Seite 2 von 3 ErsteErste 123 LetzteLetzte
Ergebnis 11 bis 20 von 22

Thema: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

  1. #11
    Einsteiger
    Registriert seit
    04.11.2008
    Beiträge
    12

    Re: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

    Well, i just deleted the files normally, didn't use any software.

    the log:

    Code:
    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.
    
    C:\>mbr.exe -f
    Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
    
    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK
    malicious code @ sector 0x950e4c1 size 0x1e4 !
    copy of MBR has been found in sector 62 !
    
    C:\>mbr.exe -f
    Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
    
    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK
    malicious code @ sector 0x950e4c1 size 0x1e4 !
    copy of MBR has been found in sector 62 !
    - Thanks, DEPwns,

  2. #12
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

    No, it wasn't corrected by that. Sometimes other scans do partial repairs of this infection, but then leave changes "orphaned" that preset repair tools do not address. One repair is the use an XP CD, access the Recovery Console and run a fixmbr procedure. Do you have or can borrow an XP CD for this? Also what type of setup is there - is this just a single install on a hard drive, or dual boot etc.? One other factor is if this is an "imaged" install, such as Norton's Ghost would create, or if the computer manufacturer created.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  3. #13
    Einsteiger
    Registriert seit
    04.11.2008
    Beiträge
    12

    Re: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

    Well, i've my own XP CD, and i've dual-boot with XP+Ubuntu Linux.. but the linux isn't on the parition i deleted the autoexec.bat and the other boot files from, i don't know how/when those file was created, i've never install any type of OS on that partition.

    By tha way, If i run the 'fixmbr', is there any possibility of losing data?

    - Thanks, DEPwns,

  4. #14
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

    That would restore the default boot record, which would not include your other partition installs. The malware code itself is actually orphaned - some past step or scan you did there removed the active part, which left this other copy isolated. Mbr.exe is designed to work from the info in that missing active part to locate and remove all the malware changes.


    It is possible Dr. Web, which perhaps you already ran there to leave this MBR issue, can remove the remaining MBR code. Their team has indicated past success, but again when something already did a partial job of it cleaning this orphaned (and presumably harmless) part becomes difficult. I also cannot give any guarantees things will not become more problematic, as Dr. Web does whatever those folks have set it to do in these repairs.


    As the options are very limited there shy of reformatting the entire drive you may want to go with a Dr. Web scan here.


    To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


    Download Dr.Web CureIt to your desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    Then Doubleclick the "drweb-cureit.exe" and click "ok" at the prompt. This will start a quick scan of your system. Allow it to clean what it finds (you can close any purchase popups if displayed). When the scan finshes it will say "Done".

    Next:

    Click on the green screwdriver-
    Uncheck – Heurestic analysis
    Actions Tab - Adware-Dialers-Riskware-Hacktools, use dropdown menu and select "Move"
    Uncheck – Prompt on action

    Click on the drive(s) you want to scan. Then click the green arrow in lower right corner. It will now scan your drives (say yes to all).

    When the scan has finished, look if you can click the "Next" icon next to the files found. If so, click it and then click the next icon right below and select Move incurable.

    After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    Save the report to your desktop. The report will be called DrWeb.csv

    Close Dr.Web Cureit and reboot.

    -----------------------

    After the reboot let's check with a new mbr.exe repair run as well.

    Rename the C:\mbr.log to C:\mbr.old.

    Go to Start - Run, type cmd (and OK). At the prompt type or copy/paste the following, hitting Enter after each.

    cd\
    mbr.exe -f


    (be sure to place a space after "mbr.exe")

    Once that has completed repeat that, typing or copy/pasting the following again at the prompt and hitting Enter.

    mbr.exe -f

    Still with the command window open click on the Icon in the top left hand corner of the Command Prompt and choose Edit > Select All and then Edit > Copy. Rightclick on your Desktop and create a text file. Open it and position your mouse inside the file, rightclick again and choose Paste. Save the file and post the contents here please, along with the Dr. Web log.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  5. #15
    Einsteiger
    Registriert seit
    04.11.2008
    Beiträge
    12

    Re: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

    Hello Jintan,

    Sorry for the delay, I've ran Dr. Web CureIt and it performed the quick scan and didn't find anything, and i can't find any screwdriver!!!

    I decided to run the fixmbr through the recovery console and the mbr was re-written successfully without any error or losing of data. Then i performed the Gmer's mbr scan twice again like you said but unfortunatelly it's the same results:

    Code:
    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.
    
    
    C:\>mbr -f
    Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
    
    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK
    malicious code @ sector 0x950e4c1 size 0x1e4 !
    copy of MBR has been found in sector 62 !
    
    C:\>mbr -f
    Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
    
    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK
    malicious code @ sector 0x950e4c1 size 0x1e4 !
    copy of MBR has been found in sector 62 !
    
    C:\>
    Can you please tell me exactly where can i find the screw driver in Dr. Web CureIt? I've looked all over the software and didn't find it.

    - Thanks, DEPwns,

  6. #16
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

    Sorry, I really need to delete older saved steps when I replace them - there is no screwdriver symbol used in DrWeb scans any longer. But as you saw there are only a very few items to click to run the scan.

    I checked back on some past discussions with Gmer and other knowledgeable folks, and see that this malicious code is not actually in the MBR, but some other location that the malware placed it's code. And as I said, once some scan or step you did removed the malware code from the MBR it also removed the "pointer" tools like Mbr.exe needs to locate and remove the orphaned bit of code. So short of wiping the data off the drive nothing I know seeks and removes this piece of code. However, as Gmer indicated in those discussions it is only orphaned code, and is basically harmless.

    Although Dr.Web found nothing let's apply two repair scans for what might have placed that code there.


    Download Malwarebytes' Anti-Malware from Here or Here.

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

    ---------------------

    Download SDFix.exe and save it to your desktop.

    =============================

    Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


    In Safe Mode, click the C:\SDFix.exe folder and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.

    Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

    When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

    Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here.

    =======================

    Run a new RSIT scan, and post that log along with the Malwarebytes log and the SDFix report.txt log please.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  7. #17
    Einsteiger
    Registriert seit
    04.11.2008
    Beiträge
    12

    Re: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

    No Problem, Well Malware Bytes didn't dectect anything except the "StartMenuLogOff" which he always detects as bad.

    here's the log anyway:
    Code:
    Malwarebytes' Anti-Malware 1.30
    Database version: 1373
    Windows 5.1.2600 Service Pack 2
    
    11/8/2008 5:07:58 AM
    mbam-log-2008-11-08 (05-07-54).txt
    
    Scan type: Quick Scan
    Objects scanned: 62662
    Time elapsed: 5 minute(s), 10 second(s)
    
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0
    
    Memory Processes Infected:
    (No malicious items detected)
    
    Memory Modules Infected:
    (No malicious items detected)
    
    Registry Keys Infected:
    (No malicious items detected)
    
    Registry Values Infected:
    (No malicious items detected)
    
    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
    
    Folders Infected:
    (No malicious items detected)
    
