NSIS Popup

[ivandrago]

I know that this is probably not the place to ask this question, but I'm desperate. "NSIS Advertisement" popup continues to haunt my work computer. It's folder is here:
C:\Program Files\Common Files\NSIS\

and it's files are:
ns77.dll
ns26.dll
ns54.dll
ns23.dll
ect...
uninst.exe

I was able to purge this program from my home computer, but my work computer continues to stay infected. no spyware software detects this becuase it's exploiting this NSIS program. The program is key tracking. when I pugred it from my register i could see that it was copying text from search inquiries.

Help!!!
Anybody know who to purge this spyware for good. I'm not eager to reinstall my OS, and burn days reinstalling everything.

[Comperio]

I'll bet this isn't anything to do with the Nullsoft installer, but is just a piece of malware that happens to use the initials "NSIS".

My recommendation would be to get a good malware sweeper and try to scan/remove it. I use Spybot Search and Destroy.

[ivandrago]

unfortunately this has already been tried by many people. spyware software doesn't detect this becuase it's probably piggy backing using this legitimate installer. explorer even detects and tries to block it. it even warns against a threating script attempting to run. I say no and the popup still comes up.

[ivandrago]

any programs to detect the source app thats reinstating NSIS spyware?

[ivandrago]

I just noticed that even after removing all files and registry entries relating to NSIS that the spyware program is still able to execute. I'm not even using IE right now, but it still launched a IE popup window.

[Comperio]

Have you tried a virus scanner on it? (You may have to boot from another source--such as a CD--to scan.)

edit:
A thought (not sure if it will work or not), but you might look at www.sysinternals.com and check out the filemon program. With it, you might be able to monitor internet explorer to see what might be launching it.

I think the bottom line here is that your computer has been infected with something--a virus, trojan, or other virus (or maybe even a rootkit--who knows at this point.)

Your best resolution might be format/reload...

[ivandrago]

Of course. That's painfully obvious. I've tried Avast of my home computer and Symantec at work. None detect this app as a virus, worm, ect. Other forums report the same results. At this point no anti-virus, firewall, or pop-up blocker software seem to have a lasting effect. This day alone with istaller exploiting spyware has become more agressive the more I try to expel it.

To be honest I feel that My home computer might still be infected with this exploit, but it is dorment. It's a dangerous app because it does collect textbox text in a particular registry entry I can't recall.

I believe, but I'm not sure that it might have created trojan horse files that you can see and remove, but runs somewhere else.

I'll follow that link you left, and thanks for the suggestions. Well I upgrade my computer in three weeks I'll be installing a fresh copy of XP so that'll probably cleanup most of this mess. (Popup just happens again damn it!)

[{_trueparuex^}]

Maybe this topic helps.
http://forums.winamp.com/showthread.php?threadid=252750

Quote:

"NSIS Media" is not related to the Nullsoft Scriptable Install System. Just because they share a common name, doesn't mean they are the same thing. Nobody here has any control if a Spyware company chooses to use that name or not.

[ivandrago]

The program is taking over an Explorer window, and gaining internet access. I've attached an image with some gleaned info of some of the processes going on. if anybody knows anything about this I'd like to know. I'm beginning to wondered if it's even related to the NSIS installer program.

[Comperio]

OK, this is the last I'm going to post on this...

I think it's safe to say that the trojan you have is not from NSIS, but as has been mentioned, it's something that just happens to use "NSIS" for its name.

I did some google searches and ended up with these 2 forums that seemed to offer the best advice:
http://www.dslreports.com/forum/remark,16709575
and
http://forum.sysinternals.com/forum_...?TID=7287&PN=1

And the program mentioned in the fist post called "HiJack This" available at http://www.spywareinfo.com/~merijn/index.html.

If that fails, then I'd like to share something one of my buddies likes to refer to as the "LensCrafter solution": You can spend hours (or days) trying to resolve this thing yourself, or you can format and reload and have the whole thing fixed in "about an hour".

Good luck!

[CrazyFoolMrT]

Hi,

I recently got infected by this evil and even after all this time I'm having difficulty.

Does anyone think they can help?

Here are my HijackThis, Combofix, Regsrch, DLLCompare, Findit & L2Mfix logs.
Logfile of HijackThis v1.99.1
Scan saved at 18:07:38, on 10/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Clean Disk Security\clndisk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TrojanHunter 4.6\TrojanHunter.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1167763683500
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XIb\RpcSandraSrv.exe


Aaron - 07-01-10 17:52:09.93 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Program Files\ComboFix"

((((((((((((((((((((((((((((((( Files Created from 2006-12-10 to 2007-01-10 ))))))))))))))))))))))))))))))))))


