Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

 
 Closed TopicStart new topic
> [Closed] Lots of Problems, Possible Spyware/Virus/Malware
syxxpac316
post Oct 7 2008, 10:18 PM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 26
Joined: 12-July 06
Member No.: 58,334
Operating System: Windows XP
I am having lots of problems with my Dell Laptop. I have spybot search and destroy and AVG installed. I ran both and deleted the files that were found to be suspicous. I am having trouble installing Windows XP Service Pack 3 and Java JDK 1.6. due to registry problems i think. Also this crazy thing happens when my computer has been idle for a few minutes where these cockroach looking things start eating away at my desktop. After i move the mouse they are gone, but its no screensaver. My computer is really jacked I could really use some advice please. Below is my HijackThis File.THANKS!

Logfile of HijackThis v1.99.1
Scan saved at 23:14:13, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [lphcnocj0eac5] C:\WINDOWS\system32\lphcnocj0eac5.exe
O4 - HKLM\..\Run: [SMshcgocj0eac5] C:\Program Files\shcgocj0eac5\shcgocj0eac5.exe
O4 - HKLM\..\Run: [lanmanwrk.exe clean] C:\WINDOWS\System32\lanmanwrk.exe clean
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

This post has been edited by syxxpac316: Oct 7 2008, 10:21 PM
Go to the top of the page
 
+Quote Post
IndiGenus
post Oct 8 2008, 12:51 PM
Post #2


Anti-Malware Buddha
Group Icon

Group: Classroom Teacher
Posts: 3,533
Joined: 22-July 04
From: New England, USA
Member No.: 10,811
Operating System: Windows XP Pro SP3 ~ Vista Ultimate ~ Ubuntu Linux
Hi and welcome back to the forums here at WTT. biggrin.gif

First, use Use ATF Cleaner to remove temp files,
cookies, cache, ect...
Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply..

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next,
  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Go to the top of the page
 
+Quote Post
syxxpac316
post Oct 8 2008, 06:44 PM
Post #3


Authentic Member
**

Group: Authentic Member
Posts: 26
Joined: 12-July 06
Member No.: 58,334
Operating System: Windows XP
First of all i wanna say thanks for responding so quickly...i did as i was instructed...below are the three log files.
Thanks

Malwarebytes' Anti-Malware 1.28
Database version: 1244
Windows 5.1.2600 Service Pack 2

10/8/2008 7:38:27 PM
mbam-log-2008-10-08 (19-38-27).txt

Scan type: Quick Scan
Objects scanned: 52387
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 9
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winah87 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\winah87 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winah87 (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lanmanwrk.exe clean (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcnocj0eac5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smshcgocj0eac5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\shcgocj0eac5 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\shcgocj0eac5\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\blphcnocj0eac5.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\shcgocj0eac5\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcgocj0eac5\log.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcgocj0eac5\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcgocj0eac5\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcgocj0eac5\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcgocj0eac5\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcgocj0eac5\shcgocj0eac5.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcgocj0eac5\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\TmpRecentIcons\Ultimate Cleaner 2007.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winah87.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Suketu at 2008-10-08 19:40:59
Microsoft Windows XP Professional Service Pack 2
System drive C: has 51 GB (72%) free of 72 GB
Total RAM: 1023 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:22, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Desktop\RSIT.exe
C:\Program Files\trend micro\Suketu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10105 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-03 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-26 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-02-17 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-07 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-02-17 2403392]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-26 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
""= []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-09-01 684032]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2006-01-18 8192]
"BuildBU"=c:\dell\bldbubg.exe [2005-12-14 61440]
"MediaPipe P2P Loader"=C:\Program Files\p2pnetworks\mpp2pl.exe /H []
"dlccmon.exe"=C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe [2005-07-22 425984]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-06-14 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-07-30 282624]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-02-17 185896]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-05 1234712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-06 68856]
"DW4"=C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe []
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 []
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winah87.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfm53.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ygN06.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winah87.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winfm53.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ygN06.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\p2pnetworks\p2pnetworks.exe"="C:\Program Files\p2pnetworks\p2pnetworks.exe:*:Enabled:P2PNetworks"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Disabled:java"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\LMIFC.tmp\lmi_rescue.exe"="C:\WINDOWS\LMIFC.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\WINDOWS\LMI2.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI2.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\SwarmPlayer\swarmplayer.exe"="C:\Program Files\SwarmPlayer\swarmplayer.exe:*:Enabled:swarmplayer"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 3 months======

