Trojan horse lop.as

meursiicc · Jan 12, 2007

Logfile of HijackThis v1.99.1
Scan saved at 7:00:03 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\devldr32.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\WINDOWS\System32\CTsvcCDA.exe
G:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\Program Files\Sibelius Software\Sibelius 4\Sibelius.exe
G:\Program Files\HijackTHis\coolhijakzis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2771D8F7-933D-4D4E-B79F-DEF857511A82} - G:\WINDOWS\System32\awtspml.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "G:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "G:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2982bb2ee1ae38205106/netzip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: awtspml - G:\WINDOWS\SYSTEM32\awtspml.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - G:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe

amateur · Jan 12, 2007

Hi and welcome to TSF.

As a side question, did you rename HijackThis as "coolhijakzis.exe" yourself?

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

meursiicc · Jan 12, 2007

did you rename HijackThis as "coolhijakzis.exe" yourself?

Yes, I did. I was aware that some viruses or trojans can hide from "hijackthis.exe".
I haven't downloaded vundofix.exe yet but i will do so later today.
Thanks very much.

meursiicc · Jan 14, 2007

vundo fix and hijack this results

amateur, my sound card was giving me problems and i couldnt start windows (i narrowed the problem down to the sound card, it's not the virus). I had to do a system restore. I think that effected some of the results of the scans. this time, AVG picked up win75.tmp.exe in the local settings/temp directory. here are the vundofix and hijackthis logs:

VundoFix V6.3.2

Checking Java version...

Sun Java not detected
Scan started at 5:55:03 PM 1/14/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Logfile of HijackThis v1.99.1
Scan saved at 5:59:58 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\WINDOWS\System32\CTsvcCDA.exe
G:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\HijackThis\coolhijakzis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brrsd.k12.nj.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "G:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "G:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - G:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe

tetonbob · Jan 15, 2007

Hi meursiicc -

amateur will be away from the PC for some time, and has asked us to oversee this thread.

I see no more evidence of the malware which was showing in your first HJT log. We should still dig a bit, and see if anything remains.

First, let's do this:

Download combofix.exe to your desktop.
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

meursiicc · Jan 16, 2007

combo fix and hjt

"Eric Xu" - 07-01-16 15:32:44 Service Pack 2
ComboFix 07-01-16.2 - Running from: "G:\Documents and Settings\Eric Xu\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

G:\WINDOWS\system32\unsvchosts.lzma

((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))