2007-01-10 17:47 <DIR> d-------- C:\Program Files\ComboFix
2007-01-10 17:46 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2007-01-10 17:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-10 17:40 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\SUPERAntiSpyware.com
2007-01-10 17:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-10 17:38 131,072 --a------ C:\WINDOWS\system32\datestamp.dll
2007-01-10 17:37 <DIR> d-------- C:\WINDOWS\system32\ZeroSpyware
2007-01-10 17:35 <DIR> d-------- C:\Program Files\Privacy Mantra 2.02
2007-01-10 17:33 <DIR> d-------- C:\Program Files\FBM Software
2007-01-10 17:32 <DIR> dr-h----- C:\Documents and Settings\Aaron\Recent
2007-01-10 17:30 <DIR> d-------- C:\Program Files\CleanUp!
2007-01-10 17:30 <DIR> d-------- C:\Program Files\Clean Disk Security
2007-01-10 04:18 <DIR> d-------- C:\Program Files\Trend Micro
2007-01-10 03:52 <DIR> d-------- C:\Program Files\Slent Runners
2007-01-10 03:08 <DIR> d-------- C:\Downloads
2007-01-10 01:38 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-10 01:38 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-08 19:22 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2007-01-08 19:10 <DIR> d-------- C:\Program Files\Mortar
2007-01-08 13:56 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-08 13:55 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-01-08 13:55 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-08 13:55 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-01-08 13:55 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-01-08 13:55 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-01-08 13:55 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-01-08 13:55 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-01-08 06:13 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\Empire XP
2007-01-08 06:11 <DIR> d-------- C:\Program Files\Empire XP 4.4
2007-01-05 03:43 <DIR> d-------- C:\Program Files\FreeFixer
2007-01-05 03:43 <DIR> d-------- C:\Program Files\Bazooka Scanner
2007-01-05 02:41 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\OfficeUpdate12
2007-01-05 01:22 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\MSNInstaller
2007-01-04 17:42 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-01-04 17:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-03 17:15 <DIR> d-------- C:\Documents and Settings\Aaron\Incomplete
2007-01-03 16:45 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\LimeWire
2007-01-03 15:47 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-01-03 15:46 <DIR> d-------- C:\Program Files\Microsoft Visual Studio
2007-01-03 15:46 <DIR> d-------- C:\Program Files\Common Files\Designer
2007-01-03 15:45 <DIR> d-------- C:\WINDOWS\ShellNew
2007-01-03 15:45 <DIR> d-------- C:\Program Files\Microsoft Office
2007-01-03 15:45 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-01-03 14:00 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\Adobe
2007-01-03 05:22 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-01-03 05:22 <DIR> d-------- C:\Program Files\Belarc
2007-01-03 04:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\XemiComputers
2007-01-03 04:05 <DIR> d-------- C:\Program Files\FlashGet
2007-01-03 03:28 <DIR> d-------- C:\WINDOWS\system32\DRM
2007-01-03 03:26 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-01-03 03:26 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-01-03 03:26 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-01-03 03:26 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-01-03 03:26 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-01-03 03:26 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-01-03 03:26 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-01-03 03:26 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-01-03 03:26 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-01-03 03:26 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-01-03 03:26 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-01-03 03:26 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-01-03 03:17 <DIR> d-------- C:\Program Files\Windows Defender
2007-01-03 03:16 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-01-03 03:16 <DIR> d-------- C:\Program Files\Unlocker
2007-01-03 03:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-01-03 03:14 <DIR> d-------- C:\Program Files\Adobe
2007-01-03 03:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-01-03 03:13 <DIR> d-------- C:\Program Files\CCleaner
2007-01-03 03:11 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-03 03:11 <DIR> d-------- C:\Program Files\CDisplay
2007-01-03 03:09 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-03 03:09 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-03 03:09 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-03 03:09 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-03 03:09 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-03 03:09 <DIR> d-------- C:\Program Files\Grisoft
2007-01-03 03:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-01-03 03:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-01-03 03:09 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\AVG7
2007-01-03 03:08 <DIR> d-------- C:\Program Files\XemiComputers
2007-01-03 03:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2007-01-03 03:07 <DIR> d-------- C:\Program Files\MalWhere
2007-01-03 03:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-01-03 03:06 <DIR> d-------- C:\Program Files\Startup Mechanic
2007-01-03 02:40 <DIR> d-------- C:\Program Files\Java
2007-01-03 02:39 <DIR> d-------- C:\Program Files\SiSoftware
2007-01-03 02:39 <DIR> d-------- C:\Program Files\LimeWire
2007-01-03 02:39 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-03 02:38 <DIR> d-------- C:\Program Files\CDex_150
2007-01-03 02:37 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-03 02:37 <DIR> d-------- C:\Program Files\BitComet
2007-01-03 02:37 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\Lavasoft
2007-01-03 02:36 <DIR> d-------- C:\Program Files\WinRAR
2007-01-03 00:22 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\Macromedia
2007-01-03 00:18 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\Media Player Classic
2007-01-03 00:17 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-01-03 00:17 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-01-03 00:17 558,592 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-01-03 00:17 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-01-03 00:17 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-01-03 00:17 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-01-03 00:17 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-01-03 00:17 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-03 00:17 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-03 00:17 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-01-03 00:17 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-01-03 00:17 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-01-03 00:17 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2007-01-03 00:17 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-01-03 00:17 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-01-03 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Real
2007-01-03 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-01-03 00:17 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\Real
2007-01-02 23:07 <DIR> d--hs---- C:\RECYCLER
2007-01-02 23:01 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-01-02 19:06 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\Help
2007-01-02 19:04 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-01-02 19:04 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-01-02 19:04 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-02 19:04 <DIR> d-------- C:\Program Files\ATI Technologies
2007-01-02 19:03 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-01-02 18:42 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-02 18:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-02 18:41 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-02 18:07 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-02 18:05 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-02 18:05 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-02 18:04 23,040 --------- C:\WINDOWS\kb913800.exe
2007-01-02 18:04 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-02 18:03 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-02 18:03 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-02 17:58 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-01-02 17:58 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-01-02 17:49 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-01-02 17:46 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-01-02 17:45 60,416 --------- C:\WINDOWS\system32\tzchange.exe
2007-01-02 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-01-02 17:24 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-02 17:24 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-02 17:22 <DIR> d--hs---- C:\Documents and Settings\Aaron\UserData
2007-01-02 17:21 <DIR> d--h----- C:\Program Files\Uninstall Information
2007-01-02 17:21 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\Identities
2007-01-02 17:20 <DIR> dr-h----- C:\Documents and Settings\Aaron\SendTo
2007-01-02 17:20 <DIR> dr-h----- C:\Documents and Settings\Aaron\Application Data\.
2007-01-02 17:20 <DIR> dr-h----- C:\Documents and Settings\Aaron\Application Data
2007-01-02 17:20 <DIR> dr------- C:\Documents and Settings\Aaron\Start Menu
2007-01-02 17:20 <DIR> dr------- C:\Documents and Settings\Aaron\Favorites
2007-01-02 17:20 <DIR> d--hs---- C:\Documents and Settings\Aaron\Cookies
2007-01-02 17:20 <DIR> d--h----- C:\Documents and Settings\Aaron\Templates
2007-01-02 17:20 <DIR> d--h----- C:\Documents and Settings\Aaron\PrintHood
2007-01-02 17:20 <DIR> d--h----- C:\Documents and Settings\Aaron\NetHood
2007-01-02 17:20 <DIR> d--h----- C:\Documents and Settings\Aaron\Local Settings
2007-01-02 17:20 <DIR> d---s---- C:\Documents and Settings\Aaron\Application Data\Microsoft
2007-01-02 17:20 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-02 17:20 <DIR> d-------- C:\Documents and Settings\Aaron\My Documents
2007-01-02 17:20 <DIR> d-------- C:\Documents and Settings\Aaron\Desktop
2007-01-02 17:20 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\..
2007-01-02 17:20 <DIR> d-------- C:\Documents and Settings\Aaron\..
2007-01-02 17:20 <DIR> d-------- C:\Documents and Settings\Aaron\.