2008-10-08 19:40:59 ----D---- C:\rsit
2008-10-08 19:28:17 ----D---- C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\Malwarebytes
2008-10-08 19:28:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 19:28:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 23:13:19 ----D---- C:\Program Files\Hijackthis
2008-10-07 23:12:23 ----D---- C:\WINDOWS\ERDNT
2008-10-07 23:11:44 ----D---- C:\Program Files\ERUNT
2008-10-07 22:31:08 ----D---- C:\BlueJ
2008-10-06 21:46:39 ----D---- C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\WinRAR
2008-10-06 21:45:02 ----A---- C:\WINDOWS\system32\unrar.dll
2008-10-06 21:45:01 ----A---- C:\WINDOWS\avisplitter.ini
2008-10-06 21:45:00 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-06 21:45:00 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-06 21:45:00 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-06 21:44:59 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-10-06 21:44:59 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-10-06 21:44:59 ----A---- C:\WINDOWS\system32\divx.dll
2008-10-06 21:44:58 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-06 21:44:58 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-10-06 21:44:57 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-06 21:35:57 ----D---- C:\Program Files\Creative
2008-10-06 20:52:59 ----D---- C:\Program Files\WinRAR
2008-10-06 20:30:34 ----D---- C:\WINDOWS\Prefetch
2008-10-06 20:00:40 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-10-06 20:00:40 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-06 19:59:29 ----A---- C:\WINDOWS\system32\autochk.exe
2008-10-06 19:59:29 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-10-06 19:59:28 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-10-06 19:59:28 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-10-06 19:59:28 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-10-06 19:59:28 ----A---- C:\WINDOWS\system32\cmd.exe
2008-10-06 19:59:28 ----A---- C:\WINDOWS\system32\cacls.exe
2008-10-06 19:59:28 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\printui.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\locator.exe
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\localspl.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\ftp.exe
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\format.com
2008-10-06 19:59:27 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\smss.exe
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\services.exe
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\schannel.dll
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\savedump.exe
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\samlib.dll
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\rasman.dll
2008-10-06 19:59:26 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-10-06 19:59:25 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-10-06 19:59:25 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-10-06 19:59:25 ----A---- C:\WINDOWS\system32\userinit.exe
2008-10-06 19:59:25 ----A---- C:\WINDOWS\system32\untfs.dll
2008-10-06 19:59:25 ----A---- C:\WINDOWS\system32\ulib.dll
2008-10-06 19:59:25 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-10-06 19:59:25 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-10-06 19:59:21 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-10-06 19:59:21 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-10-06 19:59:21 ----A---- C:\WINDOWS\system32\hal.dll
2008-10-06 19:40:55 ----D---- C:\Program Files\uTorrent
2008-10-06 19:40:52 ----D---- C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\uTorrent
2008-10-06 00:29:16 ----D---- C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\.SwarmPlayer
2008-10-06 00:29:00 ----D---- C:\Documents and Settings\Suketu.SUKETURAVIPATEL\Application Data\.Tribler
2008-10-06 00:28:07 ----D---- C:\Program Files\SwarmPlayer
2008-10-05 22:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-05 22:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-05 22:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-05 22:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-05 22:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-05 22:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-05 22:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-05 22:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-05 22:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-05 21:59:40 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-07-27 12:50:44 ----N---- C:\WINDOWS\system32\_003622_.tmp.dll
2008-07-27 12:50:44 ----N---- C:\WINDOWS\system32\_003621_.tmp.dll