2007-01-15 19:36 845,312 --a------ G:\WINDOWS\system32\Smab.dll
2007-01-15 19:36 719,872 --a------ G:\WINDOWS\system32\devil.dll
2007-01-15 19:36 70,656 --a------ G:\WINDOWS\system32\yv12vfw.dll
2007-01-15 19:36 70,656 --a------ G:\WINDOWS\system32\i420vfw.dll
2007-01-15 19:36 66,560 --a------ G:\WINDOWS\MOTA113.exe
2007-01-15 19:36 502,784 --a------ G:\WINDOWS\x2.64.exe
2007-01-15 19:36 306,688 --a------ G:\WINDOWS\system32\avisynth.dll
2007-01-15 19:36 27,648 --a------ G:\WINDOWS\system32\AVSredirect.dll
2007-01-15 19:36 240,128 --a------ G:\WINDOWS\system32\x.264.exe
2007-01-15 19:36 217,073 --a------ G:\WINDOWS\meta4.exe
2007-01-15 19:36 <DIR> d--hs---- G:\WINDOWS\system32\ShellDHCP
2007-01-15 19:36 <DIR> d-------- G:\Program Files\AviSynth 2.5
2007-01-15 19:35 163,328 -r-hs---- G:\WINDOWS\system32\flvDX.dll
2007-01-15 19:35 <DIR> d-------- G:\Program Files\eRightSoft
2007-01-14 22:33 <DIR> d-------- G:\Program Files\Common Files\xing shared
2007-01-14 22:30 <DIR> d-------- G:\My Downloads
2007-01-14 17:55 <DIR> d-------- G:\VundoFix Backups
2007-01-14 17:52 <DIR> d-------- G:\Program Files\HijackThis
2007-01-12 20:49 98,304 --a------ G:\WINDOWS\system32\CmdLineExt.dll
2007-01-12 18:40 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\Apple Computer
2007-01-12 18:38 38,912 --------- G:\WINDOWS\system32\picn20.dll
2007-01-12 18:38 364,544 --------- G:\WINDOWS\system32\TwnLib4.dll
2007-01-12 18:38 24,064 --------- G:\WINDOWS\system32\msxml3a.dll
2007-01-12 18:38 2,973,696 --------- G:\WINDOWS\UNNeroVision.exe
2007-01-12 18:38 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Ahead
2007-01-12 18:36 106,496 --------- G:\WINDOWS\system32\TwnLib20.dll
2007-01-12 18:35 476,320 --------- G:\WINDOWS\system32\ImagXpr7.dll
2007-01-12 18:35 471,040 --------- G:\WINDOWS\system32\ImagXRA7.dll
2007-01-12 18:35 262,144 --------- G:\WINDOWS\system32\ImagXR7.dll
2007-01-12 18:35 155,648 --a------ G:\WINDOWS\system32\NeroCheck.exe
2007-01-12 18:35 1,568,768 --------- G:\WINDOWS\system32\ImagX7.dll
2007-01-12 18:35 <DIR> d-------- G:\Program Files\Common Files\Ahead
2007-01-12 18:35 <DIR> d-------- G:\Program Files\Ahead
2007-01-12 17:42 161,326 --a------ G:\WINDOWS\EXPStudio Audio Editor FREE Uninstaller.exe
2007-01-12 17:42 <DIR> d-------- G:\WINDOWS\system32\EXP
2007-01-12 17:42 <DIR> d-------- G:\Program Files\EXPStudio
2007-01-12 17:42 <DIR> d-------- G:\Program Files\Common Files\AVSMedia
2007-01-12 17:39 <DIR> d-------- G:\Program Files\OpenLibraries
2007-01-12 17:39 <DIR> d-------- G:\Program Files\mlt
2007-01-12 17:39 <DIR> d-------- G:\Program Files\Jahshaka
2007-01-12 17:39 <DIR> d-------- G:\Program Files\gtk2
2007-01-12 16:50 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\.gaim
2007-01-12 16:48 <DIR> d-------- G:\Program Files\Gaim
2007-01-12 16:41 <DIR> d-------- G:\Program Files\Common Files\GTK
2007-01-12 16:28 2,297,552 --a------ G:\WINDOWS\system32\d3dx9_26.dll
2007-01-12 16:27 <DIR> d-------- G:\Program Files\Common Files\Autodesk Shared
2007-01-12 16:20 20,016 --------- G:\WINDOWS\system32\drivers\pxhelp20.sys
2007-01-12 16:16 <DIR> d-------- G:\Program Files\Common Files\Adobe Systems Shared
2007-01-12 15:59 <DIR> d-------- G:\Program Files\Neuratron PhotoScore Lite
2007-01-12 15:57 69,632 --a------ G:\WINDOWS\system32\NI_DFD_1_2_9.dll
2007-01-12 15:38 <DIR> d-------- G:\WINDOWS\WBEM
2007-01-12 15:37 121,856 --------- G:\WINDOWS\system32\xmllite.dll
2007-01-11 23:08 <DIR> d-------- G:\WINDOWS\system32\appmgmt
2007-01-11 23:07 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\Styler
2007-01-11 22:55 <DIR> d-------- G:\WINDOWS\system32\LogFiles
2007-01-11 22:49 816,672 --a------ G:\WINDOWS\system32\drivers\avg7core.sys
2007-01-11 22:49 499,712 --a------ G:\WINDOWS\system32\msvcp71.dll
2007-01-11 22:49 4,224 --a------ G:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-11 22:49 348,160 --a------ G:\WINDOWS\system32\msvcr71.dll
2007-01-11 22:49 3,968 --a------ G:\WINDOWS\system32\drivers\avgclean.sys
2007-01-11 22:49 28,416 --a------ G:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-11 22:49 18,240 --a------ G:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-11 22:49 <DIR> d-------- G:\Program Files\Grisoft
2007-01-11 22:49 <DIR> d-------- G:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-11 22:49 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-11 22:49 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-11 22:45 <DIR> d-------- G:\WINDOWS\Prefetch
2007-01-11 22:42 95,424 --------- G:\WINDOWS\system32\drivers\slnthal.sys
2007-01-11 22:42 9,728 --------- G:\WINDOWS\system32\comsdupd.exe
2007-01-11 22:42 88,064 --------- G:\WINDOWS\system32\p2pnetsh.dll
2007-01-11 22:42 870,784 --------- G:\WINDOWS\system32\ati3d1ag.dll
2007-01-11 22:42 86,016 --------- G:\WINDOWS\system32\p2pgasvc.dll
2007-01-11 22:42 86,016 --------- G:\WINDOWS\system32\mdmxsdk.dll
2007-01-11 22:42 81,408 --------- G:\WINDOWS\system32\wscsvc.dll
2007-01-11 22:42 8,192 --------- G:\WINDOWS\system32\smbinst.exe
2007-01-11 22:42 8,192 --------- G:\WINDOWS\system32\bitsprx2.dll
2007-01-11 22:42 78,464 --------- G:\WINDOWS\system32\drivers\usbvideo.sys
2007-01-11 22:42 78,336 --a------ G:\WINDOWS\system32\ieencode.dll
2007-01-11 22:42 755,200 --------- G:\WINDOWS\system32\ir50_32.dll
2007-01-11 22:42 75,776 --------- G:\WINDOWS\system32\strmfilt.dll
2007-01-11 22:42 73,832 --------- G:\WINDOWS\system32\slcoinst.dll
2007-01-11 22:42 73,796 --------- G:\WINDOWS\system32\slserv.exe
2007-01-11 22:42 73,216 --------- G:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-11 22:42 71,680 --------- G:\WINDOWS\system32\blastcln.exe
2007-01-11 22:42 701,440 --------- G:\WINDOWS\system32\drivers\ati2mtag.sys
2007-01-11 22:42 7,680 --------- G:\WINDOWS\system32\kbdsmsno.dll
2007-01-11 22:42 7,680 --------- G:\WINDOWS\system32\kbdsmsfi.dll
2007-01-11 22:42 7,168 --------- G:\WINDOWS\system32\kbdukx.dll
2007-01-11 22:42 7,168 --------- G:\WINDOWS\system32\kbdno1.dll
2007-01-11 22:42 7,168 --------- G:\WINDOWS\system32\kbdfi1.dll
2007-01-11 22:42 7,168 --------- G:\WINDOWS\system32\bitsprx3.dll
2007-01-11 22:42 685,056 --------- G:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-01-11 22:42 67,584 --------- G:\WINDOWS\system32\drivers\sdbus.sys
2007-01-11 22:42 63,663 --------- G:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-01-11 22:42 63,488 --------- G:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-11 22:42 60,416 --------- G:\WINDOWS\system32\fwcfg.dll
2007-01-11 22:42 6,656 --------- G:\WINDOWS\system32\kbdinmal.dll
2007-01-11 22:42 6,656 --------- G:\WINDOWS\system32\kbdinben.dll
2007-01-11 22:42 6,144 --------- G:\WINDOWS\system32\kbdmlt48.dll
2007-01-11 22:42 6,144 --------- G:\WINDOWS\system32\kbdmlt47.dll
2007-01-11 22:42 6,144 --------- G:\WINDOWS\system32\kbdinbe1.dll
2007-01-11 22:42 6,016 --------- G:\WINDOWS\system32\drivers\smbali.sys
2007-01-11 22:42 59,648 --------- G:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-11 22:42 57,856 --------- G:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-11 22:42 56,623 --------- G:\WINDOWS\system32\drivers\ati1btxx.sys
2007-01-11 22:42 526,848 --------- G:\WINDOWS\system32\p2psvc.dll
2007-01-11 22:42 52,224 --------- G:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-11 22:42 516,768 --------- G:\WINDOWS\system32\ativvaxx.dll
2007-01-11 22:42 50,688 --------- G:\WINDOWS\system32\btpanui.dll
2007-01-11 22:42 50,176 --------- G:\WINDOWS\system32\xmlprovi.dll
2007-01-11 22:42 5,632 --------- G:\WINDOWS\system32\kbdmaori.dll
2007-01-11 22:42 49,152 --------- G:\WINDOWS\system32\powercfg.exe
2007-01-11 22:42 48,640 --------- G:\WINDOWS\system32\pnrpnsp.dll
2007-01-11 22:42 46,464 --------- G:\WINDOWS\system32\drivers\gagp30kx.sys
2007-01-11 22:42 452,736 --------- G:\WINDOWS\system32\drivers\mtxparhm.sys
2007-01-11 22:42 44,928 --------- G:\WINDOWS\system32\drivers\agpcpq.sys
2007-01-11 22:42 44,672 --------- G:\WINDOWS\system32\drivers\uagp35.sys
2007-01-11 22:42 44,032 --------- G:\WINDOWS\system32\twext.dll
2007-01-11 22:42 438,784 --------- G:\WINDOWS\system32\xpob2res.dll
2007-01-11 22:42 430,592 --------- G:\WINDOWS\system32\wuapi.dll
2007-01-11 22:42 43,008 --------- G:\WINDOWS\system32\drivers\amdagp.sys
2007-01-11 22:42 42,752 --------- G:\WINDOWS\system32\drivers\alim1541.sys
2007-01-11 22:42 42,368 --------- G:\WINDOWS\system32\drivers\agp440.sys
2007-01-11 22:42 42,240 --------- G:\WINDOWS\system32\drivers\viaagp.sys
2007-01-11 22:42 41,088 --------- G:\WINDOWS\system32\drivers\sisagp.sys
2007-01-11 22:42 404,990 --------- G:\WINDOWS\system32\drivers\slntamr.sys
2007-01-11 22:42 40,832 --------- G:\WINDOWS\system32\drivers\irbus.sys
2007-01-11 22:42 4,255 --------- G:\WINDOWS\system32\drivers\adv01nt5.dll
2007-01-11 22:42 397,056 --------- G:\WINDOWS\system32\s3gnb.dll
2007-01-11 22:42 38,016 --------- G:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-11 22:42 377,984 --------- G:\WINDOWS\system32\ati2dvaa.dll
2007-01-11 22:42 36,864 --------- G:\WINDOWS\system32\wups.dll
