>
2007-03-20 10:51:34 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-20 10:50:43 0 d-------- C:\WINDOWS\system32\LogFiles
2007-03-20 10:50:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-20 10:47:02 36352 -----n--- C:\WINDOWS\system32\tsgqec.dll
2007-03-20 10:47:02 288768 -----n--- C:\WINDOWS\system32\rhttpaa.dll
2007-03-20 10:47:02 116736 -----n--- C:\WINDOWS\system32\aaclient.dll
2007-03-20 10:44:14 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-03-20 10:27:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-20 10:17:38 0 d-------- C:\Program Files\Microsoft Digital Image 2006<MICROS~2>
2007-03-19 22:10:10 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-19 22:10:10 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-03-19 22:10:09 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-19 22:08:22 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-03-19 22:08:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-03-19 22:07:37 0 d---s---- C:\Documents and Settings\Dana\UserData
2007-03-19 21:45:34 127488 -----n--- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-19 21:45:34 5888 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-19 21:45:16 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-03-19 21:45:15 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-19 21:45:15 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-03-19 21:45:15 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-19 21:45:15 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-03-19 21:44:30 2973696 -----n--- C:\WINDOWS\NuNinst.exe
2007-03-19 21:44:28 8704 -----n--- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-03-19 21:44:28 29696 -----n--- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-03-19 21:44:28 99584 -----n--- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-03-19 21:44:28 0 d-------- C:\WINDOWS\InCD
2007-03-19 21:43:15 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-19 21:43:12 38912 --a------ C:\WINDOWS\system32\picn20.dll
2007-03-19 21:43:12 544768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-03-19 21:43:12 569344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-03-19 21:43:11 283920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-03-19 21:43:10 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-03-19 21:43:10 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-19 21:43:06 0 d-------- C:\Program Files\Ahead
2007-03-19 21:23:39 0 d-------- C:\Documents and Settings\Dana\Application Data\ACD Systems<ACDSYS~1>
2007-03-19 21:22:54 0 d-------- C:\Program Files\Common Files\ACD Systems<ACDSYS~1>
2007-03-19 21:22:54 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems<ACDSYS~1>
2007-03-19 21:21:03 0 d-------- C:\Program Files\ACD Systems<ACDSYS~1>
2007-03-19 21:19:22 0 d-------- C:\Program Files\PrintKey2000<PRINTK~1>
2007-03-19 21:16:19 0 d-------- C:\Program Files\Registry Medic<REGIST~1>
2007-03-19 20:44:39 0 d-------- C:\Program Files\StartCop
2007-03-19 20:42:46 0 d-------- C:\Documents and Settings\Dana\Application Data\Adobe
2007-03-19 20:42:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-03-19 10:10:26 41984 -----n--- C:\WINDOWS\Ctregrun.exe
2007-03-19 10:09:45 183 --a------ C:\WINDOWS\setuplog
2007-03-19 10:09:02 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-03-19 10:09:02 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-03-19 10:07:37 90112 -----n--- C:\WINDOWS\Updreg.EXE
2007-03-19 10:07:37 0 d-------- C:\WINDOWS\system32\Defaults
2007-03-19 10:07:23 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-03-19 10:07:23 81920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-03-19 1049 0 d-------- C:\WINDOWS\system32\Data
2007-03-19 1049 10240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-03-19 1048 11776 --a------ C:\WINDOWS\INRES.DLL
2007-03-19 1019 0 d-------- C:\Documents and Settings\Dana\Application Data\Creative
2007-03-19 10:05:05 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-03-19 10:04:56 0 d-------- C:\Program Files\Creative
2007-03-19 10:02:01 0 d--hs---- C:\RECYCLER
2007-03-19 03:35:11 0 d-------- C:\Program Files\Jasc Software Inc<JASCSO~1>
2007-03-19 03:32:28 0 d-------- C:\Program Files\VCW VicMan's Photo Editor<VCWVIC~1>
2007-03-19 03:20:12 0 d-------- C:\temp
2007-03-19 03:19:12 0 d-------- C:\PSFONTS
2007-03-19 03:19:11 4064 --a------ C:\WINDOWS\system32\drivers\ATMHELPR.SYS
2007-03-19 03:19:11 212352 --a------ C:\WINDOWS\system32\ATMDRVR.DLL
2007-03-19 03:19:11 0 d-------- C:\Program Files\Adobe Type Manager<ADOBET~1>
2007-03-19 03:18:14 0 d-------- C:\WINDOWS\system32\Color
2007-03-19 03:18:14 0 d-------- C:\KPCMS
2007-03-19 03:18:13 249856 --a------ C:\WINDOWS\system32\Snap32n.dll
2007-03-19 03:18:13 210944 --a------ C:\WINDOWS\system32\msvcrt10.dll
2007-03-19 03:18:13 20976 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-03-19 03:18:13 133120 --a------ C:\WINDOWS\Sprof32.dll
2007-03-19 03:18:13 212480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-03-19 03:18:13 37376 --a------ C:\WINDOWS\KPSYS32.DLL
2007-03-19 03:18:13 196608 --a------ C:\WINDOWS\KPCP32.DLL
2007-03-19 03:18:13 132096 --a------ C:\WINDOWS\KPAPI32.DLL
2007-03-19 03:18:13 27136 --a------ C:\WINDOWS\CTL3D32.DLL
2007-03-19 03:18:12 4080 --a------ C:\WINDOWS\system32\WINSIZE.DLL
2007-03-19 03:18:12 415744 --a------ C:\WINDOWS\system32\EZIMG25.DLL
2007-03-19 03:18:12 27136 --a------ C:\WINDOWS\system32\CPPENV25.DLL
2007-03-19 03:18:11 54784 --a------ C:\WINDOWS\EasyPhoto Slide Show.scr<EASYPH~1.SCR>
2007-03-19 03:18:02 0 d-------- C:\Program Files\PhotoDeluxe BE 1.1<PHOTOD~1.1>
2007-03-19 03:17:25 299520 --a------ C:\WINDOWS\uninst.exe
2007-03-19 03:17:23 0 d-------- C:\Documents and Settings\Dana\WINDOWS
2007-03-19 03:09:43 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles<NVIEW_~1>
2007-03-19 03:07:58 180224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-19 03:07:58 0 d-------- C:\WINDOWS\nview
2007-03-19 03:07:36 180224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-19 03:03:14 42368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-03-19 03:03:07 4274816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-03-19 03:03:07 1897408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-03-18 22:32:46 0 d-------- C:\WINDOWS\system32\appmgmt