    Files Infected:
    (No malicious items detected)
    ==========================================
    ===============----SDFix----=================
    Code:
    SDFix: Version 1.240 
    Run by Administrator on Sat 11/08/2008 at 05:25 AM
    
    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix
    
    Checking Services :
    
    
    Restoring Default Security Values
    Restoring Default Hosts File
    
    Rebooting
    
    
    Checking Files : 
    
    Trojan Files Found:
    
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3B.tmp - Deleted
    
    
    
    
    
    Removing Temp Files
    
    ADS Check :
     
    
    
                                     Final Check :
    
    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-08 06:03:29
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scanning hidden processes ...
    
    scanning hidden services & system hive ...
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "a0"=hex:20,01,00,00,cf,fd,33,d0,4e,22,6f,1b,23,13,59,d7,31,2b,f5,a7,11,..
    "hdf12"=hex:77,9e,9c,64,5f,58,90,2d,93,cd,b0,47,99,d7,f9,6f,53,d1,89,47,5e,..
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:a2,ce,ba,da,d4,af,33,ff,15,f2,22,c2,f3,37,38,ed,71,04,60,12,cb,..
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
    "hdf12"=hex:16,07,03,36,a1,c6,ef,d7,22,62,0d,da,3f,53,f4,ba,34,7f,e1,3e,37,..
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "a0"=hex:20,01,00,00,cf,fd,33,d0,4e,22,6f,1b,23,13,59,d7,31,2b,f5,a7,11,..
    "hdf12"=hex:77,9e,9c,64,5f,58,90,2d,93,cd,b0,47,99,d7,f9,6f,53,d1,89,47,5e,..
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:a2,ce,ba,da,d4,af,33,ff,15,f2,22,c2,f3,37,38,ed,71,04,60,12,cb,..
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
    "hdf12"=hex:16,07,03,36,a1,c6,ef,d7,22,62,0d,da,3f,53,f4,ba,34,7f,e1,3e,37,..
    
    scanning hidden registry entries ...
    
    scanning hidden files ...
    
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0
    
    
    Remaining Services :
    
    
    
    
    Authorized Application Key Export:
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "M:\\Program Files\\TESTOUT\\cmi\\navigator.exe"="M:\\Program Files\\TESTOUT\\cmi\\navigator.exe:*:Disabled:TestOut Navigator"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:وTorrent"
    "C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    
    Remaining Files :
    
    
    File Backups: - C:\SDFix\backups\backups.zip
    
    Files with Hidden Attributes :
    
    Finished!

    ==========================================
    ===============----RSIT----=================

    Code:
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Administrator at 2008-11-08 06:12:12
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 5 GB (18%) free of 31 GB
    Total RAM: 2047 MB (67% free)
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:12:15 AM, on 11/8/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\RSIT.exe
    C:\New Folder\Administrator.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225806304000
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225875571390
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    
    --
    End of file - 9693 bytes
    
    ======Registry dump======
    
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-07-09 36352]
    "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
    "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=149
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "M:\Program Files\TESTOUT\cmi\navigator.exe"="M:\Program Files\TESTOUT\cmi\navigator.exe:*:Disabled:TestOut Navigator"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "M:\Program Files\TESTOUT\cmi\navigator.exe"="M:\Program Files\TESTOUT\cmi\navigator.exe:*:Disabled:TestOut Navigator"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    
    ======List of files/folders created in the last 1 months======
    