2007-01-11 22:42 36,463 --------- G:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-01-11 22:42 36,096 --------- G:\WINDOWS\system32\drivers\intelppm.sys
2007-01-11 22:42 35,456 --------- G:\WINDOWS\system32\drivers\bthprint.sys
2007-01-11 22:42 34,735 --------- G:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-01-11 22:42 338,432 --------- G:\WINDOWS\system32\ir41_qcx.dll
2007-01-11 22:42 327,040 --------- G:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-11 22:42 32,866 --------- G:\WINDOWS\system32\slrundll.exe
2007-01-11 22:42 32,866 --------- G:\WINDOWS\slrundll.exe
2007-01-11 22:42 32,768 --------- G:\WINDOWS\system32\ativtmxx.dll
2007-01-11 22:42 32,285 --------- G:\WINDOWS\system32\hsfcisp2.dll
2007-01-11 22:42 314,880 --------- G:\WINDOWS\system32\wmpdxm.dll
2007-01-11 22:42 312,320 --------- G:\WINDOWS\system32\p2pgraph.dll
2007-01-11 22:42 31,744 --------- G:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-11 22:42 30,671 --------- G:\WINDOWS\system32\drivers\ati1raxx.sys
2007-01-11 22:42 30,208 --------- G:\WINDOWS\system32\bthserv.dll
2007-01-11 22:42 30,080 --------- G:\WINDOWS\system32\drivers\rndismpx.sys
2007-01-11 22:42 3,967 --------- G:\WINDOWS\system32\drivers\adv02nt5.dll
2007-01-11 22:42 3,901 --------- G:\WINDOWS\system32\drivers\siint5.dll
2007-01-11 22:42 3,775 --------- G:\WINDOWS\system32\drivers\adv11nt5.dll
2007-01-11 22:42 3,711 --------- G:\WINDOWS\system32\drivers\adv09nt5.dll
2007-01-11 22:42 3,647 --------- G:\WINDOWS\system32\drivers\adv07nt5.dll
2007-01-11 22:42 3,615 --------- G:\WINDOWS\system32\drivers\adv05nt5.dll
2007-01-11 22:42 3,135 --------- G:\WINDOWS\system32\drivers\adv08nt5.dll
2007-01-11 22:42 29,455 --------- G:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-01-11 22:42 29,184 --------- G:\WINDOWS\system32\sdhcinst.dll
2007-01-11 22:42 29,056 --------- G:\WINDOWS\system32\drivers\ip6fw.sys
2007-01-11 22:42 286,792 --------- G:\WINDOWS\system32\slextspk.dll
2007-01-11 22:42 28,672 --------- G:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-11 22:42 274,304 --------- G:\WINDOWS\system32\drivers\bthport.sys
2007-01-11 22:42 263,040 --------- G:\WINDOWS\system32\drivers\http.sys
2007-01-11 22:42 26,367 --------- G:\WINDOWS\system32\drivers\ati1snxx.sys
2007-01-11 22:42 25,600 --------- G:\WINDOWS\system32\drivers\hidbth.sys
2007-01-11 22:42 25,471 --------- G:\WINDOWS\system32\drivers\watv10nt.sys
2007-01-11 22:42 25,471 --------- G:\WINDOWS\system32\drivers\atv04nt5.dll
2007-01-11 22:42 242,688 --------- G:\WINDOWS\system32\wmpasf.dll
2007-01-11 22:42 24,576 --------- G:\WINDOWS\system32\httpapi.dll
2007-01-11 22:42 229,376 --------- G:\WINDOWS\system32\ati2cqag.dll
2007-01-11 22:42 227,328 --------- G:\WINDOWS\system32\wmerror.dll
2007-01-11 22:42 220,032 --------- G:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-01-11 22:42 22,528 --------- G:\WINDOWS\system32\fltmc.exe
2007-01-11 22:42 22,271 --------- G:\WINDOWS\system32\drivers\watv06nt.sys
2007-01-11 22:42 21,343 --------- G:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-01-11 22:42 21,183 --------- G:\WINDOWS\system32\drivers\atv01nt5.dll
2007-01-11 22:42 201,728 --------- G:\WINDOWS\system32\ati2dvag.dll
2007-01-11 22:42 200,192 --------- G:\WINDOWS\system32\ir50_qc.dll
2007-01-11 22:42 20,992 --------- G:\WINDOWS\system32\bthci.dll
2007-01-11 22:42 193,024 --------- G:\WINDOWS\system32\fsquirt.exe
2007-01-11 22:42 188,508 --------- G:\WINDOWS\system32\slgen.dll
2007-01-11 22:42 183,808 --------- G:\WINDOWS\system32\ir50_qcx.dll
2007-01-11 22:42 183,296 --------- G:\WINDOWS\system32\wuaueng1.dll
2007-01-11 22:42 180,360 --------- G:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-01-11 22:42 18,944 --------- G:\WINDOWS\system32\drivers\bthusb.sys
2007-01-11 22:42 17,408 --------- G:\WINDOWS\system32\winshfhc.dll
2007-01-11 22:42 17,279 --------- G:\WINDOWS\system32\drivers\atv10nt5.dll
2007-01-11 22:42 17,024 --------- G:\WINDOWS\system32\drivers\bthenum.sys
2007-01-11 22:42 166,912 --------- G:\WINDOWS\system32\drivers\s3gnbm.sys
2007-01-11 22:42 165,888 --------- G:\WINDOWS\system32\wuauclt1.exe
2007-01-11 22:42 16,896 --------- G:\WINDOWS\system32\fltlib.dll
2007-01-11 22:42 15,872 --------- G:\WINDOWS\system32\w3ssl.dll
2007-01-11 22:42 15,488 --------- G:\WINDOWS\system32\drivers\mssmbios.sys
2007-01-11 22:42 15,423 --------- G:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-01-11 22:42 15,104 --------- G:\WINDOWS\system32\drivers\hidir.sys
2007-01-11 22:42 14,336 --------- G:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-11 22:42 14,336 --------- G:\WINDOWS\system32\auditusr.exe
2007-01-11 22:42 14,143 --------- G:\WINDOWS\system32\drivers\atv06nt5.dll
2007-01-11 22:42 13,824 --------- G:\WINDOWS\system32\wscntfy.exe
2007-01-11 22:42 13,824 --------- G:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-11 22:42 13,824 --------- G:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-11 22:42 13,824 --------- G:\WINDOWS\system32\cmsetacl.dll
2007-01-11 22:42 13,776 --------- G:\WINDOWS\system32\drivers\recagent.sys
2007-01-11 22:42 13,568 --------- G:\WINDOWS\system32\drivers\wacompen.sys
2007-01-11 22:42 13,240 --------- G:\WINDOWS\system32\drivers\slwdmsup.sys
2007-01-11 22:42 129,536 --------- G:\WINDOWS\system32\xmlprov.dll
2007-01-11 22:42 129,535 --------- G:\WINDOWS\system32\drivers\slnt7554.sys
2007-01-11 22:42 126,686 --------- G:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-01-11 22:42 124,800 --------- G:\WINDOWS\system32\drivers\fltmgr.sys
2007-01-11 22:42 120,320 --------- G:\WINDOWS\system32\wuweb.dll
2007-01-11 22:42 120,320 --------- G:\WINDOWS\system32\ir41_qc.dll
2007-01-11 22:42 12,672 --------- G:\WINDOWS\system32\drivers\usb8023x.sys
2007-01-11 22:42 12,672 --------- G:\WINDOWS\system32\drivers\mutohpen.sys
2007-01-11 22:42 12,047 --------- G:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-01-11 22:42 118,784 --------- G:\WINDOWS\system32\msdadiag.dll
2007-01-11 22:42 116,224 --------- G:\WINDOWS\system32\p2p.dll
2007-01-11 22:42 112,640 --------- G:\WINDOWS\system32\wucltui.dll
2007-01-11 22:42 11,935 --------- G:\WINDOWS\system32\drivers\wadv11nt.sys
2007-01-11 22:42 11,871 --------- G:\WINDOWS\system32\drivers\wadv09nt.sys
2007-01-11 22:42 11,868 --------- G:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-01-11 22:42 11,807 --------- G:\WINDOWS\system32\drivers\wadv07nt.sys
2007-01-11 22:42 11,615 --------- G:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-01-11 22:42 11,359 --------- G:\WINDOWS\system32\drivers\atv02nt5.dll
2007-01-11 22:42 11,325 --------- G:\WINDOWS\system32\drivers\vchnt5.dll
2007-01-11 22:42 11,295 --------- G:\WINDOWS\system32\drivers\wadv08nt.sys
2007-01-11 22:42 11,136 --------- G:\WINDOWS\system32\drivers\sffdisk.sys
2007-01-11 22:42 108,032 --------- G:\WINDOWS\system32\wshbth.dll
2007-01-11 22:42 104,960 --------- G:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-11 22:42 100,992 --------- G:\WINDOWS\system32\drivers\bthpan.sys
2007-01-11 22:42 10,240 --------- G:\WINDOWS\system32\drivers\sffp_sd.sys
2007-01-11 22:42 1,888,992 --------- G:\WINDOWS\system32\ati3duag.dll
2007-01-11 22:42 1,737,856 --------- G:\WINDOWS\system32\mtxparhd.dll
2007-01-11 22:42 1,309,184 --------- G:\WINDOWS\system32\drivers\mtlstrm.sys
2007-01-11 22:42 1,041,536 --------- G:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-01-11 22:42 <DIR> d-------- G:\WINDOWS\peernet
2007-01-11 22:40 2,897,920 --------- G:\WINDOWS\system32\xpsp2res.dll
2007-01-11 22:39 23,856 --a------ G:\WINDOWS\system32\spupdsvc.exe
2007-01-11 22:39 <DIR> d-------- G:\WINDOWS\EHome
2007-01-11 22:17 <DIR> d-------- G:\dd584bdb740264696cc1e32ee336
2007-01-11 21:41 51,200 --a------ G:\WINDOWS\system32\sfman32.dll
2007-01-11 21:41 495,616 --a------ G:\WINDOWS\system32\sblfx.dll
2007-01-11 21:41 4,096 --a------ G:\WINDOWS\system32\ctwdm32.dll
2007-01-11 21:41 36,480 --a------ G:\WINDOWS\system32\drivers\sfmanm.sys
2007-01-11 21:41 3,712 --a------ G:\WINDOWS\system32\drivers\ctljystk.sys
2007-01-11 21:41 283,904 --a------ G:\WINDOWS\system32\drivers\emu10k1m.sys
2007-01-11 21:41 256,512 --a------ G:\WINDOWS\system32\devcon32.dll
2007-01-11 21:41 24,064 --a------ G:\WINDOWS\system32\devldr32.exe
2007-01-11 21:41 10,624 --a------ G:\WINDOWS\system32\drivers\gameenum.sys
2007-01-11 21:40 6,912 --a------ G:\WINDOWS\system32\drivers\ctlfacem.sys
2007-01-11 17:12 <DIR> d-------- G:\Program Files\Wisdom-soft AutoScreenRecorder
2007-01-11 15:54 <DIR> d-------- G:\Program Files\Windows Media Connect 2
2007-01-11 15:53 <DIR> d-------- G:\WINDOWS\system32\drivers\UMDF
2007-01-11 15:15 <DIR> d-------- G:\WINDOWS\ie7updates
2007-01-10 22:00 <DIR> d-------- G:\WINDOWS\system32\en-US
2007-01-10 21:59 <DIR> d--h-c--- G:\WINDOWS\ie7
2007-01-10 21:58 <DIR> d-------- G:\WINDOWS\network diagnostic
2007-01-10 21:58 <DIR> d-------- G:\WINDOWS\$hf_mig$
2007-01-10 21:50 <DIR> d-------- G:\Program Files\Citrix
2007-01-10 21:38 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Macrovision