2007-03-18 07:04:25 0 d-------- C:\Program Files\Saints & Sinners Bowling<SAINTS~1>
2007-03-18 07:04:11 0 d-------- C:\Program Files\ReflexiveArcade<REFLEX~1>
2007-03-18 03:46:29 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-18 03:46:27 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-18 03:42:38 80512 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-03-18 03:42:25 0 d-------- C:\WINDOWS\OPTIONS
2007-03-18 03:42:25 0 d-------- C:\Program Files\Realtek
2007-03-18 03:39:20 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-03-18 03:39:16 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-18 03:39:09 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-18 03:39:07 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-18 03:39:00 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-18 03:38:58 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-18 03:38:57 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-18 03:38:56 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-18 03:38:54 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-18 03:38:52 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-18 03:38:51 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-18 03:38:49 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-18 03:38:41 135168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-03-18 03:38:40 10518528 -r------- C:\WINDOWS\system32\RTLCPL.exe
2007-03-18 03:38:31 3959360 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-03-18 03:38:31 577536 -r------- C:\WINDOWS\soundman.exe
2007-03-18 03:38:29 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-18 03:38:29 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-18 03:38:28 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-18 03:38:09 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-03-18 03:37:55 307200 -r------- C:\WINDOWS\alcupd.exe
2007-03-18 03:37:55 217088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-03-18 03:37:53 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-18 03:37:43 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-18 03:37:13 135168 -ra------ C:\WINDOWS\system32\igfxres.dll
2007-03-18 03:36:18 61440 -ra------ C:\WINDOWS\system32\iAlmCoIn_v4396.dll<IALMCO~1.DLL>
2007-03-18 03:36:17 524288 -ra------ C:\WINDOWS\system32\igldev32.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuTRK.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuTHA.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuSVE.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuRUS.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuPTG.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuPTB.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuPLK.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuNOR.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuNLD.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuKOR.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuJPN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuITA.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuHUN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuHEB.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuFRC.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuFRA.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuFIN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuESP.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuENG.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuELL.dll
2007-03-18 03:36:17 114688 -ra------ C:\WINDOWS\system32\ialmudlg.exe
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuDEU.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuDAN.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuCSY.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuCHT.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuCHS.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuARB.dll
2007-03-18 03:36:17 40960 -ra------ C:\WINDOWS\system32\ialmuARA.dll
2007-03-18 03:36:16 2310144 -ra------ C:\WINDOWS\system32\iglicd32.dll
2007-03-18 03:36:16 94208 -ra------ C:\WINDOWS\system32\igfxext.exe
2007-03-18 03:36:16 40960 -ra------ C:\WINDOWS\system32\igfxexps.dll
2007-03-18 03:36:16 49152 -ra------ C:\WINDOWS\system32\ialmrem.dll
2007-03-18 03:36:14 114688 -ra------ C:\WINDOWS\system32\igfxzoom.exe
2007-03-18 03:36:14 94208 -ra------ C:\WINDOWS\system32\igfxtray.exe
2007-03-18 03:36:14 1503232 -ra------ C:\WINDOWS\system32\igfxress.dll
2007-03-18 03:36:14 114688 -ra------ C:\WINDOWS\system32\igfxpers.exe
2007-03-18 03:36:14 77824 -ra------ C:\WINDOWS\system32\hkcmd.exe
2007-03-18 03:36:13 159744 -ra------ C:\WINDOWS\system32\igfxsrvc.exe
2007-03-18 03:36:13 57344 -ra------ C:\WINDOWS\system32\igfxsrvc.dll
2007-03-18 03:36:13 147456 -ra------ C:\WINDOWS\system32\igfxpph.dll
2007-03-18 03:36:13 86016 -ra------ C:\WINDOWS\system32\igfxdo.dll
2007-03-18 03:36:13 135168 -ra------ C:\WINDOWS\system32\igfxdev.dll
2007-03-18 03:36:13 446464 -ra------ C:\WINDOWS\system32\igfxcfg.exe
2007-03-18 03:36:13 73728 -ra------ C:\WINDOWS\system32\hccutils.dll
2007-03-18 03:36:12 36990 -ra------ C:\WINDOWS\system32\ialmrnt5.dll
2007-03-18 03:36:12 118395 -ra------ C:\WINDOWS\system32\ialmdnt5.dll
2007-03-18 03:36:12 213274 -ra------ C:\WINDOWS\system32\ialmdev5.dll
2007-03-18 03:36:12 900218 -ra------ C:\WINDOWS\system32\ialmdd5.dll
2007-03-18 03:36:12 1302332 -ra------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2007-03-18 03:32:59 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-18 03:32:57 0 d-------- C:\Program Files\Intel
2007-03-18 03:30:20 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-03-18 03:29:59 0 d-------- C:\TempEI4
2007-03-18 03:26:34 3670016 --ah----- C:\Documents and Settings\Dana\NTUSER.DAT
2007-03-18 03:25:25 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-18 03:25:13 0 d-------- C:\WINDOWS\Prefetch
2007-03-18 03:25:11 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-03-18 03:21:30 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-03-18 03:17:43 0 d-------- C:\WINDOWS\system32\xircom
2007-03-18 03:17:43 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-18 03:17:29 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-03-18 03:17:19 0 -rahs---- C:\MSDOS.SYS