2007-01-02 17:19 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-01-02 17:19 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-02 17:19 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-02 17:15 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-01-02 17:15 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-01-02 17:15 <DIR> d-------- C:\Program Files\xerox
2007-01-02 17:15 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-01-02 17:14 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-01-02 17:14 0 -rahs---- C:\MSDOS.SYS
2007-01-02 17:14 0 -rahs---- C:\IO.SYS
2007-01-02 17:14 0 --a------ C:\CONFIG.SYS
2007-01-02 17:14 0 --a------ C:\AUTOEXEC.BAT
2007-01-02 17:13 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2007-01-02 17:12 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-01-02 17:12 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-01-02 17:12 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-02 17:12 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-01-02 17:11 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-01-02 17:11 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-01-02 17:11 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-01-02 17:11 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-01-02 17:11 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-01-02 17:11 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-01-02 17:11 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-01-02 17:11 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-01-02 17:11 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-01-02 17:11 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-01-02 17:11 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-01-02 17:11 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-01-02 17:11 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-01-02 17:11 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-01-02 17:11 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-01-02 17:11 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-01-02 17:11 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-01-02 17:11 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-01-02 17:11 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-01-02 17:11 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-01-02 17:11 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-01-02 17:11 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-01-02 17:11 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-01-02 17:11 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-01-02 17:11 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-01-02 17:11 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-01-02 17:11 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-01-02 17:11 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-01-02 17:11 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-01-02 17:11 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-01-02 17:11 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-01-02 17:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-01-02 17:11 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-01-02 17:11 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-01-02 17:11 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-01-02 17:11 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-01-02 17:11 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-01-02 17:11 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-01-02 17:11 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-01-02 17:11 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-01-02 17:11 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-01-02 17:11 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-01-02 17:11 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-01-02 17:11 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-01-02 17:11 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-01-02 17:11 <DIR> d---s---- C:\WINDOWS\Tasks
2007-01-02 17:11 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-01-02 17:11 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-01-02 17:11 <DIR> d-------- C:\WINDOWS\srchasst
2007-01-02 17:11 <DIR> d-------- C:\Program Files\Outlook Express
2007-01-02 17:11 <DIR> d-------- C:\Program Files\NetMeeting
2007-01-02 17:11 <DIR> d-------- C:\Program Files\Internet Explorer
2007-01-02 17:11 <DIR> d-------- C:\Program Files\Common Files\System
2007-01-02 17:11 <DIR> d-------- C:\Program Files\Common Files\Services
2007-01-02 17:11 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-01-02 17:09 <DIR> dr--s---- C:\WINDOWS\assembly
2007-01-02 17:08 1,742,336 --a------ C:\WINDOWS\system32\mypixdx.scr
2007-01-02 17:08 <DIR> d-------- C:\WINDOWS\Registration
2007-01-02 17:08 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-01-02 17:08 <DIR> d-------- C:\Program Files\Windows Plus
2007-01-02 17:08 <DIR> d-------- C:\Program Files\Windows Media Player
2007-01-02 17:08 <DIR> d-------- C:\Program Files\Online Services
2007-01-02 17:08 <DIR> d-------- C:\Program Files\ComPlus Applications
2007-01-02 17:07 85,504 --a------ C:\WINDOWS\system32\mhn.dll
2007-01-02 17:07 8,704 --a------ C:\WINDOWS\system32\igdetect.dll
2007-01-02 17:07 7,093,760 --a------ C:\WINDOWS\system32\space.scr
2007-01-02 17:07 5,068,800 --a------ C:\WINDOWS\system32\davinci.scr
2007-01-02 17:07 4,396,544 --a------ C:\WINDOWS\system32\wpgldfsh.scr
2007-01-02 17:07 3,343,360 --a------ C:\WINDOWS\system32\nature.scr
2007-01-02 17:07 20,576 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-01-02 17:07 11,008 --a------ C:\WINDOWS\system32\drivers\mhndrv.sys
2007-01-02 17:07 <DIR> d-------- C:\Program Files\Movie Maker
2007-01-02 17:06 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-01-02 17:06 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-01-02 17:06 <DIR> d-------- C:\Program Files\Messenger
2007-01-02 17:05 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-01-02 17:05 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-01-02 17:05 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-01-02 17:05 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-01-02 17:05 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-01-02 17:05 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-01-02 17:05 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-01-02 17:05 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-01-02 17:05 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-01-02 17:05 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-01-02 17:05 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-01-02 17:05 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-01-02 17:05 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-01-02 17:05 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-01-02 17:05 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-01-02 17:05 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-01-02 17:05 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-01-02 17:05 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-01-02 17:05 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-01-02 17:05 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-01-02 17:05 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-01-02 17:05 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-01-02 17:05 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-01-02 17:05 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-01-02 17:05 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-01-02 17:05 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-01-02 17:05 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-01-02 17:05 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-01-02 17:05 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-01-02 17:05 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-01-02 17:05 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-01-02 17:05 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-01-02 17:05 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-01-02 17:05 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-01-02 17:05 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-01-02 17:05 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-01-02 17:05 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-01-02 17:05 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-01-02 17:05 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-01-02 17:05 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-01-02 17:05 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-01-02 17:05 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-01-02 17:05 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-01-02 17:05 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-01-02 17:05 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-02 17:05 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-01-02 17:05 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-01-02 17:05 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-01-02 17:05 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-02 17:05 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-01-02 17:05 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-01-02 17:05 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-01-02 17:05 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-01-02 17:05 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-01-02 17:05 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-01-02 17:05 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-01-02 17:05 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-01-02 17:05 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-01-02 17:05 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-01-02 17:05 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-01-02 17:05 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-01-02 17:05 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-01-02 17:05 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-01-02 17:05 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-01-02 17:05 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-01-02 17:05 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-01-02 17:05 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-01-02 17:05 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-02 17:05 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-01-02 17:05 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-01-02 17:05 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-01-02 17:05 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-01-02 17:05 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-01-02 17:05 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-02 17:05 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-01-02 17:05 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-01-02 17:05 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-01-02 17:05 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-01-02 17:05 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-01-02 17:05 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-01-02 17:05 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-01-02 17:05 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-01-02 17:05 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-01-02 17:05 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-01-02 17:05 <DIR> d-------- C:\WINDOWS\system32\Com