2007-01-10 17:55 <DIR> d-------- G:\WINDOWS\SoftwareDistribution
2007-01-10 17:51 <DIR> d-------- G:\WINDOWS\provisioning
2007-01-10 17:49 <DIR> d-------- G:\WINDOWS\ServicePackFiles
2007-01-10 16:57 256,512 --a------ G:\WINDOWS\system32\devcon32(3).dll
2007-01-10 16:57 256,512 --a------ G:\WINDOWS\system32\devcon32(2).dll
2007-01-10 16:57 24,064 --a------ G:\WINDOWS\system32\devldr32(3).exe
2007-01-10 16:57 24,064 --a------ G:\WINDOWS\system32\devldr32(2).exe
2007-01-09 18:43 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\Ahead
2007-01-09 15:11 <DIR> d-------- G:\DOCUME~1\ERICXU~1\.housecall6.6
2007-01-08 16:22 <DIR> d-------- G:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
2007-01-08 16:22 <DIR> d-------- G:\DOCUME~1\ADMINI~1\Application Data\AVG7
2007-01-07 14:10 <DIR> d-------- G:\Program Files\Common Files\Autodesk Shared(2)
2007-01-05 22:52 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\Petroglyph
2007-01-05 22:51 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\LucasArts
2007-01-02 18:47 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\AdobeUM
2007-01-02 18:47 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\Adobe
2007-01-02 18:28 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2007-01-02 18:27 <DIR> d-------- G:\Program Files\Common Files\Adobe
2007-01-02 18:27 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-02 17:52 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\Sibelius Software
2007-01-02 16:18 <DIR> dr-h----- G:\$VAULT$.AVG
2007-01-01 17:09 <DIR> d-------- G:\Program Files\Finale GPO 2.0
2007-01-01 17:07 <DIR> d-------- G:\Program Files\Finale 2007(2)
2007-01-01 16:30 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\uTorrent
2007-01-01 16:09 <DIR> d-------- G:\Program Files\Lavasoft
2007-01-01 16:09 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\Lavasoft
2006-12-29 16:08 <DIR> d-------- G:\Program Files\REA
2006-12-29 12:34 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Autodesk
2006-12-29 12:32 <DIR> d-------- G:\Program Files\Autodesk
2006-12-29 12:30 <DIR> d-------- G:\WINDOWS\Microsoft.NET
2006-12-29 12:30 <DIR> d-------- G:\WINDOWS\assembly
2006-12-29 08:58 <DIR> d-------- G:\Program Files\Real
2006-12-29 08:58 <DIR> d-------- G:\Program Files\Common Files\Real
2006-12-29 08:57 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\Real
2006-12-29 08:51 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2006-12-28 22:08 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\Steinberg
2006-12-28 21:50 <DIR> d-------- G:\DOCUME~1\ERICXU~1\UserData
2006-12-28 21:46 <DIR> d-------- G:\Program Files\Steinberg
2006-12-28 19:24 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\CyberLink
2006-12-28 19:23 <DIR> d-------- G:\Program Files\Grisoft(2)
2006-12-28 19:23 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\AVG7
2006-12-28 19:23 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Grisoft(2)
2006-12-28 16:53 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\CyberLink
2006-12-28 16:38 <DIR> d-------- G:\Program Files\CyberLink
2006-12-28 16:35 <DIR> d-------- G:\Program Files\Common Files\Nero
2006-12-28 16:30 <DIR> d-------- G:\WINDOWS\pss
2006-12-28 15:00 <DIR> d-------- G:\Program Files\QuickTime
2006-12-28 15:00 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer
2006-12-28 14:57 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Sibelius Software
2006-12-28 14:54 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\QuickTime
2006-12-28 09:07 <DIR> d-------- G:\Program Files\Sibelius Software
2006-12-27 13:21 <DIR> d-------- G:\Program Files\Activision
2006-12-27 13:18 <DIR> d--hs---- G:\WINDOWS\ftpcache
2006-12-27 13:13 60,288 --a------ G:\WINDOWS\system32\drivers\drmk.sys
2006-12-27 13:13 145,792 --a------ G:\WINDOWS\system32\drivers\portcls.sys
2006-12-27 13:06 41,984 --------- G:\WINDOWS\Ctregrun.exe
2006-12-27 13:05 991,744 --a------ G:\WINDOWS\system32\drmv2clt.dll
2006-12-27 13:05 937,984 --a------ G:\WINDOWS\system32\WMNetMgr.dll
2006-12-27 13:05 87,040 --a------ G:\WINDOWS\system32\drmstor.dll
2006-12-27 13:05 757,248 --a------ G:\WINDOWS\system32\WMADMOD.dll
2006-12-27 13:05 603,648 --a------ G:\WINDOWS\system32\WMSPDMOD.dll
2006-12-27 13:05 542,720 --a------ G:\WINDOWS\system32\blackbox.dll
2006-12-27 13:05 44,032 --------- G:\WINDOWS\system32\CTSVCCDA.EXE
2006-12-27 13:05 4,096 --a------ G:\WINDOWS\system32\wmvdmoe2.dll
2006-12-27 13:05 4,096 --a------ G:\WINDOWS\system32\wmvdmod.dll
2006-12-27 13:05 4,096 --a------ G:\WINDOWS\system32\wmsdmoe2.dll
2006-12-27 13:05 4,096 --a------ G:\WINDOWS\system32\wmsdmod.dll
2006-12-27 13:05 4,096 --a------ G:\WINDOWS\system32\MPG4DMOD.dll
2006-12-27 13:05 4,096 --a------ G:\WINDOWS\system32\MP4SDMOD.dll
2006-12-27 13:05 4,096 --a------ G:\WINDOWS\system32\MP43DMOD.dll
2006-12-27 13:05 299,520 --a------ G:\WINDOWS\system32\drmclien.dll
2006-12-27 13:05 25,088 --------- G:\WINDOWS\system32\CTSVCCTL.EXE
2006-12-27 13:05 222,208 --a------ G:\WINDOWS\system32\WMASF.dll
2006-12-27 13:05 211,456 --a------ G:\WINDOWS\system32\qasf.dll
2006-12-27 13:05 2,450,944 --a------ G:\WINDOWS\system32\wmvcore.dll
2006-12-27 13:05 179,712 --a------ G:\WINDOWS\system32\msnetobj.dll
2006-12-27 13:05 157,184 --a------ G:\WINDOWS\system32\wmidx.dll
2006-12-27 13:05 11,264 --a------ G:\WINDOWS\system32\LAPRXY.dll
2006-12-27 13:05 100,864 --a------ G:\WINDOWS\system32\logagent.exe
2006-12-27 13:05 1,329,152 --a------ G:\WINDOWS\system32\WMSPDMOE.dll
2006-12-27 13:05 1,117,696 --a------ G:\WINDOWS\system32\WMADMOE.dll
2006-12-27 13:04 <DIR> d--h----- G:\Program Files\Creative Installation Information
2006-12-27 13:04 <DIR> d-------- G:\WINDOWS\RegisteredPackages
2006-12-27 13:04 <DIR> d-------- G:\Program Files\Common Files\Creative
2006-12-27 13:03 90,112 --------- G:\WINDOWS\Updreg.EXE
2006-12-27 13:03 85,376 --a------ G:\WINDOWS\system32\drivers\nabtsfec.sys
2006-12-27 13:03 83,456 --a------ G:\WINDOWS\system32\dpvsetup.exe
2006-12-27 13:03 825,344 --a------ G:\WINDOWS\system32\d3dim700.dll
2006-12-27 13:03 82,432 --a------ G:\WINDOWS\system32\dmscript.dll
2006-12-27 13:03 8,192 --a------ G:\WINDOWS\system32\d3d8thk.dll
2006-12-27 13:03 733,696 --a------ G:\WINDOWS\system32\qedwipes.dll
2006-12-27 13:03 71,680 --a------ G:\WINDOWS\system32\dsdmoprp.dll
2006-12-27 13:03 70,656 --a------ G:\WINDOWS\system32\amstream.dll
2006-12-27 13:03 7,552 --a------ G:\WINDOWS\system32\drivers\mskssrv.sys
2006-12-27 13:03 619,008 --a------ G:\WINDOWS\system32\dx7vb.dll
2006-12-27 13:03 61,440 --a------ G:\WINDOWS\system32\dmcompos.dll
2006-12-27 13:03 60,928 --a------ G:\WINDOWS\system32\dpnhupnp.dll
2006-12-27 13:03 59,904 --a------ G:\WINDOWS\system32\devenum.dll
2006-12-27 13:03 57,344 --a------ G:\WINDOWS\system32\dpwsockx.dll
2006-12-27 13:03 562,176 --a------ G:\WINDOWS\system32\qedit.dll
2006-12-27 13:03 51,328 --a------ G:\WINDOWS\system32\drivers\msdv.sys
2006-12-27 13:03 50,688 --a------ G:\WINDOWS\system32\wstdecod.dll
2006-12-27 13:03 5,504 --a------ G:\WINDOWS\system32\drivers\mstee.sys
2006-12-27 13:03 5,376 --a------ G:\WINDOWS\system32\drivers\mspclock.sys
2006-12-27 13:03 48,640 --a------ G:\WINDOWS\system32\drivers\stream.sys
2006-12-27 13:03 46,592 --a------ G:\WINDOWS\system32\dxdllreg.exe
2006-12-27 13:03 4,992 --a------ G:\WINDOWS\system32\drivers\mspqm.sys
2006-12-27 13:03 4,352 --a------ G:\WINDOWS\system32\drivers\swenum.sys
2006-12-27 13:03 4,096 --a------ G:\WINDOWS\system32\ksuser.dll
2006-12-27 13:03 385,024 --a------ G:\WINDOWS\system32\qdvd.dll
2006-12-27 13:03 375,296 --a------ G:\WINDOWS\system32\dpnet.dll
2006-12-27 13:03 367,616 --a------ G:\WINDOWS\system32\dsound.dll
2006-12-27 13:03 363,520 --a------ G:\WINDOWS\system32\psisdecd.dll
2006-12-27 13:03 35,840 --a------ G:\WINDOWS\system32\dmloader.dll
2006-12-27 13:03 35,328 --a------ G:\WINDOWS\system32\mciqtz32.dll
2006-12-27 13:03 35,328 --a------ G:\WINDOWS\system32\dpnhpast.dll
2006-12-27 13:03 30,208 --a------ G:\WINDOWS\system32\dplaysvr.exe
2006-12-27 13:03 3,584 --a------ G:\WINDOWS\system32\dpnlobby.dll
2006-12-27 13:03 3,584 --a------ G:\WINDOWS\system32\dpnaddr.dll
2006-12-27 13:03 28,672 --a------ G:\WINDOWS\system32\dmband.dll
2006-12-27 13:03 279,040 --a------ G:\WINDOWS\system32\qdv.dll
2006-12-27 13:03 27,136 --a------ G:\WINDOWS\system32\ddrawex.dll
2006-12-27 13:03 266,240 --a------ G:\WINDOWS\system32\ddraw.dll
2006-12-27 13:03 23,552 --a------ G:\WINDOWS\system32\dpmodemx.dll
2006-12-27 13:03 229,888 --a------ G:\WINDOWS\system32\dplayx.dll
2006-12-27 13:03 212,480 --a------ G:\WINDOWS\system32\dpvoice.dll
2006-12-27 13:03 21,504 --a------ G:\WINDOWS\system32\dpvacm.dll
2006-12-27 13:03 204,288 --a------ G:\WINDOWS\system32\mswebdvd.dll
2006-12-27 13:03 20,480 --a------ G:\WINDOWS\system32\encapi.dll
2006-12-27 13:03 2,113,536 --a------ G:\WINDOWS\system32\dxdiagn.dll
2006-12-27 13:03 192,512 --a------ G:\WINDOWS\system32\qcap.dll
2006-12-27 13:03 19,456 --a------ G:\WINDOWS\system32\dswave.dll
2006-12-27 13:03 19,328 --a------ G:\WINDOWS\system32\drivers\wstcodec.sys