2007-03-18 03:17:19 0 -rahs---- C:\IO.SYS
2007-03-18 03:17:19 118 --a------ C:\CONFIG.SYS
2007-03-18 03:17:19 148 --a------ C:\AUTOEXEC.BAT
2007-03-18 03:16:59 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-18 03:15:39 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-03-18 03:15:25 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-18 03:15:25 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-18 03:15:12 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-03-18 03:14:48 0 d-------- C:\WINDOWS\system32\DirectX
2007-03-18 03:14:33 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-18 03:14:26 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-18 03:14:26 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-18 03:14:23 0 d---s---- C:\WINDOWS\Tasks
2007-03-18 03:14:23 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-18 03:14:22 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-18 03:14:20 0 d-------- C:\WINDOWS\srchasst
2007-03-18 03:14:19 0 d-------- C:\WINDOWS\system32\Macromed
2007-03-18 03:14:17 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-18 03:14:17 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-18 03:14:17 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-18 03:14:17 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-18 03:14:17 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-18 03:14:16 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-18 03:14:16 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-18 03:14:16 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-18 03:14:16 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-18 03:14:16 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-18 03:14:16 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-18 03:14:16 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-18 03:14:16 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-18 03:14:13 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-18 03:14:10 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-18 03:14:10 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-18 03:14:10 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-18 03:14:10 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-18 03:14:08 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-18 03:14:07 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-18 03:14:07 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-18 03:14:07 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-18 03:14:07 0 d-------- C:\WINDOWS\system32\Restore
2007-03-18 03:14:07 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-18 03:14:07 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-18 03:14:07 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-18 03:14:06 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-18 03:14:06 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-18 03:14:06 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-18 03:14:06 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-18 03:14:06 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-18 03:14:06 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-18 03:14:04 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-18 03:14:04 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-18 03:14:03 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-18 03:14:03 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-18 03:14:02 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-18 03:14:02 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-18 03:14:02 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-18 03:14:01 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-18 03:14:01 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-18 03:14:01 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-18 03:14:01 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-18 03:13:24 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-18 03:13:09 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-03-18 03:13:01 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-03-18 03:12:52 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-18 03:12:49 5632 --a------ C:\WINDOWS\system32\write.exe
2007-03-18 03:12:49 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-18 03:12:42 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-18 03:12:42 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-18 03:12:42 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-18 03:12:42 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-18 03:12:42 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-18 03:12:42 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-18 03:12:37 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-18 03:12:36 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-18 03:12:36 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-18 03:12:36 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-18 03:12:36 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-18 03:12:36 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-18 03:12:35 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-18 03:12:35 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-18 03:12:35 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-18 03:12:35 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-18 03:12:35 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-18 03:12:35 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-18 03:12:35 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-18 03:12:35 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-18 03:12:35 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-18 03:12:35 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-18 03:12:35 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-18 03:12:35 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-18 03:12:35 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-18 03:12:34 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-18 03:12:34 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-18 03:12:34 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-18 03:12:34 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-18 03:12:33 