2007-01-02 17:05 <DIR> d-------- C:\Program Files\Windows NT
2007-01-02 17:05 <DIR> d-------- C:\Program Files\MSN
2007-01-02 17:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-02 17:00 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-02 17:00 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-02 17:00 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-02 17:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-02 17:00 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-02 17:00 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-02 17:00 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-02 17:00 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-01-02 17:00 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-02 17:00 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-02 17:00 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-02 16:59 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-02 16:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-01-02 16:59 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-01-02 16:59 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-02 16:59 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2007-01-02 16:59 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-01-02 16:59 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-01-02 16:58 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-01-02 16:58 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-01-02 16:58 639,872 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-01-02 16:58 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-01-02 16:58 212,992 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-01-02 16:58 205,312 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-01-02 16:58 2,365,472 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-01-02 16:58 1,273,344 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-01-02 16:57 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-01-02 16:57 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-01-02 16:57 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-01-02 16:57 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-01-02 16:57 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-01-02 16:57 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-01-02 16:57 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-01-02 16:57 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-01-02 16:57 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-01-02 16:57 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-01-02 16:57 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-01-02 16:57 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-01-02 16:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-01-02 16:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-01-02 16:57 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-01-02 16:57 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-01-02 16:57 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-01-02 16:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-01-02 16:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-01-02 16:57 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-01-02 16:57 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-01-02 16:57 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-01-02 16:57 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-01-02 16:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-01-02 16:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-01-02 16:57 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-01-02 16:57 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-01-02 16:57 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-01-02 16:57 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2007-01-02 16:57 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-01-02 16:57 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-01-02 16:57 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-01-02 16:57 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-01-02 16:57 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-01-02 16:57 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-01-02 16:57 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-01-02 16:57 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-01-02 16:57 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-01-02 16:57 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-01-02 16:57 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-01-02 16:57 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-01-02 16:57 <DIR> dr------- C:\Program Files\Common Files\..
2007-01-02 16:57 <DIR> dr------- C:\Program Files\.
2007-01-02 16:57 <DIR> dr------- C:\Program Files
2007-01-02 16:57 <DIR> d--hs---- C:\WINDOWS\Installer
2007-01-02 16:57 <DIR> d--hs---- C:\Program Files\..
2007-01-02 16:57 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-01-02 16:57 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-01-02 16:57 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2007-01-02 16:57 <DIR> d-------- C:\Program Files\Common Files\.
2007-01-02 16:57 <DIR> d-------- C:\Program Files\Common Files
2007-01-02 16:56 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2007-01-02 16:56 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2007-01-02 16:56 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2007-01-02 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2007-01-02 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2007-01-02 16:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-01-02 16:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-01-02 16:54 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2007-01-02 16:54 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2007-01-02 16:54 <DIR> d--hs---- C:\System Volume Information
2007-01-02 16:54 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-01-02 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2007-01-02 16:54 <DIR> d-------- C:\Documents and Settings\All Users\..
2007-01-02 16:54 <DIR> d-------- C:\Documents and Settings\All Users\.
2007-01-02 16:54 <DIR> d-------- C:\Documents and Settings
2007-01-02 16:47 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-01-02 16:47 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-01-02 16:47 <DIR> dr------- C:\WINDOWS\Web
2007-01-02 16:47 <DIR> d--hs---- C:\WINDOWS\..
2007-01-02 16:47 <DIR> d--h----- C:\WINDOWS\inf
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\WinSxS
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\twain_32
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\Temp
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\wins
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\spool
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\ras
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\npp
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\mui
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\IME
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\ias
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\export
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\config
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\3076
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\2052
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\1054
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\1042
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\1041
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\1037
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\1033
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\1031
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\1028
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\1025
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\..
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32\.
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system32
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system\..
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system\.
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\system
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\security
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\Resources
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\repair
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\Provisioning
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\PeerNet
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\pchealth
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\mui
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\msapps
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\msagent
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\Media
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\java
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\ime
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\Help
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\ehome
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\Debug
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\Cursors
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\Config
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\AppPatch
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\addins
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS\.
2007-01-02 16:47 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"ZSScheduler"="RunDll32.exe \"C:\\Program Files\\FBM Software\\ZeroSpyware\\ZSScheduler.dll\", runScheduler C:\\Program Files\\FBM Software\\ZeroSpyware\\"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"Startup Manager Scanner"="C:\\Program Files\\Startup Mechanic\\StartupMonitor.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,58,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,20,04,00,00,58,fe,ff,ff,00,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{097F10A7-487F-4457-AB1F-827C59479A72}"="NSIS Media Extension"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-10 17:53:26.31
C:\ComboFix.txt ... 07-01-10 17:53