    2008-11-08 05:18:47 ----D---- C:\SDFix
    2008-11-08 05:17:00 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-11-08 04:57:32 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-11-08 04:57:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-08 04:57:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-11-07 09:26:00 ----A---- C:\WINDOWS\ReplacerUndo.txt
    2008-11-06 03:58:12 ----D---- C:\Documents and Settings\Administrator\Application Data\Opera
    2008-11-06 03:57:29 ----D---- C:\Program Files\Opera
    2008-11-06 03:54:36 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
    2008-11-06 03:50:09 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-11-06 03:16:10 ----A---- C:\mbr.exe
    2008-11-06 02:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-11-06 02:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
    2008-11-06 02:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-11-06 02:46:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-11-06 02:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-11-06 02:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-11-06 02:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-11-06 02:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-11-06 02:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-11-06 02:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-11-06 02:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-11-06 02:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-11-06 02:29:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-11-06 02:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-11-06 02:28:42 ----D---- C:\WINDOWS\SQLTools9_KB948109_ENU
    2008-11-06 02:26:31 ----D---- C:\WINDOWS\SQL9_KB948109_ENU
    2008-11-06 02:26:03 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
    2008-11-06 02:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-11-06 02:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-11-06 02:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
    2008-11-06 02:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-11-06 02:15:23 ----D---- C:\WINDOWS\ie7updates
    2008-11-06 02:12:17 ----D---- C:\WINDOWS\WBEM
    2008-11-06 02:12:16 ----D---- C:\WINDOWS\system32\en-US
    2008-11-06 02:11:09 ----HDC---- C:\WINDOWS\ie7
    2008-11-06 02:10:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2008-11-06 02:10:35 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2008-11-06 02:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
    2008-11-06 02:10:12 ----N---- C:\WINDOWS\system32\xmllite.dll
    2008-11-06 02:08:58 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-11-06 02:08:53 ----D---- C:\WINDOWS\network diagnostic
    2008-11-06 02:08:52 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
    2008-11-06 02:08:50 ----A---- C:\WINDOWS\system32\xpsp3res.dll
    2008-11-06 02:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
    2008-11-05 19:28:44 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2008-11-05 19:23:27 ----D---- C:\Downloads
    2008-11-05 19:21:39 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-11-05 19:21:31 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
    2008-11-05 19:21:25 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$
    2008-11-05 18:18:00 ----D---- C:\Program Files\uTorrent
    2008-11-05 18:17:57 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
    2008-11-05 17:05:38 ----SHD---- C:\RECYCLER
    2008-11-05 14:29:58 ----D---- C:\Program Files\Microsoft ACT
    2008-11-05 14:29:58 ----D---- C:\Program Files\Common Files\Crystal Decisions
    2008-11-05 13:20:53 ----D---- C:\Program Files\MSXML 6.0
    2008-11-05 13:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
    2008-11-05 10:25:14 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
    2008-11-05 10:25:14 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
    2008-11-05 10:25:13 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
    2008-11-05 10:25:13 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
    2008-11-05 10:25:13 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
    2008-11-05 10:25:12 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
    2008-11-05 10:22:12 ----A---- C:\WINDOWS\system32\xaudioD2_1.dll
    2008-11-05 10:22:12 ----A---- C:\WINDOWS\system32\XAPOFXD1_0.dll
    2008-11-05 10:22:11 ----A---- C:\WINDOWS\system32\XactEngineD3_1.dll
    2008-11-05 10:22:11 ----A---- C:\WINDOWS\system32\XactEngineA3_1.dll
    2008-11-05 10:22:11 ----A---- C:\WINDOWS\system32\X3DAudioD1_4.dll
    2008-11-05 10:22:11 ----A---- C:\WINDOWS\system32\dinput8d.dll
    2008-11-05 10:22:11 ----A---- C:\WINDOWS\system32\D3dx9d_38.dll
    2008-11-05 10:22:11 ----A---- C:\WINDOWS\system32\d3dx9d_33.dll
    2008-11-05 10:22:10 ----A---- C:\WINDOWS\system32\D3DX10d_38.dll
    2008-11-05 10:22:10 ----A---- C:\WINDOWS\system32\d3dref9.dll
    2008-11-05 10:22:10 ----A---- C:\WINDOWS\system32\d3d9d.dll
    2008-11-05 10:21:15 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
    2008-11-05 10:21:15 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-11-05 10:21:15 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
    2008-11-05 10:21:14 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-11-05 10:21:14 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
    2008-11-05 10:21:14 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
    2008-11-05 10:21:14 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-11-05 10:21:13 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
    2008-11-05 10:21:13 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
    2008-11-05 10:21:13 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-11-05 10:21:12 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
    2008-11-05 10:21:12 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
    2008-11-05 10:21:12 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
    2008-11-05 10:21:11 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
    2008-11-05 10:21:11 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
    2008-11-05 10:21:11 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
    2008-11-05 10:21:10 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
    2008-11-05 10:21:09 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
    2008-11-05 10:21:09 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
    2008-11-05 10:21:09 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
    2008-11-05 10:21:09 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
    2008-11-05 10:21:08 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
    2008-11-05 10:21:08 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
    2008-11-05 10:21:07 ----A---- C:\WINDOWS\system32\xinput1_3.dll
    2008-11-05 10:21:07 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
    2008-11-05 10:21:07 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
    2008-11-05 10:21:07 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
    2008-11-05 10:21:06 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
    2008-11-05 10:21:04 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
    2008-11-05 10:21:04 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
    2008-11-05 10:21:03 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
    2008-11-05 10:21:02 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
    2008-11-05 10:21:02 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
    2008-11-05 10:21:02 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
    2008-11-05 10:21:01 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
    2008-11-05 10:21:01 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
    2008-11-05 10:21:01 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
    2008-11-05 10:21:01 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
    2008-11-05 10:21:00 ----A---- C:\WINDOWS\system32\xinput1_2.dll
    2008-11-05 10:21:00 ----A---- C:\WINDOWS\system32\xinput1_1.dll
    2008-11-05 10:21:00 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
    2008-11-05 10:20:59 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
    2008-11-05 10:20:51 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
    2008-11-05 10:20:51 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
    2008-11-05 10:20:51 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