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-18 03:12:33 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-18 03:12:33 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-18 03:12:33 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-18 03:12:33 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-18 03:12:33 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-18 03:12:33 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-18 03:12:20 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-18 03:12:20 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-18 03:12:20 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-18 03:12:19 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-18 03:12:19 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-18 03:12:19 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-18 03:12:19 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-18 03:12:19 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-18 03:12:19 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-18 03:12:19 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-18 03:12:19 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-18 03:12:18 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-18 03:12:18 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-18 03:12:18 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-18 03:12:18 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-18 03:12:18 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-18 03:12:18 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-18 03:12:18 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-18 03:12:18 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-18 03:12:18 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-18 03:12:18 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-18 03:12:17 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-18 03:12:17 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-18 03:12:17 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-18 03:12:17 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-18 03:12:17 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-18 03:12:17 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-18 03:12:17 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-18 03:12:17 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-18 03:12:17 0 d-------- C:\WINDOWS\system32\MsDtc
2007-03-18 03:12:17 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-18 03:12:17 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-18 03:12:16 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-18 03:12:16 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-18 03:12:16 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-18 03:12:16 0 d-------- C:\WINDOWS\system32\Com
2007-03-18 03:12:16 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-18 03:12:15 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-18 03:12:15 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-18 03:12:15 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-18 03:12:15 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-18 03:12:15 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-18 03:12:15 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-18 03:12:15 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-18 03:12:10 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-18 03:12:10 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-18 03:12:10 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-18 03:12:09 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-18 03:12:09 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-18 03:12:08 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-17 22:05:15 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-17 22:04:46 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-17 22:04:12 20992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-03-17 22:04:03 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-03-17 22:03:57 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-17 22:02:41 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-03-17 22:02:40 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-17 22:02:37 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-17 22:02:36 0 dr------- C:\Program Files<PROGRA~1>
2007-03-17 22:02:34 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-17 22:02:34 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-17 22:02:34 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-17 22:02:32 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-17 22:02:32 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-17 22:02:30 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-17 22:02:30 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-17 22:02:30 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-17 22:02:30 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-17 22:02:30 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-17 22:02:30 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-17 22:02:30 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-17 22:02:29 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-17 22:02:29 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-17 22:02:29 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-17 22:02:29 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-17 22:02:29 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-17 22:02:28 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-17 22:02:28 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-17 22:02:28 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-17 22:02:28 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-17 22:02:28 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-17 22:02:27 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-17 22:02:25 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-17 22:02:25 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-17 22:02:25 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-17 22:02:24 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-17 22:02:24 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-17 22:02:24 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-17 