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "NSIS" 11/01/2007 01:52:28

[HKEY_USERS\S-1-5-21-725345543-1303643608-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="nsis"
---------------------------------------------------------------------
* DLLCompare Log version(1.0.0.125)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found "
________________________________________________

3,176 items found: 3,175 files, 1 directory.
Total of file sizes: 766,111,819 bytes 730.62 M

Administrator Account = True

--------------------End log---------------------


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Downloads\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 18B8-E50E

Directory of C:\WINDOWS\System32

10/01/2007 18:12 <DIR> dllcache
02/01/2007 17:19 <DIR> Microsoft
0 File(s) 0 bytes
2 Dir(s) 115,044,876,288 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 18B8-E50E

Directory of C:\WINDOWS\System32

10/01/2007 18:12 <DIR> dllcache
02/01/2007 17:12 488 logonui.exe.manifest
02/01/2007 17:12 488 WindowsLogon.manifest
02/01/2007 17:12 749 nwc.cpl.manifest
02/01/2007 17:12 749 sapi.cpl.manifest
02/01/2007 17:12 749 ncpa.cpl.manifest
02/01/2007 17:12 749 wuaucpl.cpl.manifest
02/01/2007 17:12 749 cdplayer.exe.manifest
7 File(s) 4,721 bytes
1 Dir(s) 115,044,876,288 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is 18B8-E50E

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is 18B8-E50E

Directory of C:\WINDOWS\System32

15/03/2006 12:00 2,577 CONFIG.TMP
1 File(s) 2,577 bytes
0 Dir(s) 115,044,876,288 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName"="C:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
cdplay~1.man Tue 2 Jan 2007 17:12:42 A..HR 749 0.73 K
logonu~1.man Tue 2 Jan 2007 17:12:50 A..HR 488 0.48 K
ncpacp~1.man Tue 2 Jan 2007 17:12:42 A..HR 749 0.73 K
nwccpl~1.man Tue 2 Jan 2007 17:12:42 A..HR 749 0.73 K
sapicp~1.man Tue 2 Jan 2007 17:12:42 A..HR 749 0.73 K
window~1.man Tue 2 Jan 2007 17:12:50 A..HR 488 0.48 K
wuaucp~1.man Tue 2 Jan 2007 17:12:42 A..HR 749 0.73 K