2006-12-27 13:03 181,760 --a------ G:\WINDOWS\system32\dsdmo.dll
2006-12-27 13:03 181,248 --a------ G:\WINDOWS\system32\dmime.dll
2006-12-27 13:03 18,432 --a------ G:\WINDOWS\system32\dpnsvr.exe
2006-12-27 13:03 17,408 --a------ G:\WINDOWS\system32\msyuv.dll
2006-12-27 13:03 17,024 --a------ G:\WINDOWS\system32\drivers\ccdecode.sys
2006-12-27 13:03 15,360 --a------ G:\WINDOWS\system32\drivers\streamip.sys
2006-12-27 13:03 15,360 --a------ G:\WINDOWS\system32\drivers\mpe.sys
2006-12-27 13:03 140,928 --a------ G:\WINDOWS\system32\drivers\ks.sys
2006-12-27 13:03 14,336 --a------ G:\WINDOWS\system32\msdmo.dll
2006-12-27 13:03 116,736 --a------ G:\WINDOWS\system32\dpvvox.dll
2006-12-27 13:03 11,776 --a------ G:\WINDOWS\system32\drivers\bdasup.sys
2006-12-27 13:03 11,136 --a------ G:\WINDOWS\system32\drivers\slip.sys
2006-12-27 13:03 105,984 --a------ G:\WINDOWS\system32\dmstyle.dll
2006-12-27 13:03 104,448 --a------ G:\WINDOWS\system32\dmusic.dll
2006-12-27 13:03 103,424 --a------ G:\WINDOWS\system32\dmsynth.dll
2006-12-27 13:03 10,880 --a------ G:\WINDOWS\system32\drivers\ndisip.sys
2006-12-27 13:03 1,689,088 --a------ G:\WINDOWS\system32\d3d9.dll
2006-12-27 13:03 1,428,480 --a------ G:\WINDOWS\system32\msvidctl.dll
2006-12-27 13:03 1,298,432 --a------ G:\WINDOWS\system32\dxdiag.exe
2006-12-27 13:03 1,294,336 --a------ G:\WINDOWS\system32\dsound3d.dll
2006-12-27 13:03 1,287,680 --a------ G:\WINDOWS\system32\quartz.dll
2006-12-27 13:03 1,227,264 --a------ G:\WINDOWS\system32\dx8vb.dll
2006-12-27 13:03 1,179,648 --a------ G:\WINDOWS\system32\d3d8.dll
2006-12-27 13:01 17,920 --a------ G:\WINDOWS\system32\mdimon.dll
2006-12-27 13:00 <DIR> d-------- G:\WINDOWS\SHELLNEW
2006-12-27 13:00 <DIR> d-------- G:\Program Files\Microsoft ActiveSync
2006-12-27 12:57 <DIR> d-------- G:\Program Files\Native Instruments
2006-12-27 12:55 <DIR> d-------- G:\000kontakt samples gold
2006-12-27 12:52 <DIR> d-------- G:\Program Files\Plextor
2006-12-27 12:50 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\NVIDIA
2006-12-27 12:48 <DIR> d--hs---- G:\RECYCLER
2006-12-27 12:44 <DIR> d-------- G:\Program Files\Creative
2006-12-27 12:44 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\Application Data\Creative
2006-12-27 12:43 86,016 --a------ G:\WINDOWS\system32\OpenAL32.dll
2006-12-27 12:43 413,696 --a------ G:\WINDOWS\system32\wrap_oal.dll
2006-12-27 12:43 3,072 --a------ G:\WINDOWS\CTXFIRES.DLL
2006-12-27 12:43 208,896 --a------ G:\WINDOWS\system32\nvudisp.exe
2006-12-27 12:43 11,776 --a------ G:\WINDOWS\INRES.DLL
2006-12-27 12:43 <DIR> d--h----- G:\Program Files\InstallShield Installation Information
2006-12-27 12:43 <DIR> d-------- G:\WINDOWS\system32\Data
2006-12-27 12:43 <DIR> d-------- G:\WINDOWS\nview
2006-12-27 12:43 <DIR> d-------- G:\DOCUME~1\ERICXU~1\Application Data\Creative
2006-12-27 12:27 208,896 --a------ G:\WINDOWS\system32\nvuide.exe
2006-12-27 12:27 192,000 --a------ G:\WINDOWS\system32\iuengine.dll
2006-12-27 12:27 <DIR> d-------- G:\WUTemp
2006-12-27 12:27 <DIR> d-------- G:\WINDOWS\system32\ReinstallBackups
2006-12-27 12:26 155,136 -ra------ G:\WINDOWS\system32\fdco_l2052.dll
2006-12-27 12:02 98,304 --a------ G:\WINDOWS\system32\msir3jp.dll
2006-12-27 12:02 838,144 --a------ G:\WINDOWS\system32\chtbrkr.dll
2006-12-27 12:02 811,064 --a------ G:\WINDOWS\system32\imjp81k.dll
2006-12-27 12:02 76,288 --a------ G:\WINDOWS\system32\uniime.dll
2006-12-27 12:02 70,656 --a------ G:\WINDOWS\system32\korwbrkr.dll
2006-12-27 12:02 6,144 --a------ G:\WINDOWS\system32\kbd101a.dll
2006-12-27 12:02 218,112 --a------ G:\WINDOWS\system32\c_g18030.dll
2006-12-27 12:02 1,677,824 --a------ G:\WINDOWS\system32\chsbrkr.dll
2006-12-27 12:01 9,216 --a------ G:\WINDOWS\system32\kbdnecAT.dll
2006-12-27 12:01 8,704 --a------ G:\WINDOWS\system32\kbdjpn.dll
2006-12-27 12:01 8,192 --a------ G:\WINDOWS\system32\kbdkor.dll
2006-12-27 12:01 7,680 --a------ G:\WINDOWS\system32\kbdnecNT.dll
2006-12-27 12:01 7,168 --a------ G:\WINDOWS\system32\kbdnec95.dll
2006-12-27 12:01 7,168 --a------ G:\WINDOWS\system32\kbdibm02.dll
2006-12-27 12:01 7,168 --a------ G:\WINDOWS\system32\f3ahvoas.dll
2006-12-27 12:01 6,656 --a------ G:\WINDOWS\system32\kbdlk41a.dll
2006-12-27 12:01 6,656 --a------ G:\WINDOWS\system32\c_is2022.dll
2006-12-27 12:01 6,144 -ra------ G:\WINDOWS\system32\kbdth3.dll
2006-12-27 12:01 6,144 -ra------ G:\WINDOWS\system32\kbdth2.dll
2006-12-27 12:01 6,144 -ra------ G:\WINDOWS\system32\kbdinpun.dll
2006-12-27 12:01 6,144 --a------ G:\WINDOWS\system32\kbdlk41j.dll
2006-12-27 12:01 6,144 --a------ G:\WINDOWS\system32\kbdax2.dll
2006-12-27 12:01 6,144 --a------ G:\WINDOWS\system32\kbd106n.dll
2006-12-27 12:01 6,144 --a------ G:\WINDOWS\system32\kbd106.dll
2006-12-27 12:01 6,144 --a------ G:\WINDOWS\system32\kbd101c.dll
2006-12-27 12:01 6,144 --a------ G:\WINDOWS\system32\kbd101b.dll
2006-12-27 12:01 6,144 --a------ G:\WINDOWS\system32\kbd101.dll
2006-12-27 12:01 6,144 --a------ G:\WINDOWS\system32\ftlx041e.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdvntc.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdurdu.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdth1.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdth0.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdsyr2.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdsyr1.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdintel.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdintam.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdinmar.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdinkan.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdinhin.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdinguj.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdindev.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdheb.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbdfa.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbddiv2.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbddiv1.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbda3.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbda2.dll
2006-12-27 12:01 5,632 -ra------ G:\WINDOWS\system32\kbda1.dll
2006-12-27 12:01 5,632 --a------ G:\WINDOWS\system32\kbdusa.dll
2006-12-27 12:01 5,632 --a------ G:\WINDOWS\system32\kbd103.dll
2006-12-27 12:01 5,120 -ra------ G:\WINDOWS\system32\kbdgeo.dll
2006-12-27 12:01 5,120 -ra------ G:\WINDOWS\system32\kbdarmw.dll
2006-12-27 12:01 5,120 -ra------ G:\WINDOWS\system32\kbdarme.dll
2006-12-27 12:01 185,344 --a------ G:\WINDOWS\system32\Thawbrkr.dll
2006-12-27 12:01 10,752 --a------ G:\WINDOWS\system32\c_iscii.dll
2006-12-27 11:59 82,944 --a------ G:\WINDOWS\system32\drivers\wdmaud.sys
2006-12-27 11:59 74,240 --a------ G:\WINDOWS\system32\usbui.dll
2006-12-27 11:59 60,800 --a------ G:\WINDOWS\system32\drivers\sysaudio.sys
2006-12-27 11:59 6,400 --a------ G:\WINDOWS\system32\drivers\splitter.sys
2006-12-27 11:59 6,400 --a------ G:\WINDOWS\system32\drivers\enum1394.sys
2006-12-27 11:59 59,264 --a------ G:\WINDOWS\system32\drivers\usbaudio.sys
2006-12-27 11:59 57,472 --a------ G:\WINDOWS\system32\drivers\redbook.sys
2006-12-27 11:59 54,272 --a------ G:\WINDOWS\system32\drivers\swmidi.sys
2006-12-27 11:59 52,864 --a------ G:\WINDOWS\system32\drivers\dmusic.sys
2006-12-27 11:59 3,072 --a------ G:\WINDOWS\system32\drivers\audstub.sys
2006-12-27 11:59 2,944 --a------ G:\WINDOWS\system32\drivers\drmkaud.sys
2006-12-27 11:59 171,776 --a------ G:\WINDOWS\system32\drivers\kmixer.sys
2006-12-27 11:59 142,464 --a------ G:\WINDOWS\system32\drivers\aec.sys
2006-12-27 11:58 9,936 --a------ G:\WINDOWS\system\LZEXPAND.DLL
2006-12-27 11:58 9,008 --a------ G:\WINDOWS\system\VER.DLL
2006-12-27 11:58 85,020 --a------ G:\WINDOWS\system32\dgsetup.dll
2006-12-27 11:58 82,944 --a------ G:\WINDOWS\system\OLECLI.DLL
2006-12-27 11:58 8,704 --a------ G:\WINDOWS\system32\batt.dll
2006-12-27 11:58 8,192 -ra------ G:\WINDOWS\system32\kbdhept.dll
2006-12-27 11:58 74,752 --a------ G:\WINDOWS\system32\storprop.dll
2006-12-27 11:58 7,168 -ra------ G:\WINDOWS\system32\kbdcz.dll
2006-12-27 11:58 69,584 --a------ G:\WINDOWS\system\AVICAP.DLL
2006-12-27 11:58 69,120 --a------ G:\WINDOWS\notepad.exe
2006-12-27 11:58 68,768 --a------ G:\WINDOWS\system\mmsystem.dll
2006-12-27 11:58 6,656 -ra------ G:\WINDOWS\system32\kbdycl.dll
2006-12-27 11:58 6,656 -ra------ G:\WINDOWS\system32\kbdsl1.dll
2006-12-27 11:58 6,656 -ra------ G:\WINDOWS\system32\kbdsl.dll
2006-12-27 11:58 6,656 -ra------ G:\WINDOWS\system32\kbdpl.dll
2006-12-27 11:58 6,656 -ra------ G:\WINDOWS\system32\kbdhu.dll
2006-12-27 11:58 6,656 -ra------ G:\WINDOWS\system32\kbdhela3.dll
2006-12-27 11:58 6,656 -ra------ G:\WINDOWS\system32\kbdcz2.dll
2006-12-27 11:58 6,656 -ra------ G:\WINDOWS\system32\kbdcz1.dll
2006-12-27 11:58 6,656 -ra------ G:\WINDOWS\system32\kbdcr.dll
2006-12-27 11:58 6,656 -ra------ G:\WINDOWS\system32\KBDAL.DLL
2006-12-27 11:58 6,144 -ra------ G:\WINDOWS\system32\kbdtuq.dll
2006-12-27 11:58 6,144 -ra------ G:\WINDOWS\system32\kbdtuf.dll