22:02:24 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-17 22:02:24 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-17 22:02:24 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-17 22:02:24 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-17 22:02:24 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-17 22:02:23 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-17 22:02:23 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-17 22:02:23 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-17 22:02:23 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-17 22:02:23 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-17 22:02:23 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-17 22:02:22 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-17 22:02:22 68768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-17 22:02:22 69120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-17 22:02:21 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-17 22:02:13 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-03-17 22:01:59 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-03-17 22:01:59 0 d-------- C:\WINDOWS\system32\CatRoot
2007-03-17 22:01:35 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-03-17 22:01:34 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\WinSxS
2007-03-17 21:55:19 0 dr------- C:\WINDOWS\Web
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\twain_32
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\wins
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\wbem
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\usmt
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\spool
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\ShellExt
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\Setup
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\ras
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\oobe
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\npp
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\mui
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\inetsrv
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\IME
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\icsxml
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\ias
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\export
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\drivers
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-17 21:55:19 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\dhcp
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\config
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\3076
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\2052
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1054
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1042
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1041
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1037
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1033
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1031
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1028
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system32\1025
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\system
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\security
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\repair
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\PeerNet
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\pchealth
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\mui
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\msapps
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\msagent
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Media
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\java
2007-03-17 21:55:19 0 d--h----- C:\WINDOWS\inf
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\ime
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Help
2007-03-17 21:55:19 0 dr--s---- C:\WINDOWS\Fonts
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\ehome
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Debug
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Cursors
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\Config
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\AppPatch
2007-03-17 21:55:19 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-04-06 20:21:51 0 d---s---- C:\Documents and Settings\Dana\Application Data\Microsoft<MICROS~1>
2007-03-20 18:33:50 0 d-------- C:\Documents and Settings\Dana\Application Data\Macromedia<MACROM~1>
2007-03-20 16:59:41 0 d-------- C:\Documents and Settings\Dana\Application Data\Mozilla
2007-03-18 03:26:46 0 d-------- C:\Documents and Settings\Dana\Application Data\Identities<IDENTI~1>
2007-03-17 22:02:13 62 --ahs---- C:\Documents and Settings\Dana\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PowerBar"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"Zone Labs Client"="g:\\Program FilesDM\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"QOELOADER"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust Anti-Spam\\QSP-2.1.215.5\\QOELoader.exe\""
"CaAvTray"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"G:\\Program FilesDM\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"RtWLan"="g:\\Program FilesDM\\NETGEAR\\WG111v2 Configuration Utility\\RtWLan.exe /H"
"WinPatrol"="G:\\Program FilesDM\\BillP Studios\\WinPatrol\\winpatrol.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"AOL Fast Start"="\"G:\\America Online 9.0\\AOL.EXE\" -b"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1174402975\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"EM_EXEC"="G:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"MagicRotation"="C:\\Program Files\\MagicRotation\\MagicPvt.exe"
"HP Software Update"="G:\\Program FilesDM\\HP\\HP Software Update\\HPWuSchd2.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"WD Button Manager"="WDBtnMgr.exe"
"!ewido"="\"D:\\FIXPGMSDOWNLOADED\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\""
"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"D-Link Air USB Utility"="G:\\Program FilesDM\\D-Link\\Air USB Utility\\AirCFG.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SJYPKT