7 items found: 7 files, 0 directories.
Total of file sizes: 4,721 bytes 4.61 K

-------- Strings.exe Qoologic Results --------

C:\WINDOWS\system32\d3dx9_25.dll: D3DXUVAtlasPack
C:\WINDOWS\system32\d3dx9_26.dll: D3DXUVAtlasPack
C:\WINDOWS\system32\d3dx9_27.dll: D3DXUVAtlasPack
C:\WINDOWS\system32\d3dx9_28.dll: D3DXUVAtlasPack
C:\WINDOWS\system32\d3dx9_29.dll: D3DXUVAtlasPack
C:\WINDOWS\system32\d3dx9_30.dll: D3DXUVAtlasPack
C:\WINDOWS\system32\d3dx9_31.dll: D3DXUVAtlasPack
C:\WINDOWS\system32\d3dx9_32.dll: D3DXUVAtlasPack
C:\WINDOWS\system32\MRT.exe: (ASPack)
C:\WINDOWS\system32\MRT.exe: (AsPack2k)
C:\WINDOWS\system32\MRT.exe: (Aspack %s)
C:\WINDOWS\system32\MRT.exe: ASPack 1.61
C:\WINDOWS\system32\MRT.exe: ASPack 1.084
C:\WINDOWS\system32\MRT.exe: ASPack 1.083
C:\WINDOWS\system32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\system32\MRT.exe: ASPack 1.07b
C:\WINDOWS\system32\MRT.exe: ASPack 1.05b
C:\WINDOWS\system32\MRT.exe: ASPack 1.02
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\ntdll.dll: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"Startup Manager Scanner"="C:\\Program Files\\Startup Mechanic\\StartupMonitor.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-------------------------------------------------------------------------------------------------------