2006-12-27 11:58 6,144 -ra------ G:\WINDOWS\system32\kbdlv1.dll
2006-12-27 11:58 6,144 -ra------ G:\WINDOWS\system32\kbdlv.dll
2006-12-27 11:58 6,144 -ra------ G:\WINDOWS\system32\kbdhela2.dll
2006-12-27 11:58 6,144 -ra------ G:\WINDOWS\system32\kbdgkl.dll
2006-12-27 11:58 6,144 -ra------ G:\WINDOWS\system32\kbdest.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdro.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdpl1.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdmon.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdlt1.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdlt.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdkyr.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdhu1.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdhe319.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdhe220.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdhe.dll
2006-12-27 11:58 5,632 -ra------ G:\WINDOWS\system32\kbdazel.dll
2006-12-27 11:58 5,120 --a------ G:\WINDOWS\system\SHELL.DLL
2006-12-27 11:58 32,816 --a------ G:\WINDOWS\system\COMMDLG.DLL
2006-12-27 11:58 24,661 --a------ G:\WINDOWS\system32\spxcoins.dll
2006-12-27 11:58 24,064 --a------ G:\WINDOWS\system\OLESVR.DLL
2006-12-27 11:58 19,200 --a------ G:\WINDOWS\system\TAPI.DLL
2006-12-27 11:58 176,157 --a------ G:\WINDOWS\system32\dgrpsetu.dll
2006-12-27 11:58 15,360 --a------ G:\WINDOWS\TASKMAN.EXE
2006-12-27 11:58 13,312 --a------ G:\WINDOWS\system32\irclass.dll
2006-12-27 11:58 126,912 --a------ G:\WINDOWS\system\MSVIDEO.DLL
2006-12-27 11:58 11,264 --a------ G:\WINDOWS\system32\drivers\irenum.sys
2006-12-27 11:58 109,456 --a------ G:\WINDOWS\system\AVIFILE.DLL
2006-12-27 11:58 103,424 --a------ G:\WINDOWS\system32\EqnClass.Dll
2006-12-27 11:58 <DIR> dr------- G:\Program Files
2006-12-27 11:58 <DIR> dr------- G:\DOCUME~1\ALLUSE~1\Documents
2006-12-27 11:58 <DIR> d-------- G:\WINDOWS\system32\CatRoot2
2006-12-27 11:58 <DIR> d-------- G:\WINDOWS\system32\CatRoot
2006-12-27 11:58 <DIR> d-------- G:\Program Files\Common Files\SpeechEngines
2006-12-27 11:58 <DIR> d-------- G:\Program Files\Common Files\ODBC
2006-12-27 11:57 <DIR> d-------- G:\Documents and Settings
2006-12-27 11:54 <DIR> dr-hsc--- G:\WINDOWS\system32\dllcache
2006-12-27 11:54 <DIR> dr--s---- G:\WINDOWS\Fonts
2006-12-27 11:54 <DIR> dr------- G:\WINDOWS\Web
2006-12-27 11:54 <DIR> d--h----- G:\WINDOWS\inf
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\WinSxS
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\twain_32
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\wins
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\wbem
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\usmt
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\spool
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\ShellExt
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\Setup
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\ras
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\oobe
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\npp
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\mui
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\inetsrv
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\IME
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\icsxml
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\ias
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\export
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\drivers\etc
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\drivers\disdn
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\drivers
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\dhcp
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\config
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\3com_dmi
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\3076
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\2052
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\1054
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\1042
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\1041
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\1037
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\1033
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\1031
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\1028
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32\1025
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system32
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\system
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\security
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\Resources
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\repair
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\mui
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\msapps
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\msagent
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\Media
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\java
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\ime
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\Help
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\Driver Cache
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\Debug
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\Cursors
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\Connection Wizard
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\Config
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\AppPatch
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS\addins
2006-12-27 11:54 <DIR> d-------- G:\WINDOWS
2006-12-27 00:25 9,728 -ra------ G:\WINDOWS\system32\bdco1ins.dll
2006-12-27 00:25 9,728 -ra------ G:\WINDOWS\system32\bdco1.dll
2006-12-27 00:25 35,840 -ra------ G:\WINDOWS\system32\nvconrm.dll
2006-12-27 00:25 34,176 -ra------ G:\WINDOWS\system32\drivers\NVENETFD.sys
2006-12-27 00:25 305,152 -ra------ G:\WINDOWS\system32\drivers\nvnrm.sys
2006-12-27 00:25 222,592 -ra------ G:\WINDOWS\system32\drivers\nvsnpu.sys
2006-12-27 00:25 208,896 --a------ G:\WINDOWS\system32\nvusmb.exe
2006-12-27 00:25 208,896 --a------ G:\WINDOWS\system32\nvunrm.exe
2006-12-27 00:25 208,896 --a------ G:\WINDOWS\system32\NVUNINST.EXE
2006-12-27 00:25 204,288 -ra------ G:\WINDOWS\system32\fdco1ins.dll
2006-12-27 00:25 204,288 -ra------ G:\WINDOWS\system32\fdco1.dll
2006-12-27 00:25 159,232 -ra------ G:\WINDOWS\system32\fdco_l1036.dll
2006-12-27 00:25 159,232 -ra------ G:\WINDOWS\system32\fdco_l1034.dll
2006-12-27 00:25 159,232 -ra------ G:\WINDOWS\system32\fdco_l1031.dll
2006-12-27 00:25 158,720 -ra------ G:\WINDOWS\system32\fdco_l1046.dll
2006-12-27 00:25 158,720 -ra------ G:\WINDOWS\system32\fdco_l1040.dll
2006-12-27 00:25 156,672 -ra------ G:\WINDOWS\system32\fdco_l1042.dll
2006-12-27 00:25 156,672 -ra------ G:\WINDOWS\system32\fdco_l1041.dll
2006-12-27 00:25 155,648 -ra------ G:\WINDOWS\system32\fdco_l1028.dll
2006-12-27 00:25 13,056 -ra------ G:\WINDOWS\system32\drivers\nvnetbus.sys
2006-12-27 00:25 101,632 -ra------ G:\WINDOWS\system32\drivers\nvtcp.sys
2006-12-27 00:25 <DIR> d-------- G:\WINDOWS\NV11681116.TMP
2006-12-27 00:25 <DIR> d-------- G:\Program Files\Common Files\InstallShield
2006-12-27 00:15 <DIR> d--hs---- G:\WINDOWS\Installer
2006-12-27 00:12 <DIR> d--hs---- G:\System Volume Information
2006-12-27 00:10 112,128 --a------ G:\WINDOWS\system32\mapi32.dll
2006-12-27 00:10 <DIR> d-------- G:\WINDOWS\system32\xircom
2006-12-27 00:10 <DIR> d-------- G:\Program Files\microsoft frontpage
2006-12-27 00:09 45,568 --a------ G:\WINDOWS\system32\safrslv.dll
2006-12-27 00:09 43,520 --a------ G:\WINDOWS\system32\safrcdlg.dll
2006-12-27 00:09 43,520 --a------ G:\WINDOWS\system32\racpldlg.dll
2006-12-27 00:09 29,696 --a------ G:\WINDOWS\system32\safrdm.dll
2006-12-27 00:09 11,264 --a------ G:\WINDOWS\system32\atrace.dll
2006-12-27 00:09 <DIR> dr------- G:\WINDOWS\Offline Web Pages
2006-12-27 00:09 <DIR> d--hs---- G:\DOCUME~1\ALLUSE~1\DRM
2006-12-27 00:09 <DIR> d---s---- G:\WINDOWS\Downloaded Program Files
2006-12-27 00:09 <DIR> d-------- G:\WINDOWS\system32\DirectX
2006-12-27 00:08 81,920 --a------ G:\WINDOWS\system32\isign32.dll
2006-12-27 00:08 81,920 --a------ G:\WINDOWS\system32\ils.dll
2006-12-27 00:08 73,728 --a------ G:\WINDOWS\system32\icwdial.dll
2006-12-27 00:08 73,472 --a------ G:\WINDOWS\system32\drivers\sr.sys
2006-12-27 00:08 69,632 --a------ G:\WINDOWS\system32\msconf.dll
2006-12-27 00:08 678,400 --a------ G:\WINDOWS\system32\inetcomm.dll
2006-12-27 00:08 67,584 --a------ G:\WINDOWS\system32\srclient.dll
2006-12-27 00:08 65,536 --a------ G:\WINDOWS\system32\icwphbk.dll
2006-12-27 00:08 64,512 --a------ G:\WINDOWS\system32\acctres.dll
2006-12-27 00:08 48,128 --a------ G:\WINDOWS\system32\inetres.dll
2006-12-27 00:08 382,464 --a------ G:\WINDOWS\system32\qmgr.dll
2006-12-27 00:08 34,560 --a------ G:\WINDOWS\system32\mnmdd.dll
2006-12-27 00:08 32,768 --a------ G:\WINDOWS\system32\mnmsrvc.exe
2006-12-27 00:08 32,768 --a------ G:\WINDOWS\system32\isrdbg32.dll
2006-12-27 00:08 28,672 --a------ G:\WINDOWS\system32\nmmkcert.dll