-- End of Deckard's System Scanner: finished at 2007-04-07 at 21:55:27 ---------



Everything is running the same. The SVKP/Win32.delf.ak results reappear the next day after removing them with Xoftspy. I have checked and the
C:\Windows\system32\SVKP.sys file is there before running Xoftspy.
I remove it with the Xoftspy software and check again - it no longer exists.
But it'll be back the next day. lol

Display at bootup is still resetting to 800x600.

Thanks again,

Saber
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-08-2007, 10:21 PM   #10 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hi Saber0981,

I’m sorry for my late reply. I’ve been having Internet problems the last few days.

OK, let’s do this next.

Please download DAFT and save it to your desktop:
  1. Double-click the daft.exe icon. Read the disclaimer and click OK.
  2. Click on the Scan button.
  3. Place a checkmark next to the following entries:

    .SCR

  4. Click the Fix button.
  5. Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile with your next post.


NEXT:

It looks like your copy of svkp.sys is a legit file that gets created. The file size matches the one that is legit (as opposed to the one that is not). Please see here:
http://www.file.net/process/svkp.sys.html

If you’d like to confirm whether or not this is a malware file, search for these other two files:

lockx.exe
msdirectx.sys

They should be present if the svkp.sys is a malware file.

Once you have confirmed that these files do not exist on your system, then we will pass you on to the XP experts at this forum to solve your display resolution problem.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-09-2007, 09:57 AM   #11 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hello again Sempurna,

Thanks again for a fast response.

1. daftx log

DAFT Log saved on 2007-04-09 01:07:07
-----------------------------------------------------------------------
All associations okay!


2. Searched for the lockx.exe and msdirectx.exe files - not found


3. Searched the registry for lockx.exe and msdirectx.exe - the only instances found were MRU's of my previous searches. (Would love to permanently disable MRU's)


4. SVKP
Opinions seem to be conflicting concerning SVKP - some believe valid...some believe worm hid within SVKP. It appears that many different malware can mask itself as SVKP - found a reference to msnimgr.exe

A) Searched file folder for msnimgr.exe - not there
B) Searched the registry for msnimgr.exe - results were different on 2 different days.

4/8/2007 pm See First Attach. MsnimgrexeRegResults2
4/9/2007 am See 2nd Attach. 4092007msningrExeREALREGISTRY

I can only conclude that it isn't a problem - unless you see otherwise.


C) SVKP file is at c:\windows\system32\svkp.sys it is 3kb on my system Couldn't locate the file size for the valid svkp. Is this it?

D) Searched registry for SVKP - out of 50+ entries, Xoftspy only indicates 10 of them as a threat...all under HKLM/system/currentcontrolset/services/SKVP

See snapshot attached of registry entry. The one with the red star is the one that Xoftspy indicates. (Attachment - againSVKPREgREsults4)

Here are the registry entries for it (Attachment - realregSVKP1)

I have to conclude, as you did, that Xoftspy is giving me a false positive. I read the link on your last reply about Xoftspy - based on that I think I will give Xoftspy the boot!


5. VIEWPOINT

It's back!

I removed the Viewpoint Media Player from the Add/Remove programs on our first pass through. It has reinstalled itself - any ideas?

Here is the registry search for Viewpoint. There are 50 entries ... not sure which one is causing the re-install. Help! lol

Attachments: ViewpointRealReg1 (this is last attachment in this reply
will send other attachments in next reply)

ViewpointRealReg2
ViewpointRealReg3

6. Ran the Trend Micro online Antispy last night. It found that CCcleaner was a problem. Don't use it...so removed it.

Results in attachments: trendmicroSPYsummary
trendmicroSPYCCcleaner


7. Ran the Trend Micro online Antivirus last night...all was clean.


Thanks for all your help with getting the SVKP/win32.delf.ak resolved. It is very irritating when you have a product that should help you and instead sends you on a wild goose chase trying to resolve a problem that doesn't exist!


The only issues left open are :
1. Viewpoint re-installing itself
2. Desktop display settings changing on startup

Whew! I feel CLEAN

Thanks again,


Saber
Attached Images
File Type: jpg MsnimsgrexeRegResults2.jpg (54.4 KB, 1 views)
File Type: jpg 4092007msnimsgrExeREALREGISTRY.jpg (41.7 KB, 1 views)
File Type: jpg againSVKPREgREsults4.jpg (119.6 KB, 1 views)
File Type: jpg realregistrySVKP1.jpg (91.6 KB, 1 views)
File Type: jpg ViewpointRealReg1.jpg (244.0 KB, 1 views)
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-09-2007, 10:00 AM   #12 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Here's the other attachments mentioned in previous post.