    2008-11-05 10:20:50 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
    2008-11-05 10:20:50 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
    2008-11-05 10:20:49 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
    2008-11-05 10:20:49 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
    2008-11-05 10:20:48 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
    2008-11-05 10:20:48 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
    2008-11-05 10:20:47 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
    2008-11-05 10:20:11 ----D---- C:\Program Files\Microsoft DirectX SDK (June 2008)
    2008-11-05 10:20:05 ----D---- C:\WINDOWS\Logs
    2008-11-05 10:19:59 ----A---- C:\WINDOWS\dxsdkuninst.exe
    2008-11-05 10:06:15 ----D---- C:\Program Files\Adobe Media Player
    2008-11-05 10:03:01 ----D---- C:\Program Files\Common Files\Adobe AIR
    2008-11-05 09:54:01 ----D---- C:\Program Files\Audacity
    2008-11-05 09:46:11 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-11-05 09:45:35 ----D---- C:\Program Files\Bonjour
    2008-11-05 09:38:50 ----D---- C:\Program Files\Adobe
    2008-11-05 09:35:01 ----D---- C:\Program Files\Common Files\Adobe
    2008-11-05 06:13:46 ----A---- C:\WINDOWS\gmer.ini
    2008-11-05 06:13:45 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2008-11-05 06:13:45 ----A---- C:\WINDOWS\gmer.exe
    2008-11-05 06:13:45 ----A---- C:\WINDOWS\gmer.dll
    2008-11-05 06:13:08 ----D---- C:\gmer
    2008-11-05 05:01:49 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
    2008-11-05 05:01:07 ----D---- C:\Program Files\VideoLAN
    2008-11-05 03:53:44 ----D---- C:\rsit
    2008-11-05 02:48:28 ----D---- C:\WINDOWS\pss
    2008-11-05 02:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB889016$
    2008-11-05 01:46:43 ----D---- C:\Program Files\Microsoft SQL Server
    2008-11-05 01:46:21 ----D---- C:\Program Files\Microsoft Device Emulator
    2008-11-05 01:46:15 ----D---- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
    2008-11-05 01:35:02 ----D---- C:\WINDOWS\Symbols
    2008-11-05 01:35:02 ----D---- C:\Program Files\HTML Help Workshop
    2008-11-05 01:35:02 ----D---- C:\Program Files\Common Files\Merge Modules
    2008-11-05 01:35:02 ----D---- C:\Program Files\Common Files\Business Objects
    2008-11-05 01:35:02 ----D---- C:\Program Files\CE Remote Tools
    2008-11-05 01:35:02 ----D---- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
    2008-11-05 00:00:56 ----D---- C:\Program Files\Remotesoft
    2008-11-04 23:37:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-11-04 23:15:35 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-11-04 23:15:15 ----D---- C:\Program Files\Windows Live
    2008-11-04 23:14:30 ----D---- C:\Program Files\Microsoft Visual Studio 8
    2008-11-04 23:13:06 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-11-04 23:11:37 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2008-11-04 23:07:28 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-11-04 23:06:40 ----D---- C:\WINDOWS\system32\PreInstall
    2008-11-04 23:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
    2008-11-04 23:06:39 ----HD---- C:\WINDOWS\$hf_mig$
    2008-11-04 23:06:36 ----N---- C:\WINDOWS\system32\spmsg.dll
    2008-11-04 22:56:40 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-11-04 22:56:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-11-04 22:56:40 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-11-04 22:56:39 ----D---- C:\WINDOWS\system32\SoftwareDistribution
    2008-11-04 22:56:39 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-11-04 14:24:58 ----A---- C:\WINDOWS\mdm.ini
    2008-11-04 14:23:29 ----A---- C:\WINDOWS\wplog.txt
    2008-11-04 14:23:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2008-11-04 14:23:27 ----D---- C:\Program Files\Web Publish
    2008-11-04 13:50:27 ----A---- C:\WINDOWS\system32\jit.dll
    2008-11-04 13:50:27 ----A---- C:\WINDOWS\system32\javaee.dll
    2008-11-04 13:50:27 ----A---- C:\WINDOWS\setdebug.exe
    2008-11-04 13:50:26 ----A---- C:\WINDOWS\system32\dx3j.dll
    2008-11-04 13:50:20 ----A---- C:\WINDOWS\wjview.exe
    2008-11-04 13:50:20 ----A---- C:\WINDOWS\system32\msjdbc10.dll
    2008-11-04 13:50:19 ----A---- C:\WINDOWS\system32\msawt.dll
    2008-11-04 13:50:19 ----A---- C:\WINDOWS\system32\jdbgmgr.exe
    2008-11-04 13:50:19 ----A---- C:\WINDOWS\system32\javart.dll
    2008-11-04 13:50:19 ----A---- C:\WINDOWS\system32\javaprxy.dll
    2008-11-04 13:50:19 ----A---- C:\WINDOWS\jview.exe
    2008-11-04 13:50:18 ----A---- C:\WINDOWS\system32\javacypt.dll
    2008-11-04 13:50:17 ----A---- C:\WINDOWS\extrac32.exe
    2008-11-04 13:50:17 ----A---- C:\WINDOWS\clspack.exe
    2008-11-04 13:47:11 ----A---- C:\WINDOWS\imagedit.ini
    2008-11-04 13:45:08 ----A---- C:\WINDOWS\.ini
    2008-11-04 13:36:49 ----D---- C:\Program Files\Notepad++
    2008-11-04 13:36:49 ----D---- C:\Documents and Settings\Administrator\Application Data\Notepad++
    2008-11-04 13:33:58 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
    2008-11-04 13:27:42 ----A---- C:\WINDOWS\system32\msonpmon.dll
    2008-11-04 13:26:24 ----D---- C:\Program Files\MSBuild
    2008-11-04 13:21:45 ----RHD---- C:\MSOCache
    2008-11-04 13:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-11-04 13:13:05 ----A---- C:\WINDOWS\ODBC.INI
    2008-11-04 13:12:57 ----A---- C:\WINDOWS\system32\mdimon.dll
    2008-11-04 13:11:38 ----D---- C:\Program Files\Common Files\L&H
    2008-11-04 13:11:22 ----D---- C:\Program Files\Microsoft ActiveSync
    2008-11-04 13:10:51 ----D---- C:\Program Files\Common Files\DESIGNER
    2008-11-04 13:10:48 ----D---- C:\Program Files\Microsoft Works
    2008-11-04 13:10:40 ----D---- C:\Program Files\Microsoft Visual Studio
    2008-11-04 13:10:29 ----D---- C:\WINDOWS\SHELLNEW
    2008-11-04 13:10:25 ----D---- C:\Program Files\Microsoft.NET
    2008-11-04 13:10:24 ----D---- C:\Program Files\Microsoft Office
    2008-11-04 13:07:51 ----D---- C:\Program Files\InstantDemo
    2008-11-04 13:05:17 ----D---- C:\Documents and Settings\Administrator\Application Data\Xfire
    2008-11-04 13:05:15 ----D---- C:\Program Files\Xfire
    2008-11-04 12:15:47 ----A---- C:\WINDOWS\system32\rmoc3260.dll
    2008-11-04 12:15:47 ----A---- C:\WINDOWS\system32\pndx5032.dll
    2008-11-04 12:15:47 ----A---- C:\WINDOWS\system32\pndx5016.dll
    2008-11-04 12:15:47 ----A---- C:\WINDOWS\system32\pncrt.dll
    2008-11-04 12:15:46 ----A---- C:\WINDOWS\system32\unrar.dll
    2008-11-04 12:15:45 ----A---- C:\WINDOWS\system32\yv12vfw.dll
    2008-11-04 12:15:45 ----A---- C:\WINDOWS\system32\Iacenc.dll
    2008-11-04 12:15:45 ----A---- C:\WINDOWS\system32\huffyuv.dll
    2008-11-04 12:15:44 ----A---- C:\WINDOWS\system32\xvidvfw.dll
    2008-11-04 12:15:44 ----A---- C:\WINDOWS\system32\xvidcore.dll
    2008-11-04 12:15:44 ----A---- C:\WINDOWS\system32\x264vfw.dll
    2008-11-04 12:15:44 ----A---- C:\WINDOWS\system32\vp7vfw.dll
    2008-11-04 12:15:44 ----A---- C:\WINDOWS\system32\vp6vfw.dll
    2008-11-04 12:15:43 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-11-04 12:15:43 ----A---- C:\WINDOWS\system32\ff_vfw.dll
    2008-11-04 12:15:42 ----D---- C:\Program Files\K-Lite Codec Pack
    2008-11-04 12:15:42 ----D---- C:\Documents and Settings\All Users\Application Data\Real
    2008-11-04 12:15:42 ----D---- C:\Documents and Settings\Administrator\Application Data\Real
    2008-11-04 12:06:40 ----N---- C:\WINDOWS\system32\pxinsi64.exe
    2008-11-04 12:06:40 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
    2008-11-04 12:06:29 ----D---- C:\Program Files\DivX
    2008-11-04 12:06:07 ----A---- C:\WINDOWS\system32\h323log.txt
    2008-11-04 12:02:54 ----A---- C:\WINDOWS\system32\uniime.dll
    2008-11-04 12:02:49 ----A---- C:\WINDOWS\system32\imjp81k.dll
    2008-11-04 12:02:48 ----A---- C:\WINDOWS\system32\chsbrkr.dll
    2008-11-04 12:02:47 ----A---- C:\WINDOWS\system32\msir3jp.dll
    2008-11-04 12:02:47 ----A---- C:\WINDOWS\system32\korwbrkr.dll
    2008-11-04 12:02:47 ----A---- C:\WINDOWS\system32\chtbrkr.dll
    2008-11-04 12:02:34 ----A---- C:\WINDOWS\system32\kbd101a.dll
    2008-11-04 12:02:34 ----A---- C:\WINDOWS\system32\c_g18030.dll
    2008-11-04 12:02:26 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
    2008-11-04 12:02:26 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