2006-12-27 00:08 274,944 --a------ G:\WINDOWS\system32\mstask.dll
2006-12-27 00:08 274,432 --a------ G:\WINDOWS\system32\inetcfg.dll
2006-12-27 00:08 252,928 --a------ G:\WINDOWS\system32\msoeacct.dll
2006-12-27 00:08 239,104 --a------ G:\WINDOWS\system32\srrstr.dll
2006-12-27 00:08 190,976 --a------ G:\WINDOWS\system32\schedsvc.dll
2006-12-27 00:08 18,944 --a------ G:\WINDOWS\system32\qmgrprxy.dll
2006-12-27 00:08 170,496 --a------ G:\WINDOWS\system32\srsvc.dll
2006-12-27 00:08 16,384 --a------ G:\WINDOWS\system32\icfgnt5.dll
2006-12-27 00:08 159,232 --a------ G:\WINDOWS\system32\schedsvc(3).dll
2006-12-27 00:08 158,720 --a------ G:\WINDOWS\system32\srsvc(3).dll
2006-12-27 00:08 12,288 --a------ G:\WINDOWS\system32\nmevtmsg.dll
2006-12-27 00:08 12,288 --a------ G:\WINDOWS\system32\mstinit.exe
2006-12-27 00:08 105,984 --a------ G:\WINDOWS\system32\msoert2.dll
2006-12-27 00:08 <DIR> d--h----- G:\Program Files\WindowsUpdate
2006-12-27 00:08 <DIR> d---s---- G:\WINDOWS\Tasks
2006-12-27 00:08 <DIR> d-------- G:\WINDOWS\system32\Restore
2006-12-27 00:08 <DIR> d-------- G:\WINDOWS\system32\Macromed
2006-12-27 00:08 <DIR> d-------- G:\WINDOWS\srchasst
2006-12-27 00:08 <DIR> d-------- G:\WINDOWS\Registration
2006-12-27 00:08 <DIR> d-------- G:\WINDOWS\PCHealth
2006-12-27 00:08 <DIR> d-------- G:\Program Files\Online Services
2006-12-27 00:08 <DIR> d-------- G:\Program Files\Movie Maker
2006-12-27 00:08 <DIR> d-------- G:\Program Files\Messenger
2006-12-27 00:08 <DIR> d-------- G:\Program Files\Common Files\MSSoap
2006-12-27 00:07 949,248 --a------ G:\WINDOWS\system32\msdtctm.dll
2006-12-27 00:07 93,696 --a------ G:\WINDOWS\system32\tscfgwmi.dll
2006-12-27 00:07 90,112 --a------ G:\WINDOWS\system32\mtxoci.dll
2006-12-27 00:07 9,728 --a------ G:\WINDOWS\system32\reset.exe
2006-12-27 00:07 9,216 --a------ G:\WINDOWS\system32\wuauserv(3).dll
2006-12-27 00:07 9,216 --a------ G:\WINDOWS\system32\icaapi(3).dll
2006-12-27 00:07 87,176 --a------ G:\WINDOWS\system32\rdpwsx.dll
2006-12-27 00:07 85,504 --a------ G:\WINDOWS\system32\catsrvps.dll
2006-12-27 00:07 83,968 --a------ G:\WINDOWS\system32\mtxoci(2).dll
2006-12-27 00:07 82,432 --a------ G:\WINDOWS\system32\comrepl.dll
2006-12-27 00:07 80,384 --a------ G:\WINDOWS\system32\charmap.exe
2006-12-27 00:07 73,216 --a------ G:\WINDOWS\system32\avwav.dll
2006-12-27 00:07 67,072 --a------ G:\WINDOWS\system32\rdshost.exe
2006-12-27 00:07 655,360 --a------ G:\WINDOWS\system32\mstscax.dll
2006-12-27 00:07 628,224 --a------ G:\WINDOWS\system32\catsrvut.dll
2006-12-27 00:07 628,224 --a------ G:\WINDOWS\system32\catsrvut(3).dll
2006-12-27 00:07 62,464 --a------ G:\WINDOWS\system32\rdpclip.exe
2006-12-27 00:07 62,464 --a------ G:\WINDOWS\system32\colbact.dll
2006-12-27 00:07 62,464 --a------ G:\WINDOWS\system32\colbact(3).dll
2006-12-27 00:07 605,696 --a------ G:\WINDOWS\system32\getuname.dll
2006-12-27 00:07 60,416 --a------ G:\WINDOWS\system32\remotepg.dll
2006-12-27 00:07 6,656 --a------ G:\WINDOWS\system32\wuauserv.dll
2006-12-27 00:07 6,144 --a------ G:\WINDOWS\system32\msdtc.exe
2006-12-27 00:07 582,656 --a------ G:\WINDOWS\system32\catsrvut(4).dll
2006-12-27 00:07 58,880 --a------ G:\WINDOWS\system32\msdtclog.dll
2006-12-27 00:07 56,832 --a------ G:\WINDOWS\system32\sol.exe
2006-12-27 00:07 56,832 --a------ G:\WINDOWS\system32\colbact(4).dll
2006-12-27 00:07 56,320 --a------ G:\WINDOWS\system32\servdeps.dll
2006-12-27 00:07 55,296 --a------ G:\WINDOWS\system32\freecell.exe
2006-12-27 00:07 540,160 --a------ G:\WINDOWS\system32\comuid.dll
2006-12-27 00:07 54,272 --a------ G:\WINDOWS\system32\stclient.dll
2006-12-27 00:07 538,624 --a------ G:\WINDOWS\system32\spider.exe
2006-12-27 00:07 501,248 --a------ G:\WINDOWS\system32\clbcatq.dll
2006-12-27 00:07 501,248 --a------ G:\WINDOWS\system32\clbcatq(3).dll
2006-12-27 00:07 5,632 --a------ G:\WINDOWS\system32\write.exe
2006-12-27 00:07 5,120 --a------ G:\WINDOWS\system32\dcomcnfg.exe
2006-12-27 00:07 468,480 --a------ G:\WINDOWS\system32\clbcatq(4).dll
2006-12-27 00:07 44,544 --a------ G:\WINDOWS\system32\tscupgrd.exe
2006-12-27 00:07 44,544 --a------ G:\WINDOWS\system32\hticons.dll
2006-12-27 00:07 425,472 --a------ G:\WINDOWS\system32\msdtcprx.dll
2006-12-27 00:07 407,552 --a------ G:\WINDOWS\system32\mstsc.exe
2006-12-27 00:07 4,096 --a------ G:\WINDOWS\system32\rdpcfgex.dll
2006-12-27 00:07 4,096 --a------ G:\WINDOWS\system32\mtxex.dll
2006-12-27 00:07 38,912 --a------ G:\WINDOWS\system32\cfgbkend.dll
2006-12-27 00:07 35,328 --a------ G:\WINDOWS\system32\winchat.exe
2006-12-27 00:07 345,088 --a------ G:\WINDOWS\system32\hypertrm.dll
2006-12-27 00:07 343,040 --a------ G:\WINDOWS\system32\mspaint.exe
2006-12-27 00:07 33,792 --a------ G:\WINDOWS\system32\regini.exe
2006-12-27 00:07 295,424 --a------ G:\WINDOWS\system32\termsrv.dll
2006-12-27 00:07 25,600 --a------ G:\WINDOWS\system32\comaddin.dll
2006-12-27 00:07 25,088 --a------ G:\WINDOWS\system32\mtxlegih.dll
2006-12-27 00:07 229,888 --a------ G:\WINDOWS\system32\catsrv.dll
2006-12-27 00:07 229,888 --a------ G:\WINDOWS\system32\catsrv(3).dll
2006-12-27 00:07 227,840 --a------ G:\WINDOWS\system32\avtapi.dll
2006-12-27 00:07 22,016 --a------ G:\WINDOWS\system32\qwinsta.exe
2006-12-27 00:07 215,040 --a------ G:\WINDOWS\system32\catsrv(4).dll
2006-12-27 00:07 21,896 --a------ G:\WINDOWS\system32\drivers\tdtcp.sys
2006-12-27 00:07 200,192 --a------ G:\WINDOWS\system32\termsrv(3).dll
2006-12-27 00:07 20,992 --a------ G:\WINDOWS\system32\msg.exe
2006-12-27 00:07 20,480 --a------ G:\WINDOWS\system32\qprocess.exe
2006-12-27 00:07 20,480 --a------ G:\WINDOWS\system32\mtxdm.dll
2006-12-27 00:07 19,968 --a------ G:\WINDOWS\system32\rdpsnd.dll
2006-12-27 00:07 185,344 --a------ G:\WINDOWS\system32\cmprops.dll
2006-12-27 00:07 183,808 --a------ G:\WINDOWS\system32\accwiz.exe
2006-12-27 00:07 17,408 --a------ G:\WINDOWS\system32\mmfutil.dll
2006-12-27 00:07 161,280 --a------ G:\WINDOWS\system32\msdtcuiu.dll
2006-12-27 00:07 16,896 --a------ G:\WINDOWS\system32\tsshutdn.exe
2006-12-27 00:07 16,896 --a------ G:\WINDOWS\system32\qappsrv.exe
2006-12-27 00:07 16,384 --a------ G:\WINDOWS\system32\tskill.exe
2006-12-27 00:07 16,384 --a------ G:\WINDOWS\system32\avmeter.dll
2006-12-27 00:07 15,872 --a------ G:\WINDOWS\system32\rwinsta.exe
2006-12-27 00:07 15,872 --a------ G:\WINDOWS\system32\cdmodem.dll
2006-12-27 00:07 15,360 --a------ G:\WINDOWS\system32\logoff.exe
2006-12-27 00:07 147,968 --a------ G:\WINDOWS\system32\rdchost.dll
2006-12-27 00:07 147,456 --a------ G:\WINDOWS\system32\comsnap.dll
2006-12-27 00:07 140,800 --a------ G:\WINDOWS\system32\sessmgr.exe
2006-12-27 00:07 14,848 --a------ G:\WINDOWS\system32\tsdiscon.exe
2006-12-27 00:07 14,848 --a------ G:\WINDOWS\system32\tscon.exe
2006-12-27 00:07 14,848 --a------ G:\WINDOWS\system32\shadow.exe
2006-12-27 00:07 139,400 --a------ G:\WINDOWS\system32\drivers\rdpwd.sys
2006-12-27 00:07 138,752 --a------ G:\WINDOWS\system32\sndvol32.exe
2006-12-27 00:07 131,584 --a------ G:\WINDOWS\system32\sndrec32.exe
2006-12-27 00:07 13,824 --a------ G:\WINDOWS\system32\rdsaddin.exe
2006-12-27 00:07 126,976 --a------ G:\WINDOWS\system32\mshearts.exe
2006-12-27 00:07 123,392 --a------ G:\WINDOWS\system32\mplay32.exe
2006-12-27 00:07 12,040 --a------ G:\WINDOWS\system32\drivers\tdpipe.sys
2006-12-27 00:07 119,808 --a------ G:\WINDOWS\system32\winmine.exe
2006-12-27 00:07 114,688 --a------ G:\WINDOWS\system32\calc.exe
2006-12-27 00:07 111,104 --a------ G:\WINDOWS\system32\wuauclt.exe
2006-12-27 00:07 110,080 --a------ G:\WINDOWS\system32\clbcatex.dll
2006-12-27 00:07 11,776 --a------ G:\WINDOWS\system32\xolehlp.dll
2006-12-27 00:07 11,264 --a------ G:\WINDOWS\system32\icaapi.dll
2006-12-27 00:07 102,912 --a------ G:\WINDOWS\system32\clipbrd.exe
2006-12-27 00:07 1,251,840 --a------ G:\WINDOWS\system32\comsvcs.dll
2006-12-27 00:07 1,251,840 --a------ G:\WINDOWS\system32\comsvcs(3).dll
2006-12-27 00:07 1,172,992 --a------ G:\WINDOWS\system32\comsvcs(4).dll
2006-12-27 00:07 1,161 --a------ G:\WINDOWS\system32\usrlogon.cmd
2006-12-27 00:07 1,134,592 --a------ G:\WINDOWS\system32\wuaueng.dll
2006-12-27 00:07 <DIR> d-------- G:\WINDOWS\system32\MsDtc
2006-12-27 00:07 <DIR> d-------- G:\WINDOWS\system32\Com
2006-12-27 00:07 <DIR> d-------- G:\Program Files\Windows NT
2006-12-27 00:07 <DIR> d-------- G:\Program Files\MSN Gaming Zone
2006-12-27 00:06 58,880 --a------ G:\WINDOWS\system32\licwmi.dll
2006-12-27 00:06 40,840 --a------ G:\WINDOWS\system32\drivers\termdd.sys
2006-12-27 00:06 196,864 --a------ G:\WINDOWS\system32\drivers\rdpdr.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-15 12:48 -------- d-------- G:\DOCUME~1\ERICXU~1\Application Data\.gaim
2007-01-11 23:08 -------- d---s---- G:\DOCUME~1\ERICXU~1\Application Data\microsoft
2007-01-11 22:55 218624 --a------ G:\WINDOWS\system32\uxtheme.dll
2006-12-28 14:57 604 --ah----- G:\Program Files\stll notifier
2006-12-27 16:58 -------- d-------- G:\DOCUME~1\ERICXU~1\Application Data\macromedia
2006-12-27 11:58 62 --ahs---- G:\DOCUME~1\ERICXU~1\Application Data\desktop.ini