LM2Fix

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName"="C:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Shell Microsoft AutoComplete"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2D7E38A6-A604-45AE-9A87-4F5F25760650}"="USBExtExt Extension"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aaclient.dll Mon 13 Nov 2006 6:02:58 ..... 116,736 114.00 K
admparse.dll Tue 7 Nov 2006 3:26:44 A.... 71,680 70.00 K
advpack.dll Tue 7 Nov 2006 3:26:24 A.... 123,904 121.00 K
asferror.dll Wed 18 Oct 2006 21:47:08 A.... 7,168 7.00 K
audiodev.dll Wed 18 Oct 2006 21:47:08 A.... 276,992 270.50 K
blackbox.dll Wed 18 Oct 2006 21:47:10 A.... 542,720 530.00 K
browseui.dll Mon 23 Oct 2006 15:34:20 A.... 1,022,976 999.00 K
cdfview.dll Mon 23 Oct 2006 15:34:20 A.... 151,040 147.50 K
cewmdm.dll Wed 18 Oct 2006 21:47:10 A.... 229,376 224.00 K
d3dx9_32.dll Wed 29 Nov 2006 13:06:18 A.... 3,426,072 3.27 M
danim.dll Mon 23 Oct 2006 15:34:20 A.... 1,054,208 1.00 M
datest~1.dll Wed 10 Jan 2007 17:38:56 A.... 131,072 128.00 K
drmv2clt.dll Wed 18 Oct 2006 21:47:10 A.... 991,744 968.50 K
dxtmsft.dll Tue 17 Oct 2006 11:58:06 A.... 346,624 338.50 K
dxtrans.dll Tue 17 Oct 2006 11:57:50 A.... 214,528 209.50 K
extmgr.dll Tue 7 Nov 2006 21:03:36 A.... 131,584 128.50 K
ff_vfw.dll Mon 11 Dec 2006 0:12:26 A.... 5,120 5.00 K
icardie.dll Tue 17 Oct 2006 11:58:20 ..... 61,952 60.50 K
ieakeng.dll Tue 7 Nov 2006 3:26:56 A.... 152,064 148.50 K
ieaksie.dll Tue 7 Nov 2006 3:27:02 A.... 229,376 224.00 K
ieakui.dll Tue 7 Nov 2006 3:25:14 A.... 161,792 158.00 K
ieapfltr.dll Tue 17 Oct 2006 11:27:56 ..... 380,928 372.00 K
iedkcs32.dll Tue 7 Nov 2006 3:27:10 A.... 382,976 374.00 K
ieencode.dll Tue 17 Oct 2006 12:06:00 A.... 78,336 76.50 K
ieframe.dll Tue 7 Nov 2006 21:03:36 ..... 6,049,280 5.77 M
iepeers.dll Tue 7 Nov 2006 21:03:36 A.... 191,488 187.00 K
iernonce.dll Tue 7 Nov 2006 3:26:28 A.... 43,008 42.00 K
iertutil.dll Tue 17 Oct 2006 11:57:20 ..... 266,752 260.50 K
iesetup.dll Tue 7 Nov 2006 3:26:42 A.... 55,296 54.00 K
ieui.dll Tue 7 Nov 2006 21:03:36 ..... 180,736 176.50 K
imgutil.dll Tue 17 Oct 2006 11:57:58 A.... 36,352 35.50 K
inetcomm.dll Wed 8 Nov 2006 5:06:14 A.... 679,424 663.50 K
inseng.dll Tue 7 Nov 2006 3:26:24 A.... 92,672 90.50 K
jscript.dll Tue 17 Oct 2006 12:00:00 A.... 491,520 480.00 K
jsproxy.dll Tue 7 Nov 2006 21:03:36 A.... 27,136 26.50 K
laprxy.dll Wed 18 Oct 2006 21:47:14 A.... 11,264 11.00 K
legitc~1.dll Tue 12 Dec 2006 10:45:04 A.... 1,474,864 1.41 M
licmgr10.dll Tue 17 Oct 2006 12:05:10 A.... 40,960 40.00 K
mfplat.dll Wed 18 Oct 2006 21:47:14 A.... 212,992 208.00 K
mp43decd.dll Wed 18 Oct 2006 21:47:14 ..... 259,072 253.00 K
mp43dmod.dll Wed 18 Oct 2006 21:47:14 A.... 4,096 4.00 K
mp4sdecd.dll Wed 18 Oct 2006 21:47:14 ..... 317,440 310.00 K
mp4sdmod.dll Wed 18 Oct 2006 21:47:14 A.... 4,096 4.00 K
mpg4decd.dll Wed 18 Oct 2006 21:47:14 ..... 259,072 253.00 K
mpg4dmod.dll Wed 18 Oct 2006 21:47:14 A.... 4,096 4.00 K
msdrm.dll Mon 6 Nov 2006 11:35:32 A.... 323,696 316.11 K
msfeeds.dll Tue 7 Nov 2006 21:03:36 ..... 458,752 448.00 K
msfeed~1.dll Tue 7 Nov 2006 21:03:36 ..... 50,688 49.50 K
mshtml.dll Tue 7 Nov 2006 21:03:36 A.... 3,577,856 3.41 M
mshtmled.dll Tue 7 Nov 2006 21:03:36 A.... 475,648 464.50 K
mshtmler.dll Tue 17 Oct 2006 11:28:56 A.... 48,128 47.00 K
msls31.dll Tue 7 Nov 2006 21:03:36 A.... 156,160 152.50 K
msnetobj.dll Wed 18 Oct 2006 21:47:16 A.... 179,712 175.50 K
mspmsnsv.dll Wed 18 Oct 2006 21:47:16 A.... 27,136 26.50 K
mspmsp.dll Wed 18 Oct 2006 21:47:16 A.... 175,616 171.50 K
msrating.dll Tue 17 Oct 2006 12:05:10 A.... 192,000 187.50 K
msscp.dll Wed 18 Oct 2006 21:47:16 A.... 414,208 404.50 K
mstime.dll Tue 7 Nov 2006 21:03:36 A.... 670,720 655.00 K
mstscax.dll Mon 13 Nov 2006 6:02:58 A.... 1,866,240 1.78 M
mswmdm.dll Wed 18 Oct 2006 21:47:16 A.... 321,536 314.00 K
nwapi32.dll Fri 13 Oct 2006 12:35:12 A.... 64,000 62.50 K
nwprovau.dll Fri 13 Oct 2006 12:35:12 A.... 142,336 139.00 K
nwwks.dll Fri 13 Oct 2006 12:35:12 A.... 65,536 64.00 K
occache.dll Tue 17 Oct 2006 12:04:46 A.... 101,376 99.00 K
pngfilt.dll Tue 17 Oct 2006 11:58:08 A.... 44,544 43.50 K
po1676~1.dll Wed 18 Oct 2006 21:47:18 ..... 199,168 194.50 K
portab~1.dll Wed 18 Oct 2006 21:47:18 ..... 284,160 277.50 K
portab~2.dll Wed 18 Oct 2006 21:47:18 ..... 101,888 99.50 K
portab~3.dll Wed 18 Oct 2006 21:47:18 ..... 166,912 163.00 K
portab~4.dll Wed 18 Oct 2006 21:47:18 ..... 132,096 129.00 K