    2008-11-04 12:02:26 ----A---- C:\WINDOWS\system32\kbdnec95.dll
    2008-11-04 12:02:26 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
    2008-11-04 12:02:26 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
    2008-11-04 12:02:26 ----A---- C:\WINDOWS\system32\kbdibm02.dll
    2008-11-04 12:02:26 ----A---- C:\WINDOWS\system32\kbdax2.dll
    2008-11-04 12:02:26 ----A---- C:\WINDOWS\system32\kbd106n.dll
    2008-11-04 12:02:26 ----A---- C:\WINDOWS\system32\kbd101.dll
    2008-11-04 12:02:26 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
    2008-11-04 12:02:04 ----A---- C:\WINDOWS\system32\kbdkor.dll
    2008-11-04 12:02:04 ----A---- C:\WINDOWS\system32\kbdjpn.dll
    2008-11-04 12:02:04 ----A---- C:\WINDOWS\system32\kbd106.dll
    2008-11-04 12:02:04 ----A---- C:\WINDOWS\system32\kbd103.dll
    2008-11-04 12:02:04 ----A---- C:\WINDOWS\system32\kbd101c.dll
    2008-11-04 12:02:04 ----A---- C:\WINDOWS\system32\kbd101b.dll
    2008-11-04 12:02:04 ----A---- C:\WINDOWS\system32\c_is2022.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdintel.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdintam.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdindev.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
    2008-11-04 12:02:03 ----RA---- C:\WINDOWS\system32\kbdarme.dll
    2008-11-04 12:02:03 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
    2008-11-04 12:02:03 ----A---- C:\WINDOWS\system32\c_iscii.dll
    2008-11-04 12:02:02 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
    2008-11-04 12:02:01 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
    2008-11-04 12:02:00 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
    2008-11-04 12:02:00 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
    2008-11-04 12:02:00 ----RA---- C:\WINDOWS\system32\kbdfa.dll
    2008-11-04 12:02:00 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
    2008-11-04 12:02:00 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
    2008-11-04 12:02:00 ----RA---- C:\WINDOWS\system32\kbda3.dll
    2008-11-04 12:02:00 ----RA---- C:\WINDOWS\system32\kbda2.dll
    2008-11-04 12:02:00 ----RA---- C:\WINDOWS\system32\kbda1.dll
    2008-11-04 12:02:00 ----A---- C:\WINDOWS\system32\kbdusa.dll
    2008-11-04 12:01:58 ----RA---- C:\WINDOWS\system32\kbdheb.dll
    2008-11-04 12:01:48 ----RA---- C:\WINDOWS\system32\kbdth3.dll
    2008-11-04 12:01:48 ----RA---- C:\WINDOWS\system32\kbdth2.dll
    2008-11-04 12:01:48 ----RA---- C:\WINDOWS\system32\kbdth1.dll
    2008-11-04 12:01:48 ----RA---- C:\WINDOWS\system32\kbdth0.dll
    2008-11-04 12:01:47 ----A---- C:\WINDOWS\system32\ftlx041e.dll
    2008-11-04 11:53:55 ----A---- C:\WINDOWS\system32\hidserv.dll
    2008-11-04 11:52:22 ----A---- C:\WINDOWS\system32\usbui.dll
    2008-11-04 11:50:58 ----A---- C:\WINDOWS\imsins.BAK
    2008-11-04 11:50:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-11-04 11:50:55 ----SHD---- C:\WINDOWS\Installer
    2008-11-04 11:50:55 ----D---- C:\Program Files\Common Files\ODBC
    2008-11-04 11:50:55 ----A---- C:\WINDOWS\ODBCINST.INI
    2008-11-04 11:50:51 ----D---- C:\Program Files\Common Files\SpeechEngines
    2008-11-04 11:50:50 ----RD---- C:\Program Files
    2008-11-04 11:50:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-11-04 11:50:50 ----D---- C:\Program Files\Common Files
    2008-11-04 11:50:47 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
    2008-11-04 11:50:47 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
    2008-11-04 11:50:47 ----RA---- C:\WINDOWS\system32\kbdazel.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdycc.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbduzb.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdur.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdtat.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdru1.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdru.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdmon.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdbu.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdblr.dll
    2008-11-04 11:50:45 ----RA---- C:\WINDOWS\system32\kbdaze.dll
    2008-11-04 11:50:43 ----RA---- C:\WINDOWS\system32\kbdhept.dll
    2008-11-04 11:50:43 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
    2008-11-04 11:50:43 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
    2008-11-04 11:50:43 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
    2008-11-04 11:50:43 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
    2008-11-04 11:50:43 ----RA---- C:\WINDOWS\system32\kbdhe.dll
    2008-11-04 11:50:43 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
    2008-11-04 11:50:42 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
    2008-11-04 11:50:42 ----RA---- C:\WINDOWS\system32\kbdlt.dll
    2008-11-04 11:50:41 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
    2008-11-04 11:50:41 ----RA---- C:\WINDOWS\system32\kbdlv.dll
    2008-11-04 11:50:41 ----RA---- C:\WINDOWS\system32\kbdest.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdycl.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdsl.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdro.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdpl.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdhu.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdcz.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\kbdcr.dll
    2008-11-04 11:50:39 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
    2008-11-04 11:50:37 ----A---- C:\WINDOWS\system32\irclass.dll
    2008-11-04 11:50:37 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
    2008-11-04 11:50:36 ----A---- C:\WINDOWS\system32\spxcoins.dll
    2008-11-04 11:50:36 ----A---- C:\WINDOWS\system32\EqnClass.Dll
    2008-11-04 11:50:36 ----A---- C:\WINDOWS\system32\dgsetup.dll
    2008-11-04 11:50:34 ----N---- C:\WINDOWS\system32\CONFIG.TMP
    2008-11-04 11:50:34 ----A---- C:\WINDOWS\TASKMAN.EXE
    2008-11-04 11:50:34 ----A---- C:\WINDOWS\system32\batt.dll
    2008-11-04 11:50:33 ----A---- C:\WINDOWS\NOTEPAD.EXE
    2008-11-04 11:50:30 ----A---- C:\WINDOWS\system32\storprop.dll
    2008-11-04 11:50:23 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
    2008-11-04 11:50:19 ----RA---- C:\WINDOWS\SET8.tmp
    2008-11-04 11:50:17 ----RA---- C:\WINDOWS\SET4.tmp
    2008-11-04 11:50:16 ----RA---- C:\WINDOWS\SET3.tmp
    2008-11-04 11:50:12 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-11-04 11:50:12 ----D---- C:\WINDOWS\system32\CatRoot
    2008-11-04 11:50:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-11-04 11:49:43 ----A---- C:\WINDOWS\setuplog.txt
    2008-11-04 11:49:39 ----SHD---- C:\System Volume Information
    2008-11-04 11:49:39 ----D---- C:\Documents and Settings
    2008-11-04 11:48:38 ----SH---- C:\boot.ini
    2008-11-04 11:45:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-11-04 11:45:28 ----RSD---- C:\WINDOWS\Fonts
    2008-11-04 11:45:28 ----RD---- C:\WINDOWS\Web
    2008-11-04 11:45:28 ----HD---- C:\WINDOWS\inf
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\WinSxS
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\twain_32
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\Temp
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\wins
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\wbem
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\usmt
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\spool
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\ShellExt
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\Setup
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\ras
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\npp
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\mui
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\inetsrv
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\IME
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\icsxml
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\ias
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\export
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\drivers
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\dhcp
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\config
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\3com_dmi
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\3076
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\2052