2006-12-27 00:15 -------- d-------- G:\DOCUME~1\ERICXU~1\Application Data\identities
2006-11-07 21:03 6049280 --------- G:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- G:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- G:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ G:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ G:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- G:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ G:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ G:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ G:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ G:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ G:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ G:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ G:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ G:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ G:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ G:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ G:\WINDOWS\system32\ieakui.dll
2006-10-22 12:22 888832 --a------ G:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ G:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ G:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ G:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ G:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ G:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ G:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ G:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ G:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ G:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ G:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ G:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ G:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ G:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ G:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 35840 --a------ G:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ G:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ G:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ G:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ G:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ G:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ G:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ G:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ G:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ G:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ G:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ G:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ G:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ G:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ G:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ G:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ G:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ G:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ G:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ G:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ G:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ G:\WINDOWS\system32\nvcpluir.dll
2006-10-18 21:58 8704 --------- G:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- G:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ G:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 8231936 --a------ G:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- G:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 7168 --a------ G:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- G:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --------- G:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- G:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- G:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 535040 --------- G:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- G:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ G:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --------- G:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --------- G:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --------- G:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 38400 --------- G:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ G:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- G:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- G:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- G:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ G:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ G:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- G:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 295936 --------- G:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- G:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- G:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ G:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- G:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- G:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- G:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 229376 --a------ G:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 212992 --------- G:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 204288 --------- G:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- G:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 175616 --a------ G:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- G:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- G:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- G:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 154624 --------- G:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- G:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- G:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- G:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 132096 --------- G:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- G:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 101888 --------- G:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:00 249856 --------- G:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- G:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:05 40960 --a------ G:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- G:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ G:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ G:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ G:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- G:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- G:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ G:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- G:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ G:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ G:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- G:\WINDOWS\system32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="G:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"G:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="G:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="G:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE G:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE G:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"VolPanel"="\"G:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe\" /r"
"AudioDrvEmulator"="\"G:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"G:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"UpdReg"="G:\\WINDOWS\\UpdReg.EXE"
"AVG7_CC"="G:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"G:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="G:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"G:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"G:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"G:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="G:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=dword:00000002
"Creative Service for CDROM Access"=dword:00000002
"Adobe LM Service"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="G:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="G:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Completion time: 07-01-16 15:35:04

Logfile of HijackThis v1.99.1
Scan saved at 3:58:12 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
G:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
G:\Program Files\HijackThis\coolhijakzis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "G:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - G:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe

tetonbob · Jan 17, 2007

Establish an internet connection & perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
    [*]Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save Report As button.
Select txt file from the dropdown menu, to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Trojan horse lop.as

meursiicc

Registered

amateur

TSF-Emeritus

meursiicc

Registered

meursiicc

Registered

tetonbob

TSF Security Manager, Emeritus

meursiicc

Registered

tetonbob

TSF Security Manager, Emeritus