2008-07-27 12:49:51 ----N---- C:\WINDOWS\system32\_003619_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003614_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003613_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003612_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003611_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003610_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003607_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003606_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003605_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003604_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003602_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003599_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003597_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003596_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003592_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003591_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003586_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003583_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003582_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003581_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003574_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003569_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003564_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003561_.tmp.dll
2008-07-27 12:49:50 ----N---- C:\WINDOWS\system32\_003559_.tmp.dll
2008-07-27 12:49:49 ----N---- C:\WINDOWS\system32\_003556_.tmp.dll
2008-07-27 12:49:49 ----N---- C:\WINDOWS\system32\_003555_.tmp.dll
2008-07-27 12:49:47 ----N---- C:\WINDOWS\system32\_003512_.tmp.dll
2008-07-27 12:49:47 ----N---- C:\WINDOWS\system32\_003509_.tmp.dll
2008-07-27 12:49:46 ----N---- C:\WINDOWS\system32\_003503_.tmp.dll
2008-07-27 12:49:46 ----N---- C:\WINDOWS\system32\_003494_.tmp.dll
2008-07-27 11:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-07-27 11:39:37 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-07-27 11:39:35 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-07-27 11:39:11 ----D---- C:\Program Files\Windows Media Connect 2
2008-07-27 11:37:46 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-07-27 11:37:06 ----D---- C:\WINDOWS\system32\LogFiles
2008-07-27 11:37:00 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-07-27 11:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2008-07-27 02:40:52 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 02:02:21 ----N---- C:\WINDOWS\system32\_003588_.tmp.dll
2008-07-27 02:02:21 ----N---- C:\WINDOWS\system32\_003587_.tmp.dll
2008-07-27 02:01:28 ----N---- C:\WINDOWS\system32\_003585_.tmp.dll
2008-07-27 02:01:28 ----N---- C:\WINDOWS\system32\_003580_.tmp.dll
2008-07-27 02:01:28 ----N---- C:\WINDOWS\system32\_003579_.tmp.dll
2008-07-27 02:01:28 ----N---- C:\WINDOWS\system32\_003578_.tmp.dll
2008-07-27 02:01:28 ----N---- C:\WINDOWS\system32\_003577_.tmp.dll
2008-07-27 02:01:28 ----N---- C:\WINDOWS\system32\_003576_.tmp.dll
2008-07-27 02:01:28 ----N---- C:\WINDOWS\system32\_003573_.tmp.dll
2008-07-27 02:01:28 ----N---- C:\WINDOWS\system32\_003572_.tmp.dll
2008-07-27 02:01:28 ----N---- C:\WINDOWS\system32\_003571_.tmp.dll
2008-07-27 02:01:27 ----N---- C:\WINDOWS\system32\_003570_.tmp.dll
2008-07-27 02:01:27 ----N---- C:\WINDOWS\system32\_003568_.tmp.dll
2008-07-27 02:01:27 ----N---- C:\WINDOWS\system32\_003565_.tmp.dll
2008-07-27 02:01:27 ----N---- C:\WINDOWS\system32\_003563_.tmp.dll
2008-07-27 02:01:27 ----N---- C:\WINDOWS\system32\_003562_.tmp.dll
2008-07-27 02:01:27 ----N---- C:\WINDOWS\system32\_003558_.tmp.dll
2008-07-27 02:01:27 ----N---- C:\WINDOWS\system32\_003557_.tmp.dll
2008-07-27 02:01:27 ----N---- C:\WINDOWS\system32\_003552_.tmp.dll
2008-07-27 02:01:26 ----N---- C:\WINDOWS\system32\_003549_.tmp.dll
2008-07-27 02:01:26 ----N---- C:\WINDOWS\system32\_003548_.tmp.dll
2008-07-27 02:01:26 ----N---- C:\WINDOWS\system32\_003547_.tmp.dll
2008-07-27 02:01:26 ----N---- C:\WINDOWS\system32\_003540_.tmp.dll
2008-07-27 02:01:26 ----N---- C:\WINDOWS\system32\_003535_.tmp.dll
2008-07-27 02:01:26 ----N---- C:\WINDOWS\system32\_003530_.tmp.dll
2008-07-27 02:01:26 ----N---- C:\WINDOWS\system32\_003527_.tmp.dll
2008-07-27 02:01:26 ----N---- C:\WINDOWS\system32\_003525_.tmp.dll
2008-07-27 02:01:26 ----N---- C:\WINDOWS\system32\_003522_.tmp.dll
2008-07-27 02:01:26 ----N---- C:\WINDOWS\system32\_003521_.tmp.dll
2008-07-27 02:01:25 ----N---- C:\WINDOWS\system32\_003486_.tmp.dll
2008-07-27 02:01:25 ----N---- C:\WINDOWS\system32\_003483_.tmp.dll
2008-07-27 02:01:25 ----N---- C:\WINDOWS\system32\_003482_.tmp.dll