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\1054
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\1042
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\1041
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\1037
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\1033
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\1031
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\1028
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32\1025
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system32
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\system
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\security
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\Resources
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\repair
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\Provisioning
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\PeerNet
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\pchealth
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\mui
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\msapps
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\msagent
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\Media
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\java
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\ime
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\Help
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\ehome
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\Driver Cache
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\Debug
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\Cursors
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\Connection Wizard
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\Config
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\AppPatch
    2008-11-04 11:45:28 ----D---- C:\WINDOWS\addins
    2008-11-04 11:45:28 ----D---- C:\WINDOWS
    2008-11-04 11:29:25 ----D---- C:\Program Files\BitSpirit
    2008-11-04 11:27:11 ----D---- C:\Program Files\PE Explorer
    2008-11-04 11:24:07 ----D---- C:\WINDOWS\RegisteredPackages
    2008-11-04 11:23:55 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR
    2008-11-04 11:22:52 ----N---- C:\WINDOWS\system32\pxinsa64.exe
    2008-11-04 11:22:52 ----N---- C:\WINDOWS\system32\pxhpinst.exe
    2008-11-04 11:22:52 ----N---- C:\WINDOWS\system32\pxcpya64.exe
    2008-11-04 11:22:52 ----N---- C:\WINDOWS\system32\pxafs.dll
    2008-11-04 11:22:51 ----N---- C:\WINDOWS\system32\vxblock.dll
    2008-11-04 11:22:51 ----N---- C:\WINDOWS\system32\pxwave.dll
    2008-11-04 11:22:51 ----N---- C:\WINDOWS\system32\pxsfs.dll
    2008-11-04 11:22:51 ----N---- C:\WINDOWS\system32\pxmas.dll
    2008-11-04 11:22:51 ----N---- C:\WINDOWS\system32\pxdrv.dll
    2008-11-04 11:22:51 ----N---- C:\WINDOWS\system32\px.dll
    2008-11-04 11:22:49 ----D---- C:\Program Files\Winamp
    2008-11-04 11:22:49 ----D---- C:\Documents and Settings\Administrator\Application Data\Winamp
    2008-11-04 11:15:20 ----D---- C:\WINDOWS\system32\LogFiles
    2008-11-04 11:14:43 ----D---- C:\WINDOWS\system32\AGEIA
    2008-11-04 11:14:42 ----D---- C:\Program Files\AGEIA Technologies
    2008-11-04 11:14:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-11-04 11:14:00 ----D---- C:\WINDOWS\nview
    2008-11-04 11:14:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
    2008-11-04 11:13:27 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
    2008-11-04 11:13:15 ----D---- C:\NVIDIA
    2008-11-04 10:56:20 ----D---- C:\Program Files\WinRAR
    2008-11-04 10:54:49 ----D---- C:\Program Files\Kaspersky Lab
    2008-11-04 10:54:49 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-11-04 10:53:30 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-11-04 10:52:24 ----RSD---- C:\WINDOWS\assembly
    2008-11-04 10:52:24 ----D---- C:\WINDOWS\system32\URTTemp
    2008-11-04 10:52:24 ----D---- C:\WINDOWS\Microsoft.NET
    2008-11-04 10:50:23 ----A---- C:\WINDOWS\system32\BASSMOD.dll
    2008-11-04 10:43:07 ----D---- C:\WINDOWS\system32\Lang
    2008-11-04 10:37:49 ----D---- C:\Program Files\PowerISO
    2008-11-04 10:35:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
    2008-11-04 10:35:34 ----D---- C:\Program Files\Mozilla Firefox
    2008-11-04 10:31:06 ----R---- C:\WINDOWS\system32\ChCfg.exe
    2008-11-04 10:30:44 ----D---- C:\WINDOWS\system32\RTCOM
    2008-11-04 10:30:42 ----A---- C:\WINDOWS\system32\ksuser.dll
    2008-11-04 10:30:38 ----R---- C:\WINDOWS\SoundMan.exe
    2008-11-04 10:30:37 ----R---- C:\WINDOWS\SkyTel.exe
    2008-11-04 10:30:36 ----R---- C:\WINDOWS\RtlUpd.exe
    2008-11-04 10:30:32 ----R---- C:\WINDOWS\RTLCPL.exe
    2008-11-04 10:30:26 ----R---- C:\WINDOWS\RTHDCPL.exe
    2008-11-04 10:30:25 ----R---- C:\WINDOWS\MicCal.exe
    2008-11-04 10:30:17 ----D---- C:\WINDOWS\OPTIONS
    2008-11-04 10:30:14 ----R---- C:\WINDOWS\Alcmtr.exe
    2008-11-04 10:30:02 ----R---- C:\WINDOWS\alcwzrd.exe
    2008-11-04 10:30:01 ----D---- C:\Program Files\Realtek
    2008-11-04 10:29:58 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-11-04 10:29:55 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield
    2008-11-04 10:29:54 ----R---- C:\WINDOWS\RtlExUpd.dll
    2008-11-04 10:29:45 ----D---- C:\Program Files\Common Files\InstallShield
    2008-11-04 10:29:27 ----A---- C:\WINDOWS\system32\spupdsvc.exe
    2008-11-04 10:29:26 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
    2008-11-04 10:27:22 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2008-11-04 10:27:21 ----D---- C:\Program Files\Intel
    2008-11-04 10:15:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
    2008-11-04 10:15:27 ----HD---- C:\Program Files\Uninstall Information
    2008-11-04 10:15:21 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
    2008-11-04 10:15:20 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-11-04 10:13:42 ----D---- C:\WINDOWS\SoftwareDistribution
    2008-11-04 10:13:41 ----D---- C:\WINDOWS\Prefetch
    2008-11-04 10:13:40 ----SD---- C:\WINDOWS\system32\Microsoft
    2008-11-04 10:13:40 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-11-04 10:11:00 ----D---- C:\WINDOWS\system32\xircom
    2008-11-04 10:11:00 ----D---- C:\Program Files\xerox
    2008-11-04 10:11:00 ----D---- C:\Program Files\microsoft frontpage
    2008-11-04 10:10:45 ----A---- C:\WINDOWS\control.ini
    2008-11-04 10:10:45 ----A---- C:\AUTOEXEC.BAT
    2008-11-04 10:10:35 ----A---- C:\WINDOWS\OEWABLog.txt
    2008-11-04 10:10:32 ----A---- C:\WINDOWS\system32\mapi32.dll
    2008-11-04 10:09:42 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-11-04 10:09:42 ----RD---- C:\WINDOWS\Offline Web Pages
    2008-11-04 10:09:42 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
    2008-11-04 10:09:36 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2008-11-04 10:09:31 ----HD---- C:\Program Files\WindowsUpdate
    2008-11-04 10:09:14 ----D---- C:\WINDOWS\system32\DirectX
    2008-11-04 10:08:59 ----A---- C:\WINDOWS\system32\atrace.dll
    2008-11-04 10:08:57 ----A---- C:\WINDOWS\system32\desktop.ini
    2008-11-04 10:08:57 ----A---- C:\WINDOWS\desktop.ini
    2008-11-04 10:08:52 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
    2008-11-04 10:08:51 ----A---- C:\WINDOWS\system32\acctres.dll
    2008-11-04 10:08:50 ----D---- C:\Program Files\Common Files\Services
    2008-11-04 10:08:48 ----SD---- C:\WINDOWS\Tasks
    2008-11-04 10:08:48 ----D---- C:\Program Files\Common Files\MSSoap
    2008-11-04 10:08:48 ----A---- C:\WINDOWS\system32\icfgnt5.dll
    2008-11-04 10:08:45 ----D---- C:\WINDOWS\srchasst
    2008-11-04 10:08:42 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-11-04 10:08:42 ----A---- C:\WINDOWS\system32\wups.dll
    2008-11-04 10:08:42 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-11-04 10:08:42 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2008-11-04 10:08:42 ----A---- C:\WINDOWS\system32\wuaueng1.dll
    2008-11-04 10:08:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-11-04 10:08:42 ----A---- C:\WINDOWS\system32\wuauclt1.exe
    2008-11-04 10:08:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-11-04 10:08:41 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-11-04 10:08:41 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2008-11-04 10:08:41 ----A---- C:\WINDOWS\system32\qmgr.dll
    2008-11-04 10:08:41 ----A---- C:\WINDOWS\system32\bitsprx3.dll