qasf.dll Wed 18 Oct 2006 21:47:18 A.... 211,456 206.50 K
qt-dx331.dll Wed 15 Nov 2006 22:01:36 A.... 3,596,288 3.43 M
rhttpaa.dll Mon 13 Nov 2006 6:02:58 ..... 288,768 282.00 K
secproc.dll Mon 6 Nov 2006 11:35:42 A.... 518,768 506.61 K
secpro~1.dll Mon 6 Nov 2006 11:35:30 A.... 192,624 188.11 K
secpro~2.dll Mon 6 Nov 2006 11:35:42 A.... 519,280 507.11 K
secpro~3.dll Mon 6 Nov 2006 11:35:32 A.... 192,624 188.11 K
shdocvw.dll Mon 23 Oct 2006 15:34:22 A.... 1,497,600 1.43 M
shlwapi.dll Mon 23 Oct 2006 15:34:22 A.... 474,112 463.00 K
stream~1.dll Wed 10 Jan 2007 17:46:20 ....R 59,392 58.00 K
sxs.dll Thu 19 Oct 2006 13:56:32 A.... 713,216 696.50 K
tsgqec.dll Mon 13 Nov 2006 6:02:58 ..... 36,352 35.50 K
url.dll Tue 17 Oct 2006 12:05:22 A.... 105,984 103.50 K
urlmon.dll Tue 7 Nov 2006 21:03:36 A.... 1,162,240 1.11 M
vbscript.dll Tue 7 Nov 2006 21:03:36 A.... 413,696 404.00 K
vuins32.dll Fri 27 Oct 2006 8:26:56 A.... 69,632 68.00 K
wdfapi.dll Wed 18 Oct 2006 21:47:18 A.... 4,096 4.00 K
webcheck.dll Tue 7 Nov 2006 21:03:36 A.... 231,424 226.00 K
wininet.dll Tue 7 Nov 2006 21:03:36 A.... 818,688 799.50 K
wmadmod.dll Wed 18 Oct 2006 21:47:18 A.... 757,248 739.50 K
wmadmoe.dll Wed 18 Oct 2006 21:47:18 A.... 1,117,696 1.06 M
wmasf.dll Wed 18 Oct 2006 21:47:18 A.... 222,208 217.00 K
wmdmlog.dll Wed 18 Oct 2006 21:47:18 A.... 33,792 33.00 K
wmdmps.dll Wed 18 Oct 2006 21:47:18 A.... 37,376 36.50 K
wmdrmdev.dll Wed 18 Oct 2006 21:47:18 A.... 429,056 419.00 K
wmdrmnet.dll Wed 18 Oct 2006 21:47:20 A.... 348,672 340.50 K
wmdrmsdk.dll Wed 18 Oct 2006 21:47:20 A.... 535,040 522.50 K
wmerror.dll Wed 18 Oct 2006 21:47:20 A.... 227,328 222.00 K
wmidx.dll Wed 18 Oct 2006 21:47:20 A.... 157,184 153.50 K
wmnetmgr.dll Wed 18 Oct 2006 21:47:20 A.... 937,984 916.00 K
wmp.dll Wed 18 Oct 2006 21:47:20 A.... 10,834,432 10.33 M
wmpasf.dll Wed 18 Oct 2006 21:47:20 A.... 242,688 237.00 K
wmpdxm.dll Wed 18 Oct 2006 21:47:20 A.... 314,880 307.50 K
wmpeff~1.dll Wed 18 Oct 2006 21:47:20 ..... 295,936 289.00 K
wmpencen.dll Wed 18 Oct 2006 21:47:20 A.... 1,661,440 1.58 M
wmploc.dll Wed 18 Oct 2006 21:47:20 A.... 8,231,936 7.85 M
wmpmde.dll Wed 18 Oct 2006 21:47:20 ..... 613,376 599.00 K
wmpps.dll Wed 18 Oct 2006 21:47:20 ..... 130,048 127.00 K
wmpshell.dll Wed 18 Oct 2006 21:47:20 A.... 99,840 97.50 K
wmpsrcwp.dll Wed 18 Oct 2006 21:47:20 A.... 204,288 199.50 K
wmsdmod.dll Wed 18 Oct 2006 21:47:22 A.... 4,096 4.00 K
wmsdmoe2.dll Wed 18 Oct 2006 21:47:22 A.... 4,096 4.00 K
wmspdmod.dll Wed 18 Oct 2006 21:47:22 A.... 603,648 589.50 K
wmspdmoe.dll Wed 18 Oct 2006 21:47:22 A.... 1,329,152 1.27 M
wmvadvd.dll Wed 18 Oct 2006 21:47:22 A.... 4,096 4.00 K
wmvadve.dll Wed 18 Oct 2006 21:47:22 A.... 4,096 4.00 K
wmvcore.dll Wed 18 Oct 2006 21:47:22 A.... 2,450,944 2.34 M
wmvdecod.dll Wed 18 Oct 2006 21:47:22 ..... 1,543,680 1.47 M
wmvdmod.dll Wed 18 Oct 2006 21:47:22 A.... 4,096 4.00 K
wmvdmoe2.dll Wed 18 Oct 2006 21:47:22 A.... 4,096 4.00 K
wmvencod.dll Wed 18 Oct 2006 21:47:22 ..... 1,574,912 1.50 M
wmvsdecd.dll Wed 18 Oct 2006 21:47:22 ..... 1,382,912 1.32 M
wmvsencd.dll Wed 18 Oct 2006 21:47:22 ..... 767,488 749.50 K
wmvxencd.dll Wed 18 Oct 2006 21:47:22 ..... 656,896 641.50 K
wpdconns.dll Wed 18 Oct 2006 21:47:22 A.... 35,840 35.00 K
wpdmtp.dll Wed 18 Oct 2006 21:47:22 A.... 154,624 151.00 K
wpdmtpus.dll Wed 18 Oct 2006 21:47:22 A.... 63,488 62.00 K
wpdshext.dll Wed 18 Oct 2006 21:47:22 ..... 2,603,008 2.48 M
wpdshe~1.dll Wed 18 Oct 2006 21:47:22 ..... 38,400 37.50 K
wpdshs~1.dll Wed 18 Oct 2006 21:47:22 ..... 133,632 130.50 K
wpdsp.dll Wed 18 Oct 2006 21:47:22 A.... 356,352 348.00 K
wpd_ci.dll Wed 18 Oct 2006 21:47:22 A.... 629,760 615.00 K
x264vfw.dll Tue 7 Nov 2006 8:08:38 A.... 558,592 545.50 K
x3daud~2.dll Wed 15 Nov 2006 11:38:22 A.... 15,128 14.77 K
xa3c56~1.dll Fri 8 Dec 2006 12:02:00 A.... 251,672 245.77 K
xpsp3res.dll Mon 23 Oct 2006 11:01:24 A.... 248,320 242.50 K
xvidcore.dll Wed 1 Nov 2006 14:52:38 A.... 765,952 748.00 K
xvidvfw.dll Wed 1 Nov 2006 14:54:30 A.... 180,224 176.00 K

138 items found: 138 files, 0 directories.
Total of file sizes: 86,140,584 bytes 82.15 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 18B8-E50E

Directory of C:\WINDOWS\System32

10/01/2007 18:12 <DIR> dllcache
02/01/2007 17:19 <DIR> Microsoft
0 File(s) 0 bytes
2 Dir(s) 115,043,524,608 bytes free

[Red Wine]

kichik has released a tool. More info at,
http://kichik.net/