Didn't know how to insert into the body of the post.

Saber
Attached Images
File Type: jpg ViewpointRealReg2.jpg (271.7 KB, 1 views)
File Type: jpg ViewpointRealReg3.jpg (286.8 KB, 1 views)
File Type: jpg trendmicroSPYsummary.jpg (46.3 KB, 1 views)
File Type: jpg trendmicroSPYCCcleaner.jpg (83.2 KB, 1 views)
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-09-2007, 10:16 PM   #13 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hi Saber0981,

That svkp.sys file on your system appears to be legit. The file is a bit small though. I don’t think it’s even big enough to run any instructions.

That run with TrendMicro’s Housecall looks good. What it picked up in the CCleaner installer is a false positive. You can use CCleaner safely and with peace of mind.

I’m glad that you do know a bit about the registry and how to use RegSeeker (I use it myself ). OK, let’s see if we can fix that Viewpoint problem. Uninstall it again from Add/Remove Programs.

Then delete the FOLDER:

C:\Program Files\Viewpoint

Then use RegSeeker to find all instances of the word Viewpoint and delete those reg entries.

Let me know if Viewpoint comes back. If it does, it could be a one of your security apps causing the problem.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-10-2007, 11:38 PM   #14 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hi Sempurna,

Viewpoint is back again!

The file folder was created 4/10/07 at 7:50am.

No one on the system at that time.

I had removed it from add/remove programs.
Deleted the file folder.
Deleted ALL Viewpoint entries in the registry.
Emptied recycle bin
Rebooted

Checked everything...it was clean.

Any ideas how to permanently get rid of this? Is there anyway to tell what job ran at that time?

It seems to be linked to Mozilla Firefox.

I've attached snapshots of the program files and the folder created 4/10.


I've also attached a Winpatrol snapshot of IE Helpers.
Do you see anything there that could be a problem?


Thanks,
Saber
Attached Images
File Type: jpg ViewpointPgmFiles.jpg (173.5 KB, 2 views)
File Type: jpg ViewpointFolder.jpg (370.3 KB, 2 views)
File Type: jpg WinpatrolIEHelpers.jpg (139.0 KB, 1 views)
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-11-2007, 01:17 AM   #15 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hiya Saber,

You're most welcome, Saber.

Now, to tell you the truth, this is the first time I'm seeing Viewpoint regenerating on its own. Was the computer connected to the Internet at that time? If it wasn't disconnected, do the uninstallation, file/folder deletions, and registry deletions again, but this time unhook your system from the Internet.

See if it regenerates then.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-11-2007, 09:17 AM   #16 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Ok Sempurna,

Let's try this again!

I've attached snapshots of:

Add/Remove Programs - after remove
REgseeker - after deleting all entries
File Folder - Viewpoint folder gone

Then I searched for Viewpoint

Got quite a few files listed - most of them are my snapshots and OTMovit runs.....all OK except one little culprit in

C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

Maybe??

Didn't want to delete it in case Firefox wouldn't run .... so I renamed it (see attachment)

Firefox still runs fine after renaming the file.

Do you think this was it?
Wasn't connected to internet at the time.
I had my Firewall lock on and my IP address reverts to 169.xxx.xxx.xx after the lock has been on a while. I use a wireless adapter.

I'll let you know tomorrow if it reappears!

Big T U
Dana
Attached Images
File Type: jpg PgmFilesNoViewpoint.jpg (43.4 KB, 1 views)
File Type: jpg RegSeekerNoViewpoint.jpg (20.4 KB, 1 views)
File Type: jpg FoldersNoViewpoint.jpg (82.3 KB, 1 views)
File Type: jpg SearchViewpoint.jpg (90.7 KB, 1 views)
File Type: jpg BLOCKMozillapluginViewpoint.jpg (46.9 KB, 1 views)
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-11-2007, 10:41 PM   #17 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hi Dana,

You’re most welcome, Dana.

You’ve done a great job! Well done, and keep up the good work!

Yes, may delete that npViewpoint.dll file. It is related to Viewpoint, and is useless.

Viewpoint may still return once you log back online. It appears that AOL may be the culprit.

Quote:
Open AOL and go to "help" on the toolbar. Select "About AOL". Next is the SECRET STEP. You must then press "CTRL+D" to access a "secret" panel to disable all of the desktop and IM fancy features that are associated with viewpoint. This is the only way to prevent AOL from re-installing Viewpoint at AOL startup.

Most users will find their system performance improves once they have removed viewpoint.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-12-2007, 08:17 PM   #18 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hi Sempurna,

You did it!

Viewpoint is gone and hasn't re-installed itself! Yeah!

System is clean. No more brower redirects.
The SVKP issue resolved!

Thank You! Thank You! Thank You!

Can't tell you how much I appreciate all the assistance and guidance.!

This was my first time in the forum. It is a huge relief to know that help is out there - especially the level of knowledge and quality of this forum.

Only have the Desktop resetting itself to 800x600 on bootup left open.

Here's to you!

Saber
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-13-2007, 01:49 AM   #19 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hi Dana,

You're most welcome, Dana. I'm glad to hear that the Viewpoint problem has been resolved. Credit should go to tetonbob and amateur for finding out about this problem with AOL and Viewpoint.

OK, let's see if the following will solve your resolution problem.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below (don't forget to copy and paste "Windows Registry Editor Version 5.00" as well):

Code:
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-
"NoAddingComponents"=-
"NoComponents"=-
"NoDeletingComponents"=-
"NoEditingComponents"=-
"NoCloseDragDropBands"=-
"NoMovingBands"=-
"NoHTMLWallPaper"=-


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
Save this as out.reg and change the "Save as type" to "All Files" and place it on your desktop.

It should look like this:

Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful.

In case you still are unsure on how to create a REG file, please take a look HERE with screenshots.

REBOOT afterwards.... really important!


Then go to Start -> Control Panel -> Display Properties -> Desktop -> Customize Desktop -> Web tab:
  1. Then uncheck and delete everything you find in there (except for "My Current Home Page").
  2. Also remove the checkmark from the "Lock Desktop Items" box if it is checked.
  3. Click "Apply".
  4. Click "Apply" again, then "Exit Display Properties".

Then go to Start -> Control Panel -> Display Properties -> Desktop and choose a new background color and picture. Click "Apply".

Close Display Properties. If you need to, click the desktop and press F5 to refresh.

Let me know how things go.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-13-2007, 06:19 AM   #20 (permalink)
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


Re: Virus.Win32.delf.ak and others HiJack This
Hi Sempurna,

A big thanks to tetonbob and amateur too!

Ran the Notepad registry patch.
Rebooted
Did the desktop changes.
Rebooted.

During Reboot:
1. The desktop displays normal size (1024x768)
2. The quick launch icons appear
3. It then flashes the NEW BACKGROUND COLOR (burgundy) - then resets to 800x600 and finishes loading the task bar icons.

On my customize desktop, web tab - nothing was checked. "My current home page was there" - but not checked. Lock desktop items not checked.

Just a F.Y.I.
A few days ago, I shut down all startup process, took them out of the startup itself (thinking that maybe one of my startup jobs was affecting the desktop settings), checked taskmgr to make sure that all except system processes were stopped (well...to the best of my knowledge ). I was trying to eliminate these as the problem.

Same thing happened at bootup.
Reset to 800x600.

Attached is a snapshot of the settings tab in the display right after boot

Wierd! lol

Also, attached snapshots of my Autoexec.bat and Config.sys - made some changes to these because I was receiving "Win16 subsystem doesn't have enough resources to run" errors on some older 16 bit programs.
Would these changes have anything to do with this problem?
Included the sysini and winini just for the heck of it! lol

Is there anyway to log what's happening during boot that would allow us to see what is resetting the desktop?

Talk to you soon,
Dana
Attached Images
File Type: jpeg BIGDESKTOPAfterReboot.jpeg (46.4 KB, 1 views)
File Type: jpeg autoexecbat.jpeg (24.8 KB, 1 views)
File Type: jpeg configsys.jpeg (19.2 KB, 0 views)
File Type: jpeg sysini.jpeg (30.2 KB, 1 views)
Saber0981 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:57 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85