    2008-11-04 10:08:41 ----A---- C:\WINDOWS\system32\bitsprx2.dll
    2008-11-04 10:08:38 ----D---- C:\Program Files\Movie Maker
    2008-11-04 10:08:35 ----A---- C:\WINDOWS\system32\safrslv.dll
    2008-11-04 10:08:35 ----A---- C:\WINDOWS\system32\safrdm.dll
    2008-11-04 10:08:35 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2008-11-04 10:08:35 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2008-11-04 10:08:33 ----A---- C:\WINDOWS\system32\fltMc.exe
    2008-11-04 10:08:33 ----A---- C:\WINDOWS\system32\fltlib.dll
    2008-11-04 10:08:32 ----D---- C:\WINDOWS\system32\Restore
    2008-11-04 10:08:32 ----A---- C:\WINDOWS\system32\srsvc.dll
    2008-11-04 10:08:32 ----A---- C:\WINDOWS\system32\srrstr.dll
    2008-11-04 10:08:32 ----A---- C:\WINDOWS\system32\srclient.dll
    2008-11-04 10:08:32 ----A---- C:\WINDOWS\system32\ils.dll
    2008-11-04 10:08:31 ----A---- C:\WINDOWS\system32\nmmkcert.dll
    2008-11-04 10:08:31 ----A---- C:\WINDOWS\system32\msconf.dll
    2008-11-04 10:08:31 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
    2008-11-04 10:08:31 ----A---- C:\WINDOWS\system32\mnmdd.dll
    2008-11-04 10:08:31 ----A---- C:\WINDOWS\system32\isrdbg32.dll
    2008-11-04 10:08:29 ----D---- C:\Program Files\NetMeeting
    2008-11-04 10:08:29 ----A---- C:\WINDOWS\system32\msoert2.dll
    2008-11-04 10:08:29 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2008-11-04 10:08:28 ----A---- C:\WINDOWS\system32\inetres.dll
    2008-11-04 10:08:28 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2008-11-04 10:08:27 ----D---- C:\Program Files\Outlook Express
    2008-11-04 10:08:27 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2008-11-04 10:08:27 ----A---- C:\WINDOWS\system32\mstinit.exe
    2008-11-04 10:08:26 ----A---- C:\WINDOWS\system32\mstask.dll
    2008-11-04 10:08:26 ----A---- C:\WINDOWS\system32\isign32.dll
    2008-11-04 10:08:26 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2008-11-04 10:08:26 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2008-11-04 10:08:26 ----A---- C:\WINDOWS\system32\icwdial.dll
    2008-11-04 10:08:22 ----D---- C:\Program Files\Common Files\System
    2008-11-04 10:08:21 ----D---- C:\Program Files\Internet Explorer
    2008-11-04 10:07:52 ----D---- C:\Program Files\ComPlus Applications
    2008-11-04 10:07:46 ----D---- C:\WINDOWS\Registration
    2008-11-04 10:07:39 ----D---- C:\Program Files\Windows Media Player
    2008-11-04 10:07:39 ----D---- C:\Program Files\Online Services
    2008-11-04 10:07:34 ----D---- C:\Program Files\Messenger
    2008-11-04 10:07:31 ----D---- C:\Program Files\MSN Gaming Zone
    2008-11-04 10:07:31 ----A---- C:\WINDOWS\system32\write.exe
    2008-11-04 10:07:24 ----A---- C:\WINDOWS\system32\winchat.exe
    2008-11-04 10:07:24 ----A---- C:\WINDOWS\system32\sndvol32.exe
    2008-11-04 10:07:24 ----A---- C:\WINDOWS\system32\hticons.dll
    2008-11-04 10:07:24 ----A---- C:\WINDOWS\system32\avwav.dll
    2008-11-04 10:07:24 ----A---- C:\WINDOWS\system32\avtapi.dll
    2008-11-04 10:07:24 ----A---- C:\WINDOWS\system32\avmeter.dll
    2008-11-04 10:07:19 ----A---- C:\WINDOWS\system32\getuname.dll
    2008-11-04 10:07:19 ----A---- C:\WINDOWS\system32\charmap.exe
    2008-11-04 10:07:18 ----A---- C:\WINDOWS\system32\winmine.exe
    2008-11-04 10:07:18 ----A---- C:\WINDOWS\system32\sol.exe
    2008-11-04 10:07:18 ----A---- C:\WINDOWS\system32\mshearts.exe
    2008-11-04 10:07:18 ----A---- C:\WINDOWS\system32\freecell.exe
    2008-11-04 10:07:18 ----A---- C:\WINDOWS\system32\calc.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\usrlogon.cmd
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\tsshutdn.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\tslabels.ini
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\tskill.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\tsdiscon.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\tscon.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\shadow.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\rwinsta.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\reset.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\regini.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\qwinsta.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\qappsrv.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\msg.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\logoff.exe
    2008-11-04 10:07:17 ----A---- C:\WINDOWS\system32\cdmodem.dll
    2008-11-04 10:07:16 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2008-11-04 10:07:16 ----A---- C:\WINDOWS\system32\mtxex.dll
    2008-11-04 10:07:16 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2008-11-04 10:07:16 ----A---- C:\WINDOWS\system32\msdtcprf.ini
    2008-11-04 10:07:16 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2008-11-04 10:07:16 ----A---- C:\WINDOWS\system32\comaddin.dll
    2008-11-04 10:07:15 ----A---- C:\WINDOWS\system32\stclient.dll
    2008-11-04 10:07:15 ----A---- C:\WINDOWS\system32\comsnap.dll
    2008-11-04 10:07:15 ----A---- C:\WINDOWS\system32\comrepl.dll
    2008-11-04 10:07:11 ----A---- C:\WINDOWS\system32\wmimgmt.msc
    2008-11-04 10:07:04 ----D---- C:\Program Files\MSN
    2008-11-04 10:07:03 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2008-11-04 10:07:03 ----A---- C:\WINDOWS\system32\mplay32.exe
    2008-11-04 10:07:03 ----A---- C:\WINDOWS\system32\hypertrm.dll
    2008-11-04 10:07:03 ----A---- C:\WINDOWS\system32\accwiz.exe
    2008-11-04 10:07:02 ----D---- C:\Program Files\Windows NT
    2008-11-04 10:07:02 ----A---- C:\WINDOWS\system32\spider.exe
    2008-11-04 10:07:02 ----A---- C:\WINDOWS\system32\mspaint.exe
    2008-11-04 10:07:02 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2008-11-04 10:07:01 ----A---- C:\WINDOWS\system32\tscupgrd.exe
    2008-11-04 10:07:01 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2008-11-04 10:07:01 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2008-11-04 10:07:01 ----A---- C:\WINDOWS\system32\remotepg.dll
    2008-11-04 10:07:01 ----A---- C:\WINDOWS\system32\rdshost.exe
    2008-11-04 10:07:01 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2008-11-04 10:07:01 ----A---- C:\WINDOWS\system32\rdchost.dll
    2008-11-04 10:07:01 ----A---- C:\WINDOWS\system32\mstscax.dll
    2008-11-04 10:07:01 ----A---- C:\WINDOWS\system32\mstsc.exe
    2008-11-04 10:07:00 ----D---- C:\WINDOWS\system32\MsDtc
    2008-11-04 10:07:00 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-11-04 10:07:00 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2008-11-04 10:07:00 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2008-11-04 10:07:00 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2008-11-04 10:07:00 ----A---- C:\WINDOWS\system32\qprocess.exe
    2008-11-04 10:07:00 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2008-11-04 10:07:00 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2008-11-04 10:07:00 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2008-11-04 10:07:00 ----A---- C:\WINDOWS\system32\icaapi.dll
    2008-11-04 10:07:00 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2008-11-04 10:06:59 ----D---- C:\WINDOWS\system32\Com
    2008-11-04 10:06:59 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2008-11-04 10:06:59 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2008-11-04 10:06:59 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2008-11-04 10:06:59 ----A---- C:\WINDOWS\system32\msdtc.exe
    2008-11-04 10:06:59 ----A---- C:\WINDOWS\system32\colbact.dll
    2008-11-04 10:06:58 ----A---- C:\WINDOWS\system32\comuid.dll
    2008-11-04 10:06:58 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2008-11-04 10:06:58 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2008-11-04 10:06:58 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2008-11-04 10:06:58 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2008-11-04 10:06:58 ----A---- C:\WINDOWS\system32\catsrv.dll
    2008-11-04 10:06:57 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2008-11-04 10:06:50 ----A---- C:\WINDOWS\system32\servdeps.dll
    2008-11-04 10:06:50 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2008-11-04 10:06:50 ----A---- C:\WINDOWS\system32\licwmi.dll
    2008-11-04 10:06:50 ----A---- C:\WINDOWS\system32\cmprops.dll
    2008-10-30 03:24:22 ----A---- C:\WINDOWS\system32\xfcodec.dll
    