2008-07-27 02:01:24 ----N---- C:\WINDOWS\system32\_003480_.tmp.dll
2008-07-27 01:24:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-27 00:52:20 ----D---- C:\WINDOWS\system32\en-us
2008-07-27 00:52:19 ----D---- C:\WINDOWS\system32\scripting
2008-07-27 00:52:18 ----D---- C:\WINDOWS\l2schemas
2008-07-27 00:52:17 ----D---- C:\WINDOWS\system32\en
2008-07-27 00:52:16 ----D---- C:\WINDOWS\system32\bits
2008-07-27 00:43:42 ----D---- C:\WINDOWS\network diagnostic
2008-07-27 00:39:25 ----N---- C:\WINDOWS\system32\_003554_.tmp.dll
2008-07-27 00:39:25 ----N---- C:\WINDOWS\system32\_003553_.tmp.dll
2008-07-27 00:38:07 ----N---- C:\WINDOWS\system32\_003551_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003546_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003545_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003544_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003543_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003542_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003539_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003538_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003537_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003536_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003534_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003531_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003529_.tmp.dll
2008-07-27 00:38:06 ----N---- C:\WINDOWS\system32\_003528_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003524_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003523_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003520_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003518_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003517_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003514_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003511_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003510_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003502_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003496_.tmp.dll
2008-07-27 00:38:05 ----N---- C:\WINDOWS\system32\_003493_.tmp.dll
2008-07-27 00:38:04 ----N---- C:\WINDOWS\system32\_003491_.tmp.dll
2008-07-27 00:38:04 ----N---- C:\WINDOWS\system32\_003488_.tmp.dll
2008-07-27 00:38:03 ----N---- C:\WINDOWS\system32\_003473_.tmp.dll
2008-07-27 00:38:03 ----N---- C:\WINDOWS\system32\_003472_.tmp.dll
2008-07-27 00:38:03 ----N---- C:\WINDOWS\system32\_003469_.tmp.dll
2008-07-27 00:38:03 ----N---- C:\WINDOWS\system32\_003464_.tmp.dll
2008-07-27 00:29:55 ----A---- C:\WINDOWS\system32\SET152F.tmp
2008-07-27 00:29:55 ----A---- C:\WINDOWS\system32\SET1239.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET260.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET25F.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET220.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET21C.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET21A.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET1E8.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET1E7.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET1B0.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET1AF.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET1532.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET144F.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET1311.tmp
2008-07-27 00:29:54 ----A---- C:\WINDOWS\system32\SET123D.tmp
2008-07-27 00:29:53 ----A---- C:\WINDOWS\system32\SET262.tmp
2008-07-27 00:29:53 ----A---- C:\WINDOWS\system32\SET221.tmp
2008-07-27 00:29:53 ----A---- C:\WINDOWS\system32\SET1EA.tmp
2008-07-27 00:29:53 ----A---- C:\WINDOWS\system32\SET1B2.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET27A.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET278.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET26F.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET238.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET22B.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET227.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET1F0.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET1EE.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET1EC.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET1B8.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET1B6.tmp
2008-07-27 00:29:52 ----A---- C:\WINDOWS\system32\SET1B4.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET281.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET280.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET248.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET246.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET1F6.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET1F5.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET1BE.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET1BD.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET1535.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET1452.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET1314.tmp
2008-07-27 00:29:51 ----A---- C:\WINDOWS\system32\SET1240.tmp
2008-07-27 00:29:50 ----A---- C:\WINDOWS\system32\SET286.tmp
2008-07-27 00:29:50 ----A---- C:\WINDOWS\system32\SET250.tmp
2008-07-27 00:29:50 ----A---- C:\WINDOWS\system32\SET1F9.tmp
2008-07-27 00:29:50 ----A---- C:\WINDOWS\system32\SET1C1.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET29A.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET298.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET294.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET261.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET25E.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET25D.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET200.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET1FF.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET1FE.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET1C8.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET1C7.tmp
2008-07-27 00:29:48 ----A---- C:\WINDOWS\system32\SET1C6.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET2AC.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET2AB.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET2AA.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET2A6.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET2A1.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET27D.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET27C.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET27B.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET279.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET271.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET206.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET205.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET204.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET203.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET202.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET1CE.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET1CD.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET1CC.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET1CB.tmp
2008-07-27 00:29:47 ----A---- C:\WINDOWS\system32\SET1CA.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET2BD.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET2BC.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET2BA.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET2B4.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET28E.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET28B.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET284.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET282.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET20B.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET20A.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET209.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET208.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET1D3.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET1D2.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET1D1.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET1D0.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET153A.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET1457.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET1319.tmp
2008-07-27 00:29:46 ----A---- C:\WINDOWS\system32\SET1245.tmp
2008-07-27 00:29:45 ----A---- C:\WINDOWS\system32\SET2C5.tmp
2008-07-27 00:29:45 ----A---- C:\WINDOWS\system32\SET29C.tmp
2008-07-27 00:29:45 ----A---- C:\WINDOWS\system32\SET20E.tmp
2008-07-27 00:29:45 ----A---- C:\WINDOWS\system32\SET1D6.tmp
2008-07-27 00:29:44 ----A---- C:\WINDOWS\system32\SET2D4.tmp
2008-07-27 00:29:44 ----A---- C:\WINDOWS\system32\SET2D3.tmp
2008-07-27 00:29:44 ----A---- C:\WINDOWS\system32\SET2D0.tmp
2008-07-27 00:29:44 ----A---- C:\WINDOWS\system32\SET2CE.tmp
2008-07-27 00:29:44 ----A---- C:\WINDOWS\system32\SET216.tmp
2008-07-27 00:29:44 ----A---- C:\WINDOWS\system32\SET215.tmp
2008-07-27 00:29:44 ----A---- C:\WINDOWS\system32\SET1DE.tmp
2008-07-27 00:29:44 ----A---- C:\WINDOWS\system32\SET1DD.tmp
2008-07-27 00:29:43 ----A---- C:\WINDOWS\system32\SET2E2.tmp
2008-07-27 00:29:43 ----A---- C:\WINDOWS\system32\SET2D9.tmp
2008-07-27 00:29:43 ----A---- C:\WINDOWS\system32\SET2D6.tmp
2008-07-27 00:29:43 ----A---- C:\WINDOWS\system32\SET2D2.tmp
2008-07-27 00:29:43 ----A---- C:\WINDOWS\system32\SET218.tmp
2008-07-27 00:29:43 ----A---- C:\WINDOWS\system32\SET217.tmp
2008-07-27 00:29:43 ----A---- C:\WINDOWS\system32\SET1E0.tmp
2008-07-27 00:29:43 ----A---- C:\WINDOWS\system32\SET1DF.tmp
2008-07-27 00:29:41 ----A---- C:\WINDOWS\system32\SET2ED.tmp
2008-07-27 00:29:41 ----A---- C:\WINDOWS\system32\SET2EA.tmp
2008-07-27 00:29:41 ----A---- C:\WINDOWS\system32\SET2E7.tmp
2008-07-27 00:29:41 ----A---- C:\WINDOWS\system32\SET2E5.tmp
2008-07-27 00:29:41 ----A---- C:\WINDOWS\system32\SET21D.tmp
2008-07-27 00:29:41 ----A---- C:\WINDOWS\system32\SET21B.tmp
2008-07-27 00:29:41 ----A---- C:\WINDOWS\system32\SET1E5.tmp
2008-07-27 00:29:41 ----A---- C:\WINDOWS\system32\SET1E3.tmp
2008-07-27 00:29:40 ----A---- C:\WINDOWS\system32\SET31B.tmp
2008-07-27 00:29:40 ----A---- C:\WINDOWS\system32\SET2F5.tmp
2008-07-27 00:29:40 ----A---- C:\WINDOWS\system32\SET2F1.tmp
2008-07-27 00:29:40 ----A---- C:\WINDOWS\system32\SET2EB.tmp
2008-07-27 00:29:40 ----A---- C:\WINDOWS\system32\SET223.tmp
2008-07-27 00:29:40 ----A---- C:\WINDOWS\system32\SET21F.tmp
2008-07-27 00:29:40 ----A---- C:\WINDOWS\system32\SET1F1.tmp
2008-07-27 00:29:40 ----A---- C:\WINDOWS\system32\SET1E9.tmp
2008-07-27 00:29:39 ----A---- C:\WINDOWS\system32\SET323.tmp
2008-07-27 00:29:39 ----A---- C:\WINDOWS\system32\SET320.tmp
2008-07-27 00:29:39 ----A---- C:\WINDOWS\system32\SET2F7.tmp
2008-07-27 00:29:39 ----A---- C:\WINDOWS\system32\SET2F6.tmp
2008-07-27 00:29:39 ----A---- C:\WINDOWS\system32\SET226.tmp
2008-07-27 00:29:39 ----A---- C:\WINDOWS\system32\SET225.tmp
2008-07-27 00:29:39 ----A---- C:\WINDOWS\system32\SET1F4.tmp
2008-07-27 00:29:39 ----A---- C:\WINDOWS\system32\SET1F3.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET342.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET33D.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET33C.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET314.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET310.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET308.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET22C.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET22A.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET229.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET1FD.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET1FB.tmp
2008-07-27 00:29:38 ----A---- C:\WINDOWS\system32\SET1FA.tmp
2008-07-27 00:29:37 ----A---- C:\WINDOWS\system32\SET346.tmp
2008-07-27 00:29:37 ----A---- C:\WINDOWS\system32\SET345.tmp
2008-07-27 00:29:37 ----A---- C:\WINDOWS\system32\SET31A.tmp
2008-07-27 00:29:37 ----A---- C:\WINDOWS\system32\SET319.tmp
2008-07-27 00:29:37 ----A---- C:\WINDOWS\system32\SET22E.tmp
2008-07-27 00:29:37 ----A---- C:\WINDOWS\system32\SET22D.tmp
2008-07-27 00:29:37 ----A---- C:\WINDOWS\system32\SET207.tmp
2008-07-27 00:29:37 ----A---- C:\WINDOWS\system32\SET201.tmp
2008-07-27 00:29:36 ----A---- C:\WINDOWS\system32\SET364.tmp
2008-07-27 00:29:36 ----A---- C:\WINDOWS\system32\SET329.tmp
2008-07-27 00:29:36 ----A---- C:\WINDOWS\system32\SET233.tmp
2008-07-27 00:29:36 ----A---- C:\WINDOWS\system32\SET211.tmp
2008-07-27 00:29:35 ----A---- C:\WINDOWS\system32\SET372.tmp
2008-07-27 00:29:35 ----A---- C:\WINDOWS\system32\SET32C.tmp
2008-07-27 00:29:35 ----A---- C:\WINDOWS\system32\SET234.tmp
2008-07-27 00:29:35 ----A---- C:\WINDOWS\system32\SET212.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET383.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET381.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET37C.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET335.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET333.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET32F.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET237.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET236.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET235.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET219.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET214.tmp
2008-07-27 00:29:34 ----A---- C:\WINDOWS\system32\SET213.tmp
2008-07-27 00:29:33 ----A---- C:\WINDOWS\system32\SET38E.tmp
2008-07-27 00:29:33 ----A---- C:\WINDOWS\system32\SET33A.tmp
2008-07-27 00:29:33 ----A---- C:\WINDOWS\system32\SET23A.tmp
2008-07-27 00:29:33 ----A---- C:\WINDOWS\system32\SET21E.tmp
2008-07-27 00:29:32 ----A---- C:\WINDOWS\system32\SET39D.tmp
2008-07-27 00:29:32 ----A---- C:\WINDOWS\system32\SET33F.tmp
2008-07-27 00:29:32 ----A---- C:\WINDOWS\system32\SET23D.tmp
2008-07-27 00:29:32 ----A---- C:\WINDOWS\system32\SET222.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET3B1.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET3AB.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET3A8.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET34A.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET349.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET347.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET244.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET243.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET242.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET231.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET230.tmp
2008-07-27 00:29:31 ----A---- C:\WINDOWS\system32\SET22F.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET3CC.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET3CB.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET3C5.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET360.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET358.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET34E.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET24B.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET24A.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET247.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET23F.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET23E.tmp
2008-07-27 00:29:30 ----A---- C:\WINDOWS\system32\SET239.tmp
2008-07-27 00:29:29 ----A---- C:\WINDOWS\system32\SET3CE.tmp
2008-07-27 00:29:29 ----A---- C:\WINDOWS\system32\SET362.tmp
2008-07-27 00:29:29 ----A---- C:\WINDOWS\system32\SET24C.tmp
2008-07-27 00:29:29 ----A---- C:\WINDOWS\system32\SET240.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET3EE.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET3E2.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET3DB.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET3D7.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET393.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET38D.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET388.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET387.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET259.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET257.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET256.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET253.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET252.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET251.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET24E.tmp
2008-07-27 00:29:24 ----A---- C:\WINDOWS\system32\SET24D.tmp
2008-07-27 00:29:23 ----A---- C:\WINDOWS\system32\SET41F.tmp
2008-07-27 00:29:23 ----A---- C:\WINDOWS\system32\SET3F2.tmp
2008-07-27 00:29:23 ----A---- C:\WINDOWS\system32\SET3AC.tmp
2008-07-27 00:29:23 ----A---- C:\WINDOWS\system32\SET394.tmp
2008-07-27 00:29:23 ----A---- C:\WINDOWS\system32\SET265.tmp
2008-07-27 00:29:23 ----A---- C:\WINDOWS\system32\SET263.tmp
2008-07-27 00:29:23 ----A---- C:\WINDOWS\system32\SET25A.tmp
2008-07-27 00:29:23 ----A---- C:\WINDOWS\system32\SET258.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET433.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET42F.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET42C.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET42B.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET428.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET421.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET3C1.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET3BD.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET3BA.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET3B8.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET3B6.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET3B0.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET275.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET274.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET273.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET272.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET270.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET26C.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET26B.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET26A.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET269.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET267.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET266.tmp
2008-07-27 00:29:22 ----A---- C:\WINDOWS\system32\SET264.tmp
2008-07-27 00:29:20 ----A---- C:\WINDOWS\system32\spdwnwxp.