    ======List of files/folders modified in the last 1 months======
    
    2008-11-06 06:36:26 ----A---- C:\WINDOWS\win.ini
    2008-11-04 12:05:29 ----A---- C:\WINDOWS\system.ini
    2008-10-15 18:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2007-12-29 49536]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-11-04 213008]
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-06-12 56108]
    R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
    R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
    R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S3 ajysnka9;ajysnka9; C:\WINDOWS\system32\drivers\ajysnka9.sys []
    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-05 85969]
    S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys []
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
    R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-07-12 335872]
    R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
    R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
    R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger; M:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
    
    -----------------EOF-----------------
    Code:
    info.txt logfile of random's system information tool 1.04 2008-11-05 03:53:50
    
    ======Uninstall list======
    
    -->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    BitSpirit v3.2.2.215 Stable-->"C:\Program Files\BitSpirit\unins000.exe"
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\HijackThis.exe" /uninstall
    Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
    Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
    K-Lite Mega Codec Pack 3.9.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
    Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
    Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
    Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
    Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server Native Client-->MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
    Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
    Microsoft SQL Server VSS Writer-->MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
    Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Microsoft Visual Studio 2005 Tools for Office Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
    Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
    Microsoft VM for Java-->RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
    Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
    Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
    REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9  -removeonly
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
    Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Hotfix - KB889016-->C:\WINDOWS\$NtUninstallKB889016$\spuninst\spuninst.exe
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
    
    ======Security center information======
    
    AV: Kaspersky Internet Security (disabled)
    FW: Kaspersky Internet Security (disabled)
    
    ======Environment variables======
    
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
    "PROCESSOR_REVISION"=0409
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "VS80COMNTOOLS"=M:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
    
    -----------------EOF-----------------
    - Thanks, DEPwns,
    Geändert von DEPwns (08.11.2008 um 06:25 Uhr)

  8. #18
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

    That is good there.

    Well Malware Bytes didn't dectect anything except the "StartMenuLogOff" which he always detects as bad.
    Since you did not have Malwarebytes make that correction, why do you say it always finds it? You have your user name logoff hidden in the Start menu for a reason? Are you still getting the DEP notices?
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  9. #19
    Einsteiger
    Registriert seit
    04.11.2008
    Beiträge
    12

    Re: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

    It's good to hear that.....

    Since you did not have Malwarebytes make that correction, why do you say it always finds it? You have your user name logoff hidden in the Start menu for a reason? Are you still getting the DEP notices?
    well, actually i didn't make it to correct that value/key since i thought it was gonna delete it, and i said that because i did make scan with Malwarebytes before and it always detected the same value as bad.

    I just performed another scan, and it corrected the key by deleting it, so i didn't find my "Log off.." item on the StartMenu, then i Right Clicked my Taskbar -> StartMenu -> Customize (Classic StartMenu) -> checked Display Log off, then performed another scan and it detected it again! so you think it's false positive or...?

    By the way, I'm i safe now?

    - Thank you very much Jintan for your highly appreciated help
    - DEPwns,

  10. #20
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Serious Problem (Data execution prevention of Generic Host Process) - Logs inside

    Malwarebytes, for those registry entries, makes corrections, not deletions. It changes this:

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Advanced]
    "StartMenuLogOff"=dword:00000001

    To this:

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Advanced]
    "StartMenuLogOff"=dword:00000000

    User Start menu changes are not completed until you reboot, so you will not see an immediate fix until you do that.

    No malware is showing in logs now, but with the changes made in the past it would be good to do an online scan to be sure. Then we can just clean up what we added there to be done.


    Go Here and download ATF Cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

    If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.


    Then Go here for an online AV scan. Follow all prompts to Allow all ActiveX objects to install. If your AV alerts you while the scan installs ignore this - Panda's Active Scan method is often mistaken for infection activity.

    When the scan completes do not click any of the disinfection links provided. Click the small "Export to:" button and save the log file to your desktop. Then copy the contents of that ActiveScan.txt file back here for review please.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

Seite 2 von 3 ErsteErste 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Antworten: 0
    Letzter Beitrag: 29.07.2008, 16:25
  2. Antworten: 5
    Letzter Beitrag: 11.12.2007, 04:20
  3. Antworten: 1
    Letzter Beitrag: 30.04.2007, 18:20
  4. Antworten: 4
    Letzter Beitrag: 22.08.2006, 04:47
  5. Antworten: 1
    Letzter Beitrag: 14.08.2006, 13:34

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •