Help - Search - Members - Calendar
Full Version: HijackThis Log for XP with bolenja, bolenjx?
BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal
   
GRBrown
Jan 14 2009, 01:47 AM
Hi Everyone,

First of all let me extend my gratitude for any assistance, or for that matter any attempts at providing assistance, that those on this forum provide. It is most definitely appreciated in the extreme. Secondly, let me apologize in advance if I somehow misstep and don't follow the correct protocols for an initial post. The computer that is having difficulties is actually my Back of House Computer for a store that I own, and I just happened to have HijackThis with me, so I ran it, copied the log, and am now posting what I've got. If more information is needed just let me know and I will gladly provide it. So, without further adieu, the problems I'm having:

Windows XP Computer
This is the Back of House computer for my store which Runs the AlohaQS Software (Basically a Cash Register Program) for my actual front cash register.
Definite Uglies on the Computer are Bolenja.exe and Bolenjx.exe... there may very well be others.
Some industrious employee got on the computer when it wasn't locked down and managed to mess things up pretty thoroughly.
In addition to the distinct Spyware items, there are also a number of misguided attempts to perhaps fix what they broke.
Record/Logs with names like Spy-Rid, spyguard.exe,

Also when the computer boots up into Windows XP it pops up and error message that reads the following:

C:\WINDOWS\shell.exe Windows cannot find C:\WINDOWS\shell.exe. Make sure you type the name correctly and then try again.

I close this window out and then I have access to my files and folders, but cannot access the Control Panel (it's not even listed) and periodically I get an error message that inidicates that access to the Registry Editor (or regedit) has been disabled by the administrator. Or something to that effect.

Well those are the basics and here is the HiJackThis log for my computer as well as the startuplist. Any help would be great. Thanks again in advance. Sincerely G.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:52 PM, on 1/13/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\System32\ctfmon.exe
C:\AlohaQS\bin\CTLSVR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Alohboh\Desktop\HJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {06DBC41D-B12E-4133-876A-64E0C8FDD1D3} - C:\WINDOWS\System32\APPHEL.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\Helper8.dll
O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\ssqqpqo.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [bolenja] bolenja.exe
O4 - HKLM\..\Run: [bolenjx] bolenjx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-21-2248645817-3289682256-113954702-1009\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted IP range: http://192.168.2.1
O15 - Trusted IP range: http://192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8379DF-D0D2-4C2E-999C-F03572DBA64A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8379DF-D0D2-4C2E-999C-F03572DBA64A}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\kus109.dat
O20 - Winlogon Notify: csfdll - C:\WINDOWS\Media\smartwarxyu.dll
O20 - Winlogon Notify: ssqqpqo - C:\WINDOWS\SYSTEM32\ssqqpqo.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VHJvcGljYWwgU21vb3RoaWUgVHJvcGljYWwgUw\command.exe (file missing)
O23 - Service: CtlSvr - Ibertech, Inc - C:\AlohaQS\bin\CTLSVR.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6390 bytes

And then here is the startuplist....

StartupList report, 1/13/2009, 11:13:56 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Alohboh\Desktop\HJackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\System32\ctfmon.exe
C:\AlohaQS\bin\CTLSVR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Alohboh\Desktop\HJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
IntelMeM = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe
lsass = C:\WINDOWS\lsass.exe
bolenja = bolenja.exe
bolenjx = bolenjx.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\system32\kus109.dat

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe C:\WINDOWS\shell.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\SS3DFO.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\System32\APPHEL.dll - {06DBC41D-B12E-4133-876A-64E0C8FDD1D3}
e404 helper - C:\Program Files\Helper\Helper8.dll - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
(no name) - C:\WINDOWS\system32\ssqqpqo.dll - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}

--------------------------------------------------

Enumerating Task Scheduler jobs:

At1.job
At2.job
At3.job
At4.job
At5.job
At6.job
At7.job
At8.job
ISP signup reminder 1.job
Norton AntiVirus - Scan my computer - Alohboh.job
PCA.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8204.5217939815

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: c:\windows\system32\multikz.exe||C:\Documents and Settings\Alohboh\Application Data\xvvid.nsf||C:\Documents and Settings\Alohboh\Application Data\xvvid.nsf|||n

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,334 bytes
Report generated in 0.062 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Any thoughts? smile.gif
fenzodahl512
Jan 14 2009, 05:03 AM
Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.




NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..
GRBrown
Jan 14 2009, 06:43 PM
Hey Fenzodahl,

Thank you very much for the guidance thus far. Here's where I am at regarding the directions you provided.

First, Malwarebytes would not install with a normal bootup. Each Time I tried it got cut off, often before the actual installation even began. Even changing the name of the executable file did not change this behavior (I tried this because it was required for getting HijackThis to run originally). So ultimately I rebooted into Safe Mode on Windows XP and I was finally able to install Malwarebytes; but as such MalwareBytes was run with windows in Safe Mode (I'm just not sure if that affects the results).

Malwarebytes was run successfully, and I followed your procedures exactly. It seems most of the files it tagged were quarantine as oppossed to deleted, but perhaps this is the norm. Upon reboot it did do an additional chkdsk scan and some other exciting stuff before loading windows... which I assume was simply apart of the "deleteing files that have to be deleted on reboot" process that Malwarebytes prompted me on.

Once the computer finished the "extra procedures" and fully booted into windows, I noticed that I still do not have a Control Panel Option.

I then installed and ran both RSIT and GMER, which installed without difficulty and ran fine with a normal Windows XP bootup.

The only other quirk is the following "Warning Message" popped up at various times (which was present before, and I assume is a portion of the Malware on the computer).

It said:

Windows Security Alert

Warning! Potential Spyware Operation! Your computer is making unauthorised copies of your system and Internet files. Run full scan now to prevent any unauthorised access to your files! Click YES to download Spyware Remover ...

It only allowed a Yes or No option, as the close (X) option was greyed out.

Well that gives you all the details of the procedures you outline, so as you requested I will now post the logs from each of the steps you requested in their own sections.

Thanks again for all the help and I look forward to your next suggestions.

Sincerely,

GRBrown

GRBrown
Jan 14 2009, 06:45 PM
Here is the Malwarebytes Log:


Malwarebytes' Anti-Malware 1.32
Database version: 1653
Windows 5.1.2600 Service Pack 1

1/14/2009 5:16:16 PM
mbam-log-2009-01-14 (17-16-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 339339
Time elapsed: 34 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 126
Registry Values Infected: 10
Registry Data Items Infected: 8
Folders Infected: 8
Files Infected: 132

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\ddccc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\ssqqpqo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\xlibgfl254.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c58094f-50e6-44bb-b816-b1bf6a5aff3e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c58094f-50e6-44bb-b816-b1bf6a5aff3e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a397109a-f3bb-4b2e-87c8-d1371cd4ea05} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a397109a-f3bb-4b2e-87c8-d1371cd4ea05} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff64059d-4d2a-4d6b-aa0f-2ee4a2fe3856} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqpqo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ff64059d-4d2a-4d6b-aa0f-2ee4a2fe3856} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06dbc41d-b12e-4133-876a-64e0c8fdd1d3} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{06dbc41d-b12e-4133-876a-64e0c8fdd1d3} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f10587e9-0e47-4cbe-84ae-7dd20b8684bb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f10587e9-0e47-4cbe-84ae-7dd20b8684bb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popupblocker.iegpb (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popupblocker.iegpb.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbiebho.iefw (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbiebho.iefw.2 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0037f041-5ec7-46aa-be24-6b4e01215611} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01181392-ea52-4aef-88fa-1cbcd8de6825} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{012c872d-6d66-499a-b69d-4a9c63690262} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07a25120-a92b-4baa-a514-eed6667d6d83} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07c02614-ef46-41a4-88c9-2a867848b31d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{102c560b-d15c-4ba1-b163-7bb4acd26c34} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{12c7b02f-145d-46a4-b2e8-4255b601230a} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13c1e692-405a-430c-9ac7-3c274369ff71} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{15e0b9d1-6869-4b44-b64d-f60a350e725c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{165bc2ec-0b03-4bd6-9e60-6323427b01ed} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1690de52-5b60-42ca-9688-16b1a233094c} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{170b0977-27ea-426e-9b38-febab1724a1f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a8af5b9-87c4-454a-965f-8b1e00a51d93} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1b01b4f2-4cc1-4154-ab18-20a0bc553d24} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1bc793ee-2447-4034-858a-de65d6d2bec9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f5cf3c9-f384-4bce-b9a1-c5a00c6f2872} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{26ab4ac4-23d3-4004-b9d8-bff54166503c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b68f0b9-3294-4e83-b026-d30894a6b062} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{354242fc-4dde-48fd-9960-8801b4cf5cf4} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{36d8eec8-86fe-41ab-917d-b1db221347fc} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{39038d48-70ac-4b19-beb8-88cad47f2deb} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4689349f-0b3a-4698-a404-2e81c9b05acc} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d56ddff-895a-438f-9b16-54618b3a47f7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e30c4b0-1fb1-427d-90b3-be85c877b236} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4f3145e3-67de-4654-9eaf-d72133fe65e7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4fb926ad-73e7-4bf5-bbf1-58a8f3eeb289} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59da55f2-d42c-492e-8cee-897717d47877} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{605196d3-a6cc-43ac-8104-e8cdca25ef58} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{627fb506-61e4-4d02-bdaf-bfd38c75e43f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65b96902-f3e3-4391-a523-848f1d30b12b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6fe6d492-28b1-4a8d-88e9-22e1e3530da0} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76e3de06-3f95-4b6e-91b4-710498e437f4} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{89107b18-d3d4-46cb-8045-1af57b8c4535} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8c4e45a4-fdbc-4de0-8d1f-4ec38d4f3023} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ed41818-1cb1-4d9e-8a21-4f7edf9b59c3} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{957de9d3-6ca7-4e7e-aa1d-3d13eb7cf99b} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a914b7cf-086d-4fe0-9108-3d72b97e5c2c} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a9e3320e-52a9-4cb1-892f-ae8088d68a8e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aa958db8-1102-4091-ac05-ecbc7b2e426d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ad33aad5-f364-430f-8e2d-ce034150afdf} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae539347-f840-4c45-83d2-6e9225a3ec62} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae57830d-be33-4935-9d91-62f2eb0e8be3} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b6a908fa-6237-4791-ac61-8b6a28add9b6} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c7eb7da1-0b05-40d5-b73a-4b5ea77e7d67} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ca27a95a-2b8c-478d-af5e-2e1761467eb4} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb32d487-2bdb-49ed-8b75-8ebfe6b0990b} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cc789624-c0d2-469b-a34b-fc32117194e9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cda873d3-a380-4b32-b4b7-a25d2e63cdba} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf612595-40eb-443d-9bc2-2165aba6352f} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dcd09900-b1db-4855-a41a-6245c1b2bcba} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2e7d7e7-ea40-4cc3-89fb-fc6c43c8ca77} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e3cd3689-b032-4d47-8d5f-d886628914a6} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4fb5b1d-83e5-4df3-892d-1a0e48f91e75} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e52bddde-b92c-4174-8247-21d9118fa036} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e5a292c6-2ce5-4702-b1fc-1f9d5f7f810d} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e691676d-381a-4fa2-8188-f8597aa5e789} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e6c3097f-1cf8-4563-8318-d25ccaaa1191} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e779dc78-51e9-4630-a8d4-c9ae3548c6c7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e8e367a1-57d1-49cb-b1b0-192b95bd5e6a} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e9c36375-c7a5-45f7-8b78-ad56965903e7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ebeabc4b-ae96-45cf-b5c8-fef6364a6d41} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ef9aa426-50f9-4d27-94ba-8844a165ddd5} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f084f574-f1b6-4e2b-9338-b321082693fc} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f4d40fe2-8fef-45b0-8ddc-8fbd080e6a37} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f6185cf5-6a50-4be8-8f13-c4b8a13641f9} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fecb6f44-0b53-43c3-b5e8-aa03ece60aa9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d2436533-33f9-495c-9cd9-daf21e67ffeb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/webinst.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ea7522f6-87cf-411e-8a55-19ee4344b676} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80cc53df-d8b9-44b1-8c3c-20fac46265d0} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d25bb2a-dd6e-4244-89ed-9fe0628e852a} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e28b42f8-56a7-4828-8a74-002f4177204d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0dca13e-41d3-5d2f-895d-3be6738708ec} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhlp (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\dhlp (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhlp (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv (Rootkit.Agents) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\secdrv (Rootkit.Agents) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv (Rootkit.Agents) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ultra soft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\webinst.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\InfeStop (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\pblock.DLL (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WebBuying (Adware.WebBuying) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0c8d6e0c (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ff64059d-4d2a-4d6b-aa0f-2ee4a2fe3856} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\webinst.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsass (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddccc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddccc -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Vundo) -> Data: xlibgfl254.dll -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe C:\WINDOWS\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\SpyGuardPro (Rogue.SpyGuardPro) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Application Data\ultra (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\rkyseb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ddccc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\cccdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cccdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ssqqpqo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\kckryigt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tgiyrkck.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nktfpuil.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\liupftkn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\norbtymc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cmytbron.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ybokoqwl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lwqokoby.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\APPHEL.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\xlibgfl254.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Helper\Helper8.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\webinst.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\wsusupd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Application Data\nvsvc1024.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Desktop\From Program Files\3269.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Desktop\From Program Files\ucleaner_setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Desktop\Temp probably spyware pulled from docnsettings alohaboh appdata\sysfixer.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\!update.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\.tt301.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\16power.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\3264.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\32look.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\32mon.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\32win.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\6464.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\64win.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\agent16.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\agentpower.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\agentsyn.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\agentsys.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\agentwin.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\host32.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\hostagent.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\hostpower.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\hostsys.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\hostwin.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\lookhost.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\looksv.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\mon32.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\monlook.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\monsyn.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\powerhost.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\powerlook.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\powersv.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\powerwin.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\serverhost.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\serverpower.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\svsys.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\syn16.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\synsv.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\synsyn.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\sys64.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\sysagent.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\sysserver.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\syssyn.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\syswin.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\winhost.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\winserver.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\winsyn.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\winsys.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\Temporary Internet Files\Content.IE5\8XYROPMB\3269[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\Temporary Internet Files\Content.IE5\8XYROPMB\spoolsv[1].exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temporary Internet Files\Content.IE5\HR1KCDWF\CAH8IHTB (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temporary Internet Files\Content.IE5\HR1KCDWF\CAIFWPIV (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temporary Internet Files\Content.IE5\I12RSBID\!update-4495[1].0000 (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temporary Internet Files\Content.IE5\I12RSBID\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temporary Internet Files\Content.IE5\P80STL4W\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\spoolsv.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\TTC.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\MSN\niqyrezim4444.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MSN\niqyrezim83122.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238\A0770145.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0800289.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0800290.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}(2)\RP226(2)\snapshot(2)\MFEX-6020.DAT (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hgghghe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\iifghge.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mkpiffi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qomkifg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqrpolk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tuvstsq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vdqrnjiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wlcq.dll (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\abc2\bmbrpl2.exe (Trojan.ZQuest) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\dhlp.sys (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS (Rootkit.Agents) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hel9\pozpwb23.exe (Adware.WebBuying) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\oc9\qopre83122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Application Data\ultra\uninstall.bat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\snapsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\yazzsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Local Settings\Temp\wavvsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Media\temp.bat (Spyware.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\INF\ultra.inf (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\INF\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bolenja.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\spoolvs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\printer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\users32.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wowfx.dll (Trojan.QHost) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Application Data\Microsoft\Internet Explorer\Quick Launch\InfeStop.lnk (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Application Data\Microsoft\Internet Explorer\Quick Launch\Spy-Rid remover.lnk (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Spyware Cleaner.lnk (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\b122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mgrs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Spyware Remover.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Casino.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Free Online Dating.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alohboh\Application Data\printer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Program Files\smss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\core.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
GRBrown
Jan 14 2009, 06:46 PM
Here is the RSIT LOG.TXT file:


Logfile of random's system information tool 1.05 (written by random/random)
Run by Alohboh at 2009-01-14 17:28:01
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 65 GB (85%) free of 76 GB
Total RAM: 510 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:18 PM, on 1/14/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\bolenja.exe
C:\WINDOWS\bolenjx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AlohaQS\bin\CTLSVR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Alohboh\Desktop\RSIT.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\trend micro\Alohboh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06DBC41D-B12E-4133-876A-64E0C8FDD1D3} - C:\WINDOWS\System32\APPHEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [bolenja] bolenja.exe
O4 - HKLM\..\Run: [bolenjx] bolenjx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted IP range: http://192.168.2.1
O15 - Trusted IP range: http://192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8379DF-D0D2-4C2E-999C-F03572DBA64A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8379DF-D0D2-4C2E-999C-F03572DBA64A}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\kus109.dat
O20 - Winlogon Notify: csfdll - C:\WINDOWS\Media\smartwarxyu.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CtlSvr - Ibertech, Inc - C:\AlohaQS\bin\CTLSVR.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6142 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Alohboh.job
C:\WINDOWS\tasks\PCA.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06DBC41D-B12E-4133-876A-64E0C8FDD1D3}]
C:\WINDOWS\System32\APPHEL.dll [2002-08-29 84480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-17 844048]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2004-10-28 103568]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-01-10 218736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2008-01-21 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe []
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2008-01-21 221184]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe []
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe [2008-01-21 172032]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-01-21 1404928]
"bolenja"=C:\WINDOWS\bolenja.exe [2009-01-14 5120]
"bolenjx"=C:\WINDOWS\bolenjx.exe [2009-01-14 14336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bolenja]
C:\WINDOWS\bolenja.exe [2009-01-14 5120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bolenjx]
C:\WINDOWS\bolenjx.exe [2009-01-14 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-03-23 58992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2008-01-21 218240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe [2008-01-21 100056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\kus109.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csfdll]
C:\WINDOWS\Media\smartwarxyu.dll [2007-12-21 51712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2003-10-31 8704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoControlPanel"=1
"NoWindowsUpdate"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Alohboh\Application Data\printer.exe"="C:\Documents and Settings\Alohboh\Application Data\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\printer.exe"="C:\WINDOWS\System32\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\spoolvs.exe"="C:\WINDOWS\System32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\shell.exe"="C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Start Menu\Programs\Startup\findfast.exe"="C:\Documents and Settings\Alohboh\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\system32\winav.exe"="%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\mcrupdate.exe"="C:\Documents and Settings\Alohboh\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\pcant.exe"="C:\Documents and Settings\Alohboh\Application Data\pcant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\sysfixer.exe"="C:\Documents and Settings\Alohboh\Application Data\sysfixer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\pcpriv.exe"="C:\Documents and Settings\Alohboh\Application Data\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\trant.exe"="C:\Documents and Settings\Alohboh\Application Data\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\avsyscare.exe"="C:\Documents and Settings\Alohboh\Application Data\avsyscare.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Documents and Settings\Alohboh\Application Data\printer.exe"="C:\Documents and Settings\Alohboh\Application Data\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\printer.exe"="C:\WINDOWS\System32\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\spoolvs.exe"="C:\WINDOWS\System32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\shell.exe"="C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Start Menu\Programs\Startup\findfast.exe"="C:\Documents and Settings\Alohboh\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\system32\winav.exe"="%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\mcrupdate.exe"="C:\Documents and Settings\Alohboh\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\pcant.exe"="C:\Documents and Settings\Alohboh\Application Data\pcant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\sysfixer.exe"="C:\Documents and Settings\Alohboh\Application Data\sysfixer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\pcpriv.exe"="C:\Documents and Settings\Alohboh\Application Data\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\trant.exe"="C:\Documents and Settings\Alohboh\Application Data\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Alohboh\Application Data\avsyscare.exe"="C:\Documents and Settings\Alohboh\Application Data\avsyscare.exe:*:Enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-01-14 17:28:01 ----D---- C:\rsit
2009-01-14 17:28:01 ----D---- C:\Program Files\trend micro
2009-01-14 17:24:00 ----A---- C:\WINDOWS\System32\multikz.exe
2009-01-14 16:38:39 ----D---- C:\Documents and Settings\Alohboh\Application Data\Malwarebytes
2009-01-14 16:28:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-14 16:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-14 13:01:29 ----A---- C:\WINDOWS\bolenjx.exe
2009-01-07 15:45:22 ----A---- C:\WINDOWS\bolenja.exe
2009-01-07 14:00:42 ----D---- C:\WINDOWS\pss
2008-12-29 05:34:02 ----A---- C:\WINDOWS\System32\07aeaa72-.txt
2008-12-29 05:33:49 ----ASH---- C:\WINDOWS\System32\llkkj.ini

======List of files/folders modified in the last 3 months======

2009-01-14 17:28:01 ----RD---- C:\Program Files
2009-01-14 17:24:53 ----D---- C:\WINDOWS\Temp
2009-01-14 17:24:26 ----A---- C:\WINDOWS\ModemLog_BCM V.90 56K Modem.txt
2009-01-14 17:24:19 ----D---- C:\WINDOWS\Debug
2009-01-14 17:24:00 ----D---- C:\WINDOWS\SYSTEM32
2009-01-14 17:23:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-14 17:18:18 ----D---- C:\WINDOWS\System32\DRIVERS
2009-01-14 17:18:18 ----D---- C:\WINDOWS
2009-01-14 17:17:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-14 17:16:15 ----D---- C:\WINDOWS\System32\oc9
2009-01-14 17:16:15 ----D---- C:\WINDOWS\System32\hel9
2009-01-14 17:16:15 ----D---- C:\WINDOWS\System32\abc2
2009-01-14 17:16:14 ----D---- C:\Program Files\Helper
2009-01-14 16:31:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-14 16:27:25 ----D---- C:\WINDOWS\Prefetch
2009-01-14 13:03:25 ----D---- C:\AlohaQS
2009-01-12 10:18:09 ----A---- C:\WINDOWS\WIN.INI
2009-01-07 15:47:13 ----RASH---- C:\BOOT.INI
2009-01-07 15:47:13 ----A---- C:\WINDOWS\SYSTEM.INI
2009-01-07 15:35:31 ----RD---- C:\WINDOWS\Web
2009-01-07 15:35:00 ----A---- C:\WINDOWS\System32\bolenjcfa.txt
2009-01-05 14:36:05 ----D---- C:\WINDOWS\System32\CatRoot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-23 16984]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-04-21 10901]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R2 ASCTRM;ASCTRM; C:\WINDOWS\System32\drivers\ASCTRM.sys [2004-06-23 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 hardlock;hardlock; \??\C:\WINDOWS\System32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\System32\drivers\Haspnt.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-10-21 21568]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050615.008\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050615.008\NavEx15.Sys []
R3 SAVRT;SAVRT; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-08-02 28160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-08-02 25216]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-08-02 53120]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-08-02 19328]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 37504]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680]
S3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
S3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
S3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
S3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-28 891711]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050512.030\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2001-08-17 25472]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2001-08-17 29056]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2001-08-17 27648]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2001-08-17 27648]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2002-08-29 4736]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2001-08-17 26112]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2001-08-17 27392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-03-23 198256]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2005-03-23 235120]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-03-23 165488]
R2 CtlSvr;CtlSvr; C:\AlohaQS\bin\CTLSVR.EXE [2002-02-24 1703936]
R2 ISSVC;ISSvc; C:\Program Files\Norton Internet Security\ISSVC.exe [2005-04-18 83584]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2005-01-10 177264]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2007-06-14 63024]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2005-05-06 822424]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2002-08-29 250368]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2005-01-10 67184]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2003-10-31 106496]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-03-23 79472]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-03-07 198368]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]

-----------------EOF-----------------
GRBrown
Jan 14 2009, 06:48 PM
Here is the RSIT INFO.TXT file:


info.txt logfile of random's system information tool 1.05 2009-01-14 17:28:28

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Broadcom Management Programs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
CC_ccProxyExt-->MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore-->MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support-->MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
DirectX 9 Hotfix - KB839643-->C:\WINDOWS\$NtUninstallKB839643-DirectX9$\spuninst\spuninst.exe
HASP Device Driver-->C:\WINDOWS\System32\UNWISE.EXE C:\WINDOWS\System32\hdd32.log
HijackThis 2.0.2-->"C:\Documents and Settings\Alohboh\Desktop\HijackThis.exe" /uninstall
HP PSC & Officejet 4.2 Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{AC1314E7-D28C-40A1-B322-80D2868D35CE}\setup\hpzscr01.exe" -datfile hposcr04.dat
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins004.exe"
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896426)-->"C:\WINDOWS\$NtUninstallKB896426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec pcAnywhere-->MsiExec.exe /I{F05E8183-866A-11D3-97DF-0000F8D8F2E9}
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Ultr@VNC Release 1.0.0 RC 18 - Win32-->"C:\Program Files\UltraVNC\unins000.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Player Hotfix [See Q828026 for more information]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
Windows XP Hotfix - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
Windows XP Hotfix - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
Windows XP Hotfix - KB833407-->C:\WINDOWS\$NtUninstallKB833407$\spuninst\spuninst.exe
Windows XP Hotfix - KB833987-->C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe
Windows XP Hotfix - KB837001-->C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
Windows XP Hotfix - KB839645-->C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe
Windows XP Hotfix - KB840315-->C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe
Windows XP Hotfix - KB840374-->C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
Windows XP Hotfix - KB841356-->C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe
Windows XP Hotfix - KB841873-->C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe
Windows XP Hotfix - KB871250-->C:\WINDOWS\$NtUninstallKB871250$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883939-->"C:\WINDOWS\$NtUninstallKB883939-IE6SP1-20050428.125228$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891711-->C:\WINDOWS\$NtUninstallKB891711$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Hotfix - KB897715-->"C:\WINDOWS\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe"

System event log

Computer Name: ALOHABOH
Event Code: 26
Message: Application popup: regsvr32.exe - Application Error : The instruction at "0x7474ca0c" referenced memory at "0x00851004". The memory could not be "read".

Click on OK to terminate the program

Record Number: 825
Source Name: Application Popup
Time Written: 20081122200340.000000-300
Event Type: information
User:

Computer Name: ALOHABOH
Event Code: 26
Message: Application popup: regsvr32.exe - Application Error : The instruction at "0x7474ca0c" referenced memory at "0x00851004". The memory could not be "read".

Click on OK to terminate the program

Record Number: 824
Source Name: Application Popup
Time Written: 20081122200229.000000-300
Event Type: information
User:

Computer Name: ALOHABOH
Event Code: 26
Message: Application popup: regsvr32.exe - Application Error : The instruction at "0x7474ca0c" referenced memory at "0x00851004". The memory could not be "read".

Click on OK to terminate the program

Record Number: 823
Source Name: Application Popup
Time Written: 20081122200119.000000-300
Event Type: information
User:

Computer Name: ALOHABOH
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.

Record Number: 822
Source Name: W32Time
Time Written: 20081122181251.000000-300
Event Type: error
User:

Computer Name: ALOHABOH
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 821
Source Name: W32Time
Time Written: 20081122181251.000000-300
Event Type: error
User:

Application event log

Computer Name: ALOHABOH
Event Code: 26
Message: Application starting

Record Number: 5
Source Name: ccEvtMgr
Time Written: 20080111070209.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ALOHABOH
Event Code: 1
Message: Application started

Record Number: 4
Source Name: ccSetMgr
Time Written: 20080111070209.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ALOHABOH
Event Code: 26
Message:
Record Number: 3
Source Name: ISService
Time Written: 20080111070209.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ALOHABOH
Event Code: 26
Message: Application starting

Record Number: 2
Source Name: ccSetMgr
Time Written: 20080111070209.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ALOHABOH
Event Code: 26
Message: Application starting

Record Number: 1
Source Name: ccProxy
Time Written: 20080111070209.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"IBERDIR"=C:\AlohaQS
"IBERROOT"=AlohaQS
"NUMBER_OF_PROCESSORS"=1
"NUMTERMS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\Symantec\pcAnywhere\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0207
"ROBUST"=TRUE
"SERVER"=ALOHABOH
"TEMP"=%SystemRoot%\TEMP
"TERMSTR"=TERM
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------
GRBrown
Jan 14 2009, 06:49 PM
And Finally, here are the GMER scan results:


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-14 17:45:31
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT 822E7F98 ZwConnectPort

INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) EF6AF16D
INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) EF6AEFC2

Code rxnskyhv.dat ObOpenObjectByName

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntoskrnl.exe!ObOpenObjectByName 805556C9 6 Bytes JMP F87B8312 rxnskyhv.dat
? rxnskyhv.dat The system cannot find the file specified. !
.text ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00380429

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[212] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00910429
.text C:\WINDOWS\system32\winlogon.exe[456] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00490429
.text C:\WINDOWS\system32\winlogon.exe[456] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 004905D0
.text C:\WINDOWS\system32\winlogon.exe[456] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 00490526
.text C:\WINDOWS\system32\winlogon.exe[456] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 00490543
.text C:\WINDOWS\system32\services.exe[504] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00520429
.text C:\WINDOWS\system32\services.exe[504] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005205D0
.text C:\WINDOWS\system32\services.exe[504] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 00520526
.text C:\WINDOWS\system32\services.exe[504] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 00520543
.text C:\WINDOWS\system32\lsass.exe[516] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00500429
.text C:\WINDOWS\system32\lsass.exe[516] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005005D0
.text C:\WINDOWS\system32\lsass.exe[516] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 00500526
.text C:\WINDOWS\system32\lsass.exe[516] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 00500543
.text C:\AlohaQS\bin\CTLSVR.EXE[600] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 003A0429
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[660] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00890429
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[712] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 003C0429
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[712] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 003C05D0
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[712] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 003C0526
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[712] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 003C0543
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[880] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 005F0429
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[880] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005F05D0
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[880] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 005F0526
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[880] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 005F0543
.text C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe[956] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00840429
.text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00560429
.text C:\WINDOWS\System32\svchost.exe[1148] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005605D0
.text C:\WINDOWS\System32\svchost.exe[1148] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 00560526
.text C:\WINDOWS\System32\svchost.exe[1148] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 00560543
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00560429
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005605D0
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 00560526
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 00560543
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1344] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 003C0429
.text C:\WINDOWS\bolenja.exe[1352] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00370429
.text C:\WINDOWS\bolenjx.exe[1360] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00850429
.text C:\WINDOWS\System32\ctfmon.exe[1368] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00380429
.text C:\WINDOWS\System32\svchost.exe[1384] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00500429
.text C:\WINDOWS\System32\svchost.exe[1384] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005005D0
.text C:\WINDOWS\System32\svchost.exe[1384] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 00500526
.text C:\WINDOWS\System32\svchost.exe[1384] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 00500543
.text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00560429
.text C:\WINDOWS\System32\svchost.exe[1472] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005605D0
.text C:\WINDOWS\System32\svchost.exe[1472] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 00560526
.text C:\WINDOWS\System32\svchost.exe[1472] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 00560543
.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00500429
.text C:\WINDOWS\System32\svchost.exe[1516] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005005D0
.text C:\WINDOWS\System32\svchost.exe[1516] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 00500526
.text C:\WINDOWS\System32\svchost.exe[1516] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 00500543
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 007A0429
.text C:\WINDOWS\system32\spoolsv.exe[1736] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 007A05D0
.text C:\WINDOWS\system32\spoolsv.exe[1736] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 007A0526
.text C:\WINDOWS\system32\spoolsv.exe[1736] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 007A0543
.text C:\WINDOWS\Explorer.EXE[1868] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 007B0429
.text C:\WINDOWS\Explorer.EXE[1868] ntdll.dll!NtQueryDirectoryFile 77F5BD48 6 Bytes PUSH 131451AC; RET
.text C:\WINDOWS\Explorer.EXE[1868] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 007B05D0
.text C:\WINDOWS\Explorer.EXE[1868] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 007B0526
.text C:\WINDOWS\Explorer.EXE[1868] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 007B0543
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1880] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00380429
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1880] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 003805D0
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1880] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 00380526
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1880] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 00380543
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1968] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 005F0429
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1968] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005F05D0
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1968] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 005F0526
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1968] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 005F0543
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1984] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 005E0429
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1984] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005E05D0
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1984] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 005E0526
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1984] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 005E0543
.text C:\Documents and Settings\Alohboh\Desktop\gmer\gmer.exe[2012] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 00380429
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[2044] ntdll.dll!LdrLoadDll 77F56F1B 5 Bytes JMP 005F0429
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[2044] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 005F05D0
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[2044] WS2_32.dll!connect 71AB3E5D 5 Bytes JMP 005F0526
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[2044] WS2_32.dll!WSAConnect 71ABF6AF 5 Bytes JMP 005F0543

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A9B0] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0A93A800] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0A93A890] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [0A93AB10] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A9B0] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0A93A800] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [0A93AB10] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0A93A890] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A9B0] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0A93A890] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [0A93AB10] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0A93A800] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0A93A800] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0A93A890] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [0A93AB10] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0A93A890] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0A93A800] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [0A93AB10] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [0A93A9B0] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\OLE32.DLL [KERNEL32.dll!FreeLibraryAndExitThread] [0A93AB40] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [0A93A800] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [0A93AB10] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [0A93A890] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0A93A800] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0A93A890] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0A93A920] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A9B0] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [0A93AB10] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0A93A920] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0A93A9B0] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0A93A890] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [0A93AB10] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93AB40] C:\AlohaQS\bin\SHW32.dll
IAT C:\AlohaQS\bin\CTLSVR.EXE[600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0A93A800] C:\AlohaQS\bin\SHW32.dll

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Software)

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \FatCdrom ShlDrv51.sys (PandaShield driver/Panda Software)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat ShlDrv51.sys (PandaShield driver/Panda Software)

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.14 ----

Service system32\drivers\rxnskyhv.dat (*** hidden *** ) [BOOT] eljalihj <-- ROOTKIT !!!

---- EOF - GMER 1.0.14 ----
fenzodahl512
Jan 15 2009, 03:32 AM
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  2. During the download, rename Combofix to Combo-Fix as follows:





  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  7. Double click on combo-Fix.exe & follow the prompts.
  8. When finished, it will produce a report for you.
  9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
GRBrown
Jan 16 2009, 01:08 AM
Hey Wan,

I did as you instructed and ran Combo-Fix, however I did encounter a couple of hiccups along the way and unfortunately your instructions did not provide specific information about how to deal with the occurences that arose. Here's what happened:

Ran the renamed Combo-Fix from the desktop.

It started fine, but then fairly quickly it told me that I did not have the "Windows Recovery Console" installed on my computer, and then asked me (with strong encouragements) whether I would like to download and install it now. Since I didn't have any specific feedback within your instructions I selected "No". Was this the correct thing to do, or should I have first downloaded and installed the Windows Recovery Console as Combo-Fix recommended?
*Please keep in mind, as a relative newb when it comes to these particular procedures for malware removal I feel like I'm on very uncertain ground. Therefore, because your instructions said to "close any open browsers" and that "Combofix will disconnect your machine from the Internet as soon as it starts" and "Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished", I took the more conservative/cautious approach and avoided deviating from what your instructions told me to do. As such I might recommend that in the future when you are giving instructions related to Combo-Fix that you specifically address this prompt about the Windows Recovery Console and what the person should do when prompted to download it... that will just give newbs greater confidence about the process. smile.gif

After answering "No" to the WRC download question Combo-Fix ran smoothly and went through it's different stages just fine.

Then Combo-Fix said that it was now going to "reboot windows"! Well it sat, and sat, and sat, and sat, and after 30 minutes it still had not rebooted windows. So, not knowing any better, I went ahead and did a manual reboot.

Upon the reboot everything loaded up basically fine, so I relauched Combo-Fix and ran it again (figuring it had stalled). Again I was prompted about the WRC download... I said No, and again it completed all it's stages, and then once more it announced that Combo-Fix was going to "reboot windows", only this time it finished the message and said.. "DO NOT Manually reboot the computer". [It did not say this the first time]

In any event this time it rebooted after about only 2 or 3 minutes, created the log, and everything ended fine.

I copied the log, ran HijackThis again, copied those logs and here we are.

So, to summarize and clarify, the first time I ran Combo-Fix it got all the way to the rebooting stage, but never completed the process and never created a log. It only fully ran correctly and produced a log on the SECOND running of Combo-Fix and that is what I am posting below. Also, I ran HijackThis with the default settings, and I also ran the startuplist portion but both of the boxes next to the run button for that startuplog were left "unchecked" [in case that matters].

Oh, and after successfully running all of this when I would reboot the computer it would load up Windows fine, but it would run sluggishly... then after 3-5 minutes the desktop would sort of "refresh/reload" and then it would respond more quickly? Don't know if that means something or not.

My last little tidbit before posting the logs would only be a little suggestion for the future: Maybe include in your instructions specific guidance on whether or not to download and install the Windows Recovery Console when prompted. And, approximately how many stages there are so people don't panic when it takes awhile. And finally, notify them that Combo-Fix will "reboot windows" part way through the process and let them know how long this should take. [And while we are on it, how long should it take for this to happen? Should I have waited longer than the 30 minutes? Just curious] Anyway, those are my suggestions that might make things clearer for me, or people like me, when working through these procedures. That's just my 2 cents.

Now let me state very clearly that I am extremely pleased and thankful for your assistance, I feel like we've made solid progress for which I am truly grateful. My comments above are only designed to be constructive feedback on how you can give greater guidance, and in turn greater confidence, when dealing with people who are pretty unfamiliar with this process and the programs involved.

Once more thank you very much for you time and assistance Wan, it is very much appreciated!!! smile.gif

Now then, the logs are listed below in their own posts.

I look forward to your next suggestions.

Sincerely,
G
GRBrown
Jan 16 2009, 01:11 AM
Combo-Fix Log [Remember, this is the log from what as technically the second running of Combo-Fiz]


ComboFix 09-01-13.04 - Alohboh 2009-01-15 21:32:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.510.303 [GMT -5:00]
Running from: c:\documents and settings\Alohboh\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ini.ini\
c:\windows\system32\gehmyyxb.ini
c:\windows\system32\kus109.dat
c:\windows\system32\llkkj.ini
.
---- Previous Run -------
.
c:\documents and settings\Alohboh\Application Data\YSTEM3~1
c:\documents and settings\Alohboh\Application Data\YSTEM3~1\d?dplay.exe
c:\documents and settings\Alohboh\ResErrors.log
c:\program files\Common Files\scurit~1
c:\program files\Common Files\scurit~1\dvdplay.ex_
c:\program files\Common Files\scurit~1\s?curity\
c:\program files\Helper
c:\program files\Helper\ifastseek.dll
c:\program files\ini.ini\
c:\temp\tn3
c:\windows\bolenja.exe
c:\windows\bolenjx.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\icroso~1.net
c:\windows\icroso~1.net\?icrosoft.NET\
c:\windows\IE4 Error Log.txt
c:\windows\kus109.dat
c:\windows\Media\F2233warxy11.dll
c:\windows\Media\smartwarxyu.dll
c:\windows\system32\abc2
c:\windows\system32\drivers\fad.sys
c:\windows\system32\ex1
c:\windows\SYSTEM32\fhkmp.ini
c:\windows\SYSTEM32\fhkmp.ini2
c:\windows\system32\idcfap.bmp
c:\windows\system32\ineWc01
c:\windows\system32\ineWc01\ineWc011065.exe
c:\windows\system32\kus109.dat
c:\windows\system32\multikz.exe
c:\windows\system32\oc9
c:\windows\SYSTEM32\stvwa.ini
c:\windows\SYSTEM32\stvwa.ini2
c:\windows\system32\users32.dat
c:\windows\system32\wtsisvcc32.exe
c:\windows\SYSTEM32\ybeeg.ini
c:\windows\SYSTEM32\ybeeg.ini2
c:\windows\SYSTEM32\yycdd.ini
c:\windows\SYSTEM32\yycdd.ini2
c:\windows\Web\default.htt
c:\windows\Web\DESKMOVR.HTT
c:\windows\Web\SAFEMODE.HTT

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CORE
-------\Legacy_DHLP


((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-14 17:31 . 2009-01-14 17:31 250 --a------ c:\windows\gmer.ini
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d-------- C:\rsit
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d-------- c:\program files\trend micro
2009-01-14 16:38 . 2009-01-14 16:38 <DIR> d-------- c:\documents and settings\Alohboh\Application Data\Malwarebytes
2009-01-14 16:38 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-14 16:28 . 2009-01-14 16:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 16:28 . 2009-01-14 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 16:28 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 02:37 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-01-22 14:23 0 ----a-w c:\documents and settings\Alohboh\del.bat
2008-01-21 15:32 246 ----a-w c:\program files\Common Files\rycil844
2008-01-20 18:12 61 ----a-w c:\program files\ini.ini
2007-07-28 09:06 135 ----a-w c:\program files\Common Files\viloz.html
.
Files Infected - Patched
c:\program files\QuickTime\qttask.exe
c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
c:\progra~1\SYMNET~1\SNDMon.exe
c:\windows\System32\igfxtray.exe
c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06DBC41D-B12E-4133-876A-64E0C8FDD1D3}]
2002-08-29 05:00 84480 --a------ c:\windows\System32\APPHEL.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-01-21 155648]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-21 221184]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2008-01-21 172032]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-01-21 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 11:01 8704 c:\windows\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-03-23 14:34 58992 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-21 10:33 77824 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2008-01-21 10:33 218240 c:\program files\Common Files\Symantec Shared\Security Center\usrprmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2008-01-21 10:33 100056 c:\progra~1\SYMNET~1\sndmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

R0 eljalihj;eljalihj;c:\windows\System32\drivers\rxnskyhv.dat --> c:\windows\System32\drivers\rxnskyhv.dat [?]
R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [2008-01-22 38968]
R4 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [2008-01-22 178872]
S0 sipuf;sipuf;c:\windows\System32\drivers\gviteepr.sys --> c:\windows\System32\drivers\gviteepr.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - ccSetMgr
*Deregistered* - CryptSvc
*Deregistered* - CtlSvr
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - ISSVC
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - MSSQL$MICROSOFTBCM
*Deregistered* - navapsvc
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PavPrSrv
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SBService
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - Symantec Core LC
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - uploadmgr
*Deregistered* - w32time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\At1.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-15 c:\windows\Tasks\At2.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-15 c:\windows\Tasks\At3.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-15 c:\windows\Tasks\At4.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-15 c:\windows\Tasks\At5.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-15 c:\windows\Tasks\At6.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-15 c:\windows\Tasks\At7.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-15 c:\windows\Tasks\At8.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2005-03-24 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 05:00]

2009-01-03 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Alohboh.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-01-10 11:20]

2009-01-16 c:\windows\Tasks\PCA.job
- c:\b50\StopStartpcA.bat [2005-05-20 15:37]

2009-01-16 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HotKeysCmds - c:\windows\System32\hkcmd.exe
HKLM-Run-dla - c:\windows\system32\dla\tfswctrl.exe
MSConfigStartUp-bolenja - bolenja.exe
MSConfigStartUp-bolenjx - bolenjx.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: www.google.com
Trusted Zone: *.microsoft.com
TCP: {4C8379DF-D0D2-4C2E-999C-F03572DBA64A} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 21:38:27
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eljalihj]
"ImagePath"="system32\drivers\rxnskyhv.dat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(452)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(1100)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\alohaqs\BIN\CTLSVR.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2009-01-15 21:42:25 - machine was rebooted [Alohboh]
ComboFix-quarantined-files.txt 2009-01-16 02:42:21

Pre-Run: 68,268,875,776 bytes free
Post-Run: 68,192,821,248 bytes free

250
GRBrown
Jan 16 2009, 01:13 AM
Here are the HijackThis Log AND the startuplist logs that were created after running Combo-Fix successfully the second time.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:57 PM, on 1/15/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AlohaQS\bin\CTLSVR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Alohboh\Desktop\HJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06DBC41D-B12E-4133-876A-64E0C8FDD1D3} - C:\WINDOWS\System32\APPHEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted IP range: http://192.168.2.1
O15 - Trusted IP range: http://192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8379DF-D0D2-4C2E-999C-F03572DBA64A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8379DF-D0D2-4C2E-999C-F03572DBA64A}: NameServer = 192.168.0.1
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CtlSvr - Ibertech, Inc - C:\AlohaQS\bin\CTLSVR.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5788 bytes




StartupList report, 1/15/2009, 9:52:16 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Alohboh\Desktop\HJackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AlohaQS\bin\CTLSVR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Alohboh\Desktop\HJackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\System32\igfxtray.exe
IntelMeM = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\System32\APPHEL.dll - {06DBC41D-B12E-4133-876A-64E0C8FDD1D3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

At1.job
At2.job
At3.job
At4.job
At5.job
At6.job
At7.job
At8.job
ISP signup reminder 1.job
Norton AntiVirus - Scan my computer - Alohboh.job
PCA.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8204.5217939815

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 4,702 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
fenzodahl512
Jan 16 2009, 01:40 AM
Hello... Delete your version of Combo-Fix and download a fresh one from below.. This time, please install Recovery Console and please just say Yes to everything that ComboFix wants to do smile.gif

Link 1
Link 2
Link 3



As usual, run it and post the log here smile.gif
GRBrown
Jan 16 2009, 02:55 AM
Hey Wan,

Thanks for the feedback and the clarification! thumbup2.gif I'll make sure to re-download and re-run Combo-Fix again, and select Yes for the Recovery Console download.

Just out of curiosity though, did the logs tell you much of anything?

Did the initial first running, and then the complete second running of Combo-Fix that I did earlier (and that was fully successful), achieve any desired results... even though I did not install the Console?

How about the most recent HijackThis Log? Any progress?

It does seem like the computer is running better.

Finally, are there any other steps that you can reasonably give me to do after re-running Combo-Fix? I ask only because it seems the timing of our schedules is a little off (your messages tend to post fairly late at night, btw 1 am and 5 am my time), and since the computer I'm working on is 30 minutes away at my store, it means that I really only get one swipe at it per day. So, if there are any other steps that you can reasonably speculate would be worth doing after the next Combo-Fix run (with the Console being installed of course), then that would be great. If however you really need to see the next Combo-Fix Log before you give any additional steps, that's cool too... I figured it was worth checking, just in case it might save us both some time. smile.gif But it's all good. Thanks again for the great feedback.

G

P.S. I just recalled one other oddity during the first running of Combo-Fix. As Combo-Fix did it's thing, deleting stuff or whatever, periodically windows would open dialog boxes that announced programs were shutting down unexpectedly (looked like it was probably malware junk that was running in the background that Combo-Fix was attacking)... anyway, Windows of course prompted me to send error reports to microsoft along the way. When these prompts were present it seemed that Combo-Fix paused until you answered the windows request for error reporting. I of course selected Don't Send for each prompt to keep it from connecting to the internet. But that was another little tidbit in the process that was weird... it really seemed like Combo-Fix could not proceed until those prompts were answered. Just thought you should know. Thanks again Wan. Sincerely, G.


fenzodahl512
Jan 16 2009, 03:59 AM
QUOTE
Just out of curiosity though, did the logs tell you much of anything?


Pretty much, everything that we need to know..

QUOTE
Did the initial first running, and then the complete second running of Combo-Fix that I did earlier (and that was fully successful), achieve any desired results... even though I did not install the Console?


I can see it delete some files.. But we need to install RC

QUOTE
How about the most recent HijackThis Log? Any progress?


I prefer to see other logs..

QUOTE
(your messages tend to post fairly late at night, btw 1 am and 5 am my time)


I'm from Malaysia.. My timeline is GMT +8.. When I type this msg, I just returned from my class

QUOTE
If however you really need to see the next Combo-Fix Log before you give any additional steps, that's cool too...


I will need to see it smile.gif

QUOTE
it really seemed like Combo-Fix could not proceed until those prompts were answered.


What prompt?.. Can you give me the details?.. Screenshot would be very nice smile.gif


Waiting for latest ComboFix log smile.gif
GRBrown
Jan 16 2009, 04:21 AM
Hey Wan,

That's cool, like I said it was worth checking to see if there might be some extra steps that I could go ahead a take. But I'll get you the the new Combo-Fix log and then we can take it from there.

Interestingly I'm in Florida, so we are technically on almost opposite schedules. Fortunately I'm a bit of a night owl so I'm often up late (too late for my own good even). In fact I'm headed to bed after this post, and right now as I type this it is 4:20 am my time, and from the world clock it appears to be 5:20 pm in Malaysia. So when I get up in 7 hours, it will already be a little past midnight your time. Crazy. But heh, it's working my friend, and I truly appreciate you taking the time to help out. Well that's probably it for me right now. Have a nice evening, and I'll catch up with you, later today my time, and tomorrow your time. smile.gif

G
fenzodahl512
Jan 16 2009, 01:29 PM
waiting for your logs smile.gif
GRBrown
Jan 16 2009, 06:12 PM
Hi Wan,

Well if the World Clock is to be believed I guess it's good morning to you in Malaysia. I hope your day is getting off to a great start.

I downloaded Combo-Fix again, installed the Recovery Console as you requested, and Combo-Fix ran very smoothly without any of the "windows error reporting" messages I mentioned previously, and it was pretty darn quick this time.

So, without further delay, here is my Combo-Fix Log from literally just 5 minutes ago. Oh, and I'm actually at the store on that computer now, so if you have any other things you need me to do based on this log I'll be near the computer for the next 45 minutes or hour. Thanks in advance.



ComboFix 09-01-16.02 - Alohboh 2009-01-16 17:59:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.510.294 [GMT -5:00]
Running from: c:\documents and settings\Alohboh\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ini.ini\

.
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-14 17:31 . 2009-01-14 17:31 250 --a------ c:\windows\gmer.ini
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d-------- C:\rsit
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d-------- c:\program files\trend micro
2009-01-14 16:38 . 2009-01-14 16:38 <DIR> d-------- c:\documents and settings\Alohboh\Application Data\Malwarebytes
2009-01-14 16:38 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-14 16:28 . 2009-01-14 16:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 16:28 . 2009-01-14 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 16:28 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 22:35 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-01-22 14:23 0 ----a-w c:\documents and settings\Alohboh\del.bat
2008-01-21 15:32 246 ----a-w c:\program files\Common Files\rycil844
2008-01-20 18:12 61 ----a-w c:\program files\ini.ini
2007-07-28 09:06 135 ----a-w c:\program files\Common Files\viloz.html
.
Files Infected - Patched
c:\program files\QuickTime\qttask.exe
c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
c:\progra~1\SYMNET~1\SNDMon.exe
c:\windows\System32\igfxtray.exe
c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_21.41.06.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-16 02:37:48 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2009-01-16 22:35:31 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2009-01-16 02:37:48 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-01-16 22:35:31 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2009-01-16 02:38:22 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-16 22:35:31 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-16 22:35:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06DBC41D-B12E-4133-876A-64E0C8FDD1D3}]
2002-08-29 05:00 84480 --a------ c:\windows\System32\APPHEL.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-01-21 155648]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-21 221184]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2008-01-21 172032]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-01-21 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 11:01 8704 c:\windows\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-03-23 14:34 58992 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-21 10:33 77824 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2008-01-21 10:33 218240 c:\program files\Common Files\Symantec Shared\Security Center\usrprmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2008-01-21 10:33 100056 c:\progra~1\SYMNET~1\sndmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

R0 eljalihj;eljalihj;c:\windows\System32\drivers\rxnskyhv.dat --> c:\windows\System32\drivers\rxnskyhv.dat [?]
R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [2008-01-22 38968]
R4 CtlSvr;CtlSvr;c:\alohaqs\BIN\CTLSVR.EXE [2004-08-05 1703936]
R4 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [2008-01-22 178872]
S0 sipuf;sipuf;c:\windows\System32\drivers\gviteepr.sys --> c:\windows\System32\drivers\gviteepr.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\At1.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At2.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At3.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At4.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At5.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At6.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At7.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At8.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2005-03-24 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 05:00]

2009-01-03 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Alohboh.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-01-10 11:20]

2009-01-16 c:\windows\Tasks\PCA.job
- c:\b50\StopStartpcA.bat [2005-05-20 15:37]

2009-01-16 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: www.google.com
Trusted Zone: *.microsoft.com
TCP: {4C8379DF-D0D2-4C2E-999C-F03572DBA64A} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 18:02:20
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eljalihj]
"ImagePath"="system32\drivers\rxnskyhv.dat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(456)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(1096)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-01-16 18:03:56
ComboFix-quarantined-files.txt 2009-01-16 23:03:50
ComboFix2.txt 2009-01-16 02:42:28

Pre-Run: 68,101,439,488 bytes free
Post-Run: 68,094,144,512 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

150
fenzodahl512
Jan 17 2009, 01:45 AM
Lets do this first....


Please download Dr.Web CureIt to the Desktop:
  • Please reboot into Safe Mode
  • Once you are in Safe Mode, double-click the launch.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)



Dr.Web will delete your ComboFix.. So, I need you to download the ComboFix again from below and run it..

Link 1
Link 2
Link 3




Post these logs in your next reply..

1. Dr.Web CureIt
2. ComboFix
GRBrown
Jan 17 2009, 06:27 AM
Hey Wan,

WOW that Dr Web program really ran the computer through it's paces. And the infections it found were through the roof. Anyway, as instructed I ran Dr Web, got the log after following all of your other instructions, and then ran combo-fix after the reboot into a normal windows session.

I am actually out at the store working on this and other projects... so if you get a chance to post that will be great as I can implement your next set of instructions immediately. Thanks again Wan.

G



Here are the logs:


apphel.dll;c:\windows\system32;Trojan.DownLoader.44922;Cannot cure;
ALOHASPY.EXE;C:\AlohaQS\BIN;Probably BACKDOOR.Trojan;Incurable.Moved.;
data002\32788R22FWJFW\C.bat;C:\Documents and Settings\Alohboh\Desktop\Combo-Fix.exe\data002;Probably BATCH.Virus;;
data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Alohboh\Desktop\Combo-Fix.exe\data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Alohboh\Desktop\Combo-Fix.exe;Archive contains infected objects;;
Combo-Fix.exe;C:\Documents and Settings\Alohboh\Desktop;Archive contains infected objects;Moved.;
mrofinu1000106.exe;C:\Documents and Settings\Alohboh\Desktop\from Windows folder;Trojan.DownLoader.38055;Deleted.;
mrofinu572.exe.tmp;C:\Documents and Settings\Alohboh\Desktop\from Windows folder;Trojan.DownLoader.38055;Deleted.;
data002\32788R22FWJFW\C.bat;C:\Documents and Settings\Alohboh\Desktop\Garth's Spyware Removal Folder\Combofix\Combo-Fix.exe\data002;Probably BATCH.Virus;;
data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Alohboh\Desktop\Garth's Spyware Removal Folder\Combofix\Combo-Fix.exe\data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Alohboh\Desktop\Garth's Spyware Removal Folder\Combofix\Combo-Fix.exe;Archive contains infected objects;;
Combo-Fix.exe;C:\Documents and Settings\Alohboh\Desktop\Garth's Spyware Removal Folder\Combofix;Archive contains infected objects;Moved.;
pcant.exe;C:\Documents and Settings\Alohboh\Desktop\Temp probably spyware pulled from docnsettings alohaboh appdata;Trojan.MulDrop.17011;Deleted.;
trant.exe;C:\Documents and Settings\Alohboh\Desktop\Temp probably spyware pulled from docnsettings alohaboh appdata;Trojan.MulDrop.17011;Deleted.;
X.exe\data006;C:\Documents and Settings\Alohboh\Desktop\Temp probably spyware pulled from docnsettings alohaboh appdata\From alohaboh folder;Trojan.DownLoader.24715;;
X.exe;C:\Documents and Settings\Alohboh\Desktop\Temp probably spyware pulled from docnsettings alohaboh appdata\From alohaboh folder;Archive contains infected objects;Moved.;
vncviewer.exe;C:\Program Files\UltraVNC.CHANGED;Program.RemoteAdmin;Incurable.Moved.;
winvnc.exe;C:\Program Files\UltraVNC.CHANGED;Program.RemoteAdmin;Incurable.Moved.;
DDPLAY~1.VIR;C:\Qoobox\Quarantine\C\Documents and Settings\Alohboh\Application Data\YSTEM3~1;Adware.Outer;Deleted.;
dvdplay.ex_.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\SCURIT~1;Trojan.DownLoader.22753;Deleted.;
ifastseek.dll.vir;C:\Qoobox\Quarantine\C\Program Files\Helper;Trojan.StartPage.20562;Deleted.;
bolenja.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.MulDrop.10460;Deleted.;
bolenjx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.MulDrop.13351;Deleted.;
kus109.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.Proxy.1739;Deleted.;
F2233warxy11.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\Media;Trojan.Warx;Deleted.;
smartwarxyu.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\Media;Trojan.Warx;Deleted.;
kus109.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Proxy.1739;Deleted.;
multikz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.44921;Deleted.;
users32.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Click.5043;Deleted.;
ineWc011065.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ineWc01;Trojan.DownLoader.24715;Deleted.;
data002\32788R22FWJFW\C.bat;C:\RECYCLER\S-1-5-21-2248645817-3289682256-113954702-1009\Dc8\Combo-Fix.exe\data002;Probably BATCH.Virus;;
data002\32788R22FWJFW\psexec.cfexe;C:\RECYCLER\S-1-5-21-2248645817-3289682256-113954702-1009\Dc8\Combo-Fix.exe\data002;Program.PsExec.171;;
data002;C:\RECYCLER\S-1-5-21-2248645817-3289682256-113954702-1009\Dc8\Combo-Fix.exe;Archive contains infected objects;;
Combo-Fix.exe;C:\RECYCLER\S-1-5-21-2248645817-3289682256-113954702-1009\Dc8;Archive contains infected objects;Moved.;
A0619112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0619113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0619114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.13351;Deleted.;
A0620112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0620113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0620114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.13351;Deleted.;
A0620115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.13351;Deleted.;
A0621112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0621113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0622112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0622113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0622114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.13351;Deleted.;
A0623112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0623113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0623114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.13351;Deleted.;
A0624112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0624113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.10460;Deleted.;
A0624114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.13351;Deleted.;
A0624115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193;Trojan.MulDrop.13351;Deleted.;
A0625112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194;Trojan.MulDrop.10460;Deleted.;
A0625113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194;Trojan.MulDrop.10460;Deleted.;
A0625114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194;Trojan.MulDrop.13351;Deleted.;
A0626112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194;Trojan.MulDrop.10460;Deleted.;
A0626113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194;Trojan.MulDrop.10460;Deleted.;
A0626114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194;Trojan.MulDrop.13351;Deleted.;
A0627112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195;Trojan.MulDrop.10460;Deleted.;
A0627113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195;Trojan.MulDrop.10460;Deleted.;
A0627114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195;Trojan.MulDrop.13351;Deleted.;
A0628112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195;Trojan.MulDrop.10460;Deleted.;
A0628113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195;Trojan.MulDrop.10460;Deleted.;
A0629112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195;Trojan.MulDrop.10460;Deleted.;
A0629113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195;Trojan.MulDrop.10460;Deleted.;
A0629114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195;Trojan.MulDrop.13351;Deleted.;
A0630112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196;Trojan.MulDrop.10460;Deleted.;
A0630113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196;Trojan.MulDrop.10460;Deleted.;
A0630114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196;Trojan.MulDrop.13351;Deleted.;
A0630115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196;Trojan.MulDrop.13351;Deleted.;
A0631112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196;Trojan.MulDrop.10460;Deleted.;
A0631113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196;Trojan.MulDrop.10460;Deleted.;
A0631114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196;Trojan.MulDrop.13351;Deleted.;
A0632112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196;Trojan.MulDrop.10460;Deleted.;
A0632113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196;Trojan.MulDrop.10460;Deleted.;
A0633112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.10460;Deleted.;
A0633113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.10460;Deleted.;
A0633114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.13351;Deleted.;
A0633115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.13351;Deleted.;
A0634112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.10460;Deleted.;
A0634113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.10460;Deleted.;
A0634114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.13351;Deleted.;
A0635112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.10460;Deleted.;
A0635113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.10460;Deleted.;
A0635114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.13351;Deleted.;
A0636112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.10460;Deleted.;
A0636113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.10460;Deleted.;
A0636114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.13351;Deleted.;
A0636115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197;Trojan.MulDrop.13351;Deleted.;
A0637112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198;Trojan.MulDrop.10460;Deleted.;
A0637113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198;Trojan.MulDrop.10460;Deleted.;
A0637114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198;Trojan.MulDrop.13351;Deleted.;
A0638112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.10460;Deleted.;
A0638113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.10460;Deleted.;
A0639112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.10460;Deleted.;
A0639113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.10460;Deleted.;
A0639114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.13351;Deleted.;
A0639115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.13351;Deleted.;
A0640112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.10460;Deleted.;
A0640113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.10460;Deleted.;
A0640114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.13351;Deleted.;
A0641112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.10460;Deleted.;
A0641113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.10460;Deleted.;
A0641114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199;Trojan.MulDrop.13351;Deleted.;
A0642112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0642113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0642114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.13351;Deleted.;
A0643112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0643113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0643114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.13351;Deleted.;
A0643115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.13351;Deleted.;
A0644112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0644113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0645112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0645113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0645114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.13351;Deleted.;
A0646112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0646113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0646114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.13351;Deleted.;
A0646115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.13351;Deleted.;
A0647112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0647113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.10460;Deleted.;
A0647114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.13351;Deleted.;
A0647115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP200;Trojan.MulDrop.13351;Deleted.;
A0648112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP201;Trojan.MulDrop.10460;Deleted.;
A0648113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP201;Trojan.MulDrop.10460;Deleted.;
A0648114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP201;Trojan.MulDrop.13351;Deleted.;
A0649112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP201;Trojan.MulDrop.10460;Deleted.;
A0649113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP201;Trojan.MulDrop.10460;Deleted.;
A0650112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0650113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0650114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0650115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0651112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0651113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0651114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0652112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0652113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0652114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0653112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0653113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0653114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0653115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0654112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0654113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0654114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0655112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0655113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0655114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0655115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0656112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0656113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0656114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0657112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0657113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0657114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0657115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0658112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0658113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.10460;Deleted.;
A0658114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202;Trojan.MulDrop.13351;Deleted.;
A0659112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203;Trojan.MulDrop.10460;Deleted.;
A0659113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203;Trojan.MulDrop.10460;Deleted.;
A0659114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203;Trojan.MulDrop.13351;Deleted.;
A0660112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203;Trojan.MulDrop.10460;Deleted.;
A0660113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203;Trojan.MulDrop.10460;Deleted.;
A0661112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203;Trojan.MulDrop.10460;Deleted.;
A0661113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203;Trojan.MulDrop.10460;Deleted.;
A0661114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203;Trojan.MulDrop.13351;Deleted.;
A0662112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0662113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0662114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.13351;Deleted.;
A0662115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.13351;Deleted.;
A0663112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0663113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0664112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0664113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0664114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.13351;Deleted.;
A0665112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0665113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0665114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.13351;Deleted.;
A0666112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0666113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0666114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.13351;Deleted.;
A0667112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0667113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.10460;Deleted.;
A0667114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.13351;Deleted.;
A0667115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204;Trojan.MulDrop.13351;Deleted.;
A0668112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.10460;Deleted.;
A0668113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.10460;Deleted.;
A0668114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.13351;Deleted.;
A0668115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.13351;Deleted.;
A0669112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.10460;Deleted.;
A0669113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.10460;Deleted.;
A0669114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.13351;Deleted.;
A0670112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.10460;Deleted.;
A0670113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.10460;Deleted.;
A0670114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.13351;Deleted.;
A0671112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.10460;Deleted.;
A0671113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.10460;Deleted.;
A0671114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205;Trojan.MulDrop.13351;Deleted.;
A0672112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0672113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0672114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.13351;Deleted.;
A0673112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0673113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0673114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.13351;Deleted.;
A0674112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0674113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0674114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.13351;Deleted.;
A0674115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.13351;Deleted.;
A0675112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0675113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0675114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.13351;Deleted.;
A0676112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0676113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0676114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.13351;Deleted.;
A0676115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.13351;Deleted.;
A0677112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0677113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0677114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.13351;Deleted.;
A0678112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0678113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.10460;Deleted.;
A0678114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206;Trojan.MulDrop.13351;Deleted.;
A0679112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP207;Trojan.MulDrop.10460;Deleted.;
A0679113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP207;Trojan.MulDrop.10460;Deleted.;
A0679114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP207;Trojan.MulDrop.13351;Deleted.;
A0680112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP207;Trojan.MulDrop.10460;Deleted.;
A0680113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP207;Trojan.MulDrop.10460;Deleted.;
A0680114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP207;Trojan.MulDrop.13351;Deleted.;
A0681112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208;Trojan.MulDrop.10460;Deleted.;
A0681113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208;Trojan.MulDrop.10460;Deleted.;
A0681114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208;Trojan.MulDrop.13351;Deleted.;
A0682112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208;Trojan.MulDrop.10460;Deleted.;
A0682113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208;Trojan.MulDrop.10460;Deleted.;
A0682114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208;Trojan.MulDrop.13351;Deleted.;
A0682115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208;Trojan.MulDrop.13351;Deleted.;
A0683112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209;Trojan.MulDrop.10460;Deleted.;
A0683113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209;Trojan.MulDrop.10460;Deleted.;
A0684112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209;Trojan.MulDrop.10460;Deleted.;
A0684113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209;Trojan.MulDrop.10460;Deleted.;
A0684114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209;Trojan.MulDrop.13351;Deleted.;
A0684115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209;Trojan.MulDrop.13351;Deleted.;
A0685112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209;Trojan.MulDrop.10460;Deleted.;
A0685113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209;Trojan.MulDrop.10460;Deleted.;
A0686112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP210;Trojan.MulDrop.10460;Deleted.;
A0686113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP210;Trojan.MulDrop.10460;Deleted.;
A0686114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP210;Trojan.MulDrop.13351;Deleted.;
A0686115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP210;Trojan.MulDrop.13351;Deleted.;
A0687112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.10460;Deleted.;
A0687113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.10460;Deleted.;
A0688112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.10460;Deleted.;
A0688113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.10460;Deleted.;
A0688114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.13351;Deleted.;
A0688115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.13351;Deleted.;
A0689112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.10460;Deleted.;
A0689113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.10460;Deleted.;
A0689114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.13351;Deleted.;
A0690112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.10460;Deleted.;
A0690113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.10460;Deleted.;
A0690114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.13351;Deleted.;
A0691112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.10460;Deleted.;
A0691113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.10460;Deleted.;
A0691114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211;Trojan.MulDrop.13351;Deleted.;
A0692112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP212;Trojan.MulDrop.10460;Deleted.;
A0692113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP212;Trojan.MulDrop.10460;Deleted.;
A0692114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP212;Trojan.MulDrop.13351;Deleted.;
A0693112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP212;Trojan.MulDrop.10460;Deleted.;
A0693113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP212;Trojan.MulDrop.10460;Deleted.;
A0693114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP212;Trojan.MulDrop.13351;Deleted.;
A0694112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP212;Trojan.MulDrop.10460;Deleted.;
A0694113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP212;Trojan.MulDrop.10460;Deleted.;
A0694114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP212;Trojan.MulDrop.13351;Deleted.;
A0695112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP213;Trojan.MulDrop.10460;Deleted.;
A0695113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP213;Trojan.MulDrop.10460;Deleted.;
A0695114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP213;Trojan.MulDrop.13351;Deleted.;
A0696112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP213;Trojan.MulDrop.10460;Deleted.;
A0696113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP213;Trojan.MulDrop.10460;Deleted.;
A0696114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP213;Trojan.MulDrop.13351;Deleted.;
A0697112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP213;Trojan.MulDrop.10460;Deleted.;
A0697113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP213;Trojan.MulDrop.10460;Deleted.;
A0697114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP213;Trojan.MulDrop.13351;Deleted.;
A0697115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP213;Trojan.MulDrop.13351;Deleted.;
A0698112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP214;Trojan.MulDrop.10460;Deleted.;
A0698113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP214;Trojan.MulDrop.10460;Deleted.;
A0699112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP214;Trojan.MulDrop.10460;Deleted.;
A0699113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP214;Trojan.MulDrop.10460;Deleted.;
A0699114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP214;Trojan.MulDrop.13351;Deleted.;
A0700112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP214;Trojan.MulDrop.10460;Deleted.;
A0700113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP214;Trojan.MulDrop.10460;Deleted.;
A0700114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP214;Trojan.MulDrop.13351;Deleted.;
A0700115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP214;Trojan.MulDrop.13351;Deleted.;
A0701112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP215;Trojan.MulDrop.10460;Deleted.;
A0701113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP215;Trojan.MulDrop.10460;Deleted.;
A0702112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP215;Trojan.MulDrop.10460;Deleted.;
A0702113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP215;Trojan.MulDrop.10460;Deleted.;
A0702114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP215;Trojan.MulDrop.13351;Deleted.;
A0702115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP215;Trojan.MulDrop.13351;Deleted.;
A0703112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216;Trojan.MulDrop.10460;Deleted.;
A0703113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216;Trojan.MulDrop.10460;Deleted.;
A0703114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216;Trojan.MulDrop.13351;Deleted.;
A0704112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216;Trojan.MulDrop.10460;Deleted.;
A0704113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216;Trojan.MulDrop.10460;Deleted.;
A0704114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216;Trojan.MulDrop.13351;Deleted.;
A0705112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.10460;Deleted.;
A0705113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.10460;Deleted.;
A0705114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.13351;Deleted.;
A0706112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.10460;Deleted.;
A0706113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.10460;Deleted.;
A0706114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.13351;Deleted.;
A0707112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.10460;Deleted.;
A0707113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.10460;Deleted.;
A0707114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.13351;Deleted.;
A0707115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.13351;Deleted.;
A0708112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.10460;Deleted.;
A0708113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.10460;Deleted.;
A0708114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217;Trojan.MulDrop.13351;Deleted.;
A0709112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.10460;Deleted.;
A0709113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.10460;Deleted.;
A0709114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.13351;Deleted.;
A0710112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.10460;Deleted.;
A0710113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.10460;Deleted.;
A0710114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.13351;Deleted.;
A0711112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.10460;Deleted.;
A0711113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.10460;Deleted.;
A0711114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.13351;Deleted.;
A0712112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.10460;Deleted.;
A0712113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.10460;Deleted.;
A0712114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.13351;Deleted.;
A0712115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218;Trojan.MulDrop.13351;Deleted.;
A0713112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP219;Trojan.MulDrop.10460;Deleted.;
A0713113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP219;Trojan.MulDrop.10460;Deleted.;
A0713114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP219;Trojan.MulDrop.13351;Deleted.;
A0714112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP219;Trojan.MulDrop.10460;Deleted.;
A0714113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP219;Trojan.MulDrop.10460;Deleted.;
A0714114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP219;Trojan.MulDrop.13351;Deleted.;
A0715112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP220;Trojan.MulDrop.10460;Deleted.;
A0715113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP220;Trojan.MulDrop.10460;Deleted.;
A0715114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP220;Trojan.MulDrop.13351;Deleted.;
A0716112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP220;Trojan.MulDrop.10460;Deleted.;
A0716113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP220;Trojan.MulDrop.10460;Deleted.;
A0716114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP220;Trojan.MulDrop.13351;Deleted.;
A0716115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP220;Trojan.MulDrop.13351;Deleted.;
A0717112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP221;Trojan.MulDrop.10460;Deleted.;
A0717113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP221;Trojan.MulDrop.10460;Deleted.;
A0717114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP221;Trojan.MulDrop.13351;Deleted.;
A0718112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP221;Trojan.MulDrop.10460;Deleted.;
A0718113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP221;Trojan.MulDrop.10460;Deleted.;
A0718114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP221;Trojan.MulDrop.13351;Deleted.;
A0719112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP221;Trojan.MulDrop.10460;Deleted.;
A0719113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP221;Trojan.MulDrop.10460;Deleted.;
A0719114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP221;Trojan.MulDrop.13351;Deleted.;
A0720112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222;Trojan.MulDrop.10460;Deleted.;
A0720113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222;Trojan.MulDrop.10460;Deleted.;
A0720114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222;Trojan.MulDrop.13351;Deleted.;
A0720115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222;Trojan.MulDrop.13351;Deleted.;
A0721112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222;Trojan.MulDrop.10460;Deleted.;
A0721113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222;Trojan.MulDrop.10460;Deleted.;
A0721114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222;Trojan.MulDrop.13351;Deleted.;
A0722112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223;Trojan.MulDrop.10460;Deleted.;
A0722113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223;Trojan.MulDrop.10460;Deleted.;
A0723112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223;Trojan.MulDrop.10460;Deleted.;
A0723113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223;Trojan.MulDrop.10460;Deleted.;
A0723114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP223;Trojan.MulDrop.13351;Deleted.;
A0724112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP224;Trojan.MulDrop.10460;Deleted.;
A0724113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP224;Trojan.MulDrop.10460;Deleted.;
A0724114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP224;Trojan.MulDrop.13351;Deleted.;
A0725112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP224;Trojan.MulDrop.10460;Deleted.;
A0725113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP224;Trojan.MulDrop.10460;Deleted.;
A0725114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP224;Trojan.MulDrop.13351;Deleted.;
A0726112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP225;Trojan.MulDrop.10460;Deleted.;
A0726113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP225;Trojan.MulDrop.10460;Deleted.;
A0726114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP225;Trojan.MulDrop.13351;Deleted.;
A0726115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP225;Trojan.MulDrop.13351;Deleted.;
A0727112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP225;Trojan.MulDrop.10460;Deleted.;
A0727113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP225;Trojan.MulDrop.10460;Deleted.;
A0727114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP225;Trojan.MulDrop.13351;Deleted.;
A0728112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP225;Trojan.MulDrop.10460;Deleted.;
A0728113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP225;Trojan.MulDrop.10460;Deleted.;
A0729112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP226;Trojan.MulDrop.10460;Deleted.;
A0729113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP226;Trojan.MulDrop.10460;Deleted.;
A0729114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP226;Trojan.MulDrop.13351;Deleted.;
A0730112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP227;Trojan.MulDrop.10460;Deleted.;
A0730113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP227;Trojan.MulDrop.10460;Deleted.;
A0730114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP227;Trojan.MulDrop.13351;Deleted.;
A0731112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP227;Trojan.MulDrop.10460;Deleted.;
A0731113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP227;Trojan.MulDrop.10460;Deleted.;
A0731114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP227;Trojan.MulDrop.13351;Deleted.;
A0732112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0732113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0732114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.13351;Deleted.;
A0733112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0733113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0733114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.13351;Deleted.;
A0734112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0734113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0734114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.13351;Deleted.;
A0735112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0735113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0735114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.13351;Deleted.;
A0736112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0736113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0736114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.13351;Deleted.;
A0737112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0737113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0737114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.13351;Deleted.;
A0738112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0738113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0738114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.13351;Deleted.;
A0739112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0739113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.10460;Deleted.;
A0739114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.13351;Deleted.;
A0739115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228;Trojan.MulDrop.13351;Deleted.;
A0740112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.10460;Deleted.;
A0740113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.10460;Deleted.;
A0741112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.10460;Deleted.;
A0741113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.10460;Deleted.;
A0741114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.13351;Deleted.;
A0742112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.10460;Deleted.;
A0742113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.10460;Deleted.;
A0742114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.13351;Deleted.;
A0742115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.13351;Deleted.;
A0743112.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.10460;Deleted.;
A0743113.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.10460;Deleted.;
A0743114.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.13351;Deleted.;
A0743123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.10460;Deleted.;
A0743124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.10460;Deleted.;
A0743125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229;Trojan.MulDrop.13351;Deleted.;
A0744123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.10460;Deleted.;
A0744124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.10460;Deleted.;
A0745123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.10460;Deleted.;
A0745124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.10460;Deleted.;
A0745125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.13351;Deleted.;
A0745126.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.13351;Deleted.;
A0746123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.10460;Deleted.;
A0746124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.10460;Deleted.;
A0747123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.10460;Deleted.;
A0747124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.10460;Deleted.;
A0747125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.13351;Deleted.;
A0747126.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.13351;Deleted.;
A0748123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.10460;Deleted.;
A0748124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.10460;Deleted.;
A0748125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230;Trojan.MulDrop.13351;Deleted.;
A0749123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0749124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0749125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.13351;Deleted.;
A0750123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0750124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0750125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.13351;Deleted.;
A0751123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0751124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0752123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0752124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0752125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.13351;Deleted.;
A0753123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0753124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0753125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.13351;Deleted.;
A0754123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0754124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.10460;Deleted.;
A0754125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.13351;Deleted.;
A0754126.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231;Trojan.MulDrop.13351;Deleted.;
A0755123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232;Trojan.MulDrop.10460;Deleted.;
A0755124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232;Trojan.MulDrop.10460;Deleted.;
A0755125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232;Trojan.MulDrop.13351;Deleted.;
A0756123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232;Trojan.MulDrop.10460;Deleted.;
A0756124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232;Trojan.MulDrop.10460;Deleted.;
A0757123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.10460;Deleted.;
A0757124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.10460;Deleted.;
A0757125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.13351;Deleted.;
A0758123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.10460;Deleted.;
A0758124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.10460;Deleted.;
A0758125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.13351;Deleted.;
A0758126.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.13351;Deleted.;
A0759123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.10460;Deleted.;
A0759124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.10460;Deleted.;
A0759125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.13351;Deleted.;
A0760123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.10460;Deleted.;
A0760124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.10460;Deleted.;
A0760125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233;Trojan.MulDrop.13351;Deleted.;
A0761123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP234;Trojan.MulDrop.10460;Deleted.;
A0761124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP234;Trojan.MulDrop.10460;Deleted.;
A0761125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP234;Trojan.MulDrop.13351;Deleted.;
A0762123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235;Trojan.MulDrop.10460;Deleted.;
A0762124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235;Trojan.MulDrop.10460;Deleted.;
A0762125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235;Trojan.MulDrop.13351;Deleted.;
A0763123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236;Trojan.MulDrop.10460;Deleted.;
A0763124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236;Trojan.MulDrop.10460;Deleted.;
A0763125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236;Trojan.MulDrop.13351;Deleted.;
A0764123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236;Trojan.MulDrop.10460;Deleted.;
A0764124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236;Trojan.MulDrop.10460;Deleted.;
A0764125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236;Trojan.MulDrop.13351;Deleted.;
A0765123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236;Trojan.MulDrop.10460;Deleted.;
A0765124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236;Trojan.MulDrop.10460;Deleted.;
A0765125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236;Trojan.MulDrop.13351;Deleted.;
A0766123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237;Trojan.MulDrop.10460;Deleted.;
A0766124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237;Trojan.MulDrop.10460;Deleted.;
A0766125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237;Trojan.MulDrop.13351;Deleted.;
A0766126.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237;Trojan.MulDrop.13351;Deleted.;
A0766131.exe\data006;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237\A0766131.exe;Trojan.DownLoader.24715;;
A0766131.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237;Archive contains infected objects;Moved.;
A0767123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237;Trojan.MulDrop.10460;Deleted.;
A0767124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237;Trojan.MulDrop.10460;Deleted.;
A0768123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0768124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0768125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0769123.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0769124.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0769125.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0769126.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0769135.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0769136.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0769137.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0769143.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0769144.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0769145.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0769146.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0770143.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0770144.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0770153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0770154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0770155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0771153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0771154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0771155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0772153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0772154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0772155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0773153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0773154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0773155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0773156.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.13351;Deleted.;
A0774153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0774154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238;Trojan.MulDrop.10460;Deleted.;
A0775153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239;Trojan.MulDrop.10460;Deleted.;
A0775154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239;Trojan.MulDrop.10460;Deleted.;
A0775155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239;Trojan.MulDrop.13351;Deleted.;
A0776153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239;Trojan.MulDrop.10460;Deleted.;
A0776154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239;Trojan.MulDrop.10460;Deleted.;
A0776155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239;Trojan.MulDrop.13351;Deleted.;
A0777153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240;Trojan.MulDrop.10460;Deleted.;
A0777154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240;Trojan.MulDrop.10460;Deleted.;
A0777155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240;Trojan.MulDrop.13351;Deleted.;
A0777156.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240;Trojan.MulDrop.13351;Deleted.;
A0778153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240;Trojan.MulDrop.10460;Deleted.;
A0778154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240;Trojan.MulDrop.10460;Deleted.;
A0779153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240;Trojan.MulDrop.10460;Deleted.;
A0779154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240;Trojan.MulDrop.10460;Deleted.;
A0779155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240;Trojan.MulDrop.13351;Deleted.;
A0780153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241;Trojan.MulDrop.10460;Deleted.;
A0780154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241;Trojan.MulDrop.10460;Deleted.;
A0780155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241;Trojan.MulDrop.13351;Deleted.;
A0781153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242;Trojan.MulDrop.10460;Deleted.;
A0781154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242;Trojan.MulDrop.10460;Deleted.;
A0781155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242;Trojan.MulDrop.13351;Deleted.;
A0781156.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242;Trojan.MulDrop.13351;Deleted.;
A0782153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242;Trojan.MulDrop.10460;Deleted.;
A0782154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242;Trojan.MulDrop.10460;Deleted.;
A0782155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242;Trojan.MulDrop.13351;Deleted.;
A0783153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0783154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0783155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0784153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0784154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0784155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0785153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0785154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0785155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0786153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0786154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0786155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0787153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0787154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0787155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0788153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0788154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0788155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0789153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0789154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0789155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0790153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0790154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0790155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0791153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0791154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0791155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0791156.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0792153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0792154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0793153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0793154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0793155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0793156.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0794153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0794154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0794155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0795153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0795154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.10460;Deleted.;
A0795155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243;Trojan.MulDrop.13351;Deleted.;
A0796153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0796154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0796155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0796156.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0797153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0797154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0798153.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0798154.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0798155.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0798160.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0798161.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0798162.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0798163.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0798170.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0798171.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0798172.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0798272.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0798273.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0799272.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800272.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800273.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800274.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0800280.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800281.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800282.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0800283.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0800291.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.DownLoader.38055;Deleted.;
A0800293.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800294.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800295.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0800301.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800302.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0800303.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800304.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800305.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0800306.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0800307.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800308.OLD;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800312.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.DownLoader.44921;Deleted.;
A0800322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.10460;Deleted.;
A0800324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0800325.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.MulDrop.13351;Deleted.;
A0800326.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244;Trojan.DownLoader.44921;Deleted.;
A0801322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245;Trojan.MulDrop.10460;Deleted.;
A0801323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245;Trojan.MulDrop.10460;Deleted.;
A0801324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245;Trojan.MulDrop.13351;Deleted.;
A0801325.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245;Trojan.DownLoader.44921;Deleted.;
A0802322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245;Trojan.MulDrop.10460;Deleted.;
A0802323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245;Trojan.MulDrop.10460;Deleted.;
A0802324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245;Trojan.MulDrop.13351;Deleted.;
A0802325.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245;Trojan.DownLoader.44921;Deleted.;
A0803322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246;Trojan.MulDrop.10460;Deleted.;
A0803323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246;Trojan.MulDrop.10460;Deleted.;
A0803324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246;Trojan.MulDrop.13351;Deleted.;
A0803328.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246;Trojan.DownLoader.44921;Deleted.;
A0804322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0804323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0804324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.13351;Deleted.;
A0804325.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.DownLoader.44921;Deleted.;
A0805322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0805323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0805324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.DownLoader.44921;Deleted.;
A0806322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0806323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0806324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.13351;Deleted.;
A0806325.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.DownLoader.44921;Deleted.;
A0807322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0807323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0807324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.13351;Deleted.;
A0807325.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.DownLoader.44921;Deleted.;
A0808322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0808323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0808324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.13351;Deleted.;
A0808325.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.13351;Deleted.;
A0808326.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.DownLoader.44921;Deleted.;
A0809322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0809323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.10460;Deleted.;
A0809324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247;Trojan.MulDrop.13351;Deleted.;
A0810322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248;Trojan.MulDrop.10460;Deleted.;
A0810323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248;Trojan.MulDrop.10460;Deleted.;
A0810324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248;Trojan.MulDrop.13351;Deleted.;
A0810325.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248;Trojan.MulDrop.13351;Deleted.;
A0810326.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248;Trojan.DownLoader.44921;Deleted.;
A0811322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.10460;Deleted.;
A0811323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.10460;Deleted.;
A0811324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.DownLoader.44921;Deleted.;
A0812322.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.10460;Deleted.;
A0812323.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.10460;Deleted.;
A0812324.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.13351;Deleted.;
A0812328.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.DownLoader.44921;Deleted.;
A0812332.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.10460;Deleted.;
A0812333.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.10460;Deleted.;
A0812334.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.13351;Deleted.;
A0812335.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.13351;Deleted.;
A0812336.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.DownLoader.44921;Deleted.;
A0812346.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Juan.60;Deleted.;
A0812347.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.278;Deleted.;
A0812349.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.854;Deleted.;
A0812351.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.278;Deleted.;
A0812353.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.278;Deleted.;
A0812355.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Adware.Nopage;Incurable.Moved.;
A0812356.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.PWS.Tanspy.1178;Deleted.;
A0812357.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.DownLoader.62808;Deleted.;
A0812358.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.DownLoader.based;Deleted.;
A0812360.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.DownLoader.51199;Deleted.;
A0812361.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Click.17012;Deleted.;
A0812362.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Adware.Ttc;Incurable.Moved.;
A0812363.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Adware.Outer;Incurable.Moved.;
A0812364.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Adware.Ttc;Incurable.Moved.;
A0812365.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Adware.Ttc;Incurable.Moved.;
A0812366.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.240;Deleted.;
A0812367.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.240;Deleted.;
A0812369.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.240;Deleted.;
A0812370.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.240;Deleted.;
A0812371.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.240;Deleted.;
A0812372.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Juan.60;Deleted.;
A0812373.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Adware.ClickSpring;Incurable.Moved.;
A0812374.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Imp;Deleted.;
A0812375.sys;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Program.Winfixer - read error;;
A0812376.SYS;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.NtRootKit.497;Deleted.;
A0812378.exe\data002;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0812378.exe;Adware.Ttc;;
A0812378.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Archive contains infected objects;Moved.;
A0812380.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.DownLoader.25873;Deleted.;
A0812382.SYS;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Spambot.2885;Deleted.;
A0812383.sys;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Spambot.2885;Deleted.;
A0812385.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.DownLoader.38055;Deleted.;
A0812388.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Fakealert;Deleted.;
A0812389.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Fakealert;Deleted.;
A0812394.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Adware.ClickSpring.9;Incurable.Moved.;
A0812395.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.9785;Deleted.;
A0812396.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.DownLoader.25873;Deleted.;
A0812400.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Fakealert;Deleted.;
A0812401.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.DownLoader.25873;Deleted.;
A0812402.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.MulDrop.12148;Deleted.;
A0812410.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.855;Deleted.;
A0812411.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Virtumod.240;Deleted.;
A0812412.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249;Trojan.Popuper.5076;Deleted.;
A0812419.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250;Trojan.DownLoader.44921;Deleted.;
A0812423.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250;Trojan.Warx;Deleted.;
A0812424.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250;Trojan.Warx;Deleted.;
A0812425.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Trojan.DownLoader.44921;Deleted.;
A0812428.ex_;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Trojan.DownLoader.22753;Deleted.;
A0812429.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Trojan.StartPage.20562;Deleted.;
A0812430.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Trojan.MulDrop.10460;Deleted.;
A0812431.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Trojan.MulDrop.13351;Deleted.;
A0812433.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Trojan.DownLoader.24715;Deleted.;
A0812435.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Adware.Outer;;
A0813418.bat;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Probably BATCH.Virus;Incurable.Moved.;
A0813461.EXE;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Program.PsExec.170;Incurable.Moved.;
A0813472.bat;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Probably BATCH.Virus;Incurable.Moved.;
A0813482.EXE;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251;Program.PsExec.170;Incurable.Moved.;
A0813589.bat;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP252;Probably BATCH.Virus;Incurable.Moved.;
A0813630.bat;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253;Probably BATCH.Virus;Incurable.Moved.;
data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0814688.exe\data002;Probably BATCH.Virus;;
data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0814688.exe\data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0814688.exe;Archive contains infected objects;;
A0814688.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253;Archive contains infected objects;Moved.;
A0814689.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253;Trojan.DownLoader.38055;Deleted.;
data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0814690.exe\data002;Probably BATCH.Virus;;
data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0814690.exe\data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0814690.exe;Archive contains infected objects;;
A0814690.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253;Archive contains infected objects;Moved.;
A0814691.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253;Trojan.MulDrop.17011;Deleted.;
A0814692.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253;Trojan.MulDrop.17011;Deleted.;
A0814693.exe\data006;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0814693.exe;Trojan.DownLoader.24715;;
A0814693.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253;Archive contains infected objects;Moved.;
data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0814694.exe\data002;Probably BATCH.Virus;;
data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0814694.exe\data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0814694.exe;Archive contains infected objects;;
A0814694.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253;Archive contains infected objects;Moved.;
expxcee.exe;C:\WINDOWS;BackDoor.Bulknet.128;Deleted.;
shell.exe.OLD;C:\WINDOWS;Trojan.Fakealert;Deleted.;
APPHEL.dll;C:\WINDOWS\SYSTEM32;Trojan.DownLoader.44922;Cannot cure;
bolenjcfa.txt;C:\WINDOWS\SYSTEM32;Trojan.MulDrop.10460;Deleted.;




And then here is the Combo-Fix Log that was run after Dr. Web:


ComboFix 09-01-16.03 - Alohboh 2009-01-17 6:13:17.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.510.300 [GMT -5:00]
Running from: c:\documents and settings\Alohboh\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ini.ini\

.
((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-17 03:27 . 2009-01-17 04:42 <DIR> d-------- c:\documents and settings\Alohboh\DoctorWeb
2009-01-14 17:31 . 2009-01-14 17:31 250 --a------ c:\windows\gmer.ini
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d-------- C:\rsit
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d-------- c:\program files\trend micro
2009-01-14 16:38 . 2009-01-14 16:38 <DIR> d-------- c:\documents and settings\Alohboh\Application Data\Malwarebytes
2009-01-14 16:38 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-14 16:28 . 2009-01-14 16:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 16:28 . 2009-01-14 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 16:28 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 11:01 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-17 10:59 --------- d-----w c:\program files\UltraVNC.CHANGED
2008-01-22 14:23 0 ----a-w c:\documents and settings\Alohboh\del.bat
2008-01-21 15:32 246 ----a-w c:\program files\Common Files\rycil844
2008-01-20 18:12 61 ----a-w c:\program files\ini.ini
2007-07-28 09:06 135 ----a-w c:\program files\Common Files\viloz.html
.
Files Infected - Patched
c:\program files\QuickTime\qttask.exe
c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
c:\progra~1\SYMNET~1\SNDMon.exe
c:\windows\System32\igfxtray.exe
c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_21.41.06.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-16 02:37:48 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2009-01-17 11:01:46 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2009-01-16 02:37:48 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-01-17 11:01:46 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2009-01-16 02:38:22 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-17 11:01:46 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-17 11:02:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_30c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06DBC41D-B12E-4133-876A-64E0C8FDD1D3}]
2002-08-29 05:00 84480 --a------ c:\windows\System32\APPHEL.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-01-21 155648]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-21 221184]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2008-01-21 172032]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-01-21 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 11:01 8704 c:\windows\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-03-23 14:34 58992 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-21 10:33 77824 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2008-01-21 10:33 218240 c:\program files\Common Files\Symantec Shared\Security Center\usrprmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2008-01-21 10:33 100056 c:\progra~1\SYMNET~1\sndmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

R0 eljalihj;eljalihj;c:\windows\System32\drivers\rxnskyhv.dat --> c:\windows\System32\drivers\rxnskyhv.dat [?]
R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [2008-01-22 38968]
R4 CtlSvr;CtlSvr;c:\alohaqs\BIN\CTLSVR.EXE [2004-08-05 1703936]
R4 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [2008-01-22 178872]
S0 sipuf;sipuf;c:\windows\System32\drivers\gviteepr.sys --> c:\windows\System32\drivers\gviteepr.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\At1.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At2.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At3.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At4.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At5.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At6.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At7.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-16 c:\windows\Tasks\At8.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2005-03-24 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 05:00]

2009-01-17 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Alohboh.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-01-10 11:20]

2009-01-16 c:\windows\Tasks\PCA.job
- c:\b50\StopStartpcA.bat [2005-05-20 15:37]

2009-01-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: www.google.com
Trusted Zone: *.microsoft.com
TCP: {4C8379DF-D0D2-4C2E-999C-F03572DBA64A} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 06:17:17
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eljalihj]
"ImagePath"="system32\drivers\rxnskyhv.dat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(456)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(1096)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-01-17 6:18:52
ComboFix-quarantined-files.txt 2009-01-17 11:18:48
ComboFix2.txt 2009-01-16 02:42:28

Pre-Run: 68,031,512,576 bytes free
Post-Run: 68,021,448,704 bytes free

145
fenzodahl512
Jan 17 2009, 07:23 AM
Hello.. I want to go out dinner with my friends... So, lets get to your logs..


QUOTE
Files Infected - Patched
c:\program files\QuickTime\qttask.exe
c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
c:\progra~1\SYMNET~1\SNDMon.exe
c:\windows\System32\igfxtray.exe
c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe
c:\program files\Analog Devices\Core\smax4pnp.exe


These files are infected.. Unfortunately, these are required files..


Can you search for each files and try to disinfect it with either your Norton or the Dr.Web CureIt?..

Just go to each file >> right click >> choose Scan with any antivirus that listed..

If that fails, you may need to uninstall >> reinstall each programs that stated there..


Please do that and tell me more about it smile.gif
GRBrown
Jan 18 2009, 07:24 PM
Hey Wan,

Sorry it took me a little while to get back with you, I got a bit busy with other stuff over the weekend. But, I did what you asked and here's where we are at:

The Norton Virus Scanner is actually old and out of date, but I could never fully uninstall it due to the level of infection on the computer (not even Norton's Product Removal Tool would work).

However, that was quite a long time ago, and perhaps I can clear that stuff old stuff out now.

When I clicked on the files that you sited, it did not give me the option to use Dr. Web.

Therefore I ran Dr. Web again, and it did not actually tag any of those files as infected.

Still, to be confident I went ahead and ran Trend Micro's online (housecall) virus scanner, and it tagged a lot, but not any of these except for the smax4pnp.exe file. Which it could not clean, but gave manual instructions for instead.

I also installed AVG 8.0 Free Edition, and that tagged and cleaned some items.

Then I ultimately just did a search for each of them on the computer and pulled all instances into a folder that is ready to delete. I've run all my "critical" systems and nothing seems broken, and if push comes to shove I'll figure out a way to reinstall the programs later.

So, barring you saying it's a really bad idea, I'll go ahead and delete the folder with all those questionable files and we should be good. Assuming that's ok?

Then I guess my other question would simply be, what is the next step we should take?

Thanks again,

Sincerely,

G

fenzodahl512
Jan 20 2009, 06:55 AM
Hello, first of all, lets do a search for this file.. igfxtray.exe and hpztsb10.exe

Tell me in details about below for each igfxtray.exe that you find.. Repeat with hpztsb10.exe file..

- locations/fullpath
- size
- date created

Post me the information that I need here..


Then, please uninstall and re-install (if you wish) these applications..

QuickTime
Analog Devices
Symantec/Norton
Modem Event Monitor

After you uninstall them, please delete these files/folders..

c:\program files\QuickTime
c:\program files\Common Files\Symantec Shared
c:\progra~1\SYMNET~1
c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
c:\program files\Analog Devices\Core\smax4pnp.exe


Next, run ComboFix once again and post the log here.. Also, post me the details that I need.. Because we need to replace those two files... smile.gif
GRBrown
Jan 21 2009, 06:53 PM
Hi Wan,

I was able to do almost everything you requested... with some slight modifications.
Because I don't have the install disks for some of my programs, I was reluctant to completely uninstall and delete certain items unless we have absolutely no other choice. I can probably get my hands on a clean version of the individual files that we feel are corrupted to ultimately replace the infected ones... thus allowing me to keep those programs. However, if it turns out that there is no other choice, I can just lose those programs if necessary.

So, here's where we are at:

I uninstalled the following, deleted their folders, and deleted all instances of the offending file(s) associated with these programs:

Quicktime [qttask.exe]
Modem Event Monitor [IntelMEM.exe]
SymNet [whatever the offending file was, and the actual full program iteself... something other than SymNet]

For all other files in question I either outright deleted the offending file, and/or cut it to a folder on my desktop and renamed it by changing them from .exe files to .bad files

I then rebooted and ran a search and none of the offending files were located.

as for igfxtray.exe.

I cut all instances of it and renamed them with a .bad extension (I don't think this is a program I actually need)
It was located in these folders:

c:\i386
c:\DRIVERS\VIDEO
c:\WINDOWS\SYSTEM32
c:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles
c:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles



as for hpztsb10.exe.

It was located in one folder, I cut it, renamed it with the .bad extension (again, this does not seem to be a critical file for my setup).
It was located in this folder: C:\WINDOWS\System32\spool\drivers\w32x86\3\


Both igfxtray.exe and hpztsb10.exe were startup items as well. I disabled any associations within msconfig for for both startup and services, so they no longer attempt to run at startup.


Basically, all the files you expressed concern about have been deleted or temporarily renamed and are ready for deletion at a later date. It does not appear as if any of these files are being executed in the current setup of the computer.

I then ran combofix as you requested, and the log for that is located below:
GRBrown
Jan 21 2009, 06:55 PM

ComboFix 09-01-21.02 - Alohboh 2009-01-21 18:13:29.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.286 [GMT -5:00]
Running from: c:\documents and settings\Alohboh\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-19 02:36 . 2009-01-19 16:04 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-19 02:23 . 2009-01-19 02:27 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2009-01-19 02:23 . 2009-01-19 02:23 <DIR> d-------- c:\program files\AVG
2009-01-19 02:23 . 2009-01-19 02:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-19 02:23 . 2009-01-19 02:23 97,928 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2009-01-19 02:23 . 2009-01-19 02:23 76,040 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2009-01-19 02:23 . 2009-01-19 02:23 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2009-01-19 02:05 . 2008-10-16 15:38 6,066,176 --------- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2009-01-19 02:05 . 2007-04-17 04:32 2,455,488 --------- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
2009-01-19 02:05 . 2007-03-08 00:10 991,232 --------- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll.mui
2009-01-19 02:05 . 2008-10-16 15:38 459,264 --------- c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2009-01-19 02:05 . 2008-10-16 15:38 383,488 --------- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2009-01-19 02:05 . 2008-10-16 15:38 267,776 --------- c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2009-01-19 02:05 . 2008-10-16 15:38 63,488 --------- c:\windows\SYSTEM32\DLLCACHE\icardie.dll
2009-01-19 02:05 . 2008-10-16 15:38 52,224 --------- c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
2009-01-19 02:05 . 2008-10-16 08:11 13,824 --------- c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2009-01-19 01:54 . 2005-10-19 08:59 163,840 --a------ c:\windows\SYSTEM32\igfxres.dll
2009-01-19 01:49 . 2009-01-19 01:49 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-19 01:44 . 2008-12-11 05:57 333,952 --------- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2009-01-19 01:43 . 2008-12-13 01:40 3,593,216 --------- c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-01-19 01:43 . 2008-10-15 20:00 1,499,136 --------- c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2009-01-19 01:43 . 2008-10-16 15:38 1,160,192 --------- c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2009-01-19 01:43 . 2008-10-16 15:38 826,368 --------- c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-01-19 01:42 . 2008-09-04 12:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2009-01-19 01:42 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2009-01-19 01:42 . 2008-10-15 11:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2009-01-19 01:41 . 2008-08-14 05:11 2,189,184 --------- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-01-19 01:41 . 2008-08-14 05:09 2,145,280 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-01-19 01:41 . 2008-08-14 04:33 2,066,048 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-01-19 01:41 . 2008-08-14 04:33 2,023,936 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-01-19 01:41 . 2008-09-15 07:12 1,846,400 --------- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-19 01:40 . 2008-04-11 14:04 691,712 --------- c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
2009-01-19 01:40 . 2008-05-01 09:33 331,776 --------- c:\windows\SYSTEM32\DLLCACHE\msadce.dll
2009-01-19 01:39 . 2008-06-13 06:05 272,128 --------- c:\windows\SYSTEM32\DLLCACHE\bthport.sys
2009-01-19 01:39 . 2008-05-08 09:02 203,136 --------- c:\windows\SYSTEM32\DLLCACHE\rmcast.sys
2009-01-19 01:19 . 2009-01-19 01:19 <DIR> d-------- c:\windows\SYSTEM32\scripting
2009-01-19 01:19 . 2009-01-19 01:19 <DIR> d-------- c:\windows\SYSTEM32\en
2009-01-19 01:19 . 2009-01-19 01:19 <DIR> d-------- c:\windows\l2schemas
2009-01-19 00:59 . 2008-09-09 20:14 1,307,648 --a------ c:\windows\SYSTEM32\msxml6.dll
2009-01-19 00:58 . 2008-04-13 19:12 695,808 --------- c:\windows\SYSTEM32\DLLCACHE\drmv2clt.dll
2009-01-19 00:57 . 2008-04-13 19:11 286,720 --------- c:\windows\SYSTEM32\DLLCACHE\blackbox.dll
2009-01-19 00:57 . 2008-04-13 19:11 233,472 --------- c:\windows\SYSTEM32\azroles.dll
2009-01-19 00:57 . 2008-04-13 19:11 136,192 --------- c:\windows\SYSTEM32\aaclient.dll
2009-01-19 00:57 . 2008-04-13 12:23 8,192 --------- c:\windows\SYSTEM32\DLLCACHE\asferror.dll
2009-01-19 00:57 . 2008-04-13 19:11 7,168 --------- c:\windows\SYSTEM32\bitsprx4.dll
2009-01-19 00:57 . 2002-08-29 05:00 999 --------- c:\windows\SYSTEM32\DLLCACHE\bktrh.gif
2009-01-19 00:13 . 2008-04-13 19:12 221,184 --a------ c:\windows\SYSTEM32\wmpns.dll
2009-01-19 00:11 . 2009-01-19 00:11 <DIR> d-------- c:\windows\provisioning
2009-01-19 00:11 . 2009-01-19 01:19 <DIR> d-------- c:\windows\peernet
2009-01-19 00:08 . 2009-01-19 00:08 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-19 00:01 . 2009-01-19 01:07 <DIR> d-------- c:\windows\EHome
2009-01-18 23:53 . 2002-04-15 21:11 67,866 --------- c:\windows\SYSTEM32\DRIVERS\netwlan5.img
2009-01-18 23:48 . 2008-10-16 14:07 23,576 --a------ c:\windows\SYSTEM32\wuapi.dll.mui
2009-01-18 15:16 . 2009-01-18 23:04 <DIR> d-------- c:\documents and settings\Alohboh\.housecall6.6
2009-01-17 03:27 . 2009-01-17 04:42 <DIR> d-------- c:\documents and settings\Alohboh\DoctorWeb
2009-01-14 17:31 . 2009-01-14 17:31 250 --a------ c:\windows\gmer.ini
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d-------- C:\rsit
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d-------- c:\program files\trend micro
2009-01-14 16:38 . 2009-01-14 16:38 <DIR> d-------- c:\documents and settings\Alohboh\Application Data\Malwarebytes
2009-01-14 16:38 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-14 16:28 . 2009-01-14 16:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 16:28 . 2009-01-14 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 16:28 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 21:58 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-21 21:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 21:33 --------- d-----w c:\program files\Intel
2009-01-17 10:59 --------- d-----w c:\program files\UltraVNC.CHANGED
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-01-22 14:23 0 ----a-w c:\documents and settings\Alohboh\del.bat
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_21.41.06.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-03-06 02:16:12 1,183,744 -c----w c:\windows\$NtUninstallKB873333$\ole32.dll
- 2002-08-29 10:00:00 68,608 -c----w c:\windows\$NtUninstallKB873333$\olecli32.dll
- 2002-08-29 10:00:00 34,304 -c----w c:\windows\$NtUninstallKB873333$\olecnv32.dll
- 2004-03-06 02:16:12 263,680 -c----w c:\windows\$NtUninstallKB873333$\rpcss.dll
+ 2004-03-06 02:16:12 1,183,744 -c----w c:\windows\$NtUninstallKB873333_0$\ole32.dll
+ 2002-08-29 10:00:00 68,608 -c----w c:\windows\$NtUninstallKB873333_0$\olecli32.dll
+ 2002-08-29 10:00:00 34,304 -c----w c:\windows\$NtUninstallKB873333_0$\olecnv32.dll
+ 2004-03-06 02:16:12 263,680 -c----w c:\windows\$NtUninstallKB873333_0$\rpcss.dll
+ 2004-12-01 01:22:42 169,984 -c----w c:\windows\$NtUninstallKB873333_0$\spuninst\spuninst.exe
- 2002-08-29 10:00:00 489,984 -c----w c:\windows\$NtUninstallKB873339$\hypertrm.dll
+ 2002-08-29 10:00:00 489,984 -c----w c:\windows\$NtUninstallKB873339_0$\hypertrm.dll
+ 2004-10-14 15:36:18 169,984 -c----w c:\windows\$NtUninstallKB873339_0$\spuninst\spuninst.exe
- 2004-10-12 16:22:52 436,608 -c----w c:\windows\$NtUninstallKB885250$\mrxsmb.sys
+ 2004-10-28 01:29:54 92,160 -c----w c:\windows\$NtUninstallKB885250_0$\cscdll.dll
+ 2004-10-12 16:22:52 436,608 -c----w c:\windows\$NtUninstallKB885250_0$\mrxsmb.sys
+ 2004-10-12 16:22:52 436,608 -c----w c:\windows\$NtUninstallKB885250_0$\mrxsmb.sys.000
+ 2004-12-01 01:22:42 169,984 -c----w c:\windows\$NtUninstallKB885250_0$\spuninst\spuninst.exe
- 2004-03-30 01:48:36 667,648 -c----w c:\windows\$NtUninstallKB885835$\lsasrv.dll
- 2002-08-29 10:00:00 163,328 -c----w c:\windows\$NtUninstallKB885835$\rdbss.sys
+ 2002-08-29 10:00:00 89,600 -c----w c:\windows\$NtUninstallKB885835_0$\cscdll.dll
+ 2004-03-30 01:48:36 667,648 -c----w c:\windows\$NtUninstallKB885835_0$\lsasrv.dll
+ 2002-11-18 18:27:40 392,576 -c----w c:\windows\$NtUninstallKB885835_0$\mrxsmb.sys
+ 2003-04-24 15:57:52 1,892,864 -c----w c:\windows\$NtUninstallKB885835_0$\ntkrnlmp.exe
+ 2003-04-24 15:57:54 1,949,440 -c----w c:\windows\$NtUninstallKB885835_0$\ntkrnlpa.exe
+ 2003-04-24 15:57:58 1,921,536 -c----w c:\windows\$NtUninstallKB885835_0$\ntkrpamp.exe
+ 2003-04-24 15:57:50 1,925,760 -c----w c:\windows\$NtUninstallKB885835_0$\ntoskrnl.exe
+ 2002-08-29 10:00:00 163,328 -c----w c:\windows\$NtUninstallKB885835_0$\rdbss.sys
+ 2002-08-29 10:00:00 116,224 -c----w c:\windows\$NtUninstallKB885835_0$\shsvcs.dll
+ 2004-10-14 16:36:18 169,984 -c----w c:\windows\$NtUninstallKB885835_0$\spuninst\spuninst.exe
+ 2004-10-14 16:36:18 169,984 -c----w c:\windows\$NtUninstallKB885836_0$\spuninst\spuninst.exe
+ 2002-08-29 10:00:00 200,704 -c----w c:\windows\$NtUninstallKB885836_0$\wordpad.exe
- 2002-08-29 10:00:00 77,850 -c----w c:\windows\$NtUninstallKB888113$\hlink.dll
+ 2002-08-29 10:00:00 77,850 -c----w c:\windows\$NtUninstallKB888113_0$\hlink.dll
+ 2004-10-14 15:36:18 169,984 -c----w c:\windows\$NtUninstallKB888113_0$\spuninst\spuninst.exe
- 2002-08-29 10:00:00 87,040 -c----w c:\windows\$NtUninstallKB888302$\srvsvc.dll
+ 2004-12-01 01:22:42 169,984 -c----w c:\windows\$NtUninstallKB888302_0$\spuninst\spuninst.exe
+ 2002-08-29 10:00:00 87,040 -c----w c:\windows\$NtUninstallKB888302_0$\srvsvc.dll
- 2002-08-29 10:00:00 50,688 -c----w c:\windows\$NtUninstallKB890046$\agentdpv.dll
+ 2002-08-29 10:00:00 50,688 -c----w c:\windows\$NtUninstallKB890046_0$\agentdpv.dll
+ 2005-02-25 00:35:06 209,632 -c----w c:\windows\$NtUninstallKB890046_0$\spuninst\spuninst.exe
+ 2005-02-25 00:35:08 371,936 -c----w c:\windows\$NtUninstallKB890046_0$\spuninst\updspapi.dll
- 2004-06-10 19:51:27 8,350,720 -c----w c:\windows\$NtUninstallKB890047$\shell32.dll
+ 2004-04-17 00:56:06 82,432 -c----w c:\windows\$NtUninstallKB890047_0$\fldrclnr.dll
+ 2004-06-10 19:51:27 8,350,720 -c----w c:\windows\$NtUninstallKB890047_0$\shell32.dll
+ 2004-12-01 01:22:42 169,984 -c----w c:\windows\$NtUninstallKB890047_0$\spuninst\spuninst.exe
+ 2004-04-17 00:56:04 676,864 -c----w c:\windows\$NtUninstallKB890047_0$\sxs.dll
+ 2004-05-18 03:46:28 593,408 -c----w c:\windows\$NtUninstallKB890047_0$\xpsp2res.dll
+ 2004-12-01 01:22:42 169,984 -c----w c:\windows\$NtUninstallKB890175_0$\spuninst\spuninst.exe
- 2002-08-29 10:00:00 51,200 -c----w c:\windows\$NtUninstallKB890859$\authz.dll
- 2004-10-22 07:29:40 1,955,840 -c----w c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
- 2004-10-22 08:33:31 2,088,448 -c----w c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
- 2004-12-29 01:31:44 574,464 -c----w c:\windows\$NtUninstallKB890859$\user32.dll
- 2004-08-05 18:15:00 1,845,888 -c----w c:\windows\$NtUninstallKB890859$\win32k.sys
- 2002-11-01 22:26:44 272,896 -c----w c:\windows\$NtUninstallKB890859$\winsrv.dll
+ 2002-08-29 10:00:00 51,200 -c----w c:\windows\$NtUninstallKB890859_0$\authz.dll
+ 2004-10-22 07:29:14 1,900,032 -c----w c:\windows\$NtUninstallKB890859_0$\ntkrnlmp.exe
+ 2004-10-22 07:29:40 1,955,840 -c----w c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe
+ 2004-10-22 07:29:42 1,928,704 -c----w c:\windows\$NtUninstallKB890859_0$\ntkrpamp.exe
+ 2004-10-22 08:33:31 2,088,448 -c----w c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe
+ 2005-02-24 23:35:06 209,632 -c----w c:\windows\$NtUninstallKB890859_0$\spuninst\spuninst.exe
+ 2005-02-24 23:35:08 371,936 -c----w c:\windows\$NtUninstallKB890859_0$\spuninst\updspapi.dll
+ 2004-12-29 01:31:44 574,464 -c----w c:\windows\$NtUninstallKB890859_0$\user32.dll
+ 2004-08-05 18:15:00 1,845,888 -c----w c:\windows\$NtUninstallKB890859_0$\win32k.sys
+ 2002-11-01 22:26:44 272,896 -c----w c:\windows\$NtUninstallKB890859_0$\winsrv.dll
+ 2004-12-01 01:22:42 169,984 -c----w c:\windows\$NtUninstallKB891781_0$\spuninst\spuninst.exe
- 2002-08-29 10:00:00 332,928 -c----w c:\windows\$NtUninstallKB893066$\tcpip.sys
+ 2005-02-25 00:35:06 209,632 -c----w c:\windows\$NtUninstallKB893066_0$\spuninst\spuninst.exe
+ 2005-02-25 00:35:08 371,936 -c----w c:\windows\$NtUninstallKB893066_0$\spuninst\updspapi.dll
+ 2002-08-29 10:00:00 332,928 -c----w c:\windows\$NtUninstallKB893066_0$\tcpip.sys
- 2004-12-21 20:55:12 8,443,904 -c----w c:\windows\$NtUninstallKB893086$\shell32.dll
+ 2004-12-21 20:55:12 8,443,904 -c----w c:\windows\$NtUninstallKB893086_0$\shell32.dll
+ 2005-02-24 23:35:06 209,632 -c----w c:\windows\$NtUninstallKB893086_0$\spuninst\spuninst.exe
+ 2005-02-24 23:35:08 371,936 -c----w c:\windows\$NtUninstallKB893086_0$\spuninst\updspapi.dll
+ 2004-12-01 14:46:38 594,432 -c----w c:\windows\$NtUninstallKB893086_0$\xpsp2res.dll
- 2002-12-17 22:43:00 10,752 -c----w c:\windows\$NtUninstallKB896358$\hh.exe
- 2003-01-10 21:43:46 37,888 -c----w c:\windows\$NtUninstallKB896358$\hhsetup.dll
- 2003-08-28 14:57:04 143,872 -c----w c:\windows\$NtUninstallKB896358$\itircl.dll
- 2004-06-23 00:43:42 123,392 -c----w c:\windows\$NtUninstallKB896358$\itss.dll
+ 2002-12-17 22:43:00 10,752 -c----w c:\windows\$NtUninstallKB896358_0$\hh.exe
+ 2003-01-10 21:43:46 37,888 -c----w c:\windows\$NtUninstallKB896358_0$\hhsetup.dll
+ 2003-08-28 14:57:04 143,872 -c----w c:\windows\$NtUninstallKB896358_0$\itircl.dll
+ 2004-06-23 00:43:42 123,392 -c----w c:\windows\$NtUninstallKB896358_0$\itss.dll
+ 2005-02-25 00:35:06 209,632 -c----w c:\windows\$NtUninstallKB896358_0$\spuninst\spuninst.exe
+ 2005-02-25 00:35:08 371,936 -c----w c:\windows\$NtUninstallKB896358_0$\spuninst\updspapi.dll
- 2003-03-28 18:54:56 322,048 -c----w c:\windows\$NtUninstallKB896422$\srv.sys
+ 2005-02-25 00:35:06 209,632 -c----w c:\windows\$NtUninstallKB896422_0$\spuninst\spuninst.exe
+ 2005-02-25 00:35:08 371,936 -c----w c:\windows\$NtUninstallKB896422_0$\spuninst\updspapi.dll
+ 2003-03-28 18:54:56 322,048 -c----w c:\windows\$NtUninstallKB896422_0$\srv.sys
- 2002-08-29 10:00:00 71,168 -c----w c:\windows\$NtUninstallKB896428$\telnet.exe
+ 2005-02-25 00:35:06 209,632 -c----w c:\windows\$NtUninstallKB896428_0$\spuninst\spuninst.exe
+ 2005-02-25 00:35:08 371,936 -c----w c:\windows\$NtUninstallKB896428_0$\spuninst\updspapi.dll
+ 2002-08-29 10:00:00 71,168 -c----w c:\windows\$NtUninstallKB896428_0$\telnet.exe
+ 2008-04-14 00:11:48 39,424 ------w c:\windows\AppPatch\acadproc.dll
- 2002-11-27 00:20:08 1,821,184 ----a-w c:\windows\AppPatch\acgenral.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w c:\windows\AppPatch\acgenral.dll
- 2002-08-29 10:00:00 406,528 ----a-w c:\windows\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48 451,072 ----a-w c:\windows\AppPatch\aclayers.dll
- 2002-08-29 10:00:00 125,440 ----a-w c:\windows\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48 141,312 ----a-w c:\windows\AppPatch\aclua.dll
- 2002-08-29 10:00:00 219,136 ----a-w c:\windows\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48 245,248 ----a-w c:\windows\AppPatch\acspecfc.dll
- 2002-08-29 10:00:00 107,520 ----a-w c:\windows\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48 116,224 ----a-w c:\windows\AppPatch\acxtrnal.dll
- 2005-06-20 14:51:05 1,257,472 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-01-19 06:46:24 1,265,664 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2005-03-24 17:15:21 1,224,704 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-01-19 06:46:24 1,232,896 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-01-19 06:46:39 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_de44f1c0\CustomMarshalers.dll
+ 2009-01-19 06:47:18 118,784 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e3d1df92\CustomMarshalers.dll
+ 2009-01-19 06:47:43 8,908,800 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bbcfe4ca\mscorlib.dll
+ 2009-01-19 06:47:10 3,391,488 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e307169f\mscorlib.dll
+ 2009-01-19 06:47:35 3,395,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_da227c03\System.Design.dll
+ 2009-01-19 06:47:02 1,470,464 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ec720726\System.Design.dll
+ 2009-01-19 06:47:20 192,512 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9211b4ac\System.Drawing.Design.dll
+ 2009-01-19 06:46:42 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b58c3710\System.Drawing.Design.dll
+ 2009-01-19 06:47:05 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_31d5f92d\System.Drawing.dll
+ 2009-01-19 06:47:37 2,244,608 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_acf00268\System.Drawing.dll
+ 2009-01-19 06:47:27 7,884,800 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_85a50d19\System.Windows.Forms.dll
+ 2009-01-19 06:46:49 3,018,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c3aef1c0\System.Windows.Forms.dll
+ 2009-01-19 06:47:32 5,513,216 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_5ad27705\System.Xml.dll
+ 2009-01-19 06:46:56 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_fa761e0d\System.Xml.dll
+ 2009-01-19 06:47:17 4,788,224 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a4cdf242\System.dll
+ 2009-01-19 06:46:37 1,966,080 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f0b46d3b\System.dll
+ 2008-06-13 11:05:51 272,128 ------w c:\windows\Driver Cache\I386\bthport.sys
- 2005-01-19 03:51:40 440,064 ----a-w c:\windows\Driver Cache\I386\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\I386\mrxsmb.sys
- 2005-03-02 00:36:43 1,900,032 ----a-w c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2008-08-14 10:09:26 2,145,280 ------w c:\windows\Driver Cache\I386\ntkrnlmp.exe
- 2005-03-02 00:36:42 1,955,840 ----a-w c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,066,048 ------w c:\windows\Driver Cache\I386\ntkrnlpa.exe
- 2005-03-02 00:36:43 1,928,704 ----a-w c:\windows\Driver Cache\I386\ntkrpamp.exe
+ 2008-08-14 09:33:16 2,023,936 ------w c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2005-03-02 01:33:36 2,040,832 ----a-w c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2008-08-14 10:11:02 2,189,184 ------w c:\windows\Driver Cache\I386\ntoskrnl.exe
- 2002-08-29 10:00:00 1,004,032 ------w c:\windows\EXPLORER.EXE
+ 2008-04-14 00:12:19 1,033,728 ----a-w c:\windows\explorer.exe
- 2002-08-29 10:00:00 32,256 ----a-w c:\windows\Help\SNIFFPOL.DLL
+ 2008-04-14 00:12:06 34,816 ----a-w c:\windows\Help\sniffpol.dll
- 2002-08-29 10:00:00 30,720 ----a-w c:\windows\Help\SSTUB.DLL
+ 2008-04-14 00:12:07 33,280 ----a-w c:\windows\Help\sstub.dll
- 2002-08-29 10:00:00 262,656 ----a-w c:\windows\Help\TSHOOT.DLL
+ 2008-04-14 00:12:07 279,040 ----a-w c:\windows\Help\tshoot.dll
- 2005-05-25 22:44:31 10,752 ----a-w c:\windows\hh.exe
+ 2008-04-14 00:12:21 10,752 ----a-w c:\windows\hh.exe
+ 2008-04-14 00:11:48 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2008-04-14 00:11:48 99,840 -c--a-w c:\windows\ie7\advpack.dll
+ 2008-04-14 00:11:51 33,792 -c--a-w c:\windows\ie7\custsat.dll
+ 2008-04-14 00:11:52 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2008-04-14 00:11:52 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2008-04-14 00:11:53 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2008-04-14 00:11:54 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2008-04-14 00:12:22 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2008-04-14 00:11:54 143,360 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2008-04-14 00:11:54 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2002-08-29 10:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
+ 2008-04-14 00:11:54 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2008-04-14 00:12:22 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2008-04-14 00:11:54 251,904 -c--a-w c:\windows\ie7\iepeers.dll
+ 2008-04-14 00:11:54 48,640 -c--a-w c:\windows\ie7\iernonce.dll
+ 2008-04-14 00:11:54 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2008-04-14 00:12:22 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2008-04-14 00:11:54 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2008-04-14 00:11:55 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2008-04-14 00:11:56 15,872 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2008-04-14 00:11:56 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2008-04-14 00:12:27 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2008-12-12 17:01:00 3,067,904 -c--a-w c:\windows\ie7\mshtml.dll
+ 2008-04-14 00:11:59 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2008-04-13 16:26:26 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2002-08-29 10:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2008-04-14 00:12:00 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2008-04-14 00:12:00 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2008-04-14 00:12:02 96,256 -c--a-w c:\windows\ie7\occache.dll
+ 2008-04-14 00:12:02 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 22:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 22:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2008-04-14 00:12:08 37,888 -c--a-w c:\windows\ie7\url.dll
+ 2008-10-16 01:00:11 619,520 -c--a-w c:\windows\ie7\urlmon.dll
+ 2008-04-14 00:12:08 851,968 -c--a-w c:\windows\ie7\vgx.dll
+ 2008-04-14 00:12:08 276,480 -c--a-w c:\windows\ie7\webcheck.dll
+ 2008-10-16 01:00:11 666,112 -c--a-w c:\windows\ie7\wininet.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 23:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-13 23:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll.000
+ 2007-08-13 23:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll.000
+ 2007-08-13 23:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-13 23:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll.000
+ 2007-08-13 23:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-08-13 23:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll.000
+ 2007-08-13 23:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-13 23:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-13 23:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe.000
+ 2007-08-13 23:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-13 23:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll.000
+ 2007-08-13 23:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-13 23:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll.000
+ 2007-08-13 22:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-08-13 22:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll.000
+ 2007-02-12 21:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat
+ 2007-07-11 17:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-13 23:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-08-13 23:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll.000
+ 2007-08-13 23:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-13 23:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-08-13 23:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll.000
+ 2007-08-13 23:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-13 23:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-13 23:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-13 23:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe.000
+ 2007-08-13 23:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-08-13 23:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll.000
+ 2007-08-13 23:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-08-13 23:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-13 23:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-13 23:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll.000
+ 2007-08-13 23:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-13 23:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll.000
+ 2007-08-13 23:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-13 23:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll.000
+ 2007-08-13 23:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-13 23:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll.000
+ 2007-08-13 23:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-08-13 23:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll.000
+ 2007-08-13 23:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-13 23:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-13 23:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll.000
+ 2007-08-13 23:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll.000
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll.000
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll.000
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll.000
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dat
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll.000
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll.000
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll.000
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe.000
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll.000
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll.000
+ 2008-08-27 18:54:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-27 18:54:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll.000
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll.000
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll.000
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll.000
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll.000
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll.000
+ 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2002-08-29 10:00:00 203,776 ----a-w c:\windows\IME\MSCANDUI.DLL
+ 2008-04-14 00:11:58 220,160 ----a-w c:\windows\IME\mscandui.dll
- 2002-08-29 10:00:00 121,344 ----a-w c:\windows\IME\SOFTKBD.DLL
+ 2008-04-14 00:12:06 130,048 ----a-w c:\windows\IME\softkbd.dll
- 2002-08-29 10:00:00 62,464 ----a-w c:\windows\IME\SPGRMR.DLL
+ 2008-04-13 16:43:18 62,976 ----a-w c:\windows\IME\spgrmr.dll
- 2002-08-29 10:00:00 235,520 ----a-w c:\windows\IME\SPTIP.DLL
+ 2008-04-14 00:12:06 250,368 ----a-w c:\windows\IME\sptip.dll
- 2002-08-29 10:00:00 249,856 ----a-w c:\windows\INF\UNREGMP2.EXE
+ 2008-04-14 00:12:38 208,896 ----a-w c:\windows\INF\unregmp2.exe
+ 2009-01-19 06:49:50 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-01-18 15:13:09 2,247 ------w c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w c:\windows\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w c:\windows\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 00:11:31 25,600 ------w c:\windows\Installer\tsclientmsitrans\tscupdc.dll
- 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 02:30:52 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 06:49:22 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 02:30:52 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 01:57:52 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 00:09:14 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 01:57:58 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 01:56:30 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 05:33:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 01:58:00 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-14 01:50:46 2,142,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 00:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 01:58:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 01:57:00 2,523,136 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 01:57:28 2,514,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 21:20:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 21:11:26 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3124\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3124\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3124\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3124\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3124\_mscorlib.dll
+ 2003-02-21 00:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3124\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3124\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3124\_mscorwks.dll
+ 2003-02-21 09:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3124\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3124\_PerfCounter.dll
- 2004-07-15 19:31:16 1,224,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 02:35:38 1,232,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-10-08 10:20:12 1,257,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 02:35:46 1,265,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2002-08-29 10:00:00 22,016 ----a-w c:\windows\MSAGENT\AGENTANM.DLL
+ 2008-04-14 00:11:48 24,064 ----a-w c:\windows\MSAGENT\agentanm.dll
- 2002-08-29 10:00:00 204,288 ----a-w c:\windows\MSAGENT\AGENTCTL.DLL
+ 2008-04-14 00:11:48 214,016 ----a-w c:\windows\MSAGENT\agentctl.dll
- 2002-08-29 10:00:00 35,840 ----a-w c:\windows\MSAGENT\AGENTDP2.DLL
+ 2008-04-14 00:11:48 42,496 ----a-w c:\windows\MSAGENT\agentdp2.dll
- 2005-04-22 05:20:24 51,712 ----a-w c:\windows\MSAGENT\agentdpv.dll
+ 2008-04-14 00:11:48 57,344 ----a-w c:\windows\MSAGENT\agentdpv.dll
- 2002-08-29 10:00:00 44,032 ----a-w c:\windows\MSAGENT\AGENTMPX.DLL
+ 2008-04-14 00:11:48 49,152 ----a-w c:\windows\MSAGENT\agentmpx.dll
- 2002-08-29 10:00:00 21,504 ----a-w c:\windows\MSAGENT\AGENTPSH.DLL
+ 2008-04-14 00:11:48 24,064 ----a-w c:\windows\MSAGENT\agentpsh.dll
- 2002-08-29 10:00:00 39,936 ----a-w c:\windows\MSAGENT\AGENTSR.DLL
+ 2008-04-14 00:11:48 44,032 ----a-w c:\windows\MSAGENT\agentsr.dll
- 2002-08-29 10:00:00 235,008 ----a-w c:\windows\MSAGENT\AGENTSVR.EXE
+ 2008-04-14 00:12:12 256,512 ----a-w c:\windows\MSAGENT\agentsvr.exe
- 2002-08-29 10:00:00 21,504 ----a-w c:\windows\MSAGENT\AGTINTL.DLL
+ 2008-04-14 00:11:49 24,064 ----a-w c:\windows\MSAGENT\agtintl.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\MSAGENT\INTL\AGT0405.DLL
+ 2007-04-02 18:25:59 19,456 ----a-w c:\windows\MSAGENT\INTL\agt0405.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\MSAGENT\INTL\AGT0406.DLL
+ 2007-04-02 18:25:59 19,456 ----a-w c:\windows\MSAGENT\INTL\agt0406.dll
- 2002-08-29 10:00:00 21,504 ----a-w c:\windows\MSAGENT\INTL\AGT0407.DLL
+ 2007-04-02 18:26:00 21,504 ----a-w c:\windows\MSAGENT\INTL\agt0407.dll
- 2002-08-29 10:00:00 22,016 ----a-w c:\windows\MSAGENT\INTL\AGT0408.DLL
+ 2007-04-02 18:26:00 22,016 ----a-w c:\windows\MSAGENT\INTL\agt0408.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\MSAGENT\INTL\AGT0409.DLL
+ 2008-04-13 17:32:28 19,968 ----a-w c:\windows\MSAGENT\INTL\agt0409.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\MSAGENT\INTL\AGT040B.DLL
+ 2007-04-02 18:26:00 19,456 ----a-w c:\windows\MSAGENT\INTL\agt040b.dll
- 2002-08-29 10:00:00 21,504 ----a-w c:\windows\MSAGENT\INTL\AGT040C.DLL
+ 2007-04-02 18:26:00 21,504 ----a-w c:\windows\MSAGENT\INTL\agt040c.dll
- 2002-08-29 10:00:00 19,968 ----a-w c:\windows\MSAGENT\INTL\AGT040E.DLL
+ 2007-04-02 18:26:00 19,968 ----a-w c:\windows\MSAGENT\INTL\agt040e.dll
- 2002-08-29 10:00:00 20,992 ----a-w c:\windows\MSAGENT\INTL\AGT0410.DLL
+ 2007-04-02 18:26:00 20,992 ----a-w c:\windows\MSAGENT\INTL\agt0410.dll
- 2002-08-29 10:00:00 20,992 ----a-w c:\windows\MSAGENT\INTL\AGT0413.DLL
+ 2007-04-02 18:26:01 20,992 ----a-w c:\windows\MSAGENT\INTL\agt0413.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\MSAGENT\INTL\AGT0414.DLL
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\MSAGENT\INTL\agt0414.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\MSAGENT\INTL\AGT0415.DLL
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\MSAGENT\INTL\agt0415.dll
- 2002-08-29 10:00:00 20,480 ----a-w c:\windows\MSAGENT\INTL\AGT0416.DLL
+ 2007-04-02 18:26:01 20,480 ----a-w c:\windows\MSAGENT\INTL\agt0416.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\MSAGENT\INTL\AGT0419.DLL
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\MSAGENT\INTL\agt0419.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\MSAGENT\INTL\AGT041D.DLL
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\MSAGENT\INTL\agt041d.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\MSAGENT\INTL\AGT041F.DLL
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\MSAGENT\INTL\agt041f.dll
- 2002-08-29 10:00:00 20,992 ----a-w c:\windows\MSAGENT\INTL\AGT0816.DLL
+ 2007-04-02 18:26:02 20,992 ----a-w c:\windows\MSAGENT\INTL\agt0816.dll
- 2002-08-29 10:00:00 20,480 ----a-w c:\windows\MSAGENT\INTL\AGT0C0A.DLL
+ 2007-04-02 18:26:02 20,480 ----a-w c:\windows\MSAGENT\INTL\agt0c0a.dll
- 2002-08-29 10:00:00 36,352 ----a-w c:\windows\MSAGENT\MSLWVTTS.DLL
+ 2008-04-14 00:12:00 39,936 ----a-w c:\windows\MSAGENT\mslwvtts.dll
+ 2008-04-14 00:11:51 33,792 ------w c:\windows\network diagnostic\custsat.dll
+ 2008-04-13 18:53:32 558,080 ------w c:\windows\network diagnostic\xpnetdiag.exe
- 2002-08-29 10:00:00 66,048 ----a-w c:\windows\NOTEPAD.EXE
+ 2008-04-14 00:12:29 69,120 ----a-w c:\windows\notepad.exe
- 2004-04-14 22:50:06 740,864 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\helpctr.exe
+ 2008-04-14 00:12:21 769,024 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\helpctr.exe
- 2002-08-29 10:00:00 703,488 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
+ 2008-04-14 00:12:21 744,448 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
- 2004-04-11 00:53:14 16,384 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\hscupd.exe
+ 2008-04-14 00:12:21 18,432 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\hscupd.exe
- 2002-08-29 10:00:00 145,408 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\MSCONFIG.EXE
+ 2008-04-14 00:12:27 169,984 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
- 2002-08-29 10:00:00 348,160 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\MSINFO.DLL
+ 2008-04-14 00:11:59 376,832 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\msinfo.dll
- 2002-11-27 18:50:20 94,208 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\pchshell.dll
+ 2008-04-14 00:12:02 102,912 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\pchshell.dll
- 2002-08-29 10:00:00 29,696 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\PCHSVC.DLL
+ 2008-04-14 00:12:02 38,400 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
- 2004-06-23 20:23:14 9,258 ----a-w c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
+ 2009-01-19 05:13:23 9,492 ----a-w c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
- 2004-06-23 20:34:18 72,903 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
+ 2009-01-19 06:22:24 78,699 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
- 2004-08-05 19:36:47 17,404 ----a-w c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
+ 2009-01-19 06:22:24 18,080 ----a-w c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
- 2002-08-29 10:00:00 138,752 ----a-w c:\windows\PCHealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 00:12:38 150,528 ----a-w c:\windows\PCHealth\UploadLB\Binaries\uploadm.exe
+ 2008-04-14 00:12:06 151,552 ------w c:\windows\peernet\sqldb20.dll
+ 2008-04-14 00:12:06 462,848 ------w c:\windows\peernet\sqlqp20.dll
+ 2008-04-14 00:12:06 110,592 ------w c:\windows\peernet\sqlse20.dll
- 2002-08-29 10:00:00 134,144 ----a-w c:\windows\REGEDIT.EXE
+ 2008-04-14 00:12:32 146,432 ----a-w c:\windows\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w c:\windows\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w c:\windows\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w c:\windows\ServicePackFiles\i386\61883.sys
+ 2008-04-14 00:11:48 100,352 ------w c:\windows\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 00:11:48 136,192 ------w c:\windows\ServicePackFiles\i386\aaclient.dll
+ 2002-08-29 04:00:48 231,552 ------w c:\windows\ServicePackFiles\i386\ac97ali.sys
+ 2002-08-29 04:00:56 84,480 ------w c:\windows\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 00:11:48 39,424 ------w c:\windows\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 00:12:11 184,320 ------w c:\windows\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 00:11:48 1,852,928 ------w c:\windows\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 00:11:48 451,072 ------w c:\windows\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 00:11:48 141,312 ------w c:\windows\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 00:11:48 115,712 ------w c:\windows\ServicePackFiles\i386\aclui.dll
+ 2008-04-13 18:36:35 187,776 ------w c:\windows\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 00:11:48 245,248 ------w c:\windows\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 00:11:48 193,536 ------w c:\windows\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 00:12:12 4,096 ------w c:\windows\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 00:11:48 98,304 ------w c:\windows\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 00:11:48 116,224 ------w c:\windows\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 00:11:48 20,540 ------w c:\windows\ServicePackFiles\i386\admin.dll
+ 2008-04-14 00:12:12 16,439 ------w c:\windows\ServicePackFiles\i386\admin.exe
+ 2002-08-29 04:00:48 10,880 ------w c:\windows\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 00:11:48 61,440 ------w c:\windows\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 00:11:48 175,616 ------w c:\windows\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 00:11:48 143,360 ------w c:\windows\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 00:11:48 68,096 ------w c:\windows\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 00:11:48 263,680 ------w c:\windows\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 00:11:48 4,255 ------w c:\windows\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 00:11:48 3,967 ------w c:\windows\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 00:11:48 3,615 ------w c:\windows\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 00:11:48 3,647 ------w c:\windows\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 00:11:48 3,135 ------w c:\windows\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 00:11:48 3,711 ------w c:\windows\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 00:11:48 3,775 ------w c:\windows\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 00:11:48 617,472 ------w c:\windows\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 00:11:48 99,840 ------w c:\windows\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w c:\windows\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w c:\windows\ServicePackFiles\i386\afd.sys
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 00:11:48 214,016 ------w c:\windows\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 00:11:48 42,496 ------w c:\windows\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 00:11:48 57,344 ------w c:\windows\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 00:11:48 49,152 ------w c:\windows\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 00:11:48 44,032 ------w c:\windows\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 00:12:12 256,512 ------w c:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w c:\windows\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w c:\windows\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w c:\windows\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w c:\windows\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w c:\windows\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w c:\windows\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w c:\windows\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w c:\windows\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w c:\windows\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w c:\windows\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 00:11:49 24,064 ------w c:\windows\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 00:12:12 98,304 ------w c:\windows\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 00:12:12 44,544 ------w c:\windows\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w c:\windows\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 00:11:49 17,408 ------w c:\windows\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w c:\windows\ServicePackFiles\i386\amdagp.sys
+ 2008-04-13 18:31:32 37,376 ------w c:\windows\ServicePackFiles\i386\amdk6.sys
+ 2008-04-13 18:31:33 37,760 ------w c:\windows\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 00:11:49 70,656 ------w c:\windows\ServicePackFiles\i386\amstream.dll
+ 2002-08-29 03:59:12 36,224 ------w c:\windows\ServicePackFiles\i386\an983.sys
+ 2008-04-14 00:11:49 125,952 ------w c:\windows\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 00:11:49 331,264 ------w c:\windows\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w c:\windows\ServicePackFiles\i386\arp1394.sys
+ 2004-08-04 07:55:59 8,192 ------w c:\windows\ServicePackFiles\i386\asferror.dll
+ 2008-04-14 00:11:49 65,024 ------w c:\windows\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w c:\windows\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 00:12:12 25,088 ------w c:\windows\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w c:\windows\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 05:29:29 56,623 ------w c:\windows\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 05:29:29 11,615 ------w c:\windows\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 05:29:29 12,047 ------w c:\windows\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 05:29:30 30,671 ------w c:\windows\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 05:29:30 63,663 ------w c:\windows\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 05:29:31 26,367 ------w c:\windows\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 05:29:31 21,343 ------w c:\windows\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 05:29:31 36,463 ------w c:\windows\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 05:29:31 29,455 ------w c:\windows\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 05:29:31 34,735 ------w c:\windows\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 00:11:49 229,376 ------w c:\windows\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 00:11:49 377,984 ------w c:\windows\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 00:11:49 201,728 ------w c:\windows\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-04 05:29:26 327,040 ------w c:\windows\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-04 05:29:26 701,440 ------w c:\windows\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 00:11:49 870,784 ------w c:\windows\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 00:11:49 1,057,760 ------w c:\windows\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 00:11:50 1,888,992 ------w c:\windows\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 05:29:27 57,856 ------w c:\windows\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 05:29:28 13,824 ------w c:\windows\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 05:29:29 14,336 ------w c:\windows\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 05:29:29 52,224 ------w c:\windows\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 05:29:30 104,960 ------w c:\windows\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 05:29:30 28,672 ------w c:\windows\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 05:29:30 13,824 ------w c:\windows\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 05:29:31 73,216 ------w c:\windows\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 05:29:31 31,744 ------w c:\windows\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 05:29:31 63,488 ------w c:\windows\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 00:11:50 32,768 ------w c:\windows\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 00:11:50 516,768 ------w c:\windows\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 00:11:50 58,880 ------w c:\windows\ServicePackFiles\i386\atl.dll
+ 2008-04-14 00:12:12 11,264 ------w c:\windows\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w c:\windows\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 00:09:01 285,696 ------w c:\windows\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w c:\windows\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 00:11:50 30,208 ------w c:\windows\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 00:12:12 12,288 ------w c:\windows\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 00:11:50 21,183 ------w c:\windows\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 00:11:50 11,359 ------w c:\windows\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 00:11:50 25,471 ------w c:\windows\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 00:11:50 14,143 ------w c:\windows\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 00:11:50 17,279 ------w c:\windows\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 00:11:50 42,496 ------w c:\windows\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 00:12:12 14,336 ------w c:\windows\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 00:11:50 20,540 ------w c:\windows\ServicePackFiles\i386\author.dll
+ 2008-04-14 00:12:12 16,439 ------w c:\windows\ServicePackFiles\i386\author.exe
+ 2008-04-14 00:11:50 62,464 ------w c:\windows\ServicePackFiles\i386\authz.dll
+ 2008-04-14 00:12:12 588,800 ------w c:\windows\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 00:12:12 602,624 ------w c:\windows\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 00:12:13 580,608 ------w c:\windows\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 00:12:13 11,264 ------w c:\windows\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w c:\windows\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w c:\windows\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 00:11:50 84,992 ------w c:\windows\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 00:11:50 233,472 ------w c:\windows\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 00:11:50 52,736 ------w c:\windows\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 00:11:50 29,184 ------w c:\windows\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 00:11:50 8,704 ------w c:\windows\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w c:\windows\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w c:\windows\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 00:11:50 17,408 ------w c:\windows\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 00:11:50 8,192 ------w c:\windows\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 00:11:50 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 00:11:50 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx4.dll
+ 2004-08-04 07:56:41 286,208 ------w c:\windows\ServicePackFiles\i386\blackbox.dll
+ 2008-04-14 00:12:13 71,680 ------w c:\windows\ServicePackFiles\i386\blastcln.exe
+ 2008-04-13 18:53:23 71,552 ------w c:\windows\ServicePackFiles\i386\bridge.sys
+ 2008-04-13 17:03:24 63,488 ------w c:\windows\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 00:11:50 77,824 ------w c:\windows\ServicePackFiles\i386\browser.dll
+ 2008-04-14 00:11:50 1,025,024 ------w c:\windows\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 00:11:50 78,336 ------w c:\windows\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 00:11:50 20,992 ------w c:\windows\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w c:\windows\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w c:\windows\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w c:\windows\ServicePackFiles\i386\bthpan.sys
+ 2008-04-13 18:46:32 273,024 ------w c:\windows\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w c:\windows\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 00:11:50 30,208 ------w c:\windows\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w c:\windows\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 00:11:50 50,688 ------w c:\windows\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 00:11:50 218,112 ------w c:\windows\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 00:11:50 60,416 ------w c:\windows\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 00:11:50 84,480 ------w c:\windows\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 00:12:13 19,968 ------w c:\windows\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 00:11:50 385,024 ------w c:\windows\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 00:11:50 121,856 ------w c:\windows\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 00:11:50 50,688 ------w c:\windows\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 00:11:50 150,016 ------w c:\windows\ServicePackFiles\i386\capesnpn.dll
+ 2008-04-14 00:11:50 226,304 ------w c:\windows\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 00:11:50 85,504 ------w c:\windows\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 00:11:50 625,664 ------w c:\windows\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 18:46:23 17,024 ------w c:\windows\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-13 19:14:21 63,744 ------w c:\windows\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 00:11:50 151,040 ------w c:\windows\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 00:11:50 66,560 ------w c:\windows\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 00:11:50 2,091,520 ------w c:\windows\ServicePackFiles\i386\cdosys.dll
+ 2008-04-13 18:40:46 62,976 ------w c:\windows\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 00:11:50 194,560 ------w c:\windows\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 00:11:50 457,728 ------w c:\windows\ServicePackFiles\i386\certmgr.dll
+ 2004-08-04 07:56:41 159,232 ------w c:\windows\ServicePackFiles\i386\cewmdm.dll
+ 2008-04-14 00:11:50 38,912 ------w c:\windows\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 00:09:05 16,896 ------w c:\windows\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 00:12:14 188,480 ------w c:\windows\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 00:11:50 15,423 ------w c:\windows\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-13 18:40:58 8,192 ------w c:\windows\ServicePackFiles\i386\changer.sys
+ 2008-04-14 00:11:50 148,480 ------w c:\windows\ServicePackFiles\i386\cic.dll
+ 2008-04-14 00:11:50 1,358,848 ------w c:\windows\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 00:11:50 69,120 ------w c:\windows\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 00:12:14 5,632 ------w c:\windows\ServicePackFiles\i386\cisvc.exe
+ 2008-04-13 19:16:22 49,536 ------w c:\windows\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 00:11:50 110,592 ------w c:\windows\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 00:11:50 498,688 ------w c:\windows\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 00:12:14 64,000 ------w c:\windows\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 00:11:50 77,824 ------w c:\windows\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 00:12:14 20,480 ------w c:\windows\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 00:12:14 102,912 ------w c:\windows\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 00:12:14 33,280 ------w c:\windows\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 00:11:50 58,368 ------w c:\windows\ServicePackFiles\i386\clusapi.dll
+ 2008-04-13 18:36:37 13,952 ------w c:\windows\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 00:11:50 15,872 ------w c:\windows\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 00:12:14 389,120 ------w c:\windows\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 00:11:50 344,064 ------w c:\windows\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 00:12:14 25,600 ------w c:\windows\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 00:12:15 39,936 ------w c:\windows\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 00:11:50 185,344 ------w c:\windows\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 00:11:50 13,312 ------w c:\windows\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 00:12:15 63,488 ------w c:\windows\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 00:11:50 39,424 ------w c:\windows\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 00:11:50 47,104 ------w c:\windows\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 00:11:50 79,360 ------w c:\windows\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-13 16:44:16 17,920 ------w c:\windows\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 00:11:51 60,416 ------w c:\windows\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 00:11:51 28,160 ------w c:\windows\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 00:11:51 195,072 ------w c:\windows\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 00:11:51 617,472 ------w c:\windows\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 00:11:51 276,992 ------w c:\windows\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 00:11:51 252,928 ------w c:\windows\ServicePackFiles\i386\compatui.dll
+ 2008-04-13 18:36:37 10,240 ------w c:\windows\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 00:11:51 229,376 ------w c:\windows\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 00:11:51 97,792 ------w c:\windows\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 00:12:15 9,728 ------w c:\windows\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 00:12:15 6,144 ------w c:\windows\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 00:11:51 792,064 ------w c:\windows\ServicePackFiles\i386\comres.dll
+ 2008-04-14 00:11:51 274,944 ------w c:\windows\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 00:11:51 167,424 ------w c:\windows\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 00:11:51 1,267,200 ------w c:\windows\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 00:11:51 539,648 ------w c:\windows\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 00:12:15 1,032,192 ------w c:\windows\ServicePackFiles\i386\conf.exe
+ 2008-04-14 00:11:51 45,056 ------w c:\windows\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 00:11:51 357,888 ------w c:\windows\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 00:12:15 27,648 ------w c:\windows\ServicePackFiles\i386\conime.exe
+ 2008-04-14 00:11:51 35,328 ------w c:\windows\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 00:11:51 12,800 ------w c:\windows\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 00:11:51 163,840 ------w c:\windows\ServicePackFiles\i386\credui.dll
+ 2008-04-13 18:31:32 36,736 ------w c:\windows\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 00:11:51 599,040 ------w c:\windows\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 00:11:51 74,752 ------w c:\windows\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 00:11:51 33,280 ------w c:\windows\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 00:11:51 53,760 ------w c:\windows\ServicePackFiles\i386\cryptext.dll
+ 2008-04-14 00:11:51 64,512 ------w c:\windows\ServicePackFiles\i386\cryptnet.dll
+ 2008-04-14 00:11:51 62,464 ------w c:\windows\ServicePackFiles\i386\cryptsvc.dll
+ 2008-04-14 00:11:51 512,512 ------w c:\windows\ServicePackFiles\i386\cryptui.dll
+ 2008-04-14 00:11:51 101,888 ------w c:\windows\ServicePackFiles\i386\cscdll.dll
+ 2008-04-14 00:12:15 139,264 ------w c:\windows\ServicePackFiles\i386\cscript.exe
+ 2008-04-14 00:11:51 326,656 ------w c:\windows\ServicePackFiles\i386\cscui.dll
+ 2008-04-14 00:11:51 32,256 ------w c:\windows\ServicePackFiles\i386\csrsrv.dll
+ 2008-04-14 00:12:15 6,144 ------w c:\windows\ServicePackFiles\i386\csrss.exe
+ 2008-04-14 00:12:16 15,360 ------w c:\windows\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 00:11:51 249,856 ------w c:\windows\ServicePackFiles\i386\ctmasetp.dll
+ 2008-04-14 00:11:51 33,792 ------w c:\windows\ServicePackFiles\i386\custsat.dll
+ 2004-08-04 05:32:25 48,640 ------w c:\windows\ServicePackFiles\i386\cwrwdm.sys
+ 2008-04-14 00:11:51 1,179,648 ------w c:\windows\ServicePackFiles\i386\d3d8.dll
+ 2008-04-14 00:11:51 8,192 ------w c:\windows\ServicePackFiles\i386\d3d8thk.dll
+ 2008-04-14 00:11:51 1,689,088 ------w c:\windows\ServicePackFiles\i386\d3d9.dll
+ 2008-04-14 00:11:51 824,320 ------w c:\windows\ServicePackFiles\i386\d3dim700.dll
+ 2008-04-14 00:11:51 1,054,208 ------w c:\windows\ServicePackFiles\i386\danim.dll
+ 2008-01-19 11:04:48 554,008 ------w c:\windows\ServicePackFiles\i386\dao360.dll
+ 2008-04-14 00:11:51 54,272 ------w c:\windows\ServicePackFiles\i386\dataclen.dll
+ 2008-04-14 00:11:51 165,376 ------w c:\windows\ServicePackFiles\i386\datime.dll
+ 2008-04-14 00:11:51 25,088 ------w c:\windows\ServicePackFiles\i386\davclnt.dll
+ 2008-04-14 00:11:51 640,000 ------w c:\windows\ServicePackFiles\i386\dbghelp.dll
+ 2008-04-14 00:11:51 24,576 ------w c:\windows\ServicePackFiles\i386\dbmsrpcn.dll
+ 2008-04-14 00:11:51 110,592 ------w c:\windows\ServicePackFiles\i386\dbnetlib.dll
+ 2008-04-14 00:11:51 28,672 ------w c:\windows\ServicePackFiles\i386\dbnmpntw.dll
+ 2008-04-14 00:25:26 1,804 ------w c:\windows\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 00:11:51 40,960 ------w c:\windows\ServicePackFiles\i386\dcap32.dll
+ 2008-04-14 00:11:51 8,704 ------w c:\windows\ServicePackFiles\i386\dciman32.dll
+ 2008-04-14 00:12:16 6,144 ------w c:\windows\ServicePackFiles\i386\dcomcnfg.exe
+ 2008-04-14 00:12:16 30,208 ------w c:\windows\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 00:11:51 279,552 ------w c:\windows\ServicePackFiles\i386\ddraw.dll
+ 2008-04-14 00:11:51 27,136 ------w c:\windows\ServicePackFiles\i386\ddrawex.dll
+ 2008-04-14 00:12:16 25,088 ------w c:\windows\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 00:11:51 59,904 ------w c:\windows\ServicePackFiles\i386\devenum.dll
+ 2008-04-14 00:11:51 282,624 ------w c:\windows\ServicePackFiles\i386\devmgr.dll
+ 2008-04-14 00:12:16 82,944 ------w c:\windows\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 00:12:16 105,472 ------w c:\windows\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 00:11:51 39,424 ------w c:\windows\ServicePackFiles\i386\dfrgsnap.dll
+ 2008-04-14 00:11:51 124,416 ------w c:\windows\ServicePackFiles\i386\dfrgui.dll
+ 2008-04-14 00:11:51 28,672 ------w c:\windows\ServicePackFiles\i386\dfsshlex.dll
+ 2008-04-14 00:11:51 111,104 ------w c:\windows\ServicePackFiles\i386\dgnet.dll
+ 2008-04-14 00:11:51 126,976 ------w c:\windows\ServicePackFiles\i386\dhcpcsvc.dll
+ 2008-04-14 00:11:52 379,904 ------w c:\windows\ServicePackFiles\i386\dhcpmon.dll
+ 2008-04-14 00:11:52 48,640 ------w c:\windows\ServicePackFiles\i386\dhcpqec.dll
+ 2008-04-14 00:12:17 539,136 ------w c:\windows\ServicePackFiles\i386\dialer.exe
+ 2008-04-14 00:12:17 87,040 ------w c:\windows\ServicePackFiles\i386\diantz.exe
+ 2007-04-02 18:34:11 884,712 ------w c:\windows\ServicePackFiles\i386\digcore.exe
+ 2008-04-14 00:11:52 68,608 ------w c:\windows\ServicePackFiles\i386\digest.dll
+ 2008-04-14 00:11:52 19,456 ------w c:\windows\ServicePackFiles\i386\dimsntfy.dll
+ 2008-04-14 00:11:52 39,936 ------w c:\windows\ServicePackFiles\i386\dimsroam.dll
+ 2008-04-14 00:11:52 158,720 ------w c:\windows\ServicePackFiles\i386\dinput.dll
+ 2008-04-14 00:11:52 181,760 ------w c:\windows\ServicePackFiles\i386\dinput8.dll
+ 2008-04-14 00:11:52 86,528 ------w c:\windows\ServicePackFiles\i386\directdb.dll
+ 2008-04-13 18:40:47 36,352 ------w c:\windows\ServicePackFiles\i386\disk.sys
+ 2008-04-14 00:11:52 1,504,256 ------w c:\windows\ServicePackFiles\i386\diskcopy.dll
+ 2008-04-13 18:40:44 14,208 ------w c:\windows\ServicePackFiles\i386\diskdump.sys
+ 2008-04-14 00:12:17 163,840 ------w c:\windows\ServicePackFiles\i386\diskpart.exe
+ 2008-04-14 00:11:52 32,768 ------w c:\windows\ServicePackFiles\i386\dispex.dll
+ 2004-08-04 07:56:48 294,912 ------w c:\windows\ServicePackFiles\i386\dlimport.exe
+ 2008-04-14 00:12:17 5,120 ------w c:\windows\ServicePackFiles\i386\dllhost.exe
+ 2008-04-13 18:40:51 8,320 ------w c:\windows\ServicePackFiles\i386\dlttape.sys
+ 2008-04-14 00:12:17 224,768 ------w c:\windows\ServicePackFiles\i386\dmadmin.exe
+ 2008-04-14 00:11:52 28,672 ------w c:\windows\ServicePackFiles\i386\dmband.dll
+ 2008-04-13 18:44:48 799,744 ------w c:\windows\ServicePackFiles\i386\dmboot.sys
+ 2008-04-14 00:11:52 61,440 ------w c:\windows\ServicePackFiles\i386\dmcompos.dll
+ 2008-04-14 00:11:52 285,184 ------w c:\windows\ServicePackFiles\i386\dmdlgs.dll
+ 2008-04-14 00:11:52 200,704 ------w c:\windows\ServicePackFiles\i386\dmdskmgr.dll
+ 2008-04-14 00:11:52 181,248 ------w c:\windows\ServicePackFiles\i386\dmime.dll
+ 2008-04-13 18:44:46 153,344 ------w c:\windows\ServicePackFiles\i386\dmio.sys
+ 2008-04-14 00:11:52 35,840 ------w c:\windows\ServicePackFiles\i386\dmloader.dll
+ 2008-04-14 00:12:17 15,872 ------w c:\windows\ServicePackFiles\i386\dmremote.exe
+ 2008-04-14 00:11:52 82,432 ------w c:\windows\ServicePackFiles\i386\dmscript.dll
+ 2008-04-14 00:11:52 23,552 ------w c:\windows\ServicePackFiles\i386\dmserver.dll
+ 2008-04-14 00:11:52 105,984 ------w c:\windows\ServicePackFiles\i386\dmstyle.dll
+ 2008-04-14 00:11:52 103,424 ------w c:\windows\ServicePackFiles\i386\dmsynth.dll
+ 2008-04-14 00:11:52 104,448 ------w c:\windows\ServicePackFiles\i386\dmusic.dll
+ 2008-04-13 18:45:01 52,864 ------w c:\windows\ServicePackFiles\i386\dmusic.sys
+ 2008-04-14 00:11:52 52,224 ------w c:\windows\ServicePackFiles\i386\dmutil.dll
+ 2008-04-14 00:11:52 147,968 ------w c:\windows\ServicePackFiles\i386\dnsapi.dll
+ 2008-04-14 00:11:52 45,568 ------w c:\windows\ServicePackFiles\i386\dnsrslvr.dll
+ 2008-04-14 00:11:52 48,128 ------w c:\windows\ServicePackFiles\i386\docprop2.dll
+ 2004-08-04 05:51:21 53,840 ------w c:\windows\ServicePackFiles\i386\dosx.exe
+ 2008-04-14 00:11:52 26,112 ------w c:\windows\ServicePackFiles\i386\dot3api.dll
+ 2008-04-14 00:11:52 57,856 ------w c:\windows\ServicePackFiles\i386\dot3cfg.dll
+ 2008-04-14 00:11:52 39,936 ------w c:\windows\ServicePackFiles\i386\dot3clnt.dll
+ 2008-04-14 00:11:52 9,216 ------w c:\windows\ServicePackFiles\i386\dot3dlg.dll
+ 2008-04-14 00:11:52 56,320 ------w c:\windows\ServicePackFiles\i386\dot3msm.dll
+ 2008-04-14 00:11:52 132,096 ------w c:\windows\ServicePackFiles\i386\dot3svc.dll
+ 2008-04-14 00:11:52 650,752 ------w c:\windows\ServicePackFiles\i386\dot3ui.dll
+ 2008-04-13 18:39:46 206,976 ------w c:\windows\ServicePackFiles\i386\dot4.sys
+ 2008-04-13 21:00:49 103,424 ------w c:\windows\ServicePackFiles\i386\dpcdll.dll
+ 2008-04-14 00:12:17 29,696 ------w c:\windows\ServicePackFiles\i386\dplaysvr.exe
+ 2008-04-14 00:11:52 229,888 ------w c:\windows\ServicePackFiles\i386\dplayx.dll
+ 2008-04-14 00:11:52 23,552 ------w c:\windows\ServicePackFiles\i386\dpmodemx.dll
+ 2008-04-14 00:09:19 3,072 ------w c:\windows\ServicePackFiles\i386\dpnaddr.dll
+ 2008-04-14 00:11:52 375,296 ------w c:\windows\ServicePackFiles\i386\dpnet.dll
+ 2008-04-14 00:11:52 35,328 ------w c:\windows\ServicePackFiles\i386\dpnhpast.dll
+ 2008-04-14 00:11:52 60,928 ------w c:\windows\ServicePackFiles\i386\dpnhupnp.dll
+ 2008-04-14 00:09:20 3,072 ------w c:\windows\ServicePackFiles\i386\dpnlobby.dll
+ 2008-04-14 00:12:17 17,920 ------w c:\windows\ServicePackFiles\i386\dpnsvr.exe
+ 2008-04-14 00:11:52 21,504 ------w c:\windows\ServicePackFiles\i386\dpvacm.dll
+ 2008-04-14 00:11:52 212,480 ------w c:\windows\ServicePackFiles\i386\dpvoice.dll
+ 2008-04-14 00:12:18 83,456 ------w c:\windows\ServicePackFiles\i386\dpvsetup.exe
+ 2008-04-14 00:11:52 116,736 ------w c:\windows\ServicePackFiles\i386\dpvvox.dll
+ 2008-04-14 00:11:52 57,344 ------w c:\windows\ServicePackFiles\i386\dpwsockx.dll
+ 2004-08-04 07:57:04 299,520 ------w c:\windows\ServicePackFiles\i386\drmclien.dll
+ 2008-04-13 18:45:14 60,160 ------w c:\windows\ServicePackFiles\i386\drmk.sys
+ 2008-04-13 18:45:13 2,944 ------w c:\windows\ServicePackFiles\i386\drmkaud.sys
+ 2004-08-04 07:56:42 87,040 ------w c:\windows\ServicePackFiles\i386\drmstor.dll
+ 2004-08-04 07:57:02 695,296 ------w c:\windows\ServicePackFiles\i386\drmv2clt.dll
+ 2008-04-14 00:11:52 14,336 ------w c:\windows\ServicePackFiles\i386\drprov.dll
+ 2002-08-29 10:00:00 4,656 ------w c:\windows\ServicePackFiles\i386\ds16gt.dll
+ 2008-04-14 00:11:52 16,384 ------w c:\windows\ServicePackFiles\i386\ds32gt.dll
+ 2008-04-14 00:11:52 181,248 ------w c:\windows\ServicePackFiles\i386\dsdmo.dll
+ 2008-04-14 00:11:52 71,680 ------w c:\windows\ServicePackFiles\i386\dsdmoprp.dll
+ 2008-04-14 00:11:52 92,672 ------w c:\windows\ServicePackFiles\i386\dskquota.dll
+ 2008-04-14 00:11:52 155,648 ------w c:\windows\ServicePackFiles\i386\dskquoui.dll
+ 2008-04-14 00:11:52 367,616 ------w c:\windows\ServicePackFiles\i386\dsound.dll
+ 2008-04-14 00:11:52 1,293,824 ------w c:\windows\ServicePackFiles\i386\dsound3d.dll
+ 2008-04-14 00:11:52 142,848 ------w c:\windows\ServicePackFiles\i386\dsprop.dll
+ 2008-04-13 17:09:30 4,096 ------w c:\windows\ServicePackFiles\i386\dsprpres.dll
+ 2008-04-14 00:11:52 239,104 ------w c:\windows\ServicePackFiles\i386\dsquery.dll
+ 2008-04-14 00:11:52 51,200 ------w c:\windows\ServicePackFiles\i386\dssec.dll
+ 2008-04-13 17:37:57 138,752 ------w c:\windows\ServicePackFiles\i386\dssenh.dll
+ 2008-04-14 00:11:52 113,152 ------w c:\windows\ServicePackFiles\i386\dsuiext.dll
+ 2008-04-14 00:11:52 19,456 ------w c:\windows\ServicePackFiles\i386\dswave.dll
+ 2008-04-14 00:12:18 10,752 ------w c:\windows\ServicePackFiles\i386\dumprep.exe
+ 2008-04-14 00:11:52 304,128 ------w c:\windows\ServicePackFiles\i386\duser.dll
+ 2008-04-14 00:12:18 17,920 ------w c:\windows\ServicePackFiles\i386\dvdupgrd.exe
+ 2008-04-14 00:12:18 180,224 ------w c:\windows\ServicePackFiles\i386\dwwin.exe
+ 2008-04-14 00:11:52 619,008 ------w c:\windows\ServicePackFiles\i386\dx7vb.dll
+ 2008-04-14 00:11:52 1,227,264 ------w c:\windows\ServicePackFiles\i386\dx8vb.dll
+ 2008-04-14 00:12:18 1,298,432 ------w c:\windows\ServicePackFiles\i386\dxdiag.exe
+ 2008-04-14 00:11:52 2,113,536 ------w c:\windows\ServicePackFiles\i386\dxdiagn.dll
+ 2008-04-13 18:38:29 71,168 ------w c:\windows\ServicePackFiles\i386\dxg.sys
+ 2004-08-04 07:56:42 498,205 ------w c:\windows\ServicePackFiles\i386\dxmasf.dll
+ 2008-04-14 00:11:52 357,888 ------w c:\windows\ServicePackFiles\i386\dxtmsft.dll
+ 2008-04-14 00:11:52 205,312 ------w c:\windows\ServicePackFiles\i386\dxtrans.dll
+ 2008-04-14 00:11:52 30,720 ------w c:\windows\ServicePackFiles\i386\eapolqec.dll
+ 2008-04-14 00:11:52 184,832 ------w c:\windows\ServicePackFiles\i386\eapp3hst.dll
+ 2008-04-14 00:11:52 126,976 ------w c:\windows\ServicePackFiles\i386\eappcfg.dll
+ 2008-04-14 00:11:52 94,208 ------w c:\windows\ServicePackFiles\i386\eappgnui.dll
+ 2008-04-14 00:11:52 180,224 ------w c:\windows\ServicePackFiles\i386\eapphost.dll
+ 2008-04-14 00:11:52 40,960 ------w c:\windows\ServicePackFiles\i386\eappprxy.dll
+ 2008-04-14 00:11:52 59,392 ------w c:\windows\ServicePackFiles\i386\eapqec.dll
+ 2008-04-14 00:11:52 33,792 ------w c:\windows\ServicePackFiles\i386\eapsvc.dll
+ 2008-04-14 00:11:52 175,616 ------w c:\windows\ServicePackFiles\i386\ediskeer.dll
+ 2008-04-14 00:11:53 183,296 ------w c:\windows\ServicePackFiles\i386\els.dll
+ 2008-04-14 00:11:53 20,480 ------w c:\windows\ServicePackFiles\i386\encapi.dll
+ 2008-04-14 00:11:53 186,880 ------w c:\windows\ServicePackFiles\i386\encdec.dll
+ 2008-04-13 16:26:02 40,960 ------w c:\windows\ServicePackFiles\i386\ep9res.dll
+ 2004-07-17 18:39:35 120,320 ------w c:\windows\ServicePackFiles\i386\epcl5res.dll
+ 2008-04-14 00:11:53 23,040 ------w c:\windows\ServicePackFiles\i386\ersvc.dll
+ 2008-04-14 00:11:53 246,272 ------w c:\windows\ServicePackFiles\i386\es.dll
+ 2008-04-14 00:11:53 1,082,368 ------w c:\windows\ServicePackFiles\i386\esent.dll
+ 2008-04-14 00:11:53 247,808 ------w c:\windows\ServicePackFiles\i386\esscli.dll
+ 2002-08-29 04:00:54 137,088 ------w c:\windows\ServicePackFiles\i386\essm2e.sys
+ 2008-04-14 00:12:19 193,024 ------w c:\windows\ServicePackFiles\i386\eudcedit.exe
+ 2008-04-14 00:11:53 56,320 ------w c:\windows\ServicePackFiles\i386\eventlog.dll
+ 2008-04-14 00:11:53 101,888 ------w c:\windows\ServicePackFiles\i386\evntagnt.dll
+ 2008-04-14 00:12:19 24,064 ------w c:\windows\ServicePackFiles\i386\evntcmd.exe
+ 2008-04-14 00:11:53 21,504 ------w c:\windows\ServicePackFiles\i386\evntrprv.dll
+ 2008-04-14 00:12:19 92,160 ------w c:\windows\ServicePackFiles\i386\evntwin.exe
+ 2008-04-14 00:12:19 1,033,728 ------w c:\windows\ServicePackFiles\i386\explorer.exe
+ 2008-04-14 00:11:53 380,445 ------w c:\windows\ServicePackFiles\i386\expsrv.dll
+ 2008-04-14 00:11:53 55,808 ------w c:\windows\ServicePackFiles\i386\extmgr.dll
+ 2008-04-14 00:12:19 24,064 ------w c:\windows\ServicePackFiles\i386\extrac32.exe
+ 2008-04-14 00:11:53 125,952 ------w c:\windows\ServicePackFiles\i386\exts.dll
+ 2008-04-14 00:09:30 7,168 ------w c:\windows\ServicePackFiles\i386\f3ahvoas.dll
+ 2008-04-13 19:14:29 143,744 ------w c:\windows\ServicePackFiles\i386\fastfat.sys
+ 2008-04-14 00:11:53 472,064 ------w c:\windows\ServicePackFiles\i386\fastprox.dll
+ 2008-04-14 00:11:53 80,384 ------w c:\windows\ServicePackFiles\i386\faultrep.dll
+ 2008-04-14 00:12:20 20,992 ------w c:\windows\ServicePackFiles\i386\faxpatch.exe
+ 2008-04-13 18:40:25 27,392 ------w c:\windows\ServicePackFiles\i386\fdc.sys
+ 2008-04-14 00:11:53 21,504 ------w c:\windows\ServicePackFiles\i386\feclient.dll
+ 2008-04-14 00:11:53 337,920 ------w c:\windows\ServicePackFiles\i386\filemgmt.dll
+ 2008-04-14 00:12:20 27,136 ------w c:\windows\ServicePackFiles\i386\findstr.exe
+ 2008-04-13 18:33:28 44,544 ------w c:\windows\ServicePackFiles\i386\fips.sys
+ 2008-04-14 00:11:53 87,552 ------w c:\windows\ServicePackFiles\i386\fldrclnr.dll
+ 2008-04-13 18:40:25 20,480 ------w c:\windows\ServicePackFiles\i386\flpydisk.sys
+ 2008-04-14 00:11:53 16,896 ------w c:\windows\ServicePackFiles\i386\fltlib.dll
+ 2008-04-14 00:12:20 23,040 ------w c:\windows\ServicePackFiles\i386\fltmc.exe
+ 2008-04-13 18:32:59 129,792 ------w c:\windows\ServicePackFiles\i386\fltmgr.sys
+ 2008-04-14 00:11:53 382,976 ------w c:\windows\ServicePackFiles\i386\fontext.dll
+ 2008-04-14 00:11:53 80,896 ------w c:\windows\ServicePackFiles\i386\fontsub.dll
+ 2008-04-14 00:12:20 20,992 ------w c:\windows\ServicePackFiles\i386\fontview.exe
+ 2008-04-14 00:12:20 7,680 ------w c:\windows\ServicePackFiles\i386\forcedos.exe
+ 2004-08-04 05:31:22 34,173 ------w c:\windows\ServicePackFiles\i386\forehe.sys
+ 2008-04-14 00:12:42 29,696 ------w c:\windows\ServicePackFiles\i386\format.com
+ 2008-04-14 00:11:53 32,828 ------w c:\windows\ServicePackFiles\i386\fp40ext.dll
+ 2008-04-14 00:11:53 184,435 ------w c:\windows\ServicePackFiles\i386\fp4amsft.dll
+ 2008-04-14 00:11:53 82,035 ------w c:\windows\ServicePackFiles\i386\fp4anscp.dll
+ 2008-04-14 00:11:53 147,513 ------w c:\windows\ServicePackFiles\i386\fp4apws.dll
+ 2008-04-14 00:11:53 49,210 ------w c:\windows\ServicePackFiles\i386\fp4areg.dll
+ 2008-04-14 00:11:53 102,509 ------w c:\windows\ServicePackFiles\i386\fp4atxt.dll
+ 2008-04-14 00:11:53 618,605 ------w c:\windows\ServicePackFiles\i386\fp4autl.dll
+ 2008-04-14 00:11:53 41,020 ------w c:\windows\ServicePackFiles\i386\fp4avnb.dll
+ 2008-04-14 00:11:53 32,826 ------w c:\windows\ServicePackFiles\i386\fp4avss.dll
+ 2008-04-14 00:11:53 49,212 ------w c:\windows\ServicePackFiles\i386\fp4awebs.dll
+ 2008-04-14 00:11:53 876,653 ------w c:\windows\ServicePackFiles\i386\fp4awel.dll
+ 2008-04-14 00:12:20 15,120 ------w c:\windows\ServicePackFiles\i386\fp98sadm.exe
+ 2008-04-14 00:12:20 109,840 ------w c:\windows\ServicePackFiles\i386\fp98swin.exe
+ 2008-04-14 00:12:20 24,632 ------w c:\windows\ServicePackFiles\i386\fpadmcgi.exe
+ 2008-04-14 00:11:53 20,541 ------w c:\windows\ServicePackFiles\i386\fpadmdll.dll
+ 2008-04-14 00:12:20 188,494 ------w c:\windows\ServicePackFiles\i386\fpcount.exe
+ 2008-04-14 00:11:53 94,208 ------w c:\windows\ServicePackFiles\i386\fpencode.dll
+ 2008-04-14 00:11:53 20,541 ------w c:\windows\ServicePackFiles\i386\fpexedll.dll
+ 2008-04-14 00:11:53 598,071 ------w c:\windows\ServicePackFiles\i386\fpmmc.dll
+ 2007-04-02 16:36:04 208,896 ------w c:\windows\ServicePackFiles\i386\fpmmcsat.dll
+ 2008-04-14 00:12:20 20,538 ------w c:\windows\ServicePackFiles\i386\fpremadm.exe
+ 2008-04-14 00:12:20 28,728 ------w c:\windows\ServicePackFiles\i386\fpsrvadm.exe
+ 2008-04-14 00:09:33 9,344 ------w c:\windows\ServicePackFiles\i386\framebuf.dll
+ 2008-04-14 00:11:53 185,344 ------w c:\windows\ServicePackFiles\i386\framedyn.dll
+ 2008-04-14 00:12:20 193,024 ------w c:\windows\ServicePackFiles\i386\fsquirt.exe
+ 2008-04-14 00:12:20 42,496 ------w c:\windows\ServicePackFiles\i386\ftp.exe
+ 2008-04-14 00:11:53 60,416 ------w c:\windows\ServicePackFiles\i386\fwcfg.dll
+ 2008-04-14 00:11:53 451,584 ------w c:\windows\ServicePackFiles\i386\fxsapi.dll
+ 2008-04-14 00:12:21 142,848 ------w c:\windows\ServicePackFiles\i386\fxsclnt.exe
+ 2008-04-14 00:11:54 72,192 ------w c:\windows\ServicePackFiles\i386\fxscom.dll
+ 2008-04-14 00:11:54 285,184 ------w c:\windows\ServicePackFiles\i386\fxscomex.dll
+ 2008-04-14 00:12:21 229,376 ------w c:\windows\ServicePackFiles\i386\fxscover.exe
+ 2008-04-14 00:11:54 26,624 ------w c:\windows\ServicePackFiles\i386\fxsdrv.dll
+ 2008-04-14 00:11:54 55,296 ------w c:\windows\ServicePackFiles\i386\fxsevent.dll
+ 2008-04-14 00:11:54 23,552 ------w c:\windows\ServicePackFiles\i386\fxsext32.dll
+ 2008-04-14 00:11:54 23,552 ------w c:\windows\ServicePackFiles\i386\fxsmon.dll
+ 2008-04-14 00:11:54 132,608 ------w c:\windows\ServicePackFiles\i386\fxsocm.dll
+ 2008-04-14 00:11:54 8,704 ------w c:\windows\ServicePackFiles\i386\fxsperf.dll
+ 2008-04-14 00:09:33 6,656 ------w c:\windows\ServicePackFiles\i386\fxsres.dll
+ 2008-04-14 00:11:54 562,176 ------w c:\windows\ServicePackFiles\i386\fxsst.dll
+ 2008-04-14 00:12:21 267,776 ------w c:\windows\ServicePackFiles\i386\fxssvc.exe
+ 2008-04-14 00:11:54 246,272 ------w c:\windows\ServicePackFiles\i386\fxst30.dll
+ 2008-04-14 00:11:54 397,312 ------w c:\windows\ServicePackFiles\i386\fxstiff.dll
+ 2008-04-14 00:11:54 154,112 ------w c:\windows\ServicePackFiles\i386\fxsui.dll
+ 2008-04-14 00:11:54 192,512 ------w c:\windows\ServicePackFiles\i386\fxswzrd.dll
+ 2008-04-14 00:11:54 400,384 ------w c:\windows\ServicePackFiles\i386\fxsxp32.dll
+ 2008-04-13 18:36:40 46,464 ------w c:\windows\ServicePackFiles\i386\gagp30kx.sys
+ 2008-04-13 18:45:29 10,624 ------w c:\windows\ServicePackFiles\i386\gameenum.sys
+ 2008-04-13 18:45:32 59,136 ------w c:\windows\ServicePackFiles\i386\gckernel.sys
+ 2008-04-14 00:11:54 285,184 ------w c:\windows\ServicePackFiles\i386\gdi32.dll
+ 2008-04-14 00:11:54 122,880 ------w c:\windows\ServicePackFiles\i386\glu32.dll
+ 2002-08-29 10:00:00 101,888 ------w c:\windows\ServicePackFiles\i386\gpkcsp.dll
+ 2006-12-31 01:26:44 9,728 ------w c:\windows\ServicePackFiles\i386\gpkrsrc.dll
+ 2008-04-14 00:12:21 39,424 ------w c:\windows\ServicePackFiles\i386\grpconv.exe
+ 2008-04-13 18:40:21 28,288 ------w c:\windows\ServicePackFiles\i386\grserial.sys
+ 2008-04-14 00:11:54 133,120 ------w c:\windows\ServicePackFiles\i386\guitrn.dll
+ 2004-08-04 07:56:42 108,544 ------w c:\windows\ServicePackFiles\i386\guitrn_a.dll
+ 2008-04-14 00:11:54 115,200 ------w c:\windows\ServicePackFiles\i386\guitrna.dll
+ 2008-04-14 00:11:54 57,344 ------w c:\windows\ServicePackFiles\i386\h323cc.dll
+ 2008-04-14 00:11:54 614,912 ------w c:\windows\ServicePackFiles\i386\h323msp.dll
+ 2008-04-13 18:31:32 105,344 ------w c:\windows\ServicePackFiles\i386\hal.dll
+ 2008-04-13 18:31:28 131,840 ------w c:\windows\ServicePackFiles\i386\halaacpi.dll
+ 2008-04-13 18:31:27 81,152 ------w c:\windows\ServicePackFiles\i386\halacpi.dll
+ 2008-04-13 18:31:28 150,528 ------w c:\windows\ServicePackFiles\i386\halapic.dll
+ 2008-04-13 18:31:28 134,400 ------w c:\windows\ServicePackFiles\i386\halmacpi.dll
+ 2008-04-13 18:31:32 152,576 ------w c:\windows\ServicePackFiles\i386\halmps.dll
+ 2008-04-13 18:31:31 77,696 ------w c:\windows\ServicePackFiles\i386\halsp.dll
+ 2008-04-14 00:11:54 7,168 ------w c:\windows\ServicePackFiles\i386\hccoin.dll
+ 2008-04-13 16:36:05 144,384 ------w c:\windows\ServicePackFiles\i386\hdaudbus.sys
+ 2008-04-14 00:12:21 15,872 ------w c:\windows\ServicePackFiles\i386\help.exe
+ 2008-04-14 00:12:21 769,024 ------w c:\windows\ServicePackFiles\i386\helpctr.exe
+ 2008-04-14 00:12:21 744,448 ------w c:\windows\ServicePackFiles\i386\helpsvc.exe
+ 2008-04-14 00:12:21 10,752 ------w c:\windows\ServicePackFiles\i386\hh.exe
+ 2008-04-14 00:11:54 41,472 ------w c:\windows\ServicePackFiles\i386\hhsetup.dll
+ 2008-04-14 00:11:54 20,992 ------w c:\windows\ServicePackFiles\i386\hid.dll
+ 2008-04-13 18:36:38 20,352 ------w c:\windows\ServicePackFiles\i386\hidbatt.sys
+ 2008-04-13 18:46:30 25,600 ------w c:\windows\ServicePackFiles\i386\hidbth.sys
+ 2008-04-13 18:45:26 36,864 ------w c:\windows\ServicePackFiles\i386\hidclass.sys
+ 2008-04-13 18:45:26 19,200 ------w c:\windows\ServicePackFiles\i386\hidir.sys
+ 2008-04-13 18:45:22 24,960 ------w c:\windows\ServicePackFiles\i386\hidparse.sys
+ 2008-04-14 00:11:54 21,504 ------w c:\windows\ServicePackFiles\i386\hidserv.dll
+ 2008-04-13 18:45:27 10,368 ------w c:\windows\ServicePackFiles\i386\hidusb.sys
+ 2008-04-14 00:11:54 72,704 ------w c:\windows\ServicePackFiles\i386\hlink.dll
+ 2008-04-14 00:11:54 38,912 ------w c:\windows\ServicePackFiles\i386\hmmapi.dll
+ 2008-04-14 00:11:54 344,064 ------w c:\windows\ServicePackFiles\i386\hnetcfg.dll
+ 2008-04-14 00:11:54 330,752 ------w c:\windows\ServicePackFiles\i386\hnetwiz.dll
+ 2008-04-14 00:11:54 39,936 ------w c:\windows\ServicePackFiles\i386\hostmib.dll
+ 2008-04-14 00:11:54 144,896 ------w c:\windows\ServicePackFiles\i386\hotplug.dll
+ 2008-04-14 00:11:54 10,752 ------w c:\windows\ServicePackFiles\i386\hpcjrr.dll
+ 2008-04-14 00:11:54 10,240 ------w c:\windows\ServicePackFiles\i386\hpcjrrps.dll
+ 2008-04-14 00:11:54 87,552 ------w c:\windows\ServicePackFiles\i386\hpfud50.dll
+ 2008-04-14 00:12:21 18,432 ------w c:\windows\ServicePackFiles\i386\hscupd.exe
+ 2004-08-04 05:41:46 220,032 ------w c:\windows\ServicePackFiles\i386\hsfbs2s2.sys
+ 2008-04-14 00:11:54 32,285 ------w c:\windows\ServicePackFiles\i386\hsfcisp2.dll
+ 2004-08-04 05:41:48 685,056 ------w c:\windows\ServicePackFiles\i386\hsfcxts2.sys
+ 2004-08-04 05:41:54 1,041,536 ------w c:\windows\ServicePackFiles\i386\hsfdpsp2.sys
+ 2008-04-13 18:53:53 264,832 ------w c:\windows\ServicePackFiles\i386\http.sys
+ 2008-04-14 00:11:54 24,576 ------w c:\windows\ServicePackFiles\i386\httpapi.dll
+ 2008-04-14 00:11:54 41,984 ------w c:\windows\ServicePackFiles\i386\htui.dll
+ 2008-04-14 00:11:54 347,136 ------w c:\windows\ServicePackFiles\i386\hypertrm.dll
+ 2008-04-13 18:41:22 8,576 ------w c:\windows\ServicePackFiles\i386\i2omgmt.sys
+ 2008-04-13 18:41:22 18,560 ------w c:\windows\ServicePackFiles\i386\i2omp.sys
+ 2008-04-13 19:18:00 52,480 ------w c:\windows\ServicePackFiles\i386\i8042prt.sys
+ 2008-04-14 00:11:54 702,845 ------w c:\windows\ServicePackFiles\i386\i81xdnt5.dll
+ 2004-08-04 05:29:36 161,020 ------w c:\windows\ServicePackFiles\i386\i81xnt5.sys
+ 2008-04-14 00:11:54 119,808 ------w c:\windows\ServicePackFiles\i386\iasrad.dll
+ 2008-04-14 00:11:54 11,264 ------w c:\windows\ServicePackFiles\i386\icaapi.dll
+ 2008-04-14 00:11:54 80,384 ------w c:\windows\ServicePackFiles\i386\iccvid.dll
+ 2008-04-14 00:11:54 254,976 ------w c:\windows\ServicePackFiles\i386\icm32.dll
+ 2008-04-14 00:09:40 3,584 ------w c:\windows\ServicePackFiles\i386\icmp.dll
+ 2008-04-13 16:44:29 2,560 ------w c:\windows\ServicePackFiles\i386\iconlib.dll
+ 2008-04-14 00:11:54 61,440 ------w c:\windows\ServicePackFiles\i386\icwconn.dll
+ 2008-04-14 00:12:22 214,528 ------w c:\windows\ServicePackFiles\i386\icwconn1.exe
+ 2008-04-14 00:12:22 86,016 ------w c:\windows\ServicePackFiles\i386\icwconn2.exe
+ 2008-04-14 00:11:54 73,728 ------w c:\windows\ServicePackFiles\i386\icwdial.dll
+ 2008-04-14 00:11:54 32,768 ------w c:\windows\ServicePackFiles\i386\icwdl.dll
+ 2008-04-14 00:11:54 172,032 ------w c:\windows\ServicePackFiles\i386\icwhelp.dll
+ 2008-04-14 00:11:54 65,536 ------w c:\windows\ServicePackFiles\i386\icwphbk.dll
+ 2008-04-14 00:12:22 24,576 ------w c:\windows\ServicePackFiles\i386\icwrmind.exe
+ 2008-04-14 00:11:54 49,152 ------w c:\windows\ServicePackFiles\i386\icwutil.dll
+ 2008-04-14 00:11:54 120,832 ------w c:\windows\ServicePackFiles\i386\idq.dll
+ 2008-04-14 00:12:22 34,304 ------w c:\windows\ServicePackFiles\i386\ie4uinit.exe
+ 2008-04-14 00:11:54 143,360 ------w c:\windows\ServicePackFiles\i386\ieakeng.dll
+ 2008-04-14 00:11:54 216,576 ------w c:\windows\ServicePackFiles\i386\ieaksie.dll
+ 2008-04-14 00:11:54 323,584 ------w c:\windows\ServicePackFiles\i386\iedkcs32.dll
+ 2008-04-14 00:12:22 18,432 ------w c:\windows\ServicePackFiles\i386\iedw.exe
+ 2008-04-14 00:11:54 81,920 ------w c:\windows\ServicePackFiles\i386\ieencode.dll
+ 2008-04-14 00:11:54 251,904 ------w c:\windows\ServicePackFiles\i386\iepeers.dll
+ 2008-04-14 00:11:54 48,640 ------w c:\windows\ServicePackFiles\i386\iernonce.dll
+ 2008-04-14 00:11:54 62,976 ------w c:\windows\ServicePackFiles\i386\iesetup.dll
+ 2008-04-14 00:12:22 93,184 ------w c:\windows\ServicePackFiles\i386\iexplore.exe
+ 2008-04-14 00:12:22 114,688 ------w c:\windows\ServicePackFiles\i386\iexpress.exe
+ 2008-04-14 00:11:54 135,680 ------w c:\windows\ServicePackFiles\i386\ifmon.dll
+ 2008-04-14 00:11:54 8,192 ------w c:\windows\ServicePackFiles\i386\igmpagnt.dll
+ 2008-04-14 00:11:54 505,344 ------w c:\windows\ServicePackFiles\i386\iis.dll
+ 2008-04-14 00:11:54 81,920 ------w c:\windows\ServicePackFiles\i386\ils.dll
+ 2008-04-14 00:11:54 144,384 ------w c:\windows\ServicePackFiles\i386\imagehlp.dll
+ 2008-04-14 00:12:22 150,528 ------w c:\windows\ServicePackFiles\i386\imapi.exe
+ 2008-04-13 18:40:58 42,112 ------w c:\windows\ServicePackFiles\i386\imapi.sys
+ 2008-04-14 00:11:54 36,921 ------w c:\windows\ServicePackFiles\i386\imeshare.dll
+ 2008-04-14 00:11:54 35,840 ------w c:\windows\ServicePackFiles\i386\imgutil.dll
+ 2008-04-14 00:11:54 110,080 ------w c:\windows\ServicePackFiles\i386\imm32.dll
+ 2008-04-14 00:11:54 123,392 ------w c:\windows\ServicePackFiles\i386\imsinsnt.dll
+ 2008-04-14 00:11:54 274,432 ------w c:\windows\ServicePackFiles\i386\inetcfg.dll
+ 2008-04-14 00:11:54 691,712 ------w c:\windows\ServicePackFiles\i386\inetcomm.dll
+ 2008-04-14 00:11:55 32,768 ------w c:\windows\ServicePackFiles\i386\inetmib1.dll
+ 2008-04-14 00:11:55 75,264 ------w c:\windows\ServicePackFiles\i386\inetpp.dll
+ 2008-04-14 00:11:55 15,872 ------w c:\windows\ServicePackFiles\i386\inetppui.dll
+ 2008-04-13 16:22:12 48,128 ------w c:\windows\ServicePackFiles\i386\inetres.dll
+ 2008-04-14 00:12:22 20,480 ------w c:\windows\ServicePackFiles\i386\inetwiz.exe
+ 2008-04-14 00:11:55 147,456 ------w c:\windows\ServicePackFiles\i386\initpki.dll
+ 2008-04-14 00:11:55 123,392 ------w c:\windows\ServicePackFiles\i386\input.dll
+ 2008-04-14 00:11:55 96,256 ------w c:\windows\ServicePackFiles\i386\inseng.dll
+ 2008-04-13 18:40:29 5,504 ------w c:\windows\ServicePackFiles\i386\intelide.sys
+ 2008-04-13 18:31:32 36,352 ------w c:\windows\ServicePackFiles\i386\intelppm.sys
+ 2008-04-13 18:53:34 36,608 ------w c:\windows\ServicePackFiles\i386\ip6fw.sys
+ 2008-04-14 00:12:22 55,808 ------w c:\windows\ServicePackFiles\i386\ipconfig.exe
+ 2008-04-14 00:09:30 103,424 ------w c:\windows\ServicePackFiles\i386\ipevldpc.dll
+ 2008-04-14 00:09:23 24,064 ------w c:\windows\ServicePackFiles\i386\ipevlpid.dll
+ 2008-04-14 00:11:55 94,720 ------w c:\windows\ServicePackFiles\i386\iphlpapi.dll
+ 2008-04-13 18:57:07 20,864 ------w c:\windows\ServicePackFiles\i386\ipinip.sys
+ 2004-08-04 07:56:11 96,768 ------w c:\windows\ServicePackFiles\i386\ipmntdpc.dll
+ 2008-04-14 00:11:55 161,280 ------w c:\windows\ServicePackFiles\i386\ipmontr.dll
+ 2008-04-13 18:57:15 152,832 ------w c:\windows\ServicePackFiles\i386\ipnat.sys
+ 2008-04-14 00:11:55 331,264 ------w c:\windows\ServicePackFiles\i386\ipnathlp.dll
+ 2008-04-14 00:11:55 330,752 ------w c:\windows\ServicePackFiles\i386\ippromon.dll
+ 2008-04-14 00:11:55 35,328 ------w c:\windows\ServicePackFiles\i386\iprip.dll
+ 2008-04-14 00:11:55 177,152 ------w c:\windows\ServicePackFiles\i386\iprtrmgr.dll
+ 2008-04-13 19:19:42 75,264 ------w c:\windows\ServicePackFiles\i386\ipsec.sys
+ 2008-04-14 00:11:55 349,696 ------w c:\windows\ServicePackFiles\i386\ipsecsnp.dll
+ 2008-04-14 00:11:55 183,808 ------w c:\windows\ServicePackFiles\i386\ipsecsvc.dll
+ 2008-04-14 00:10:45 102,912 ------w c:\windows\ServicePackFiles\i386\ipseldpc.dll
+ 2008-04-14 00:09:24 24,064 ------w c:\windows\ServicePackFiles\i386\ipselpid.dll
+ 2008-04-14 00:11:55 384,000 ------w c:\windows\ServicePackFiles\i386\ipsmsnap.dll
+ 2008-04-14 00:12:23 53,248 ------w c:\windows\ServicePackFiles\i386\ipv6.exe
+ 2008-04-14 00:11:55 59,904 ------w c:\windows\ServicePackFiles\i386\ipv6mon.dll
+ 2008-04-14 00:12:23 23,552 ------w c:\windows\ServicePackFiles\i386\ipxroute.exe
+ 2008-04-14 00:11:55 22,016 ------w c:\windows\ServicePackFiles\i386\ipxwan.dll
+ 2008-04-14 00:11:55 120,320 ------w c:\windows\ServicePackFiles\i386\ir41_qc.dll
+ 2008-04-14 00:11:55 338,432 ------w c:\windows\ServicePackFiles\i386\ir41_qcx.dll
+ 2008-04-14 00:11:55 755,200 ------w c:\windows\ServicePackFiles\i386\ir50_32.dll
+ 2008-04-14 00:11:55 200,192 ------w c:\windows\ServicePackFiles\i386\ir50_qc.dll
+ 2008-04-14 00:11:55 183,808 ------w c:\windows\ServicePackFiles\i386\ir50_qcx.dll
+ 2008-04-13 18:54:36 88,192 ------w c:\windows\ServicePackFiles\i386\irda.sys
+ 2008-04-13 18:54:28 11,264 ------w c:\windows\ServicePackFiles\i386\irenum.sys
+ 2008-04-14 00:12:23 151,552 ------w c:\windows\ServicePackFiles\i386\irftp.exe
+ 2008-04-14 00:11:55 28,160 ------w c:\windows\ServicePackFiles\i386\irmon.dll
+ 2008-04-13 18:36:41 37,248 ------w c:\windows\ServicePackFiles\i386\isapnp.sys
+ 2008-04-14 00:10:32 105,984 ------w c:\windows\ServicePackFiles\i386\isdpc.dll
+ 2008-04-14 00:10:55 105,984 ------w c:\windows\ServicePackFiles\i386\isendpc.dll
+ 2008-04-14 00:10:55 24,064 ------w c:\windows\ServicePackFiles\i386\isenpid.dll
+ 2008-04-14 00:11:55 81,920 ------w c:\windows\ServicePackFiles\i386\isign32.dll
+ 2008-04-14 00:10:32 24,064 ------w c:\windows\ServicePackFiles\i386\ispid.dll
+ 2008-04-14 00:11:55 32,768 ------w c:\windows\ServicePackFiles\i386\isrdbg32.dll
+ 2008-04-14 00:11:55 155,136 ------w c:\windows\ServicePackFiles\i386\itircl.dll
+ 2008-04-14 00:11:55 138,240 ------w c:\windows\ServicePackFiles\i386\itss.dll
+ 2008-04-14 00:11:55 191,488 ------w c:\windows\ServicePackFiles\i386\iuengine.dll
+ 2008-04-14 00:11:55 54,272 ------w c:\windows\ServicePackFiles\i386\ixsso.dll
+ 2008-04-14 00:11:55 47,616 ------w c:\windows\ServicePackFiles\i386\iyuv_32.dll
+ 2008-04-14 00:11:55 163,840 ------w c:\windows\ServicePackFiles\i386\jgdw400.dll
+ 2008-04-14 00:11:55 27,648 ------w c:\windows\ServicePackFiles\i386\jgpl400.dll
+ 2008-04-14 00:11:56 512,000 ------w c:\windows\ServicePackFiles\i386\jscript.dll
+ 2008-04-14 00:11:56 15,872 ------w c:\windows\ServicePackFiles\i386\jsproxy.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbd101.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbd106.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbd106n.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdax2.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdbhc.dll
+ 2008-04-13 18:39:47 24,576 ------w c:\windows\ServicePackFiles\i386\kbdclass.sys
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdfi1.dll
+ 2008-04-13 18:39:48 14,592 ------w c:\windows\ServicePackFiles\i386\kbdhid.sys
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdibm02.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdinbe1.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdinben.dll
+ 2008-04-14 00:09:55 6,656 ------w c:\windows\ServicePackFiles\i386\kbdinmal.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdiultn.dll
+ 2008-04-14 00:09:55 6,656 ------w c:\windows\ServicePackFiles\i386\kbdlk41a.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdlk41j.dll
+ 2008-04-14 00:09:55 5,632 ------w c:\windows\ServicePackFiles\i386\kbdmaori.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt47.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt48.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdnec.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdnepr.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdno1.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdpash.dll
+ 2008-04-14 00:09:55 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsfi.dll
+ 2008-04-14 00:09:55 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsno.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdukx.dll
+ 2008-04-13 18:31:35 7,424 ------w c:\windows\ServicePackFiles\i386\kd1394.dll
+ 2008-04-14 00:11:56 184,832 ------w c:\windows\ServicePackFiles\i386\kdcsvc.dll
+ 2008-04-14 00:11:56 48,640 ------w c:\windows\ServicePackFiles\i386\kdsui.dll
+ 2008-04-14 00:11:56 253,952 ------w c:\windows\ServicePackFiles\i386\kdsusd.dll
+ 2008-04-14 00:11:56 299,520 ------w c:\windows\ServicePackFiles\i386\kerberos.dll
+ 2008-04-14 00:11:56 989,696 ------w c:\windows\ServicePackFiles\i386\kernel32.dll
+ 2002-08-29 10:00:00 42,537 ------w c:\windows\ServicePackFiles\i386\keyboard.sys
+ 2008-04-14 00:11:56 150,528 ------w c:\windows\ServicePackFiles\i386\keymgr.dll
+ 2008-04-13 18:45:09 172,416 ------w c:\windows\ServicePackFiles\i386\kmixer.sys
+ 2008-04-14 00:11:56 61,440 ------w c:\windows\ServicePackFiles\i386\kmsvc.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\knperdpc.dll
+ 2008-04-14 00:09:56 24,064 ------w c:\windows\ServicePackFiles\i386\knperpid.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\knprodpc.dll
+ 2008-04-14 00:09:56 24,576 ------w c:\windows\ServicePackFiles\i386\knpropid.dll
+ 2008-04-14 00:11:56 8,192 ------w c:\windows\ServicePackFiles\i386\koc.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\kperdpc.dll
+ 2008-04-14 00:09:56 24,064 ------w c:\windows\ServicePackFiles\i386\kperpid.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\kprodpc.dll
+ 2008-04-14 00:09:56 24,576 ------w c:\windows\ServicePackFiles\i386\kpropid.dll
+ 2004-08-04 05:49:32 92,224 ------w c:\windows\ServicePackFiles\i386\krnl386.exe
+ 2008-04-14 00:11:56 24,576 ------w c:\windows\ServicePackFiles\i386\krnlprov.dll
+ 2008-04-13 19:16:36 141,056 ------w c:\windows\ServicePackFiles\i386\ks.sys
+ 2008-04-13 18:31:43 92,288 ------w c:\windows\ServicePackFiles\i386\ksecdd.sys
+ 2008-04-14 00:11:56 4,096 ------w c:\windows\ServicePackFiles\i386\ksuser.dll
+ 2008-04-14 00:11:56 37,376 ------w c:\windows\ServicePackFiles\i386\l2store.dll
+ 2008-04-14 00:09:05 97,792 ------w c:\windows\ServicePackFiles\i386\lang\chtmbx.dll
+ 2008-04-14 00:09:05 56,320 ------w c:\windows\ServicePackFiles\i386\lang\chtskdic.dll
+ 2008-04-14 00:09:05 173,568 ------w c:\windows\ServicePackFiles\i386\lang\chtskf.dll
+ 2008-04-14 00:09:06 198,656 ------w c:\windows\ServicePackFiles\i386\lang\cintime.dll
+ 2004-08-04 05:31:54 480,256 ------w c:\windows\ServicePackFiles\i386\lang\cintsetp.exe
+ 2004-08-04 05:31:38 57,399 ------w c:\windows\ServicePackFiles\i386\lang\cplexe.exe
+ 2008-04-14 00:09:39 13,463,552 ------w c:\windows\ServicePackFiles\i386\lang\hwxjpn.dll
+ 2008-04-14 00:09:43 106,496 ------w c:\windows\ServicePackFiles\i386\lang\imekrcic.dll
+ 2008-04-14 00:09:43 86,016 ------w c:\windows\ServicePackFiles\i386\lang\imekrmbx.dll
+ 2008-04-14 00:09:44 811,064 ------w c:\windows\ServicePackFiles\i386\lang\imjp81k.dll
+ 2008-04-14 00:09:45 368,696 ------w c:\windows\ServicePackFiles\i386\lang\imjpcic.dll
+ 2008-04-14 00:09:45 716,856 ------w c:\windows\ServicePackFiles\i386\lang\imjpcus.dll
+ 2008-04-14 00:09:45 81,976 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.dll
+ 2004-08-04 05:31:53 307,257 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.exe
+ 2004-08-04 05:31:54 155,705 ------w c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2004-08-04 05:31:57 196,665 ------w c:\windows\ServicePackFiles\i386\lang\imjpinst.exe
+ 2004-08-04 05:31:59 208,952 ------w c:\windows\ServicePackFiles\i386\lang\imjpmig.exe
+ 2004-08-04 05:32:11 233,527 ------w c:\windows\ServicePackFiles\i386\lang\imjprw.exe
+ 2004-08-04 05:32:14 262,200 ------w c:\windows\ServicePackFiles\i386\lang\imjputy.exe
+ 2008-04-14 00:09:46 274,489 ------w c:\windows\ServicePackFiles\i386\lang\imjputyc.dll
+ 2008-04-14 00:09:46 102,456 ------w c:\windows\ServicePackFiles\i386\lang\imlang.dll
+ 2004-08-04 05:31:48 59,392 ------w c:\windows\ServicePackFiles\i386\lang\imscinst.exe
+ 2008-04-14 00:09:47 315,455 ------w c:\windows\ServicePackFiles\i386\lang\imskf.dll
+ 2008-04-14 00:10:33 15,872 ------w c:\windows\ServicePackFiles\i386\lang\padrs404.dll
+ 2008-04-14 00:10:33 15,360 ------w c:\windows\ServicePackFiles\i386\lang\padrs804.dll
+ 2008-04-14 00:10:34 175,104 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsa.dll
+ 2008-04-14 00:10:34 53,760 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsd.dll
+ 2008-04-13 16:43:36 70,144 ------w c:\windows\ServicePackFiles\i386\lang\pintlphr.exe
+ 2008-04-14 00:10:34 67,584 ------w c:\windows\ServicePackFiles\i386\lang\pmigrate.dll
+ 2004-08-04 05:32:15 44,032 ------w c:\windows\ServicePackFiles\i386\lang\tintlphr.exe
+ 2004-08-04 05:32:15 455,168 ------w c:\windows\ServicePackFiles\i386\lang\tintsetp.exe
+ 2008-04-14 00:10:59 10,240 ------w c:\windows\ServicePackFiles\i386\lang\tmigrate.dll
+ 2008-04-14 00:11:01 76,288 ------w c:\windows\ServicePackFiles\i386\lang\uniime.dll
+ 2008-04-14 00:11:04 426,041 ------w c:\windows\ServicePackFiles\i386\lang\voicepad.dll
+ 2008-04-14 00:11:04 86,073 ------w c:\windows\ServicePackFiles\i386\lang\voicesub.dll
+ 2004-08-04 07:56:42 6,656 ------w c:\windows\ServicePackFiles\i386\laprxy.dll
+ 2008-04-13 18:40:26 34,688 ------w c:\windows\ServicePackFiles\i386\lbrtfdc.sys
+ 2008-04-14 00:12:23 677,888 ------w c:\windows\ServicePackFiles\i386\lhmstsc.exe
+ 2008-04-14 00:11:56 2,061,824 ------w c:\windows\ServicePackFiles\i386\lhmstscx.dll
+ 2008-04-14 10:41:58 423,936 ------w c:\windows\ServicePackFiles\i386\licdll.dll
+ 2008-04-14 00:11:56 22,016 ------w c:\windows\ServicePackFiles\i386\licmgr10.dll
+ 2008-04-14 00:11:56 58,880 ------w c:\windows\ServicePackFiles\i386\licwmi.dll
+ 2008-04-14 00:11:56 19,968 ------w c:\windows\ServicePackFiles\i386\linkinfo.dll
+ 2008-04-14 00:11:56 13,824 ------w c:\windows\ServicePackFiles\i386\lmhsvc.dll
+ 2008-04-14 00:11:56 33,792 ------w c:\windows\ServicePackFiles\i386\lmmib2.dll
+ 2008-04-14 00:11:56 399,872 ------w c:\windows\ServicePackFiles\i386\lmrt.dll
+ 2008-04-14 00:11:56 97,280 ------w c:\windows\ServicePackFiles\i386\loadperf.dll
+ 2008-04-14 00:11:56 221,696 ------w c:\windows\ServicePackFiles\i386\localsec.dll
+ 2008-04-14 00:11:56 343,040 ------w c:\windows\ServicePackFiles\i386\localspl.dll
+ 2008-04-14 00:11:56 11,776 ------w c:\windows\ServicePackFiles\i386\localui.dll
+ 2008-04-14 00:12:24 75,264 ------w c:\windows\ServicePackFiles\i386\locator.exe
+ 2008-04-14 00:11:56 19,968 ------w c:\windows\ServicePackFiles\i386\log.dll
+ 2004-08-04 07:56:50 103,936 ------w c:\windows\ServicePackFiles\i386\logagent.exe
+ 2008-04-14 00:12:24 59,392 ------w c:\windows\ServicePackFiles\i386\logman.exe
+ 2008-04-14 00:12:43 220,672 ------w c:\windows\ServicePackFiles\i386\logon.scr
+ 2008-04-14 00:12:24 514,560 ------w c:\windows\ServicePackFiles\i386\logonui.exe
+ 2008-04-14 00:11:56 22,528 ------w c:\windows\ServicePackFiles\i386\lpdsvc.dll
+ 2008-04-14 00:11:56 22,016 ------w c:\windows\ServicePackFiles\i386\lpk.dll
+ 2008-04-14 00:11:56 10,240 ------w c:\windows\ServicePackFiles\i386\lprhelp.dll
+ 2008-04-14 00:11:56 18,944 ------w c:\windows\ServicePackFiles\i386\lprmon.dll
+ 2008-04-14 00:11:56 728,064 ------w c:\windows\ServicePackFiles\i386\lsasrv.dll
+ 2008-04-14 00:12:24 13,312 ------w c:\windows\ServicePackFiles\i386\lsass.exe
+ 2004-08-04 05:41:35 606,684 ------w c:\windows\ServicePackFiles\i386\ltmdmnt.sys
+ 2002-08-29 04:34:38 420,992 ------w c:\windows\ServicePackFiles\i386\ltmdmntt.sys
+ 2008-04-13 18:40:52 7,040 ------w c:\windows\ServicePackFiles\i386\ltotape.sys
+ 2002-08-29 04:16:22 20,864 ------w c:\windows\ServicePackFiles\i386\lwadihid.sys
+ 2008-04-14 00:12:24 72,704 ------w c:\windows\ServicePackFiles\i386\magnify.exe
+ 2008-04-14 00:12:25 57,344 ------w c:\windows\ServicePackFiles\i386\makecab.exe
+ 2008-04-14 00:11:56 14,336 ------w c:\windows\ServicePackFiles\i386\mcastmib.dll
+ 2008-04-14 00:11:56 84,480 ------w c:\windows\ServicePackFiles\i386\mciavi32.dll
+ 2008-04-14 00:11:56 35,328 ------w c:\windows\ServicePackFiles\i386\mciqtz32.dll
+ 2008-04-14 00:11:56 23,040 ------w c:\windows\ServicePackFiles\i386\mciseq.dll
+ 2008-04-14 00:11:56 23,552 ------w c:\windows\ServicePackFiles\i386\mciwave.dll
+ 2008-04-14 00:11:56 118,272 ------w c:\windows\ServicePackFiles\i386\mdminst.dll
+ 2008-04-14 00:11:56 86,016 ------w c:\windows\ServicePackFiles\i386\mdmxsdk.dll
+ 2004-08-04 05:41:55 11,868 ------w c:\windows\ServicePackFiles\i386\mdmxsdk.sys
+ 2008-04-13 18:41:21 26,112 ------w c:\windows\ServicePackFiles\i386\memstpci.sys
+ 2008-04-13 18:36:41 63,744 ------w c:\windows\ServicePackFiles\i386\mf.sys
+ 2008-04-14 00:11:56 40,960 ------w c:\windows\ServicePackFiles\i386\mf3216.dll
+ 2008-04-14 00:11:56 927,504 ------w c:\windows\ServicePackFiles\i386\mfc40u.dll
+ 2008-04-14 00:11:56 1,028,096 ------w c:\windows\ServicePackFiles\i386\mfc42.dll
+ 2007-04-03 03:14:47 981,760 ------w c:\windows\ServicePackFiles\i386\mfc42u.dll
+ 2008-04-14 00:11:56 22,528 ------w c:\windows\ServicePackFiles\i386\mfcsubs.dll
+ 2008-04-14 00:11:56 14,848 ------w c:\windows\ServicePackFiles\i386\mgmtapi.dll
+ 2008-04-14 00:11:57 18,944 ------w c:\windows\ServicePackFiles\i386\midimap.dll
+ 2008-04-14 00:11:57 274,432 ------w c:\windows\ServicePackFiles\i386\migism.dll
+ 2004-08-04 07:56:42 192,512 ------w c:\windows\ServicePackFiles\i386\migism_a.dll
+ 2008-04-14 00:11:57 261,120 ------w c:\windows\ServicePackFiles\i386\migisma.dll
+ 2008-04-14 00:11:57 60,928 ------w c:\windows\ServicePackFiles\i386\miglibnt.dll
+ 2008-04-14 00:12:25 103,936 ------w c:\windows\ServicePackFiles\i386\migload.exe
+ 2004-08-04 07:56:51 786,432 ------w c:\windows\ServicePackFiles\i386\migrate.exe
+ 2008-04-14 00:12:25 7,680 ------w c:\windows\ServicePackFiles\i386\migregdb.exe
+ 2008-04-14 00:12:25 245,248 ------w c:\windows\ServicePackFiles\i386\migwiz.exe
+ 2004-08-04 07:56:51 236,032 ------w c:\windows\ServicePackFiles\i386\migwiz_a.exe
+ 2008-04-14 00:12:25 241,152 ------w c:\windows\ServicePackFiles\i386\migwiza.exe
+ 2008-04-14 00:11:57 29,696 ------w c:\windows\ServicePackFiles\i386\mimefilt.dll
+ 2008-04-14 00:11:57 586,240 ------w c:\windows\ServicePackFiles\i386\mlang.dll
+ 2008-04-14 00:12:25 1,414,656 ------w c:\windows\ServicePackFiles\i386\mmc.exe
+ 2008-04-14 00:11:57 184,320 ------w c:\windows\ServicePackFiles\i386\mmc30.dll
+ 2008-04-14 00:11:57 28,672 ------w c:\windows\ServicePackFiles\i386\mmc30r.dll
+ 2008-04-14 00:11:57 163,328 ------w c:\windows\ServicePackFiles\i386\mmcbase.dll
+ 2008-04-14 00:11:57 397,312 ------w c:\windows\ServicePackFiles\i386\mmcex.dll
+ 2008-04-14 00:11:57 40,960 ------w c:\windows\ServicePackFiles\i386\mmcexr.dll
+ 2008-04-14 00:11:57 106,496 ------w c:\windows\ServicePackFiles\i386\mmcfxc.dll
+ 2008-04-14 00:11:57 6,656 ------w c:\windows\ServicePackFiles\i386\mmcfxcr.dll
+ 2008-04-14 00:11:57 1,872,896 ------w c:\windows\ServicePackFiles\i386\mmcndmgr.dll
+ 2008-04-14 00:12:25 33,792 ------w c:\windows\ServicePackFiles\i386\mmcperf.exe
+ 2008-04-14 00:11:57 61,440 ------w c:\windows\ServicePackFiles\i386\mmcshext.dll
+ 2008-04-14 00:11:57 17,408 ------w c:\windows\ServicePackFiles\i386\mmfutil.dll
+ 2004-08-04 05:51:11 68,768 ------w c:\windows\ServicePackFiles\i386\mmsystem.dll
+ 2008-04-14 00:11:57 34,560 ------w c:\windows\ServicePackFiles\i386\mnmdd.dll
+ 2008-04-14 00:12:25 32,768 ------w c:\windows\ServicePackFiles\i386\mnmsrvc.exe
+ 2008-04-14 00:11:57 207,360 ------w c:\windows\ServicePackFiles\i386\mobsync.dll
+ 2008-04-14 00:12:26 143,360 ------w c:\windows\ServicePackFiles\i386\mobsync.exe
+ 2008-04-13 19:00:19 30,080 ------w c:\windows\ServicePackFiles\i386\modem.sys
+ 2008-04-14 00:11:57 153,600 ------w c:\windows\ServicePackFiles\i386\modemui.dll
+ 2008-04-14 00:12:26 16,384 ------w c:\windows\ServicePackFiles\i386\mofcomp.exe
+ 2008-04-14 00:11:57 123,904 ------w c:\windows\ServicePackFiles\i386\mofd.dll
+ 2008-04-14 00:12:42 16,896 ------w c:\windows\ServicePackFiles\i386\more.com
+ 2008-04-13 16:45:30 216,064 ------w c:\windows\ServicePackFiles\i386\moricons.dll
+ 2008-04-13 18:39:47 23,040 ------w c:\windows\ServicePackFiles\i386\mouclass.sys
+ 2008-04-13 18:39:46 42,368 ------w c:\windows\ServicePackFiles\i386\mountmgr.sys
+ 2008-04-14 00:12:27 3,558,912 ------w c:\windows\ServicePackFiles\i386\moviemk.exe
+ 2004-08-04 07:56:42 310,272 ------w c:\windows\ServicePackFiles\i386\mp43dmod.dll
+ 2004-08-04 07:56:42 384,512 ------w c:\windows\ServicePackFiles\i386\mp4sdmod.dll
+ 2008-04-13 18:46:22 15,232 ------w c:\windows\ServicePackFiles\i386\mpe.sys
+ 2004-08-04 07:56:42 240,640 ------w c:\windows\ServicePackFiles\i386\mpg4dmod.dll
+ 2008-04-14 00:12:27 123,392 ------w c:\windows\ServicePackFiles\i386\mplay32.exe
+ 2004-08-04 07:56:52 4,639 ------w c:\windows\ServicePackFiles\i386\mplayer2.exe
+ 2008-04-14 00:11:57 59,904 ------w c:\windows\ServicePackFiles\i386\mpr.dll
+ 2008-04-14 00:11:57 87,040 ------w c:\windows\ServicePackFiles\i386\mprapi.dll
+ 2008-04-14 00:11:57 53,248 ------w c:\windows\ServicePackFiles\i386\mprdim.dll
+ 2004-08-04 07:56:42 368,640 ------w c:\windows\ServicePackFiles\i386\mpvis.dll
+ 2008-04-13 18:32:44 180,608 ------w c:\windows\ServicePackFiles\i386\mrxdav.sys
+ 2008-04-13 19:17:01 456,576 ------w c:\windows\ServicePackFiles\i386\mrxsmb.sys
+ 2008-04-14 00:11:58 71,680 ------w c:\windows\ServicePackFiles\i386\msacm32.dll
+ 2008-04-14 00:11:58 331,776 ------w c:\windows\ServicePackFiles\i386\msadce.dll
+ 2008-04-13 17:25:57 20,480 ------w c:\windows\ServicePackFiles\i386\msadcer.dll
+ 2008-04-14 00:11:58 61,440 ------w c:\windows\ServicePackFiles\i386\msadcf.dll
+ 2008-04-13 17:25:57 16,384 ------w c:\windows\ServicePackFiles\i386\msadcfr.dll
+ 2008-04-14 00:11:58 143,360 ------w c:\windows\ServicePackFiles\i386\msadco.dll
+ 2008-04-13 17:25:57 16,384 ------w c:\windows\ServicePackFiles\i386\msadcor.dll
+ 2008-04-14 00:11:58 53,248 ------w c:\windows\ServicePackFiles\i386\msadcs.dll
+ 2008-04-14 00:11:58 155,648 ------w c:\windows\ServicePackFiles\i386\msadds.dll
+ 2008-04-13 17:25:58 24,576 ------w c:\windows\ServicePackFiles\i386\msaddsr.dll
+ 2008-04-13 17:26:17 24,576 ------w c:\windows\ServicePackFiles\i386\msader15.dll
+ 2008-04-14 00:11:58 536,576 ------w c:\windows\ServicePackFiles\i386\msado15.dll
+ 2008-04-14 00:11:58 180,224 ------w c:\windows\ServicePackFiles\i386\msadomd.dll
+ 2008-04-14 00:11:58 57,344 ------w c:\windows\ServicePackFiles\i386\msador15.dll
+ 2008-04-14 00:11:58 200,704 ------w c:\windows\ServicePackFiles\i386\msadox.dll
+ 2008-04-14 00:11:58 57,344 ------w c:\windows\ServicePackFiles\i386\msadrh15.dll
+ 2008-04-14 00:10:06 3,584 ------w c:\windows\ServicePackFiles\i386\msafd.dll
+ 2008-04-14 00:11:58 86,016 ------w c:\windows\ServicePackFiles\i386\msapsspc.dll
+ 2008-04-14 00:11:58 57,344 ------w c:\windows\ServicePackFiles\i386\msasn1.dll
+ 2008-04-14 00:11:58 220,160 ------w c:\windows\ServicePackFiles\i386\mscandui.dll
+ 2008-04-14 00:11:58 73,728 ------w c:\windows\ServicePackFiles\i386\mscms.dll
+ 2008-04-14 00:11:58 69,632 ------w c:\windows\ServicePackFiles\i386\msconf.dll
+ 2008-04-14 00:12:27 169,984 ------w c:\windows\ServicePackFiles\i386\msconfig.exe
+ 2004-07-17 18:42:18 116,288 ------w c:\windows\ServicePackFiles\i386\msconv97.dll
+ 2008-04-13 17:26:07 12,288 ------w c:\windows\ServicePackFiles\i386\mscpx32r.dll
+ 2008-04-14 00:11:58 36,864 ------w c:\windows\ServicePackFiles\i386\mscpxl32.dll
+ 2008-04-14 00:11:58 297,984 ------w c:\windows\ServicePackFiles\i386\msctf.dll
+ 2008-04-14 00:11:58 68,608 ------w c:\windows\ServicePackFiles\i386\msctfp.dll
+ 2008-04-14 00:11:58 4,096 ------w c:\windows\ServicePackFiles\i386\msdadc.dll
+ 2008-04-14 00:11:58 118,784 ------w c:\windows\ServicePackFiles\i386\msdadiag.dll
+ 2008-04-14 00:11:58 4,096 ------w c:\windows\ServicePackFiles\i386\msdaenum.dll
+ 2008-04-14 00:11:58 4,096 ------w c:\windows\ServicePackFiles\i386\msdaer.dll
+ 2008-04-14 00:11:58 532,480 ------w c:\windows\ServicePackFiles\i386\msdaipp.dll
+ 2008-04-14 00:11:58 233,472 ------w c:\windows\ServicePackFiles\i386\msdaora.dll
+ 2008-04-13 17:24:14 16,384 ------w c:\windows\ServicePackFiles\i386\msdaorar.dll
+ 2008-04-14 00:11:58 77,824 ------w c:\windows\ServicePackFiles\i386\msdaosp.dll
+ 2008-04-13 17:25:58 16,384 ------w c:\windows\ServicePackFiles\i386\msdaprsr.dll
+ 2008-04-14 00:11:58 200,704 ------w c:\windows\ServicePackFiles\i386\msdaprst.dll
+ 2008-04-14 00:11:59 204,800 ------w c:\windows\ServicePackFiles\i386\msdaps.dll
+ 2008-04-14 00:11:59 118,784 ------w c:\windows\ServicePackFiles\i386\msdarem.dll
+ 2008-04-13 17:25:58 16,384 ------w c:\windows\ServicePackFiles\i386\msdaremr.dll
+ 2008-04-14 00:11:59 151,552 ------w c:\windows\ServicePackFiles\i386\msdart.dll
+ 2008-04-14 00:11:59 4,096 ------w c:\windows\ServicePackFiles\i386\msdasc.dll
+ 2008-04-14 00:11:59 315,392 ------w c:\windows\ServicePackFiles\i386\msdasql.dll
+ 2008-04-13 17:26:07 16,384 ------w c:\windows\ServicePackFiles\i386\msdasqlr.dll
+ 2008-04-14 00:11:59 94,208 ------w c:\windows\ServicePackFiles\i386\msdatl3.dll
+ 2008-04-14 00:11:59 20,480 ------w c:\windows\ServicePackFiles\i386\msdatt.dll
+ 2008-04-14 00:11:59 4,096 ------w c:\windows\ServicePackFiles\i386\msdaurl.dll
+ 2008-04-14 00:11:59 36,864 ------w c:\windows\ServicePackFiles\i386\msdfmap.dll
+ 2008-04-14 00:11:59 14,336 ------w c:\windows\ServicePackFiles\i386\msdmo.dll
+ 2008-04-14 00:12:27 6,144 ------w c:\windows\ServicePackFiles\i386\msdtc.exe
+ 2008-04-14 00:11:59 58,880 ------w c:\windows\ServicePackFiles\i386\msdtclog.dll
+ 2008-04-14 00:11:59 427,008 ------w c:\windows\ServicePackFiles\i386\msdtcprx.dll
+ 2008-04-14 00:11:59 90,112 ------w c:\windows\ServicePackFiles\i386\msdtcstp.dll
+ 2008-04-14 00:11:59 956,928 ------w c:\windows\ServicePackFiles\i386\msdtctm.dll
+ 2008-04-14 00:11:59 161,792 ------w c:\windows\ServicePackFiles\i386\msdtcuiu.dll
+ 2008-04-13 18:46:09 51,200 ------w c:\windows\ServicePackFiles\i386\msdv.sys
+ 2004-08-04 07:56:13 4,126 ------w c:\windows\ServicePackFiles\i386\msdxmlc.dll
+ 2007-04-02 12:47:43 518,944 ------w c:\windows\ServicePackFiles\i386\msexch40.dll
+ 2007-04-02 12:47:58 326,432 ------w c:\windows\ServicePackFiles\i386\msexcl40.dll
+ 2008-04-13 18:32:39 19,072 ------w c:\windows\ServicePackFiles\i386\msfs.sys
+ 2008-04-14 00:11:59 539,136 ------w c:\windows\ServicePackFiles\i386\msftedit.dll
+ 2008-04-14 00:11:59 997,376 ------w c:\windows\ServicePackFiles\i386\msgina.dll
+ 2008-04-13 18:56:32 35,072 ------w c:\windows\ServicePackFiles\i386\msgpc.sys
+ 2008-04-14 00:11:59 3,166,208 ------w c:\windows\ServicePackFiles\i386\msgr3en.dll
+ 2008-04-14 00:11:59 15,360 ------w c:\windows\ServicePackFiles\i386\msgrocm.dll
+ 2008-04-14 00:11:59 82,944 ------w c:\windows\ServicePackFiles\i386\msgsc.dll
+ 2008-04-13 17:30:28 180,224 ------w c:\windows\ServicePackFiles\i386\msgslang.dll
+ 2008-04-14 00:11:59 33,792 ------w c:\windows\ServicePackFiles\i386\msgsvc.dll
+ 2008-04-14 00:12:45 188,416 ------w c:\windows\ServicePackFiles\i386\msh261.drv
+ 2008-04-14 00:12:45 294,912 ------w c:\windows\ServicePackFiles\i386\msh263.drv
+ 2008-04-14 00:12:27 29,184 ------w c:\windows\ServicePackFiles\i386\mshta.exe
+ 2008-04-14 00:11:59 3,066,880 ------w c:\windows\ServicePackFiles\i386\mshtml.dll
+ 2008-04-14 00:11:59 449,024 ------w c:\windows\ServicePackFiles\i386\mshtmled.dll
+ 2008-04-13 16:26:26 56,832 ------w c:\windows\ServicePackFiles\i386\mshtmler.dll
+ 2008-04-14 00:11:59 2,843,136 ------w c:\windows\ServicePackFiles\i386\msi.dll
+ 2008-04-14 00:11:59 51,712 ------w c:\windows\ServicePackFiles\i386\msident.dll
+ 2008-04-14 00:11:59 6,656 ------w c:\windows\ServicePackFiles\i386\msidle.dll
+ 2008-04-14 00:11:59 248,832 ------w c:\windows\ServicePackFiles\i386\msieftp.dll
+ 2008-04-14 00:12:28 78,848 ------w c:\windows\ServicePackFiles\i386\msiexec.exe
+ 2008-04-14 00:11:59 271,360 ------w c:\windows\ServicePackFiles\i386\msihnd.dll
+ 2008-04-14 00:11:59 4,608 ------w c:\windows\ServicePackFiles\i386\msimg32.dll
+ 2008-04-14 00:12:28 60,416 ------w c:\windows\ServicePackFiles\i386\msimn.exe
+ 2008-04-13 15:39:43 884,736 ------w c:\windows\ServicePackFiles\i386\msimsg.dll
+ 2008-04-14 00:11:59 159,232 ------w c:\windows\ServicePackFiles\i386\msimtf.dll
+ 2008-04-14 00:11:59 376,832 ------w c:\windows\ServicePackFiles\i386\msinfo.dll
+ 2008-04-13 18:54:28 22,016 ------w c:\windows\ServicePackFiles\i386\msircomm.sys
+ 2008-04-14 00:12:28 40,960 ------w c:\windows\ServicePackFiles\i386\msiregmv.exe
+ 2008-04-14 00:11:59 15,360 ------w c:\windows\ServicePackFiles\i386\msisip.dll
+ 2007-10-22 09:30:50 1,516,568 ------w c:\windows\ServicePackFiles\i386\msjet40.dll
+ 2007-04-02 12:49:20 355,112 ------w c:\windows\ServicePackFiles\i386\msjetol1.dll
+ 2008-04-14 00:12:00 151,583 ------w c:\windows\ServicePackFiles\i386\msjint40.dll
+ 2008-04-14 00:12:00 102,400 ------w c:\windows\ServicePackFiles\i386\msjro.dll
+ 2007-04-02 12:49:33 60,192 ------w c:\windows\ServicePackFiles\i386\msjter40.dll
+ 2007-04-02 12:49:37 248,608 ------w c:\windows\ServicePackFiles\i386\msjtes40.dll
+ 2008-04-13 18:39:52 7,552 ------w c:\windows\ServicePackFiles\i386\mskssrv.sys
+ 2008-04-14 00:12:00 25,088 ------w c:\windows\ServicePackFiles\i386\mslbui.dll
+ 2007-04-02 12:49:50 219,936 ------w c:\windows\ServicePackFiles\i386\msltus40.dll
+ 2008-04-14 00:12:00 39,936 ------w c:\windows\ServicePackFiles\i386\mslwvtts.dll
+ 2008-04-14 00:12:28 1,695,232 ------w c:\windows\ServicePackFiles\i386\msmsgs.exe
+ 2007-04-02 18:39:43 11,053,008 ------w c:\windows\ServicePackFiles\i386\msncli.exe
+ 2004-08-04 07:57:01 259,072 ------w c:\windows\ServicePackFiles\i386\msnetobj.dll
+ 2008-04-14 00:12:00 290,816 ------w c:\windows\ServicePackFiles\i386\msnsspc.dll
+ 2007-04-02 18:42:37 1,327,320 ------w c:\windows\ServicePackFiles\i386\msnsusii.exe
+ 2008-04-14 00:12:00 122,368 ------w c:\windows\ServicePackFiles\i386\msobcomm.dll
+ 2008-04-14 00:12:00 16,384 ------w c:\windows\ServicePackFiles\i386\msobdl.dll
+ 2008-04-14 00:12:00 565,248 ------w c:\windows\ServicePackFiles\i386\msobmain.dll
+ 2008-04-14 00:12:00 30,720 ------w c:\windows\ServicePackFiles\i386\msobshel.dll
+ 2008-04-14 00:12:00 19,456 ------w c:\windows\ServicePackFiles\i386\msobweb.dll
+ 2008-04-14 00:12:00 1,314,816 ------w c:\windows\ServicePackFiles\i386\msoe.dll
+ 2008-04-14 00:12:00 252,928 ------w c:\windows\ServicePackFiles\i386\msoeacct.dll
+ 2008-04-13 16:23:54 2,479,616 ------w c:\windows\ServicePackFiles\i386\msoeres.dll
+ 2008-04-14 00:12:00 105,984 ------w c:\windows\ServicePackFiles\i386\msoert2.dll
+ 2008-04-14 00:12:28 29,184 ------w c:\windows\ServicePackFiles\i386\msoobe.exe
+ 2008-04-13 17:24:14 20,480 ------w c:\windows\ServicePackFiles\i386\msorc32r.dll
+ 2008-04-14 00:12:00 143,360 ------w c:\windows\ServicePackFiles\i386\msorcl32.dll
+ 2008-04-14 00:12:28 343,040 ------w c:\windows\ServicePackFiles\i386\mspaint.exe
+ 2008-04-14 00:12:00 29,696 ------w c:\windows\ServicePackFiles\i386\mspatcha.dll
+ 2007-04-02 12:50:05 355,104 ------w c:\windows\ServicePackFiles\i386\mspbde40.dll
+ 2008-04-13 18:39:50 5,376 ------w c:\windows\ServicePackFiles\i386\mspclock.sys
+ 2004-08-04 07:56:43 52,224 ------w c:\windows\ServicePackFiles\i386\mspmsnsv.dll
+ 2004-08-04 07:56:43 201,728 ------w c:\windows\ServicePackFiles\i386\mspmsp.dll
+ 2008-04-13 18:39:51 4,992 ------w c:\windows\ServicePackFiles\i386\mspqm.sys
+ 2008-04-13 16:23:31 48,128 ------w c:\windows\ServicePackFiles\i386\msprivs.dll
+ 2008-04-14 00:12:00 146,432 ------w c:\windows\ServicePackFiles\i386\msrating.dll
+ 2007-04-02 12:50:26 432,928 ------w c:\windows\ServicePackFiles\i386\msrd2x40.dll
+ 2007-04-02 12:50:43 322,336 ------w c:\windows\ServicePackFiles\i386\msrd3x40.dll
+ 2007-04-02 12:51:05 559,904 ------w c:\windows\ServicePackFiles\i386\msrepl40.dll
+ 2008-04-14 00:12:00 11,264 ------w c:\windows\ServicePackFiles\i386\msrle32.dll
+ 2008-04-14 00:12:00 134,656 ------w c:\windows\ServicePackFiles\i386\mssap.dll
+ 2004-08-04 07:57:01 356,352 ------w c:\windows\ServicePackFiles\i386\msscp.dll
+ 2008-04-14 00:12:00 155,136 ------w c:\windows\ServicePackFiles\i386\mssha.dll
+ 2008-04-13 18:14:58 76,800 ------w c:\windows\ServicePackFiles\i386\msshamsg.dll
+ 2008-04-13 18:36:46 15,488 ------w c:\windows\ServicePackFiles\i386\mssmbios.sys
+ 2008-04-14 00:12:00 274,432 ------w c:\windows\ServicePackFiles\i386\mst120.dll
+ 2008-04-14 00:12:00 57,344 ------w c:\windows\ServicePackFiles\i386\mst123.dll
+ 2008-04-13 18:46:08 49,024 ------w c:\windows\ServicePackFiles\i386\mstape.sys
+ 2008-04-14 00:12:00 274,944 ------w c:\windows\ServicePackFiles\i386\mstask.dll
+ 2008-04-13 18:39:50 5,504 ------w c:\windows\ServicePackFiles\i386\mstee.sys
+ 2007-04-02 12:51:27 264,992 ------w c:\windows\ServicePackFiles\i386\mstext40.dll
+ 2008-04-14 00:12:00 532,480 ------w c:\windows\ServicePackFiles\i386\mstime.dll
+ 2008-04-14 00:12:29 12,288 ------w c:\windows\ServicePackFiles\i386\mstinit.exe
+ 2008-04-14 00:12:00 116,224 ------w c:\windows\ServicePackFiles\i386\mstlsapi.dll
+ 2004-08-04 05:59:40 407,552 ------w c:\windows\ServicePackFiles\i386\mstsc.exe
+ 2004-08-04 05:59:43 655,360 ------w c:\windows\ServicePackFiles\i386\mstscax.dll
+ 2008-04-14 00:12:00 195,072 ------w c:\windows\ServicePackFiles\i386\msutb.dll
+ 2008-04-14 00:12:00 132,608 ------w c:\windows\ServicePackFiles\i386\msv1_0.dll
+ 2008-04-14 00:12:00 1,384,479 ------w c:\windows\ServicePackFiles\i386\msvbvm60.dll
+ 2008-04-14 00:12:01 57,344 ------w c:\windows\ServicePackFiles\i386\msvcirt.dll
+ 2008-04-14 00:12:01 413,696 ------w c:\windows\ServicePackFiles\i386\msvcp60.dll
+ 2008-04-14 00:12:01 343,040 ------w c:\windows\ServicePackFiles\i386\msvcrt.dll
+ 2008-04-13 18:30:46 61,440 ------w c:\windows\ServicePackFiles\i386\msvcrt40.dll
+ 2008-04-14 00:12:01 121,344 ------w c:\windows\ServicePackFiles\i386\msvfw32.dll
+ 2008-04-14 00:12:01 1,428,992 ------w c:\windows\ServicePackFiles\i386\msvidctl.dll
+ 2008-04-14 00:12:01 72,704 ------w c:\windows\ServicePackFiles\i386\msw3prt.dll
+ 2007-04-02 12:51:47 838,432 ------w c:\windows\ServicePackFiles\i386\mswdat10.dll
+ 2008-04-14 00:12:01 203,776 ------w c:\windows\ServicePackFiles\i386\mswebdvd.dll
+ 2004-08-04 07:56:44 245,760 ------w c:\windows\ServicePackFiles\i386\mswmdm.dll
+ 2008-04-14 00:12:01 245,248 ------w c:\windows\ServicePackFiles\i386\mswsock.dll
+ 2007-04-02 12:51:53 621,344 ------w c:\windows\ServicePackFiles\i386\mswstr10.dll
+ 2008-04-14 00:12:01 24,576 ------w c:\windows\ServicePackFiles\i386\msxactps.dll
+ 2007-04-02 12:52:01 355,104 ------w c:\windows\ServicePackFiles\i386\msxbde40.dll
+ 2008-04-14 00:12:01 506,368 ------w c:\windows\ServicePackFiles\i386\msxml.dll
+ 2008-04-14 00:12:01 701,440 ------w c:\windows\ServicePackFiles\i386\msxml2.dll
+ 2008-04-14 00:12:01 1,104,896 ------w c:\windows\ServicePackFiles\i386\msxml3.dll
+ 2008-04-14 00:12:01 16,896 ------w c:\windows\ServicePackFiles\i386\msyuv.dll
+ 2004-08-04 05:41:38 126,686 ------w c:\windows\ServicePackFiles\i386\mtlmnt5.sys
+ 2004-08-04 05:41:37 1,309,184 ------w c:\windows\ServicePackFiles\i386\mtlstrm.sys
+ 2008-04-14 00:12:29 119,808 ------w c:\windows\ServicePackFiles\i386\mtstocom.exe
+ 2008-04-14 00:12:01 66,560 ------w c:\windows\ServicePackFiles\i386\mtxclu.dll
+ 2008-04-14 00:12:01 30,720 ------w c:\windows\ServicePackFiles\i386\mtxdm.dll
+ 2008-04-14 00:12:01 4,096 ------w c:\windows\ServicePackFiles\i386\mtxex.dll
+ 2008-04-14 00:12:01 34,304 ------w c:\windows\ServicePackFiles\i386\mtxlegih.dll
+ 2008-04-14 00:12:01 91,648 ------w c:\windows\ServicePackFiles\i386\mtxoci.dll
+ 2008-04-14 00:12:01 1,737,856 ------w c:\windows\ServicePackFiles\i386\mtxparhd.dll
+ 2004-08-04 05:29:36 452,736 ------w c:\windows\ServicePackFiles\i386\mtxparhm.sys
+ 2008-04-14 00:12:29 90,624 ------w c:\windows\ServicePackFiles\i386\muisetup.exe
+ 2008-04-13 19:17:05 105,344 ------w c:\windows\ServicePackFiles\i386\mup.sys
+ 2008-04-13 18:43:55 12,672 ------w c:\windows\ServicePackFiles\i386\mutohpen.sys
+ 2008-04-14 00:12:01 90,624 ------w c:\windows\ServicePackFiles\i386\mydocs.dll
+ 2008-04-13 18:46:25 85,248 ------w c:\windows\ServicePackFiles\i386\nabtsfec.sys
+ 2008-04-14 00:12:01 221,184 ------w c:\windows\ServicePackFiles\i386\nac.dll
+ 2008-04-14 00:12:01 30,208 ------w c:\windows\ServicePackFiles\i386\napipsec.dll
+ 2008-04-14 00:12:01 193,024 ------w c:\windows\ServicePackFiles\i386\napmontr.dll
+ 2008-04-14 00:12:29 176,640 ------w c:\windows\ServicePackFiles\i386\napstat.exe
+ 2008-04-14 00:12:29 53,760 ------w c:\windows\ServicePackFiles\i386\narrator.exe
+ 2008-04-14 00:12:01 36,352 ------w c:\windows\ServicePackFiles\i386\ncobjapi.dll
+ 2008-04-14 00:12:01 47,104 ------w c:\windows\ServicePackFiles\i386\ncprov.dll
+ 2008-04-14 00:12:01 9,728 ------w c:\windows\ServicePackFiles\i386\ncpsres.dll
+ 2008-04-14 00:12:01 17,920 ------w c:\windows\ServicePackFiles\i386\nddeapi.dll
+ 2008-04-14 00:12:29 4,096 ------w c:\windows\ServicePackFiles\i386\nddeapir.exe
+ 2008-04-14 00:12:01 18,944 ------w c:\windows\ServicePackFiles\i386\nddenb32.dll
+ 2008-04-13 19:20:37 182,656 ------w c:\windows\ServicePackFiles\i386\ndis.sys
+ 2008-04-13 18:46:22 10,880 ------w c:\windows\ServicePackFiles\i386\ndisip.sys
+ 2008-04-14 00:12:01 57,344 ------w c:\windows\ServicePackFiles\i386\ndisnpp.dll
+ 2008-04-13 18:57:27 10,112 ------w c:\windows\ServicePackFiles\i386\ndistapi.sys
+ 2008-04-13 18:55:58 14,592 ------w c:\windows\ServicePackFiles\i386\ndisuio.sys
+ 2008-04-13 19:20:42 91,520 ------w c:\windows\ServicePackFiles\i386\ndiswan.sys
+ 2008-04-13 18:57:29 40,576 ------w c:\windows\ServicePackFiles\i386\ndproxy.sys
+ 2008-04-14 00:12:29 42,496 ------w c:\windows\ServicePackFiles\i386\net.exe
+ 2008-04-14 00:12:29 124,928 ------w c:\windows\ServicePackFiles\i386\net1.exe
+ 2008-04-14 00:12:01 337,408 ------w c:\windows\ServicePackFiles\i386\netapi32.dll
+ 2008-04-13 18:56:02 34,688 ------w c:\windows\ServicePackFiles\i386\netbios.sys
+ 2008-04-13 19:21:00 162,816 ------w c:\windows\ServicePackFiles\i386\netbt.sys
+ 2008-04-14 00:12:01 622,592 ------w c:\windows\ServicePackFiles\i386\netcfgx.dll
+ 2008-04-14 00:12:29 111,104 ------w c:\windows\ServicePackFiles\i386\netdde.exe
+ 2008-04-14 00:12:01 139,264 ------w c:\windows\ServicePackFiles\i386\netid.dll
+ 2008-04-14 00:12:01 407,040 ------w c:\windows\ServicePackFiles\i386\netlogon.dll
+ 2008-04-14 00:12:01 198,144 ------w c:\windows\ServicePackFiles\i386\netman.dll
+ 2008-04-14 00:12:01 77,312 ------w c:\windows\ServicePackFiles\i386\netoc.dll
+ 2008-04-14 00:12:01 875,008 ------w c:\windows\ServicePackFiles\i386\netplwiz.dll
+ 2008-04-14 00:12:01 11,776 ------w c:\windows\ServicePackFiles\i386\netrap.dll
+ 2008-04-14 00:16:51 329,728 ------w c:\windows\ServicePackFiles\i386\netsetup.exe
+ 2008-04-14 00:12:29 86,016 ------w c:\windows\ServicePackFiles\i386\netsh.exe
+ 2008-04-14 00:12:02 1,703,936 ------w c:\windows\ServicePackFiles\i386\netshell.dll
+ 2008-04-14 00:12:29 36,864 ------w c:\windows\ServicePackFiles\i386\netstat.exe
+ 2008-04-14 00:12:02 80,896 ------w c:\windows\ServicePackFiles\i386\netui0.dll
+ 2008-04-14 00:12:02 245,760 ------w c:\windows\ServicePackFiles\i386\netui1.dll
+ 2002-08-29 03:59:32 132,695 ------w c:\windows\ServicePackFiles\i386\netwlan5.sys
+ 2008-04-14 00:12:02 247,808 ------w c:\windows\ServicePackFiles\i386\newdev.dll
+ 2008-04-13 18:51:25 61,824 ------w c:\windows\ServicePackFiles\i386\nic1394.sys
+ 2008-04-14 00:12:02 98,304 ------w c:\windows\ServicePackFiles\i386\nlhtml.dll
+ 2008-04-14 00:12:02 229,376 ------w c:\windows\ServicePackFiles\i386\nmas.dll
+ 2008-04-14 00:12:02 28,672 ------w c:\windows\ServicePackFiles\i386\nmasnt.dll
+ 2008-04-14 00:12:02 81,920 ------w c:\windows\ServicePackFiles\i386\nmchat.dll
+ 2008-04-14 00:12:02 77,824 ------w c:\windows\ServicePackFiles\i386\nmcom.dll
+ 2008-04-14 00:12:02 151,552 ------w c:\windows\ServicePackFiles\i386\nmft.dll
+ 2008-04-14 00:12:02 28,672 ------w c:\windows\ServicePackFiles\i386\nmmkcert.dll
+ 2008-04-13 18:53:09 40,320 ------w c:\windows\ServicePackFiles\i386\nmnt.sys
+ 2008-04-14 00:12:02 172,032 ------w c:\windows\ServicePackFiles\i386\nmoldwb.dll
+ 2008-04-14 00:12:02 188,416 ------w c:\windows\ServicePackFiles\i386\nmwb.dll
+ 2008-04-14 00:12:29 69,120 ------w c:\windows\ServicePackFiles\i386\notepad.exe
+ 2004-08-04 07:57:01 226,816 ------w c:\windows\ServicePackFiles\i386\npdrmv2.dll
+ 2004-08-04 07:56:44 364,544 ------w c:\windows\ServicePackFiles\i386\npdsplay.dll
+ 2008-04-13 18:32:39 30,848 ------w c:\windows\ServicePackFiles\i386\npfs.sys
+ 2008-04-14 00:12:29 15,360 ------w c:\windows\ServicePackFiles\i386\nppagent.exe
+ 2008-04-14 00:12:02 54,784 ------w c:\windows\ServicePackFiles\i386\npptools.dll
+ 2004-08-04 07:56:44 10,240 ------w c:\windows\ServicePackFiles\i386\npwmsdrm.dll
+ 2008-04-13 18:54:36 28,672 ------w c:\windows\ServicePackFiles\i386\nscirda.sys
+ 2008-04-14 00:12:29 76,800 ------w c:\windows\ServicePackFiles\i386\nslookup.exe
+ 2004-08-04 05:38:33 47,564 ------w c:\windows\ServicePackFiles\i386\ntdetect.com
+ 2008-04-14 00:11:24 706,048 ------w c:\windows\ServicePackFiles\i386\ntdll.dll
+ 2008-04-14 00:12:02 67,072 ------w c:\windows\ServicePackFiles\i386\ntdsapi.dll
+ 2008-04-14 00:12:02 212,992 ------w c:\windows\ServicePackFiles\i386\ntevt.dll
+ 2008-04-13 19:15:53 574,976 ------w c:\windows\ServicePackFiles\i386\ntfs.sys
+ 2004-08-04 05:45:08 33,840 ------w c:\windows\ServicePackFiles\i386\ntio.sys
+ 2004-08-04 05:45:14 34,560 ------w c:\windows\ServicePackFiles\i386\ntio404.sys
+ 2004-08-04 05:45:10 35,648 ------w c:\windows\ServicePackFiles\i386\ntio411.sys
+ 2004-08-04 05:45:15 35,424 ------w c:\windows\ServicePackFiles\i386\ntio412.sys
+ 2004-08-04 05:45:12 34,560 ------w c:\windows\ServicePackFiles\i386\ntio804.sys
+ 2008-04-13 19:24:37 2,145,280 ------w c:\windows\ServicePackFiles\i386\ntkrnlmp.exe
+ 2008-04-13 18:31:21 2,065,792 ------w c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
+ 2008-04-13 18:31:21 2,023,936 ------w c:\windows\ServicePackFiles\i386\ntkrpamp.exe
+ 2008-04-14 00:12:02 44,032 ------w c:\windows\ServicePackFiles\i386\ntlanman.dll
+ 2008-04-14 00:12:02 8,192 ------w c:\windows\ServicePackFiles\i386\ntlsapi.dll
+ 2008-04-14 00:12:02 118,784 ------w c:\windows\ServicePackFiles\i386\ntmarta.dll
+ 2008-04-14 00:12:02 40,960 ------w c:\windows\ServicePackFiles\i386\ntmsapi.dll
+ 2008-04-14 00:12:02 179,200 ------w c:\windows\ServicePackFiles\i386\ntmsdba.dll
+ 2008-04-14 00:12:02 488,448 ------w c:\windows\ServicePackFiles\i386\ntmsmgr.dll
+ 2008-04-14 00:12:02 435,200 ------w c:\windows\ServicePackFiles\i386\ntmssvc.dll
+ 2004-08-04 05:41:39 180,360 ------w c:\windows\ServicePackFiles\i386\ntmtlfax.sys
+ 2008-04-14 00:12:02 62,976 ------w c:\windows\ServicePackFiles\i386\ntoc.dll
+ 2008-04-13 19:27:53 2,188,928 ------w c:\windows\ServicePackFiles\i386\ntoskrnl.exe
+ 2008-04-14 00:12:02 91,136 ------w c:\windows\ServicePackFiles\i386\ntprint.dll
+ 2008-04-14 00:12:02 143,360 ------w c:\windows\ServicePackFiles\i386\ntshrui.dll
+ 2008-04-14 00:12:30 420,864 ------w c:\windows\ServicePackFiles\i386\ntvdm.exe
+ 2008-04-14 00:12:02 15,360 ------w c:\windows\ServicePackFiles\i386\ntvdmd.dll
+ 2008-04-14 00:12:02 4,274,816 ------w c:\windows\ServicePackFiles\i386\nv4_disp.dll
+ 2004-08-04 05:29:54 1,897,408 ------w c:\windows\ServicePackFiles\i386\nv4_mini.sys
+ 2008-04-13 18:56:06 88,320 ------w c:\windows\ServicePackFiles\i386\nwlnkipx.sys
+ 2008-04-14 00:12:02 142,336 ------w c:\windows\ServicePackFiles\i386\nwprovau.dll
+ 2008-04-14 00:12:02 270,336 ------w c:\windows\ServicePackFiles\i386\oakley.dll
+ 2008-04-14 00:10:30 229,376 ------w c:\windows\ServicePackFiles\i386\obelog.dll
+ 2008-04-14 00:10:30 966,656 ------w c:\windows\ServicePackFiles\i386\obemetal.dll
+ 2007-04-02 18:44:11 77,824 ------w c:\windows\ServicePackFiles\i386\obemtllc.dll
+ 2008-04-14 00:10:30 86,016 ------w c:\windows\ServicePackFiles\i386\obepopc.dll
+ 2008-04-14 00:12:02 286,208 ------w c:\windows\ServicePackFiles\i386\objsel.dll
+ 2008-04-13 18:40:52 405,504 ------w c:\windows\ServicePackFiles\i386\obrb041b.dll
+ 2008-04-13 18:40:56 408,576 ------w c:\windows\ServicePackFiles\i386\obrb0424.dll
+ 2008-04-14 00:12:02 96,256 ------w c:\windows\ServicePackFiles\i386\occache.dll
+ 2008-04-14 00:12:02 15,360 ------w c:\windows\ServicePackFiles\i386\ocgen.dll
+ 2008-04-14 00:12:02 67,584 ------w c:\windows\ServicePackFiles\i386\ocmanage.dll
+ 2008-04-14 00:12:02 17,408 ------w c:\windows\ServicePackFiles\i386\ocmsn.dll
+ 2002-08-29 10:00:00 26,224 ------w c:\windows\ServicePackFiles\i386\odbc16gt.dll
+ 2008-04-14 00:12:02 249,856 ------w c:\windows\ServicePackFiles\i386\odbc32.dll
+ 2008-04-14 00:12:02 16,384 ------w c:\windows\ServicePackFiles\i386\odbc32gt.dll
+ 2008-04-14 00:12:30 32,768 ------w c:\windows\ServicePackFiles\i386\odbcad32.exe
+ 2008-04-14 00:12:02 24,576 ------w c:\windows\ServicePackFiles\i386\odbcbcp.dll
+ 2008-04-14 00:12:02 135,168 ------w c:\windows\ServicePackFiles\i386\odbcconf.dll
+ 2008-04-14 00:12:30 69,632 ------w c:\windows\ServicePackFiles\i386\odbcconf.exe
+ 2008-04-14 00:12:02 106,496 ------w c:\windows\ServicePackFiles\i386\odbccp32.dll
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\odbccr32.dll
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\odbccu32.dll
+ 2008-04-13 17:26:05 94,208 ------w c:\windows\ServicePackFiles\i386\odbcint.dll
+ 2008-04-14 00:10:31 53,279 ------w c:\windows\ServicePackFiles\i386\odbcji32.dll
+ 2008-04-14 00:12:02 278,559 ------w c:\windows\ServicePackFiles\i386\odbcjt32.dll
+ 2008-04-13 17:26:05 12,288 ------w c:\windows\ServicePackFiles\i386\odbcp32r.dll
+ 2008-04-14 00:12:02 147,456 ------w c:\windows\ServicePackFiles\i386\odbctrac.dll
+ 2008-04-14 00:12:02 20,511 ------w c:\windows\ServicePackFiles\i386\oddbse32.dll
+ 2008-04-14 00:12:02 20,510 ------w c:\windows\ServicePackFiles\i386\odexl32.dll
+ 2008-04-14 00:12:02 20,510 ------w c:\windows\ServicePackFiles\i386\odfox32.dll
+ 2008-04-14 00:12:02 20,510 ------w c:\windows\ServicePackFiles\i386\odpdx32.dll
+ 2008-04-14 00:12:02 20,511 ------w c:\windows\ServicePackFiles\i386\odtext32.dll
+ 2008-04-14 00:12:02 104,448 ------w c:\windows\ServicePackFiles\i386\oeimport.dll
+ 2008-04-14 00:12:30 60,416 ------w c:\windows\ServicePackFiles\i386\oemig50.exe
+ 2008-04-14 00:12:02 35,328 ------w c:\windows\ServicePackFiles\i386\oemiglib.dll
+ 2008-04-14 00:12:02 192,000 ------w c:\windows\ServicePackFiles\i386\offfilt.dll
+ 2008-04-13 18:46:18 61,696 ------w c:\windows\ServicePackFiles\i386\ohci1394.sys
+ 2008-04-14 00:12:02 1,287,168 ------w c:\windows\ServicePackFiles\i386\ole32.dll
+ 2008-04-14 00:12:02 551,936 ------w c:\windows\ServicePackFiles\i386\oleaut32.dll
+ 2008-04-14 00:12:02 74,752 ------w c:\windows\ServicePackFiles\i386\olecli32.dll
+ 2008-04-14 00:12:02 37,376 ------w c:\windows\ServicePackFiles\i386\olecnv32.dll
+ 2008-04-14 00:12:02 487,424 ------w c:\windows\ServicePackFiles\i386\oledb32.dll
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\oledb32r.dll
+ 2008-04-14 00:12:02 122,880 ------w c:\windows\ServicePackFiles\i386\oledlg.dll
+ 2008-04-14 00:12:02 107,008 ------w c:\windows\ServicePackFiles\i386\oleprn.dll
+ 2008-04-14 00:12:02 84,992 ------w c:\windows\ServicePackFiles\i386\olepro32.dll
+ 2008-04-14 00:12:02 144,384 ------w c:\windows\ServicePackFiles\i386\onex.dll
+ 2008-04-14 00:12:31 51,200 ------w c:\windows\ServicePackFiles\i386\oobebaln.exe
+ 2008-04-14 00:12:02 713,728 ------w c:\windows\ServicePackFiles\i386\opengl32.dll
+ 2008-04-13 18:32:32 166,912 ------w c:\windows\ServicePackFiles\i386\oschoice.exe
+ 2008-04-14 00:12:31 215,552 ------w c:\windows\ServicePackFiles\i386\osk.exe
+ 2008-04-13 18:31:43 230,400 ------w c:\windows\ServicePackFiles\i386\osloader.exe
+ 2008-04-14 00:12:02 67,584 ------w c:\windows\ServicePackFiles\i386\osuninst.dll
+ 2008-04-14 00:12:02 153,600 ------w c:\windows\ServicePackFiles\i386\p2p.dll
+ 2008-04-14 00:12:02 105,472 ------w c:\windows\ServicePackFiles\i386\p2pgasvc.dll
+ 2008-04-14 00:12:02 313,856 ------w c:\windows\ServicePackFiles\i386\p2pgraph.dll
+ 2008-04-14 00:12:02 115,712 ------w c:\windows\ServicePackFiles\i386\p2pnetsh.dll
+ 2008-04-14 00:12:02 554,496 ------w c:\windows\ServicePackFiles\i386\p2psvc.dll
+ 2008-04-13 18:31:31 42,752 ------w c:\windows\ServicePackFiles\i386\p3.sys
+ 2008-04-14 00:12:31 58,368 ------w c:\windows\ServicePackFiles\i386\packager.exe
+ 2008-04-13 18:40:10 80,128 ------w c:\windows\ServicePackFiles\i386\parport.sys
+ 2008-04-13 18:40:49 19,712 ------w c:\windows\ServicePackFiles\i386\partmgr.sys
+ 2008-04-14 00:12:02 67,584 ------w c:\windows\ServicePackFiles\i386\pautoenr.dll
+ 2004-08-04 05:31:22 29,502 ------w c:\windows\ServicePackFiles\i386\pca200e.sys
+ 2008-04-14 00:12:02 102,912 ------w c:\windows\ServicePackFiles\i386\pchshell.dll
+ 2008-04-14 00:12:02 38,400 ------w c:\windows\ServicePackFiles\i386\pchsvc.dll
+ 2008-04-13 18:36:44 68,224 ------w c:\windows\ServicePackFiles\i386\pci.sys
+ 2008-04-13 18:40:29 24,960 ------w c:\windows\ServicePackFiles\i386\pciidex.sys
+ 2007-05-15 08:08:11 288,768 ------w c:\windows\ServicePackFiles\i386\pcl4res.dll
+ 2007-05-15 08:08:13 1,058,816 ------w c:\windows\ServicePackFiles\i386\pcl5eres.dll
+ 2007-05-15 08:08:14 1,057,280 ------w c:\windows\ServicePackFiles\i386\pcl5ures.dll
+ 2007-05-15 08:08:14 207,872 ------w c:\windows\ServicePackFiles\i386\pclxl.dll
+ 2008-04-13 18:36:43 120,192 ------w c:\windows\ServicePackFiles\i386\pcmcia.sys
+ 2002-08-29 03:59:16 169,984 ------w c:\windows\ServicePackFiles\i386\pcx500.sys
+ 2008-04-14 00:12:02 284,160 ------w c:\windows\ServicePackFiles\i386\pdh.dll
+ 2008-04-14 00:12:02 39,936 ------w c:\windows\ServicePackFiles\i386\perfctrs.dll
+ 2008-04-14 00:12:02 26,624 ------w c:\windows\ServicePackFiles\i386\perfdisk.dll
+ 2008-04-14 00:12:31 15,872 ------w c:\windows\ServicePackFiles\i386\perfmon.exe
+ 2008-04-14 00:12:02 17,920 ------w c:\windows\ServicePackFiles\i386\perfnet.dll
+ 2008-04-14 00:12:02 25,088 ------w c:\windows\ServicePackFiles\i386\perfos.dll
+ 2008-04-14 00:12:02 34,816 ------w c:\windows\ServicePackFiles\i386\perfproc.dll
+ 2008-04-13 18:44:29 27,904 ------w c:\windows\ServicePackFiles\i386\perm2.sys
+ 2008-04-14 00:10:34 211,584 ------w c:\windows\ServicePackFiles\i386\perm2dll.dll
+ 2008-04-13 18:44:30 28,032 ------w c:\windows\ServicePackFiles\i386\perm3.sys
+ 2008-04-14 00:10:34 259,328 ------w c:\windows\ServicePackFiles\i386\perm3dd.dll
+ 2008-04-14 00:12:02 176,128 ------w c:\windows\ServicePackFiles\i386\photowiz.dll
+ 2008-04-14 00:12:02 35,328 ------w c:\windows\ServicePackFiles\i386\pid.dll
+ 2008-04-13 18:35:22 24,064 ------w c:\windows\ServicePackFiles\i386\pidgen.dll
+ 2008-04-14 00:12:31 281,088 ------w c:\windows\ServicePackFiles\i386\pinball.exe
+ 2008-04-14 00:12:31 17,920 ------w c:\windows\ServicePackFiles\i386\ping.exe
+ 2008-04-14 00:12:02 15,360 ------w c:\windows\ServicePackFiles\i386\pjlmon.dll
+ 2008-04-14 00:12:02 44,544 ------w c:\windows\ServicePackFiles\i386\plotter.dll
+ 2008-04-14 00:12:02 52,736 ------w c:\windows\ServicePackFiles\i386\plotui.dll
+ 2008-04-14 00:12:02 412,160 ------w c:\windows\ServicePackFiles\i386\pmh.dll
+ 2008-04-14 00:12:02 39,424 ------w c:\windows\ServicePackFiles\i386\pngfilt.dll
+ 2008-04-14 00:12:02 58,880 ------w c:\windows\ServicePackFiles\i386\pnrpnsp.dll
+ 2008-04-14 00:12:02 105,472 ------w c:\windows\ServicePackFiles\i386\polstore.dll
+ 2008-04-13 19:19:41 146,048 ------w c:\windows\ServicePackFiles\i386\portcls.sys
+ 2008-04-14 00:12:31 49,152 ------w c:\windows\ServicePackFiles\i386\powercfg.exe
+ 2008-04-13 18:40:56 8,832 ------w c:\windows\ServicePackFiles\i386\powerfil.sys
+ 2008-04-14 00:12:03 17,408 ------w c:\windows\ServicePackFiles\i386\powrprof.dll
+ 2008-04-13 18:41:00 17,664 ------w c:\windows\ServicePackFiles\i386\ppa3.sys
+ 2008-04-14 00:12:03 560,640 ------w c:\windows\ServicePackFiles\i386\printui.dll
+ 2008-04-13 18:31:30 35,840 ------w c:\windows\ServicePackFiles\i386\processr.sys
+ 2008-04-14 00:12:03 27,648 ------w c:\windows\ServicePackFiles\i386\profmap.dll
+ 2008-04-14 00:12:31 109,568 ------w c:\windows\ServicePackFiles\i386\progman.exe
+ 2008-04-14 00:12:32 50,176 ------w c:\windows\ServicePackFiles\i386\proquota.exe
+ 2008-04-14 00:12:03 237,056 ------w c:\windows\ServicePackFiles\i386\provthrd.dll
+ 2008-04-14 00:12:32 9,216 ------w c:\windows\ServicePackFiles\i386\proxycfg.exe
+ 2008-04-14 00:12:03 728,576 ------w c:\windows\ServicePackFiles\i386\ps5ui.dll
+ 2008-04-14 00:12:03 23,040 ------w c:\windows\ServicePackFiles\i386\psapi.dll
+ 2008-04-14 00:12:03 96,768 ------w c:\windows\ServicePackFiles\i386\psbase.dll
+ 2008-04-13 18:56:38 69,120 ------w c:\windows\ServicePackFiles\i386\psched.sys
+ 2008-04-14 00:12:03 543,232 ------w c:\windows\ServicePackFiles\i386\pscript5.dll
+ 2008-04-14 00:12:03 363,520 ------w c:\windows\ServicePackFiles\i386\psisdecd.dll
+ 2008-04-14 00:12:03 43,520 ------w c:\windows\ServicePackFiles\i386\pstorec.dll
+ 2008-04-14 00:12:03 34,304 ------w c:\windows\ServicePackFiles\i386\pstorsvc.dll
+ 2008-04-14 00:12:03 159,232 ------w c:\windows\ServicePackFiles\i386\ptpusd.dll
+ 2008-04-14 00:12:03 150,528 ------w c:\windows\ServicePackFiles\i386\qagent.dll
+ 2008-04-14 00:12:03 291,328 ------w c:\windows\ServicePackFiles\i386\qagentrt.dll
+ 2008-04-14 00:12:03 237,568 ------w c:\windows\ServicePackFiles\i386\qasf.dll
+ 2008-04-14 00:12:03 192,512 ------w c:\windows\ServicePackFiles\i386\qcap.dll
+ 2008-04-14 00:12:03 62,464 ------w c:\windows\ServicePackFiles\i386\qcliprov.dll
+ 2008-04-14 00:12:03 279,040 ------w c:\windows\ServicePackFiles\i386\qdv.dll
+ 2008-04-14 00:12:03 386,048 ------w c:\windows\ServicePackFiles\i386\qdvd.dll
+ 2008-04-14 00:12:03 562,176 ------w c:\windows\ServicePackFiles\i386\qedit.dll
+ 2008-04-13 17:21:32 733,696 ------w c:\windows\ServicePackFiles\i386\qedwipes.dll
+ 2008-04-13 18:40:52 6,016 ------w c:\windows\ServicePackFiles\i386\qic157.sys
+ 2008-04-14 00:12:03 409,088 ------w c:\windows\ServicePackFiles\i386\qmgr.dll
+ 2008-04-14 00:12:03 18,944 ------w c:\windows\ServicePackFiles\i386\qmgrprxy.dll
+ 2008-04-14 00:12:32 19,968 ------w c:\windows\ServicePackFiles\i386\qprocess.exe
+ 2008-04-14 00:12:03 1,288,192 ------w c:\windows\ServicePackFiles\i386\quartz.dll
+ 2008-04-14 00:12:03 1,435,648 ------w c:\windows\ServicePackFiles\i386\query.dll
+ 2008-04-14 00:12:03 76,800 ------w c:\windows\ServicePackFiles\i386\qutil.dll
+ 2008-04-14 00:12:03 43,520 ------w c:\windows\ServicePackFiles\i386\racpldlg.dll
+ 2008-04-13 18:41:23 20,736 ------w c:\windows\ServicePackFiles\i386\ramdisk.sys
+ 2008-04-14 00:12:03 7,680 ------w c:\windows\ServicePackFiles\i386\rasadhlp.dll
+ 2008-04-14 00:12:03 237,056 ------w c:\windows\ServicePackFiles\i386\rasapi32.dll
+ 2008-04-14 00:12:03 88,576 ------w c:\windows\ServicePackFiles\i386\rasauto.dll
+ 2008-04-14 00:12:03 79,872 ------w c:\windows\ServicePackFiles\i386\raschap.dll
+ 2008-04-14 00:12:03 658,432 ------w c:\windows\ServicePackFiles\i386\rasdlg.dll
+ 2008-04-13 19:19:43 51,328 ------w c:\windows\ServicePackFiles\i386\rasl2tp.sys
+ 2008-04-14 00:12:03 61,440 ------w c:\windows\ServicePackFiles\i386\rasman.dll
+ 2008-04-14 00:12:03 186,368 ------w c:\windows\ServicePackFiles\i386\rasmans.dll
+ 2008-04-14 00:12:32 56,832 ------w c:\windows\ServicePackFiles\i386\rasphone.exe
+ 2008-04-14 00:12:03 210,944 ------w c:\windows\ServicePackFiles\i386\rasppp.dll
+ 2008-04-13 18:57:32 41,472 ------w c:\windows\ServicePackFiles\i386\raspppoe.sys
+ 2008-04-13 19:19:48 48,384 ------w c:\windows\ServicePackFiles\i386\raspptp.sys
+ 2008-04-14 00:12:03 61,952 ------w c:\windows\ServicePackFiles\i386\rasqec.dll
+ 2008-04-14 00:12:03 16,384 ------w c:\windows\ServicePackFiles\i386\rassapi.dll
+ 2008-04-14 00:12:03 58,368 ------w c:\windows\ServicePackFiles\i386\rastapi.dll
+ 2008-04-14 00:12:03 150,016 ------w c:\windows\ServicePackFiles\i386\rastls.dll
+ 2008-04-14 00:12:03 102,400 ------w c:\windows\ServicePackFiles\i386\rcbdyctl.dll
+ 2008-04-14 00:12:32 35,840 ------w c:\windows\ServicePackFiles\i386\rcimlby.exe
+ 2008-04-14 00:12:32 21,504 ------w c:\windows\ServicePackFiles\i386\rcp.exe
+ 2008-04-13 19:28:39 175,744 ------w c:\windows\ServicePackFiles\i386\rdbss.sys
+ 2008-04-14 00:12:03 147,968 ------w c:\windows\ServicePackFiles\i386\rdchost.dll
+ 2008-04-14 00:12:32 62,976 ------w c:\windows\ServicePackFiles\i386\rdpclip.exe
+ 2008-04-14 00:13:22 92,424 ------w c:\windows\ServicePackFiles\i386\rdpdd.dll
+ 2008-04-13 18:32:51 196,224 ------w c:\windows\ServicePackFiles\i386\rdpdr.sys
+ 2008-04-14 00:12:04 19,968 ------w c:\windows\ServicePackFiles\i386\rdpsnd.dll
+ 2008-04-14 00:13:22 139,656 ------w c:\windows\ServicePackFiles\i386\rdpwd.sys
+ 2008-04-14 00:13:22 87,176 ------w c:\windows\ServicePackFiles\i386\rdpwsx.dll
+ 2008-04-14 00:12:32 13,824 ------w c:\windows\ServicePackFiles\i386\rdsaddin.exe
+ 2008-04-14 00:12:32 67,072 ------w c:\windows\ServicePackFiles\i386\rdshost.exe
+ 2004-08-04 05:41:39 13,776 ------w c:\windows\ServicePackFiles\i386\recagent.sys
+ 2008-04-13 18:40:27 57,600 ------w c:\windows\ServicePackFiles\i386\redbook.sys
+ 2004-08-04 05:48:44 3,338 ------w c:\windows\ServicePackFiles\i386\redir.exe
+ 2008-04-14 00:12:32 50,176 ------w c:\windows\ServicePackFiles\i386\reg.exe
+ 2008-04-14 00:12:04 49,664 ------w c:\windows\ServicePackFiles\i386\regapi.dll
+ 2008-04-14 00:12:32 146,432 ------w c:\windows\ServicePackFiles\i386\regedit.exe
+ 2008-04-14 00:12:04 59,904 ------w c:\windows\ServicePackFiles\i386\regsvc.dll
+ 2008-04-14 00:12:32 11,776 ------w c:\windows\ServicePackFiles\i386\regsvr32.exe
+ 2008-04-14 00:12:04 397,824 ------w c:\windows\ServicePackFiles\i386\regwizc.dll
+ 2008-04-14 00:12:04 60,416 ------w c:\windows\ServicePackFiles\i386\remotepg.dll
+ 2008-04-14 00:12:04 178,176 ------w c:\windows\ServicePackFiles\i386\repdrvfs.dll
+ 2008-04-14 00:12:04 58,880 ------w c:\windows\ServicePackFiles\i386\resutils.dll
+ 2008-04-14 00:12:33 13,824 ------w c:\windows\ServicePackFiles\i386\rexec.exe
+ 2008-04-13 18:46:32 59,136 ------w c:\windows\ServicePackFiles\i386\rfcomm.sys
+ 2008-04-14 00:12:04 290,304 ------w c:\windows\ServicePackFiles\i386\rhttpaa.dll
+ 2008-04-14 00:12:04 123,392 ------w c:\windows\ServicePackFiles\i386\riafres.dll
+ 2008-04-14 00:12:04 11,776 ------w c:\windows\ServicePackFiles\i386\riafui1.dll
+ 2008-04-14 00:12:04 11,776 ------w c:\windows\ServicePackFiles\i386\riafui2.dll
+ 2008-04-14 00:12:04 433,664 ------w c:\windows\ServicePackFiles\i386\riched20.dll
+ 2008-04-13 18:55:08 202,624 ------w c:\windows\ServicePackFiles\i386\rmcast.sys
+ 2008-04-13 18:56:49 30,592 ------w c:\windows\ServicePackFiles\i386\rndismp.sys
+ 2008-04-13 18:56:49 30,592 ------w c:\windows\ServicePackFiles\i386\rndismpx.sys
+ 2008-04-13 18:40:14 79,104 ------w c:\windows\ServicePackFiles\i386\rocket.sys
+ 2008-04-14 00:12:04 584,704 ------w c:\windows\ServicePackFiles\i386\rpcrt4.dll
+ 2008-04-14 00:12:04 399,360 ------w c:\windows\ServicePackFiles\i386\rpcss.dll
+ 2008-04-14 00:12:04 61,440 ------w c:\windows\ServicePackFiles\i386\rrcm.dll
+ 2008-04-13 17:37:57 208,384 ------w c:\windows\ServicePackFiles\i386\rsaenh.dll
+ 2008-04-14 00:12:33 14,848 ------w c:\windows\ServicePackFiles\i386\rsh.exe
+ 2008-04-14 00:12:04 39,936 ------w c:\windows\ServicePackFiles\i386\rshx32.dll
+ 2008-04-14 00:12:04 18,944 ------w c:\windows\ServicePackFiles\i386\rsmps.dll
+ 2008-04-14 00:12:33 380,416 ------w c:\windows\ServicePackFiles\i386\rstrui.exe
+ 2008-04-14 00:12:04 92,672 ------w c:\windows\ServicePackFiles\i386\rsvpsp.dll
+ 2008-04-14 00:12:33 77,312 ------w c:\windows\ServicePackFiles\i386\rtcshare.exe
+ 2008-04-14 00:12:04 31,744 ------w c:\windows\ServicePackFiles\i386\rtipxmib.dll
+ 2004-08-04 05:31:32 20,992 ------w c:\windows\ServicePackFiles\i386\rtl8139.sys
+ 2008-04-14 00:12:04 44,032 ------w c:\windows\ServicePackFiles\i386\rtutils.dll
+ 2008-04-14 00:12:33 33,280 ------w c:\windows\ServicePackFiles\i386\rundll32.exe
+ 2008-04-14 00:12:33 14,336 ------w c:\windows\ServicePackFiles\i386\runonce.exe
+ 2008-04-14 00:12:04 27,648 ------w c:\windows\ServicePackFiles\i386\rw001ext.dll
+ 2008-04-14 00:12:04 29,184 ------w c:\windows\ServicePackFiles\i386\rw330ext.dll
+ 2008-04-14 00:12:04 27,648 ------w c:\windows\ServicePackFiles\i386\rw430ext.dll
+ 2008-04-14 00:12:04 29,696 ------w c:\windows\ServicePackFiles\i386\rw450ext.dll
+ 2008-04-14 00:12:04 397,056 ------w c:\windows\ServicePackFiles\i386\s3gnb.dll
+ 2004-08-04 05:29:51 166,912 ------w c:\windows\ServicePackFiles\i386\s3gnbm.sys
+ 2008-04-14 00:12:04 43,520 ------w c:\windows\ServicePackFiles\i386\safrcdlg.dll
+ 2008-04-14 00:12:04 29,696 ------w c:\windows\ServicePackFiles\i386\safrdm.dll
+ 2008-04-14 00:12:04 45,568 ------w c:\windows\ServicePackFiles\i386\safrslv.dll
+ 2008-04-14 00:12:04 64,000 ------w c:\windows\ServicePackFiles\i386\samlib.dll
+ 2008-04-14 00:12:04 415,744 ------w c:\windows\ServicePackFiles\i386\samsrv.dll
+ 2008-04-14 00:12:04 741,376 ------w c:\windows\ServicePackFiles\i386\sapi.dll
+ 2008-04-14 00:12:33 13,312 ------w c:\windows\ServicePackFiles\i386\savedump.exe
+ 2008-04-14 00:12:04 270,848 ------w c:\windows\ServicePackFiles\i386\sbe.dll
+ 2008-04-14 00:12:04 159,232 ------w c:\windows\ServicePackFiles\i386\sbeio.dll
+ 2008-04-13 18:40:48 43,904 ------w c:\windows\ServicePackFiles\i386\sbp2port.sys
+ 2008-04-14 00:12:04 69,632 ------w c:\windows\ServicePackFiles\i386\scarddlg.dll
+ 2008-04-14 00:12:33 95,744 ------w c:\windows\ServicePackFiles\i386\scardsvr.exe
+ 2002-08-29 10:00:00 169,984 ------w c:\windows\ServicePackFiles\i386\sccbase.dll
+ 2008-04-14 00:12:05 171,008 ------w c:\windows\ServicePackFiles\i386\sccsccp.dll
+ 2008-04-14 00:12:05 181,248 ------w c:\windows\ServicePackFiles\i386\scecli.dll
+ 2008-04-14 00:12:05 314,880 ------w c:\windows\ServicePackFiles\i386\scesrv.dll
+ 2008-04-14 00:12:05 144,384 ------w c:\windows\ServicePackFiles\i386\schannel.dll
+ 2008-04-14 00:12:05 192,512 ------w c:\windows\ServicePackFiles\i386\schedsvc.dll
+ 2008-04-14 00:12:05 20,480 ------w c:\windows\ServicePackFiles\i386\sclgntfy.dll
+ 2008-04-14 00:12:34 36,352 ------w c:\windows\ServicePackFiles\i386\scrcons.exe
+ 2008-04-14 00:12:05 215,552 ------w c:\windows\ServicePackFiles\i386\script.dll
+ 2004-08-04 07:56:44 188,416 ------w c:\windows\ServicePackFiles\i386\script_a.dll
+ 2008-04-14 00:12:05 199,680 ------w c:\windows\ServicePackFiles\i386\scripta.dll
+ 2008-04-14 00:12:43 9,216 ------w c:\windows\ServicePackFiles\i386\scrnsave.scr
+ 2008-04-14 00:12:05 180,224 ------w c:\windows\ServicePackFiles\i386\scrobj.dll
+ 2008-04-14 00:12:05 172,032 ------w c:\windows\ServicePackFiles\i386\scrrun.dll
+ 2008-04-13 18:40:30 96,384 ------w c:\windows\ServicePackFiles\i386\scsiport.sys
+ 2008-04-13 18:45:33 11,520 ------w c:\windows\ServicePackFiles\i386\scsiscan.sys
+ 2008-04-14 00:12:34 77,312 ------w c:\windows\ServicePackFiles\i386\sdbinst.exe
+ 2008-04-13 18:36:44 79,232 ------w c:\windows\ServicePackFiles\i386\sdbus.sys
+ 2008-04-14 00:12:05 29,184 ------w c:\windows\ServicePackFiles\i386\sdhcinst.dll
+ 2008-04-13 16:39:15 20,480 ------w c:\windows\ServicePackFiles\i386\secdrv.sys
+ 2008-04-14 00:12:05 18,944 ------w c:\windows\ServicePackFiles\i386\seclogon.dll
+ 2004-08-02 19:20:40 4,569 ------w c:\windows\ServicePackFiles\i386\secupd.dat
+ 2008-04-14 00:12:05 56,320 ------w c:\windows\ServicePackFiles\i386\secur32.dll
+ 2008-04-14 00:12:05 5,632 ------w c:\windows\ServicePackFiles\i386\security.dll
+ 2008-04-14 00:12:05 29,184 ------w c:\windows\ServicePackFiles\i386\sendcmsg.dll
+ 2008-04-14 00:12:05 54,784 ------w c:\windows\ServicePackFiles\i386\sendmail.dll
+ 2008-04-14 00:12:05 39,424 ------w c:\windows\ServicePackFiles\i386\sens.dll
+ 2008-04-14 00:12:05 7,168 ------w c:\windows\ServicePackFiles\i386\sensapi.dll
+ 2008-04-13 18:40:12 15,744 ------w c:\windows\ServicePackFiles\i386\serenum.sys
+ 2008-04-13 19:15:45 64,512 ------w c:\windows\ServicePackFiles\i386\serial.sys
+ 2008-04-14 00:12:05 56,320 ------w c:\windows\ServicePackFiles\i386\servdeps.dll
+ 2008-04-14 00:12:34 108,544 ------w c:\windows\ServicePackFiles\i386\services.exe
+ 2008-04-14 00:12:34 141,312 ------w c:\windows\ServicePackFiles\i386\sessmgr.exe
+ 2008-04-14 00:12:34 31,232 ------w c:\windows\ServicePackFiles\i386\sethc.exe
+ 2008-04-14 00:12:34 23,040 ------w c:\windows\ServicePackFiles\i386\setup.exe
+ 2004-08-04 07:56:56 774,144 ------w c:\windows\ServicePackFiles\i386\setup_wm.exe
+ 2008-04-14 00:12:34 73,216 ------w c:\windows\ServicePackFiles\i386\setup50.exe
+ 2008-04-14 10:42:06 985,088 ------w c:\windows\ServicePackFiles\i386\setupapi.dll
+ 2008-04-14 00:12:35 32,768 ------w c:\windows\ServicePackFiles\i386\setupn.exe
+ 2008-04-14 00:12:05 101,376 ------w c:\windows\ServicePackFiles\i386\setupqry.dll
+ 2008-04-14 00:12:05 5,120 ------w c:\windows\ServicePackFiles\i386\sfc.dll
+ 2008-04-14 00:12:05 140,288 ------w c:\windows\ServicePackFiles\i386\sfc_os.dll
+ 2008-04-14 00:12:05 1,614,848 ------w c:\windows\ServicePackFiles\i386\sfcfiles.dll
+ 2008-04-13 18:40:47 11,904 ------w c:\windows\ServicePackFiles\i386\sffdisk.sys
+ 2008-04-13 18:40:48 10,240 ------w c:\windows\ServicePackFiles\i386\sffp_mmc.sys
+ 2008-04-13 18:40:47 11,008 ------w c:\windows\ServicePackFiles\i386\sffp_sd.sys
+ 2008-04-13 18:40:48 11,392 ------w c:\windows\ServicePackFiles\i386\sfloppy.sys
+ 2008-04-13 17:03:19 549,376 ------w c:\windows\ServicePackFiles\i386\shdoclc.dll
+ 2008-04-14 00:12:05 1,499,136 ------w c:\windows\ServicePackFiles\i386\shdocvw.dll
+ 2008-04-14 00:12:05 8,461,312 ------w c:\windows\ServicePackFiles\i386\shell32.dll
+ 2008-04-14 00:12:05 25,088 ------w c:\windows\ServicePackFiles\i386\shfolder.dll
+ 2008-04-14 00:12:05 68,096 ------w c:\windows\ServicePackFiles\i386\shgina.dll
+ 2008-04-14 00:12:05 65,024 ------w c:\windows\ServicePackFiles\i386\shimeng.dll
+ 2008-04-14 00:12:05 438,272 ------w c:\windows\ServicePackFiles\i386\shimgvw.dll
+ 2008-04-14 00:12:05 474,112 ------w c:\windows\ServicePackFiles\i386\shlwapi.dll
+ 2004-08-04 07:56:45 151,552 ------w c:\windows\ServicePackFiles\i386\shmedia.dll
+ 2008-04-14 00:12:35 45,056 ------w c:\windows\ServicePackFiles\i386\shmgrate.exe
+ 2008-04-14 00:12:35 77,824 ------w c:\windows\ServicePackFiles\i386\shrpubw.exe
+ 2008-04-14 00:12:05 27,648 ------w c:\windows\ServicePackFiles\i386\shscrap.dll
+ 2008-04-14 00:12:05 135,168 ------w c:\windows\ServicePackFiles\i386\shsvcs.dll
+ 2008-04-14 00:12:05 20,536 ------w c:\windows\ServicePackFiles\i386\shtml.dll
+ 2008-04-14 00:12:35 16,437 ------w c:\windows\ServicePackFiles\i386\shtml.exe
+ 2008-04-14 00:12:35 19,456 ------w c:\windows\ServicePackFiles\i386\shutdown.exe
+ 2008-04-14 00:12:05 13,312 ------w c:\windows\ServicePackFiles\i386\sigtab.dll
+ 2008-04-14 00:12:35 70,144 ------w c:\windows\ServicePackFiles\i386\sigverif.exe
+ 2008-04-14 00:12:05 3,901 ------w c:\windows\ServicePackFiles\i386\siint5.dll
+ 2008-04-13 18:36:39 40,960 ------w c:\windows\ServicePackFiles\i386\sisagp.sys
+ 2004-08-04 05:31:34 32,768 ------w c:\windows\ServicePackFiles\i386\sisnic.sys
+ 2008-04-14 00:12:35 26,112 ------w c:\windows\ServicePackFiles\i386\skeys.exe
+ 2002-08-29 03:59:32 63,547 ------w c:\windows\ServicePackFiles\i386\sla30nd5.sys
+ 2008-04-14 00:12:06 25,088 ------w c:\windows\ServicePackFiles\i386\slayerxp.dll
+ 2004-08-04 05:31:43 306,176 ------w c:\windows\ServicePackFiles\i386\slbcsp.dll
+ 2008-04-14 00:12:06 98,304 ------w c:\windows\ServicePackFiles\i386\slbiop.dll
+ 2008-04-14 00:12:06 73,832 ------w c:\windows\ServicePackFiles\i386\slcoinst.dll
+ 2008-04-14 00:12:06 286,792 ------w c:\windows\ServicePackFiles\i386\slextspk.dll
+ 2008-04-14 00:12:06 188,508 ------w c:\windows\ServicePackFiles\i386\slgen.dll
+ 2008-04-13 18:46:23 11,136 ------w c:\windows\ServicePackFiles\i386\slip.sys
+ 2004-08-04 05:41:40 129,535 ------w c:\windows\ServicePackFiles\i386\slnt7554.sys
+ 2004-08-04 05:41:42 404,990 ------w c:\windows\ServicePackFiles\i386\slntamr.sys
+ 2004-08-04 05:41:44 95,424 ------w c:\windows\ServicePackFiles\i386\slnthal.sys
+ 2008-04-14 00:12:35 32,866 ------w c:\windows\ServicePackFiles\i386\slrundll.exe
+ 2008-04-14 00:12:35 73,796 ------w c:\windows\ServicePackFiles\i386\slserv.exe
+ 2004-08-04 05:41:45 13,240 ------w c:\windows\ServicePackFiles\i386\slwdmsup.sys
+ 2008-04-13 18:36:34 5,888 ------w c:\windows\ServicePackFiles\i386\smbali.sys
+ 2008-04-13 18:36:33 16,000 ------w c:\windows\ServicePackFiles\i386\smbbatt.sys
+ 2008-04-13 18:36:33 6,912 ------w c:\windows\ServicePackFiles\i386\smbclass.sys
+ 2008-04-14 00:12:35 8,192 ------w c:\windows\ServicePackFiles\i386\smbinst.exe
+ 2008-04-14 00:12:35 236,544 ------w c:\windows\ServicePackFiles\i386\smi2smir.exe
+ 2008-04-14 00:12:06 362,496 ------w c:\windows\ServicePackFiles\i386\smlogcfg.dll
+ 2008-04-14 00:12:35 89,600 ------w c:\windows\ServicePackFiles\i386\smlogsvc.exe
+ 2008-04-14 00:12:36 50,688 ------w c:\windows\ServicePackFiles\i386\smss.exe
+ 2008-04-14 00:12:06 456,192 ------w c:\windows\ServicePackFiles\i386\smtpsvc.dll
+ 2008-04-14 00:12:36 131,584 ------w c:\windows\ServicePackFiles\i386\sndrec32.exe
+ 2008-04-14 00:12:06 34,816 ------w c:\windows\ServicePackFiles\i386\sniffpol.dll
+ 2008-04-14 00:12:36 33,280 ------w c:\windows\ServicePackFiles\i386\snmp.exe
+ 2008-04-14 00:12:06 18,944 ------w c:\windows\ServicePackFiles\i386\snmpapi.dll
+ 2008-04-14 00:12:06 259,072 ------w c:\windows\ServicePackFiles\i386\snmpcl.dll
+ 2008-04-14 00:12:06 358,400 ------w c:\windows\ServicePackFiles\i386\snmpincl.dll
+ 2008-04-14 00:12:06 6,144 ------w c:\windows\ServicePackFiles\i386\snmpmib.dll
+ 2008-04-14 00:12:06 188,416 ------w c:\windows\ServicePackFiles\i386\snmpsmir.dll
+ 2008-04-14 00:12:06 182,272 ------w c:\windows\ServicePackFiles\i386\snmpsnap.dll
+ 2008-04-14 00:12:06 39,936 ------w c:\windows\ServicePackFiles\i386\snmpthrd.dll
+ 2008-04-14 00:12:36 8,704 ------w c:\windows\ServicePackFiles\i386\snmptrap.exe
+ 2008-04-14 00:12:06 130,048 ------w c:\windows\ServicePackFiles\i386\softkbd.dll
+ 2008-04-13 18:40:52 7,552 ------w c:\windows\ServicePackFiles\i386\sonyait.sys
+ 2008-04-13 18:46:07 25,344 ------w c:\windows\ServicePackFiles\i386\sonydcam.sys
+ 2008-04-14 00:12:36 24,576 ------w c:\windows\ServicePackFiles\i386\sort.exe
+ 2008-04-14 00:12:36 7,680 ------w c:\windows\ServicePackFiles\i386\spdwnwxp.exe
+ 2008-04-13 16:43:18 62,976 ------w c:\windows\ServicePackFiles\i386\spgrmr.dll
+ 2008-04-14 00:12:36 538,624 ------w c:\windows\ServicePackFiles\i386\spider.exe
+ 2008-04-13 18:45:07 6,272 ------w c:\windows\ServicePackFiles\i386\splitter.sys
+ 2008-04-14 10:42:38 11,264 ------w c:\windows\ServicePackFiles\i386\spnpinst.exe
+ 2008-04-14 00:12:06 75,264 ------w c:\windows\ServicePackFiles\i386\spoolss.dll
+ 2008-04-14 00:12:36 57,856 ------w c:\windows\ServicePackFiles\i386\spoolsv.exe
+ 2008-04-13 18:35:28 192,512 ------w c:\windows\ServicePackFiles\i386\spra041b.dll
+ 2008-04-13 18:35:28 192,512 ------w c:\windows\ServicePackFiles\i386\spra0424.dll
+ 2008-04-13 18:38:37 757,248 ------w c:\windows\ServicePackFiles\i386\sprb041b.dll
+ 2008-04-13 18:38:36 732,160 ------w c:\windows\ServicePackFiles\i386\sprb0424.dll
+ 2008-04-13 18:40:04 577,536 ------w c:\windows\ServicePackFiles\i386\sprc041b.dll
+ 2008-04-13 18:40:05 576,512 ------w c:\windows\ServicePackFiles\i386\sprc0424.dll
+ 2008-04-14 00:12:06 250,368 ------w c:\windows\ServicePackFiles\i386\sptip.dll
+ 2008-04-14 00:12:36 20,992 ------w c:\windows\ServicePackFiles\i386\spupdwxp.exe
+ 2008-04-14 00:12:06 151,552 ------w c:\windows\ServicePackFiles\i386\sqldb20.dll
+ 2008-04-14 00:12:06 528,384 ------w c:\windows\ServicePackFiles\i386\sqloledb.dll
+ 2008-04-14 00:12:06 462,848 ------w c:\windows\ServicePackFiles\i386\sqlqp20.dll
+ 2008-04-14 00:12:06 110,592 ------w c:\windows\ServicePackFiles\i386\sqlse20.dll
+ 2008-04-14 00:12:06 442,368 ------w c:\windows\ServicePackFiles\i386\sqlsrv32.dll
+ 2008-04-14 00:12:06 180,800 ------w c:\windows\ServicePackFiles\i386\sqlunirl.dll
+ 2008-04-14 00:12:06 217,088 ------w c:\windows\ServicePackFiles\i386\sqlxmlx.dll
+ 2008-04-13 18:36:52 73,472 ------w c:\windows\ServicePackFiles\i386\sr.sys
+ 2008-04-14 00:12:06 58,434 ------w c:\windows\ServicePackFiles\i386\srchctls.dll
+ 2008-04-14 00:12:07 726,078 ------w c:\windows\ServicePackFiles\i386\srchui.dll
+ 2008-04-14 00:12:07 67,584 ------w c:\windows\ServicePackFiles\i386\srclient.dll
+ 2008-04-14 00:12:07 239,104 ------w c:\windows\ServicePackFiles\i386\srrstr.dll
+ 2008-04-14 00:12:07 171,008 ------w c:\windows\ServicePackFiles\i386\srsvc.dll
+ 2008-04-13 19:15:11 334,848 ------w c:\windows\ServicePackFiles\i386\srv.sys
+ 2008-04-14 00:12:07 96,768 ------w c:\windows\ServicePackFiles\i386\srvsvc.dll
+ 2008-04-14 00:12:43 704,512 ------w c:\windows\ServicePackFiles\i386\ss3dfo.scr
+ 2008-04-14 00:12:43 19,968 ------w c:\windows\ServicePackFiles\i386\ssbezier.scr
+ 2008-04-14 00:12:07 34,816 ------w c:\windows\ServicePackFiles\i386\ssdpapi.dll
+ 2008-04-14 00:12:07 71,680 ------w c:\windows\ServicePackFiles\i386\ssdpsrv.dll
+ 2008-04-14 00:12:43 393,216 ------w c:\windows\ServicePackFiles\i386\ssflwbox.scr
+ 2008-04-14 00:12:44 20,992 ------w c:\windows\ServicePackFiles\i386\ssmarque.scr
+ 2008-04-14 00:12:44 47,104 ------w c:\windows\ServicePackFiles\i386\ssmypics.scr
+ 2008-04-14 00:12:44 18,944 ------w c:\windows\ServicePackFiles\i386\ssmyst.scr
+ 2008-04-14 00:12:44 610,304 ------w c:\windows\ServicePackFiles\i386\sspipes.scr
+ 2008-04-14 00:12:44 14,336 ------w c:\windows\ServicePackFiles\i386\ssstars.scr
+ 2008-04-14 00:12:44 679,936 ------w c:\windows\ServicePackFiles\i386\sstext3d.scr
+ 2008-04-14 00:12:07 33,280 ------w c:\windows\ServicePackFiles\i386\sstub.dll
+ 2008-04-14 00:12:07 26,624 ------w c:\windows\ServicePackFiles\i386\startoc.dll
+ 2008-04-14 00:12:07 59,392 ------w c:\windows\ServicePackFiles\i386\stclient.dll
+ 2008-04-14 00:12:07 86,528 ------w c:\windows\ServicePackFiles\i386\stdprov.dll
+ 2008-04-14 00:12:07 68,096 ------w c:\windows\ServicePackFiles\i386\sti.dll
+ 2008-04-14 00:12:07 136,704 ------w c:\windows\ServicePackFiles\i386\sti_ci.dll
+ 2008-04-14 00:12:36 14,848 ------w c:\windows\ServicePackFiles\i386\stimon.exe
+ 2008-04-14 00:12:07 121,856 ------w c:\windows\ServicePackFiles\i386\stobject.dll
+ 2008-04-14 00:12:07 74,752 ------w c:\windows\ServicePackFiles\i386\storprop.dll
+ 2008-04-13 18:45:15 49,408 ------w c:\windows\ServicePackFiles\i386\stream.sys
+ 2008-04-13 18:46:21 15,232 ------w c:\windows\ServicePackFiles\i386\streamip.sys
+ 2004-08-04 07:56:45 246,302 ------w c:\windows\ServicePackFiles\i386\strmdll.dll
+ 2008-04-14 00:12:07 75,776 ------w c:\windows\ServicePackFiles\i386\strmfilt.dll
+ 2008-04-14 00:12:36 16,449 ------w c:\windows\ServicePackFiles\i386\stub_fpsrvadm.exe
+ 2008-04-14 00:12:36 65,601 ------w c:\windows\ServicePackFiles\i386\stub_fpsrvwin.exe
+ 2008-04-14 00:12:36 14,336 ------w c:\windows\ServicePackFiles\i386\svchost.exe
+ 2008-04-13 18:39:53 4,352 ------w c:\windows\ServicePackFiles\i386\swenum.sys
+ 2008-04-13 18:45:09 56,576 ------w c:\windows\ServicePackFiles\i386\swmidi.sys
+ 2008-04-14 00:12:07 713,216 ------w c:\windows\ServicePackFiles\i386\sxs.dll
+ 2008-04-14 00:12:07 57,856 ------w c:\windows\ServicePackFiles\i386\synceng.dll
+ 2008-04-14 00:12:07 191,488 ------w c:\windows\ServicePackFiles\i386\syncui.dll
+ 2008-04-13 19:15:55 60,800 ------w c:\windows\ServicePackFiles\i386\sysaudio.sys
+ 2008-04-14 00:12:07 193,024 ------w c:\windows\ServicePackFiles\i386\sysmod.dll
+ 2004-08-04 07:56:46 155,648 ------w c:\windows\ServicePackFiles\i386\sysmod_a.dll
+ 2008-04-14 00:12:07 173,568 ------w c:\windows\ServicePackFiles\i386\sysmoda.dll
+ 2008-04-14 00:12:37 106,496 ------w c:\windows\ServicePackFiles\i386\sysocmgr.exe
+ 2008-04-14 00:12:07 990,208 ------w c:\windows\ServicePackFiles\i386\syssetup.dll
+ 2008-04-14 00:12:07 117,760 ------w c:\windows\ServicePackFiles\i386\t2embed.dll
+ 2008-04-13 18:40:50 14,976 ------w c:\windows\ServicePackFiles\i386\tape.sys
+ 2008-04-14 00:12:07 858,624 ------w c:\windows\ServicePackFiles\i386\tapi3.dll
+ 2008-04-14 00:12:07 181,760 ------w c:\windows\ServicePackFiles\i386\tapi32.dll
+ 2008-04-14 00:12:07 249,856 ------w c:\windows\ServicePackFiles\i386\tapisrv.dll
+ 2008-04-14 00:12:37 135,680 ------w c:\windows\ServicePackFiles\i386\taskmgr.exe
+ 2008-04-13 19:20:16 361,344 ------w c:\windows\ServicePackFiles\i386\tcpip.sys
+ 2008-04-13 19:00:02 225,664 ------w c:\windows\ServicePackFiles\i386\tcpip6.sys
+ 2008-04-14 00:12:07 14,848 ------w c:\windows\ServicePackFiles\i386\tcpmib.dll
+ 2008-04-14 00:12:07 45,568 ------w c:\windows\ServicePackFiles\i386\tcpmon.dll
+ 2008-04-14 00:12:07 45,568 ------w c:\windows\ServicePackFiles\i386\tcpmonui.dll
+ 2008-04-14 00:12:37 32,827 ------w c:\windows\ServicePackFiles\i386\tcptest.exe
+ 2007-04-02 16:36:07 16,384 ------w c:\windows\ServicePackFiles\i386\tcptsat.dll
+ 2008-04-13 19:00:05 19,072 ------w c:\windows\ServicePackFiles\i386\tdi.sys
+ 2008-04-14 00:13:20 12,040 ------w c:\windows\ServicePackFiles\i386\tdpipe.sys
+ 2008-04-14 00:13:21 21,896 ------w c:\windows\ServicePackFiles\i386\tdtcp.sys
+ 2008-04-14 00:12:37 75,776 ------w c:\windows\ServicePackFiles\i386\telnet.exe
+ 2008-04-14 00:13:20 40,840 ------w c:\windows\ServicePackFiles\i386\termdd.sys
+ 2008-04-14 00:12:07 358,400 ------w c:\windows\ServicePackFiles\i386\termmgr.dll
+ 2008-04-14 00:12:07 295,424 ------w c:\windows\ServicePackFiles\i386\termsrv.dll
+ 2008-04-13 18:40:50 149,376 ------w c:\windows\ServicePackFiles\i386\tffsport.sys
+ 2008-04-14 00:12:07 385,536 ------w c:\windows\ServicePackFiles\i386\themeui.dll
+ 2008-04-14 00:12:38 347,136 ------w c:\windows\ServicePackFiles\i386\tourstrt.exe
+ 2008-04-14 00:12:38 82,944 ------w c:\windows\ServicePackFiles\i386\tp4mon.exe
+ 2008-04-14 00:12:38 12,288 ------w c:\windows\ServicePackFiles\i386\tracert.exe
+ 2008-04-14 00:12:42 12,800 ------w c:\windows\ServicePackFiles\i386\tree.com
+ 2008-04-14 00:12:07 153,088 ------w c:\windows\ServicePackFiles\i386\triedit.dll
+ 2008-04-14 00:12:07 90,112 ------w c:\windows\ServicePackFiles\i386\trkwks.dll
+ 2008-01-18 15:13:09 2,247 ------w c:\windows\ServicePackFiles\i386\tscdsbl.bat
+ 2008-04-14 00:12:07 93,696 ------w c:\windows\ServicePackFiles\i386\tscfgwmi.dll
+ 2007-12-12 10:33:51 18,917 ------w c:\windows\ServicePackFiles\i386\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w c:\windows\ServicePackFiles\i386\tscuinst.vbs
+ 2008-04-14 00:11:31 25,600 ------w c:\windows\ServicePackFiles\i386\tscupdc.dll
+ 2004-08-04 05:59:27 44,544 ------w c:\windows\ServicePackFiles\i386\tscupgrd.exe
+ 2008-04-14 00:13:21 12,168 ------w c:\windows\ServicePackFiles\i386\tsddd.dll
+ 2008-04-14 00:12:07 53,248 ------w c:\windows\ServicePackFiles\i386\tsgqec.dll
+ 2008-04-14 00:12:07 279,040 ------w c:\windows\ServicePackFiles\i386\tshoot.dll
+ 2008-04-14 00:12:07 130,048 ------w c:\windows\ServicePackFiles\i386\tsoc.dll
+ 2008-04-14 00:12:07 50,688 ------w c:\windows\ServicePackFiles\i386\tspkg.dll
+ 2008-04-14 00:12:07 8,704 ------w c:\windows\ServicePackFiles\i386\tty.dll
+ 2007-04-02 15:31:00 39,936 ------w c:\windows\ServicePackFiles\i386\ttyres.dll
+ 2008-04-14 00:12:07 16,384 ------w c:\windows\ServicePackFiles\i386\ttyui.dll
+ 2008-04-13 18:56:01 12,288 ------w c:\windows\ServicePackFiles\i386\tunmp.sys
+ 2008-04-14 00:12:07 50,688 ------w c:\windows\ServicePackFiles\i386\twain_32.dll
+ 2008-04-14 00:12:07 57,856 ------w c:\windows\ServicePackFiles\i386\twext.dll
+ 2008-04-14 00:12:07 101,376 ------w c:\windows\ServicePackFiles\i386\txflog.dll
+ 2008-04-14 00:12:38 60,416 ------w c:\windows\ServicePackFiles\i386\tzchange.exe
+ 2008-04-13 18:36:40 44,672 ------w c:\windows\ServicePackFiles\i386\uagp35.sys
+ 2008-04-13 18:32:36 66,048 ------w c:\windows\ServicePackFiles\i386\udfs.sys
+ 2008-04-14 00:12:07 26,624 ------w c:\windows\ServicePackFiles\i386\udhisapi.dll
+ 2008-04-14 00:12:07 275,456 ------w c:\windows\ServicePackFiles\i386\ulib.dll
+ 2008-04-14 00:12:07 35,840 ------w c:\windows\ServicePackFiles\i386\umandlg.dll
+ 2008-04-14 00:12:07 123,392 ------w c:\windows\ServicePackFiles\i386\umpnpmgr.dll
+ 2008-04-14 00:12:07 373,248 ------w c:\windows\ServicePackFiles\i386\unidrv.dll
+ 2008-04-14 00:12:07 744,448 ------w c:\windows\ServicePackFiles\i386\unidrvui.dll
+ 2008-04-14 00:12:07 74,240 ------w c:\windows\ServicePackFiles\i386\unimdmat.dll
+ 2008-04-14 00:12:07 13,824 ------w c:\windows\ServicePackFiles\i386\uniplat.dll
+ 2007-05-15 08:08:53 761,344 ------w c:\windows\ServicePackFiles\i386\unires.dll
+ 2004-08-04 07:56:57 208,896 ------w c:\windows\ServicePackFiles\i386\unregmp2.exe
+ 2008-04-14 00:12:07 316,416 ------w c:\windows\ServicePackFiles\i386\untfs.dll
+ 2008-04-13 18:39:46 384,768 ------w c:\windows\ServicePackFiles\i386\update.sys
+ 2008-04-14 00:12:38 150,528 ------w c:\windows\ServicePackFiles\i386\uploadm.exe
+ 2008-04-14 00:12:08 133,632 ------w c:\windows\ServicePackFiles\i386\upnp.dll
+ 2008-04-14 00:12:38 16,896 ------w c:\windows\ServicePackFiles\i386\upnpcont.exe
+ 2008-04-14 00:12:08 185,856 ------w c:\windows\ServicePackFiles\i386\upnphost.dll
+ 2008-04-14 00:12:08 239,616 ------w c:\windows\ServicePackFiles\i386\upnpui.dll
+ 2008-04-14 00:12:38 18,432 ------w c:\windows\ServicePackFiles\i386\ups.exe
+ 2008-04-14 00:12:08 37,888 ------w c:\windows\ServicePackFiles\i386\url.dll
+ 2008-04-14 00:12:08 619,520 ------w c:\windows\ServicePackFiles\i386\urlmon.dll
+ 2002-08-29 03:59:22 32,384 ------w c:\windows\ServicePackFiles\i386\usb101et.sys
+ 2008-04-13 18:56:49 12,800 ------w c:\windows\ServicePackFiles\i386\usb8023.sys
+ 2008-04-13 18:56:49 12,800 ------w c:\windows\ServicePackFiles\i386\usb8023x.sys
+ 2008-04-13 18:45:12 60,032 ------w c:\windows\ServicePackFiles\i386\usbaudio.sys
+ 2008-04-13 18:45:40 25,600 ------w c:\windows\ServicePackFiles\i386\usbcamd.sys
+ 2008-04-13 18:45:41 25,728 ------w c:\windows\ServicePackFiles\i386\usbcamd2.sys
+ 2008-04-13 18:45:39 32,128 ------w c:\windows\ServicePackFiles\i386\usbccgp.sys
+ 2008-04-13 18:45:35 30,208 ------w c:\windows\ServicePackFiles\i386\usbehci.sys
+ 2008-04-13 18:45:37 59,520 ------w c:\windows\ServicePackFiles\i386\usbhub.sys
+ 2008-04-13 18:45:43 15,872 ------w c:\windows\ServicePackFiles\i386\usbintel.sys
+ 2008-04-14 00:12:08 16,896 ------w c:\windows\ServicePackFiles\i386\usbmon.dll
+ 2008-04-13 18:45:35 17,152 ------w c:\windows\ServicePackFiles\i386\usbohci.sys
+ 2008-04-13 18:45:36 143,872 ------w c:\windows\ServicePackFiles\i386\usbport.sys
+ 2008-04-13 18:47:37 25,856 ------w c:\windows\ServicePackFiles\i386\usbprint.sys
+ 2008-04-13 18:45:34 15,104 ------w c:\windows\ServicePackFiles\i386\usbscan.sys
+ 2008-04-13 18:45:36 26,112 ------w c:\windows\ServicePackFiles\i386\usbser.sys
+ 2008-04-13 18:45:38 26,368 ------w c:\windows\ServicePackFiles\i386\usbstor.sys
+ 2008-04-13 18:45:35 20,608 ------w c:\windows\ServicePackFiles\i386\usbuhci.sys
+ 2008-04-14 00:12:08 74,240 ------w c:\windows\ServicePackFiles\i386\usbui.dll
+ 2008-04-13 18:46:20 121,984 ------w c:\windows\ServicePackFiles\i386\usbvideo.sys
+ 2008-04-14 00:12:08 578,560 ------w c:\windows\ServicePackFiles\i386\user32.dll
+ 2008-04-14 00:12:08 727,040 ------w c:\windows\ServicePackFiles\i386\userenv.dll
+ 2008-04-14 00:12:38 26,112 ------w c:\windows\ServicePackFiles\i386\userinit.exe
+ 2008-04-14 00:12:08 406,016 ------w c:\windows\ServicePackFiles\i386\usp10.dll
+ 2008-04-14 00:12:38 50,176 ------w c:\windows\ServicePackFiles\i386\utilman.exe
+ 2008-04-14 00:12:08 218,624 ------w c:\windows\ServicePackFiles\i386\uxtheme.dll
+ 2008-04-14 00:12:08 30,749 ------w c:\windows\ServicePackFiles\i386\vbajet32.dll
+ 2008-04-14 00:12:08 434,176 ------w c:\windows\ServicePackFiles\i386\vbscript.dll
+ 2008-04-14 00:12:08 11,325 ------w c:\windows\ServicePackFiles\i386\vchnt5.dll
+ 2008-04-14 00:12:08 26,112 ------w c:\windows\ServicePackFiles\i386\vdmdbg.dll
+ 2008-04-14 00:12:08 51,712 ------w c:\windows\ServicePackFiles\i386\vdmredir.dll
+ 2008-04-14 00:12:38 28,672 ------w c:\windows\ServicePackFiles\i386\verclsid.exe
+ 2008-04-14 00:12:08 26,624 ------w c:\windows\ServicePackFiles\i386\verifier.dll
+ 2008-04-14 00:12:08 18,944 ------w c:\windows\ServicePackFiles\i386\version.dll
+ 2008-04-14 00:12:08 53,760 ------w c:\windows\ServicePackFiles\i386\vfwwdm32.dll
+ 2008-04-13 18:44:40 20,992 ------w c:\windows\ServicePackFiles\i386\vga.sys
+ 2008-04-14 00:12:08 851,968 ------w c:\windows\ServicePackFiles\i386\vgx.dll
+ 2008-04-13 18:36:40 42,240 ------w c:\windows\ServicePackFiles\i386\viaagp.sys
+ 2008-04-13 18:40:31 5,376 ------w c:\windows\ServicePackFiles\i386\viaide.sys
+ 2008-04-13 18:44:40 81,664 ------w c:\windows\ServicePackFiles\i386\videoprt.sys
+ 2008-04-14 00:12:08 131,584 ------w c:\windows\ServicePackFiles\i386\viewprov.dll
+ 2008-04-13 18:41:01 52,352 ------w c:\windows\ServicePackFiles\i386\volsnap.sys
+ 2008-04-14 00:12:08 430,592 ------w c:\windows\ServicePackFiles\i386\vssapi.dll
+ 2008-04-14 00:12:38 289,792 ------w c:\windows\ServicePackFiles\i386\vssvc.exe
+ 2008-04-14 00:12:08 175,104 ------w c:\windows\ServicePackFiles\i386\w32time.dll
+ 2008-04-14 00:12:08 15,872 ------w c:\windows\ServicePackFiles\i386\w3ssl.dll
+ 2008-04-14 00:12:08 483,840 ------w c:\windows\ServicePackFiles\i386\w95upgnt.dll
+ 2008-04-14 00:12:38 46,080 ------w c:\windows\ServicePackFiles\i386\wab.exe
+ 2008-04-14 00:12:08 510,976 ------w c:\windows\ServicePackFiles\i386\wab32.dll
+ 2008-04-13 16:21:48 249,856 ------w c:\windows\ServicePackFiles\i386\wab32res.dll
+ 2008-04-14 00:12:08 32,768 ------w c:\windows\ServicePackFiles\i386\wabfind.dll
+ 2008-04-14 00:12:08 85,504 ------w c:\windows\ServicePackFiles\i386\wabimp.dll
+ 2008-04-14 00:12:39 30,208 ------w c:\windows\ServicePackFiles\i386\wabmig.exe
+ 2008-04-13 18:43:55 14,208 ------w c:\windows\ServicePackFiles\i386\wacompen.sys
+ 2004-08-04 05:29:37 12,415 ------w c:\windows\ServicePackFiles\i386\wadv01nt.sys
+ 2004-08-04 05:29:37 12,127 ------w c:\windows\ServicePackFiles\i386\wadv02nt.sys
+ 2004-08-04 05:29:37 11,775 ------w c:\windows\ServicePackFiles\i386\wadv05nt.sys
+ 2004-08-04 05:29:38 11,807 ------w c:\windows\ServicePackFiles\i386\wadv07nt.sys
+ 2004-08-04 05:29:39 11,295 ------w c:\windows\ServicePackFiles\i386\wadv08nt.sys
+ 2004-08-04 05:29:40 11,871 ------w c:\windows\ServicePackFiles\i386\wadv09nt.sys
+ 2004-08-04 05:29:40 11,935 ------w c:\windows\ServicePackFiles\i386\wadv11nt.sys
+ 2008-04-13 18:57:21 34,560 ------w c:\windows\ServicePackFiles\i386\wanarp.sys
+ 2008-04-13 18:44:59 17,664 ------w c:\windows\ServicePackFiles\i386\watchdog.sys
+ 2004-08-04 05:29:41 29,311 ------w c:\windows\ServicePackFiles\i386\watv01nt.sys
+ 2004-08-04 05:29:42 19,551 ------w c:\windows\ServicePackFiles\i386\watv02nt.sys
+ 2004-08-04 05:29:43 33,599 ------w c:\windows\ServicePackFiles\i386\watv04nt.sys
+ 2004-08-04 05:29:44 22,271 ------w c:\windows\ServicePackFiles\i386\watv06nt.sys
+ 2004-08-04 05:29:45 25,471 ------w c:\windows\ServicePackFiles\i386\watv10nt.sys
+ 2008-04-14 00:12:08 215,552 ------w c:\windows\ServicePackFiles\i386\wavemsp.dll
+ 2008-04-14 00:12:08 196,608 ------w c:\windows\ServicePackFiles\i386\wbemcntl.dll
+ 2008-04-14 00:12:08 214,528 ------w c:\windows\ServicePackFiles\i386\wbemcomn.dll
+ 2008-04-14 00:12:08 71,680 ------w c:\windows\ServicePackFiles\i386\wbemcons.dll
+ 2008-04-14 00:12:08 531,456 ------w c:\windows\ServicePackFiles\i386\wbemcore.dll
+ 2008-04-14 00:12:08 178,176 ------w c:\windows\ServicePackFiles\i386\wbemdisp.dll
+ 2008-04-14 00:12:08 273,920 ------w c:\windows\ServicePackFiles\i386\wbemess.dll
+ 2008-04-14 00:12:08 43,008 ------w c:\windows\ServicePackFiles\i386\wbemperf.dll
+ 2008-04-14 00:12:08 18,944 ------w c:\windows\ServicePackFiles\i386\wbemprox.dll
+ 2008-04-14 00:12:08 43,520 ------w c:\windows\ServicePackFiles\i386\wbemsvc.dll
+ 2008-04-14 00:12:39 116,224 ------w c:\windows\ServicePackFiles\i386\wbemtest.exe
+ 2008-04-14 00:12:08 197,120 ------w c:\windows\ServicePackFiles\i386\wbemupgd.dll
+ 2008-04-13 18:45:38 31,744 ------w c:\windows\ServicePackFiles\i386\wceusbsh.sys
+ 2004-08-04 05:29:45 23,615 ------w c:\windows\ServicePackFiles\i386\wch7xxnt.sys
+ 2008-04-14 00:12:08 49,152 ------w c:\windows\ServicePackFiles\i386\wdigest.dll
+ 2008-04-14 00:12:45 23,552 ------w c:\windows\ServicePackFiles\i386\wdmaud.drv
+ 2008-04-13 19:17:18 83,072 ------w c:\windows\ServicePackFiles\i386\wdmaud.sys
+ 2008-04-14 00:12:08 276,480 ------w c:\windows\ServicePackFiles\i386\webcheck.dll
+ 2008-04-14 00:12:08 68,096 ------w c:\windows\ServicePackFiles\i386\webclnt.dll
+ 2008-04-14 00:12:08 135,680 ------w c:\windows\ServicePackFiles\i386\webvw.dll
+ 2008-04-14 00:12:39 65,024 ------w c:\windows\ServicePackFiles\i386\wextract.exe
+ 2008-04-14 00:12:39 433,664 ------w c:\windows\ServicePackFiles\i386\wiaacmgr.exe
+ 2008-04-14 00:12:08 463,360 ------w c:\windows\ServicePackFiles\i386\wiadefui.dll
+ 2008-04-14 00:12:08 124,416 ------w c:\windows\ServicePackFiles\i386\wiadss.dll
+ 2008-04-14 00:12:08 75,776 ------w c:\windows\ServicePackFiles\i386\wiascr.dll
+ 2008-04-14 00:12:08 333,824 ------w c:\windows\ServicePackFiles\i386\wiaservc.dll
+ 2008-04-14 00:12:08 589,312 ------w c:\windows\ServicePackFiles\i386\wiashext.dll
+ 2008-04-14 00:12:08 111,104 ------w c:\windows\ServicePackFiles\i386\wiavideo.dll
+ 2008-04-14 00:12:08 712,704 ------w c:\windows\ServicePackFiles\i386\wic.dll
+ 2008-04-14 00:12:08 346,112 ------w c:\windows\ServicePackFiles\i386\wicext.dll
+ 2008-04-13 19:30:10 1,845,632 ------w c:\windows\ServicePackFiles\i386\win32k.sys
+ 2008-04-14 00:12:08 102,400 ------w c:\windows\ServicePackFiles\i386\win32spl.dll
+ 2008-04-13 16:48:53 1,647,616 ------w c:\windows\ServicePackFiles\i386\winbrand.dll
+ 2008-04-14 00:12:39 283,648 ------w c:\windows\ServicePackFiles\i386\winhlp32.exe
+ 2008-04-14 00:12:08 354,304 ------w c:\windows\ServicePackFiles\i386\winhttp.dll
+ 2008-04-14 00:12:08 666,112 ------w c:\windows\ServicePackFiles\i386\wininet.dll
+ 2008-04-14 00:12:09 32,256 ------w c:\windows\ServicePackFiles\i386\winipsec.dll
+ 2008-04-14 00:12:39 507,904 ------w c:\windows\ServicePackFiles\i386\winlogon.exe
+ 2008-04-14 00:12:09 176,128 ------w c:\windows\ServicePackFiles\i386\winmm.dll
+ 2002-08-29 10:00:00 5,120 ------w c:\windows\ServicePackFiles\i386\winnls.dll
+ 2008-04-14 00:11:11 756,224 ------w c:\windows\ServicePackFiles\i386\winntbbu.dll
+ 2008-04-14 00:12:09 16,896 ------w c:\windows\ServicePackFiles\i386\winrnr.dll
+ 2008-04-14 00:12:09 99,328 ------w c:\windows\ServicePackFiles\i386\winscard.dll
+ 2008-04-14 00:12:09 17,408 ------w c:\windows\ServicePackFiles\i386\winshfhc.dll
+ 2008-04-14 00:12:45 146,432 ------w c:\windows\ServicePackFiles\i386\winspool.drv
+ 2008-04-14 00:12:09 293,376 ------w c:\windows\ServicePackFiles\i386\winsrv.dll
+ 2008-04-14 00:12:09 53,760 ------w c:\windows\ServicePackFiles\i386\winsta.dll
+ 2008-04-14 00:12:09 176,640 ------w c:\windows\ServicePackFiles\i386\wintrust.dll
+ 2008-04-14 00:12:40 5,632 ------w c:\windows\ServicePackFiles\i386\winver.exe
+ 2008-04-14 00:12:09 132,096 ------w c:\windows\ServicePackFiles\i386\wkssvc.dll
+ 2008-04-14 00:12:09 69,120 ------w c:\windows\ServicePackFiles\i386\wlanapi.dll
+ 2008-04-14 00:12:09 172,032 ------w c:\windows\ServicePackFiles\i386\wldap32.dll
+ 2002-08-29 03:59:26 154,624 ------w c:\windows\ServicePackFiles\i386\wlluc48.sys
+ 2008-04-14 00:12:09 92,672 ------w c:\windows\ServicePackFiles\i386\wlnotify.dll
+ 2004-08-04 07:56:46 408,064 ------w c:\windows\ServicePackFiles\i386\wmadmod.dll
+ 2004-08-04 07:56:46 670,720 ------w c:\windows\ServicePackFiles\i386\wmadmoe.dll
+ 2004-08-04 07:56:46 230,400 ------w c:\windows\ServicePackFiles\i386\wmasf.dll
+ 2004-08-04 07:56:46 27,136 ------w c:\windows\ServicePackFiles\i386\wmdmlog.dll
+ 2004-08-04 07:56:46 23,552 ------w c:\windows\ServicePackFiles\i386\wmdmps.dll
+ 2004-08-04 07:56:35 168,448 ------w c:\windows\ServicePackFiles\i386\wmerror.dll
+ 2008-04-14 00:11:15 5,632 ------w c:\windows\ServicePackFiles\i386\wmi.dll
+ 2008-04-13 18:36:38 8,832 ------w c:\windows\ServicePackFiles\i386\wmiacpi.sys
+ 2008-04-14 00:12:40 196,608 ------w c:\windows\ServicePackFiles\i386\wmiadap.exe
+ 2008-04-13 17:10:20 6,656 ------w c:\windows\ServicePackFiles\i386\wmiapres.dll
+ 2008-04-14 00:12:09 88,576 ------w c:\windows\ServicePackFiles\i386\wmiaprpl.dll
+ 2008-04-14 00:12:40 126,464 ------w c:\windows\ServicePackFiles\i386\wmiapsrv.exe
+ 2008-04-14 00:12:09 60,928 ------w c:\windows\ServicePackFiles\i386\wmicookr.dll
+ 2008-04-14 00:12:09 140,800 ------w c:\windows\ServicePackFiles\i386\wmidcprv.dll
+ 2004-08-04 07:56:46 151,552 ------w c:\windows\ServicePackFiles\i386\wmidx.dll
+ 2008-04-14 00:12:09 156,672 ------w c:\windows\ServicePackFiles\i386\wmipcima.dll
+ 2008-04-14 00:12:09 132,096 ------w c:\windows\ServicePackFiles\i386\wmipdskq.dll
+ 2008-04-14 00:12:09 61,952 ------w c:\windows\ServicePackFiles\i386\wmipiprt.dll
+ 2008-04-14 00:12:09 62,464 ------w c:\windows\ServicePackFiles\i386\wmipjobj.dll
+ 2008-04-14 00:12:09 144,896 ------w c:\windows\ServicePackFiles\i386\wmiprov.dll
+ 2008-04-14 00:12:09 437,248 ------w c:\windows\ServicePackFiles\i386\wmiprvsd.dll
+ 2008-04-14 00:12:40 218,112 ------w c:\windows\ServicePackFiles\i386\wmiprvse.exe
+ 2008-04-14 00:12:09 41,472 ------w c:\windows\ServicePackFiles\i386\wmipsess.dll
+ 2008-04-14 00:12:09 144,896 ------w c:\windows\ServicePackFiles\i386\wmisvc.dll
+ 2008-04-14 00:12:09 95,232 ------w c:\windows\ServicePackFiles\i386\wmiutils.dll
+ 2008-04-14 00:12:09 167,936 ------w c:\windows\ServicePackFiles\i386\wmm2ae.dll
+ 2008-04-14 00:12:09 4,096 ------w c:\windows\ServicePackFiles\i386\wmm2eres.dll
+ 2008-04-14 00:12:09 7,680 ------w c:\windows\ServicePackFiles\i386\wmm2ext.dll
+ 2008-04-14 00:12:09 402,432 ------w c:\windows\ServicePackFiles\i386\wmm2filt.dll
+ 2008-04-14 00:12:09 502,272 ------w c:\windows\ServicePackFiles\i386\wmm2fxa.dll
+ 2008-04-14 00:12:09 325,632 ------w c:\windows\ServicePackFiles\i386\wmm2fxb.dll
+ 2008-04-14 00:12:09 4,256,768 ------w c:\windows\ServicePackFiles\i386\wmm2res.dll
+ 2008-04-14 00:12:09 5,632 ------w c:\windows\ServicePackFiles\i386\wmm2res2.dll
+ 2004-08-04 07:56:46 1,050,624 ------w c:\windows\ServicePackFiles\i386\wmnetmgr.dll
+ 2004-08-04 07:56:46 4,874,240 ------w c:\windows\ServicePackFiles\i386\wmp.dll
+ 2004-08-04 07:56:46 114,688 ------w c:\windows\ServicePackFiles\i386\wmpasf.dll
+ 2004-08-04 07:56:46 98,304 ------w c:\windows\ServicePackFiles\i386\wmpband.dll
+ 2004-08-04 07:56:46 20,480 ------w c:\windows\ServicePackFiles\i386\wmpcd.dll
+ 2004-08-04 07:56:46 20,480 ------w c:\windows\ServicePackFiles\i386\wmpcore.dll
+ 2004-08-04 07:56:46 233,472 ------w c:\windows\ServicePackFiles\i386\wmpdxm.dll
+ 2008-04-14 00:12:09 276,992 ------w c:\windows\ServicePackFiles\i386\wmphoto.dll
+ 2004-08-04 07:56:57 73,728 ------w c:\windows\ServicePackFiles\i386\wmplayer.exe
+ 2004-08-04 07:56:36 2,940,928 ------w c:\windows\ServicePackFiles\i386\wmploc.dll
+ 2004-08-04 07:56:46 221,184 ------w c:\windows\ServicePackFiles\i386\wmpns.dll
+ 2004-08-04 07:56:46 102,400 ------w c:\windows\ServicePackFiles\i386\wmpshell.dll
+ 2004-08-04 07:56:46 20,480 ------w c:\windows\ServicePackFiles\i386\wmpui.dll
+ 2004-08-04 07:56:46 759,296 ------w c:\windows\ServicePackFiles\i386\wmsdmod.dll
+ 2004-08-04 07:56:46 115,200 ------w c:\windows\ServicePackFiles\i386\wmsdmoe.dll
+ 2004-08-04 07:56:46 1,119,744 ------w c:\windows\ServicePackFiles\i386\wmsdmoe2.dll
+ 2004-08-04 07:56:46 484,864 ------w c:\windows\ServicePackFiles\i386\wmspdmod.dll
+ 2004-08-04 07:56:46 896,512 ------w c:\windows\ServicePackFiles\i386\wmspdmoe.dll
+ 2004-08-04 07:56:46 303,616 ------w c:\windows\ServicePackFiles\i386\wmstream.dll
+ 2004-08-04 07:57:02 2,105,344 ------w c:\windows\ServicePackFiles\i386\wmvcore.dll
+ 2004-08-04 07:56:46 809,984 ------w c:\windows\ServicePackFiles\i386\wmvdmod.dll
+ 2004-08-04 07:56:46 1,001,472 ------w c:\windows\ServicePackFiles\i386\wmvdmoe2.dll
+ 2008-04-14 00:12:40 214,528 ------w c:\windows\ServicePackFiles\i386\wordpad.exe
+ 2008-04-14 00:12:10 264,192 ------w c:\windows\ServicePackFiles\i386\wow32.dll
+ 2008-04-14 00:12:40 32,256 ------w c:\windows\ServicePackFiles\i386\wpabaln.exe
+ 2008-04-14 00:12:41 11,264 ------w c:\windows\ServicePackFiles\i386\wpnpinst.exe
+ 2008-04-14 00:12:10 82,432 ------w c:\windows\ServicePackFiles\i386\ws2_32.dll
+ 2008-04-14 00:12:10 19,968 ------w c:\windows\ServicePackFiles\i386\ws2help.dll
+ 2008-04-14 00:12:41 13,824 ------w c:\windows\ServicePackFiles\i386\wscntfy.exe
+ 2008-04-14 00:12:41 155,648 ------w c:\windows\ServicePackFiles\i386\wscript.exe
+ 2008-04-14 00:12:10 80,896 ------w c:\windows\ServicePackFiles\i386\wscsvc.dll
+ 2008-04-14 00:12:10 108,032 ------w c:\windows\ServicePackFiles\i386\wshbth.dll
+ 2008-04-14 00:12:10 36,864 ------w c:\windows\ServicePackFiles\i386\wshcon.dll
+ 2008-04-14 00:12:10 90,112 ------w c:\windows\ServicePackFiles\i386\wshext.dll
+ 2008-04-14 00:12:10 14,336 ------w c:\windows\ServicePackFiles\i386\wship6.dll
+ 2008-04-14 00:12:10 8,192 ------w c:\windows\ServicePackFiles\i386\wshirda.dll
+ 2008-04-14 00:12:10 11,264 ------w c:\windows\ServicePackFiles\i386\wshrm.dll
+ 2008-04-14 00:12:10 19,456 ------w c:\windows\ServicePackFiles\i386\wshtcpip.dll
+ 2004-08-04 05:29:47 12,063 ------w c:\windows\ServicePackFiles\i386\wsiintxx.sys
+ 2008-04-14 00:12:10 41,984 ------w c:\windows\ServicePackFiles\i386\wsnmp32.dll
+ 2008-04-14 00:12:10 22,528 ------w c:\windows\ServicePackFiles\i386\wsock32.dll
+ 2008-04-13 18:46:24 19,200 ------w c:\windows\ServicePackFiles\i386\wstcodec.sys
+ 2008-04-14 00:12:10 50,688 ------w c:\windows\ServicePackFiles\i386\wstdecod.dll
+ 2008-04-14 00:12:10 18,432 ------w c:\windows\ServicePackFiles\i386\wtsapi32.dll
+ 2008-04-14 00:12:10 430,592 ------w c:\windows\ServicePackFiles\i386\wuapi.dll
+ 2008-04-14 00:12:41 111,104 ------w c:\windows\ServicePackFiles\i386\wuauclt.exe
+ 2008-04-14 00:12:41 165,888 ------w c:\windows\ServicePackFiles\i386\wuauclt1.exe
+ 2008-04-14 00:12:11 1,135,616 ------w c:\windows\ServicePackFiles\i386\wuaueng.dll
+ 2008-04-14 00:12:11 183,296 ------w c:\windows\ServicePackFiles\i386\wuaueng1.dll
+ 2008-04-14 00:12:11 6,656 ------w c:\windows\ServicePackFiles\i386\wuauserv.dll
+ 2008-04-14 00:12:11 112,640 ------w c:\windows\ServicePackFiles\i386\wucltui.dll
+ 2008-04-14 00:12:11 32,256 ------w c:\windows\ServicePackFiles\i386\wups.dll
+ 2008-04-14 00:12:11 120,320 ------w c:\windows\ServicePackFiles\i386\wuweb.dll
+ 2004-08-04 05:29:49 19,455 ------w c:\windows\ServicePackFiles\i386\wvchntxx.sys
+ 2008-04-14 00:12:11 383,488 ------w c:\windows\ServicePackFiles\i386\wzcdlg.dll
+ 2008-04-14 00:12:11 52,736 ------w c:\windows\ServicePackFiles\i386\wzcsapi.dll
+ 2008-04-14 00:12:11 483,840 ------w c:\windows\ServicePackFiles\i386\wzcsvc.dll
+ 2008-04-14 00:12:11 91,648 ------w c:\windows\ServicePackFiles\i386\xactsrv.dll
+ 2008-04-14 00:12:41 30,720 ------w c:\windows\ServicePackFiles\i386\xcopy.exe
+ 2004-07-17 18:39:14 174,200 ------w c:\windows\ServicePackFiles\i386\xenroll.dll
+ 2008-04-14 00:12:11 121,856 ------w c:\windows\ServicePackFiles\i386\xmllite.dll
+ 2008-04-14 00:12:11 129,024 ------w c:\windows\ServicePackFiles\i386\xmlprov.dll
+ 2008-04-14 00:12:11 50,176 ------w c:\windows\ServicePackFiles\i386\xmlprovi.dll
+ 2008-04-14 00:12:11 11,776 ------w c:\windows\ServicePackFiles\i386\xolehlp.dll
+ 2008-04-13 18:53:32 558,080 ------w c:\windows\ServicePackFiles\i386\xpnetdg.exe
+ 2008-04-13 17:39:29 438,784 ------w c:\windows\ServicePackFiles\i386\xpob2res.dll
+ 2008-04-13 17:39:22 187,392 ------w c:\windows\ServicePackFiles\i386\xpsp1res.dll
+ 2008-04-13 17:39:24 2,897,920 ------w c:\windows\ServicePackFiles\i386\xpsp2res.dll
+ 2008-04-13 17:39:26 689,152 ------w c:\windows\ServicePackFiles\i386\xpsp3res.dll
+ 2008-04-14 00:12:11 18,944 ------w c:\windows\ServicePackFiles\i386\xrxscnui.dll
+ 2008-04-14 00:12:11 116,224 ------w c:\windows\ServicePackFiles\i386\xrxwiadr.dll
+ 2008-04-14 00:12:11 338,432 ------w c:\windows\ServicePackFiles\i386\zipfldr.dll
+ 2008-04-14 00:11:51 33,792 ------w c:\windows\ServicePackFiles\ServicePackCache\i386\custsat.dll
+ 2008-04-14 00:11:59 82,944 ------w c:\windows\ServicePackFiles\ServicePackCache\i386\msgsc.dll
+ 2008-04-13 17:30:28 180,224 ------w c:\windows\ServicePackFiles\ServicePackCache\i386\msgslang.dll
+ 2008-04-14 00:12:28 1,695,232 ------w c:\windows\ServicePackFiles\ServicePackCache\i386\msmsgs.exe
+ 2008-04-14 00:12:35 32,866 ------w c:\windows\slrundll.exe
- 2002-08-29 10:00:00 3,346,432 ----a-w c:\windows\SRCHASST\MSGR3EN.DLL
+ 2008-04-14 00:11:59 3,166,208 ----a-w c:\windows\SRCHASST\msgr3en.dll
- 2002-08-29 10:00:00 106,562 ----a-w c:\windows\SRCHASST\SRCHCTLS.DLL
+ 2008-04-14 00:12:06 58,434 ----a-w c:\windows\SRCHASST\srchctls.dll
- 2002-08-29 10:00:00 798,782 ----a-w c:\windows\SRCHASST\SRCHUI.DLL
+ 2008-04-14 00:12:07 726,078 ----a-w c:\windows\SRCHASST\srchui.dll
- 2002-08-29 10:00:00 68,928 ----a-w c:\windows\SYSTEM\MMSYSTEM.DLL
+ 2004-08-04 05:51:11 68,768 ----a-w c:\windows\SYSTEM\mmsystem.dll
- 2002-08-29 10:00:00 132,096 ----a-w c:\windows\SYSTEM\WINSPOOL.DRV
+ 2008-04-14 00:12:45 146,432 ----a-w c:\windows\SYSTEM\winspool.drv
GRBrown
Jan 21 2009, 06:59 PM
- 2002-08-29 10:00:00 59,392 ----a-w c:\windows\SYSTEM32\6TO4SVC.DLL
+ 2008-04-14 00:11:48 100,352 ----a-w c:\windows\SYSTEM32\6to4svc.dll
- 2002-11-20 18:50:50 179,200 ----a-w c:\windows\SYSTEM32\accwiz.exe
+ 2008-04-14 00:12:11 184,320 ----a-w c:\windows\SYSTEM32\accwiz.exe
- 2002-08-29 10:00:00 107,008 ----a-w c:\windows\SYSTEM32\ACLUI.DLL
+ 2008-04-14 00:11:48 115,712 ----a-w c:\windows\SYSTEM32\aclui.dll
- 2002-08-29 10:00:00 181,760 ----a-w c:\windows\SYSTEM32\ACTIVEDS.DLL
+ 2008-04-14 00:11:48 193,536 ----a-w c:\windows\SYSTEM32\activeds.dll
- 2002-08-29 10:00:00 4,096 ----a-w c:\windows\SYSTEM32\ACTMOVIE.EXE
+ 2008-04-14 00:12:12 4,096 ----a-w c:\windows\SYSTEM32\actmovie.exe
- 2002-08-29 10:00:00 98,304 ----a-w c:\windows\SYSTEM32\ACTXPRXY.DLL
+ 2008-04-14 00:11:48 98,304 ----a-w c:\windows\SYSTEM32\actxprxy.dll
- 2002-08-29 10:00:00 57,344 ----a-w c:\windows\SYSTEM32\ADMPARSE.DLL
+ 2007-08-13 23:39:20 71,680 ----a-w c:\windows\SYSTEM32\admparse.dll
- 2002-08-29 10:00:00 162,816 ----a-w c:\windows\SYSTEM32\ADSLDP.DLL
+ 2008-04-14 00:11:48 175,616 ----a-w c:\windows\SYSTEM32\adsldp.dll
- 2002-08-29 10:00:00 139,776 ----a-w c:\windows\SYSTEM32\ADSLDPC.DLL
+ 2008-04-14 00:11:48 143,360 ----a-w c:\windows\SYSTEM32\adsldpc.dll
- 2002-08-29 10:00:00 62,464 ----a-w c:\windows\SYSTEM32\ADSMSEXT.DLL
+ 2008-04-14 00:11:48 68,096 ----a-w c:\windows\SYSTEM32\adsmsext.dll
- 2002-08-29 10:00:00 239,616 ----a-w c:\windows\SYSTEM32\ADSNT.DLL
+ 2008-04-14 00:11:48 263,680 ----a-w c:\windows\SYSTEM32\adsnt.dll
- 2002-08-29 10:00:00 558,080 ----a-w c:\windows\SYSTEM32\ADVAPI32.DLL
+ 2008-04-14 00:11:48 617,472 ----a-w c:\windows\SYSTEM32\advapi32.dll
- 2002-08-29 10:00:00 91,136 ----a-w c:\windows\SYSTEM32\ADVPACK.DLL
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
- 2002-08-29 10:00:00 91,648 ----a-w c:\windows\SYSTEM32\AHUI.EXE
+ 2008-04-14 00:12:12 98,304 ----a-w c:\windows\SYSTEM32\ahui.exe
- 2002-08-29 10:00:00 41,984 ----a-w c:\windows\SYSTEM32\ALG.EXE
+ 2008-04-14 00:12:12 44,544 ----a-w c:\windows\SYSTEM32\alg.exe
- 2002-08-29 10:00:00 15,872 ----a-w c:\windows\SYSTEM32\ALRSVC.DLL
+ 2008-04-14 00:11:49 17,408 ----a-w c:\windows\SYSTEM32\alrsvc.dll
- 2002-12-12 05:14:32 64,512 ----a-w c:\windows\SYSTEM32\amstream.dll
+ 2008-04-14 00:11:49 70,656 ----a-w c:\windows\SYSTEM32\amstream.dll
- 2002-08-29 10:00:00 115,712 ----a-w c:\windows\SYSTEM32\APPHELP.DLL
+ 2008-04-14 00:11:49 125,952 ----a-w c:\windows\SYSTEM32\apphelp.dll
- 2002-08-29 10:00:00 5,120 ----a-w c:\windows\SYSTEM32\ASFERROR.DLL
+ 2008-04-13 17:23:38 8,192 ----a-w c:\windows\SYSTEM32\asferror.dll
- 2002-08-29 10:00:00 77,824 ----a-w c:\windows\SYSTEM32\ASYCFILT.DLL
+ 2008-04-14 00:11:49 65,024 ----a-w c:\windows\SYSTEM32\asycfilt.dll
- 2002-08-29 10:00:00 22,528 ----a-w c:\windows\SYSTEM32\AT.EXE
+ 2008-04-14 00:12:12 25,088 ----a-w c:\windows\SYSTEM32\at.exe
+ 2008-04-14 00:11:49 229,376 ------w c:\windows\SYSTEM32\ati2cqag.dll
+ 2008-04-14 00:11:49 377,984 ------w c:\windows\SYSTEM32\ati2dvaa.dll
+ 2008-04-14 00:11:49 201,728 ------w c:\windows\SYSTEM32\ati2dvag.dll
+ 2008-04-14 00:11:49 870,784 ------w c:\windows\SYSTEM32\ati3d1ag.dll
+ 2008-04-14 00:11:50 1,888,992 ------w c:\windows\SYSTEM32\ati3duag.dll
+ 2008-04-14 00:11:50 32,768 ------w c:\windows\SYSTEM32\ativtmxx.dll
+ 2008-04-14 00:11:50 516,768 ------w c:\windows\SYSTEM32\ativvaxx.dll
- 2002-08-29 10:00:00 74,810 ----a-w c:\windows\SYSTEM32\ATL.DLL
+ 2008-04-14 00:11:50 58,880 ----a-w c:\windows\SYSTEM32\atl.dll
- 2002-08-29 10:00:00 10,240 ----a-w c:\windows\SYSTEM32\ATMADM.EXE
+ 2008-04-14 00:12:12 11,264 ----a-w c:\windows\SYSTEM32\atmadm.exe
- 2002-08-29 10:00:00 272,768 ----a-w c:\windows\SYSTEM32\ATMFD.DLL
+ 2008-04-14 00:09:01 285,696 ----a-w c:\windows\SYSTEM32\atmfd.dll
- 2002-08-29 10:00:00 27,136 ----a-w c:\windows\SYSTEM32\ATMLIB.DLL
+ 2008-04-14 00:11:50 30,208 ----a-w c:\windows\SYSTEM32\atmlib.dll
- 2002-08-29 10:00:00 11,264 ----a-w c:\windows\SYSTEM32\ATTRIB.EXE
+ 2008-04-14 00:12:12 12,288 ----a-w c:\windows\SYSTEM32\attrib.exe
- 2002-08-29 10:00:00 38,912 ----a-w c:\windows\SYSTEM32\AUDIOSRV.DLL
+ 2008-04-14 00:11:50 42,496 ----a-w c:\windows\SYSTEM32\audiosrv.dll
+ 2008-04-14 00:12:12 14,336 ------w c:\windows\SYSTEM32\auditusr.exe
- 2005-03-02 18:20:03 53,760 ----a-w c:\windows\SYSTEM32\authz.dll
+ 2008-04-14 00:11:50 62,464 ----a-w c:\windows\SYSTEM32\authz.dll
- 2002-08-29 10:00:00 565,760 ----a-w c:\windows\SYSTEM32\AUTOCHK.EXE
+ 2008-04-14 00:12:12 588,800 ----a-w c:\windows\SYSTEM32\autochk.exe
- 2002-08-29 10:00:00 578,560 ----a-w c:\windows\SYSTEM32\AUTOCONV.EXE
+ 2008-04-14 00:12:12 602,624 ----a-w c:\windows\SYSTEM32\autoconv.exe
- 2002-08-29 10:00:00 558,592 ----a-w c:\windows\SYSTEM32\AUTOFMT.EXE
+ 2008-04-14 00:12:13 580,608 ----a-w c:\windows\SYSTEM32\autofmt.exe
- 2002-08-29 10:00:00 8,192 ----a-w c:\windows\SYSTEM32\AUTOLFN.EXE
+ 2008-04-14 00:12:13 11,264 ----a-w c:\windows\SYSTEM32\autolfn.exe
- 2002-08-29 10:00:00 76,288 ----a-w c:\windows\SYSTEM32\AVIFIL32.DLL
+ 2008-04-14 00:11:50 84,992 ----a-w c:\windows\SYSTEM32\avifil32.dll
- 2002-08-29 10:00:00 44,032 ----a-w c:\windows\SYSTEM32\BASESRV.DLL
+ 2008-04-14 00:11:50 52,736 ----a-w c:\windows\SYSTEM32\basesrv.dll
- 2002-08-29 10:00:00 27,136 ----a-w c:\windows\SYSTEM32\BATMETER.DLL
+ 2008-04-14 00:11:50 29,184 ----a-w c:\windows\SYSTEM32\batmeter.dll
- 2002-08-29 10:00:00 6,656 ----a-w c:\windows\SYSTEM32\BATT.DLL
+ 2008-04-14 00:11:50 8,704 ----a-w c:\windows\SYSTEM32\batt.dll
- 2002-08-29 10:00:00 14,848 ----a-w c:\windows\SYSTEM32\BIDISPL.DLL
+ 2008-04-14 00:11:50 17,408 ----a-w c:\windows\SYSTEM32\bidispl.dll
- 2004-07-01 22:08:18 361,984 ----a-w c:\windows\SYSTEM32\bits\qmgr.dll
+ 2008-04-14 00:12:03 409,088 ----a-w c:\windows\SYSTEM32\bits\qmgr.dll
- 2004-07-01 22:08:18 7,680 ----a-w c:\windows\SYSTEM32\bitsprx2.dll
+ 2008-04-14 00:11:50 8,192 ----a-w c:\windows\SYSTEM32\bitsprx2.dll
- 2004-07-01 22:08:18 7,168 ----a-w c:\windows\SYSTEM32\bitsprx3.dll
+ 2008-04-14 00:11:50 7,168 ----a-w c:\windows\SYSTEM32\bitsprx3.dll
- 2002-12-11 23:09:20 232,960 ----a-w c:\windows\SYSTEM32\blackbox.dll
+ 2008-04-14 00:11:50 286,720 ----a-w c:\windows\SYSTEM32\blackbox.dll
+ 2008-04-14 00:12:13 71,680 ------w c:\windows\SYSTEM32\blastcln.exe
- 2002-08-29 10:00:00 62,976 ----a-w c:\windows\SYSTEM32\BROWSELC.DLL
+ 2008-04-13 17:03:24 63,488 ----a-w c:\windows\SYSTEM32\browselc.dll
- 2002-08-29 10:00:00 49,152 ----a-w c:\windows\SYSTEM32\BROWSER.DLL
+ 2008-04-14 00:11:50 77,824 ----a-w c:\windows\SYSTEM32\browser.dll
- 2005-02-18 20:09:14 1,017,856 ----a-w c:\windows\SYSTEM32\BROWSEUI.DLL
+ 2008-04-14 00:11:50 1,025,024 ----a-w c:\windows\SYSTEM32\browseui.dll
- 2002-08-29 10:00:00 71,680 ----a-w c:\windows\SYSTEM32\BROWSEWM.DLL
+ 2008-04-14 00:11:50 78,336 ----a-w c:\windows\SYSTEM32\browsewm.dll
+ 2008-04-14 00:11:50 20,992 ------w c:\windows\SYSTEM32\bthci.dll
+ 2008-04-14 00:11:50 30,208 ------w c:\windows\SYSTEM32\bthserv.dll
+ 2008-04-14 00:11:50 50,688 ------w c:\windows\SYSTEM32\btpanui.dll
- 2002-08-29 10:00:00 59,904 ----a-w c:\windows\SYSTEM32\CABINET.DLL
+ 2008-04-14 00:11:50 60,416 ----a-w c:\windows\SYSTEM32\cabinet.dll
- 2002-08-29 10:00:00 80,384 ----a-w c:\windows\SYSTEM32\CABVIEW.DLL
+ 2008-04-14 00:11:50 84,480 ----a-w c:\windows\SYSTEM32\cabview.dll
- 2002-08-29 10:00:00 18,432 ----a-w c:\windows\SYSTEM32\CACLS.EXE
+ 2008-04-14 00:12:13 19,968 ----a-w c:\windows\SYSTEM32\cacls.exe
- 2002-08-29 10:00:00 45,056 ----a-w c:\windows\SYSTEM32\CAMOCX.DLL
+ 2008-04-14 00:11:50 50,688 ----a-w c:\windows\SYSTEM32\camocx.dll
- 2002-08-29 10:00:00 142,848 ----a-w c:\windows\SYSTEM32\CAPESNPN.DLL
+ 2008-04-14 00:11:50 150,016 ----a-w c:\windows\SYSTEM32\capesnpn.dll
- 2004-03-06 02:16:10 225,280 ----a-w c:\windows\SYSTEM32\CATSRV.DLL
+ 2008-04-14 00:11:50 226,304 ----a-w c:\windows\SYSTEM32\catsrv.dll
- 2002-08-29 10:00:00 85,504 ----a-w c:\windows\SYSTEM32\CATSRVPS.DLL
+ 2008-04-14 00:11:50 85,504 ----a-w c:\windows\SYSTEM32\catsrvps.dll
- 2004-03-06 02:16:10 594,944 ----a-w c:\windows\SYSTEM32\CATSRVUT.DLL
+ 2008-04-14 00:11:50 625,664 ----a-w c:\windows\SYSTEM32\catsrvut.dll
- 2004-12-07 22:43:02 143,360 ----a-w c:\windows\SYSTEM32\CDFVIEW.DLL
+ 2008-04-14 00:11:50 151,040 ----a-w c:\windows\SYSTEM32\cdfview.dll
- 2007-07-30 23:19:20 92,504 ----a-w c:\windows\SYSTEM32\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
- 2002-08-29 10:00:00 2,028,032 ----a-w c:\windows\SYSTEM32\CDOSYS.DLL
+ 2008-04-14 00:11:50 2,091,520 ----a-w c:\windows\SYSTEM32\cdosys.dll
- 2002-08-29 10:00:00 186,880 ----a-w c:\windows\SYSTEM32\CERTCLI.DLL
+ 2008-04-14 00:11:50 194,560 ----a-w c:\windows\SYSTEM32\certcli.dll
- 2002-08-29 10:00:00 436,736 ----a-w c:\windows\SYSTEM32\CERTMGR.DLL
+ 2008-04-14 00:11:50 457,728 ----a-w c:\windows\SYSTEM32\certmgr.dll
- 2002-11-27 00:03:32 159,232 ----a-w c:\windows\SYSTEM32\cewmdm.dll
+ 2008-04-14 00:11:50 159,232 ----a-w c:\windows\SYSTEM32\cewmdm.dll
- 2002-08-29 10:00:00 32,768 ----a-w c:\windows\SYSTEM32\CFGBKEND.DLL
+ 2008-04-14 00:11:50 38,912 ----a-w c:\windows\SYSTEM32\cfgbkend.dll
- 2002-08-29 10:00:00 16,896 ----a-w c:\windows\SYSTEM32\CFGMGR32.DLL
+ 2008-04-14 00:09:05 16,896 ----a-w c:\windows\SYSTEM32\cfgmgr32.dll
- 2002-08-29 10:00:00 109,568 ----a-w c:\windows\SYSTEM32\CIC.DLL
+ 2008-04-14 00:11:50 148,480 ----a-w c:\windows\SYSTEM32\cic.dll
- 2004-10-28 15:45:58 64,512 ----a-w c:\windows\SYSTEM32\ciodm.dll
+ 2008-04-14 00:11:50 69,120 ----a-w c:\windows\SYSTEM32\ciodm.dll
- 2002-08-29 10:00:00 5,120 ----a-w c:\windows\SYSTEM32\CISVC.EXE
+ 2008-04-14 00:12:14 5,632 ----a-w c:\windows\SYSTEM32\cisvc.exe
- 2004-03-06 02:16:10 110,080 ----a-w c:\windows\SYSTEM32\CLBCATEX.DLL
+ 2008-04-14 00:11:50 110,592 ----a-w c:\windows\SYSTEM32\clbcatex.dll
- 2004-03-06 02:16:12 499,712 ----a-w c:\windows\SYSTEM32\CLBCATQ.DLL
+ 2008-04-14 00:11:50 498,688 ----a-w c:\windows\SYSTEM32\clbcatq.dll
- 2002-08-29 10:00:00 61,440 ----a-w c:\windows\SYSTEM32\CLEANMGR.EXE
+ 2008-04-14 00:12:14 64,000 ----a-w c:\windows\SYSTEM32\cleanmgr.exe
- 2002-09-26 19:30:36 73,728 ----a-w c:\windows\SYSTEM32\cliconfg.dll
+ 2008-04-14 00:11:50 77,824 ----a-w c:\windows\SYSTEM32\cliconfg.dll
- 2002-09-26 19:30:38 20,480 ----a-w c:\windows\SYSTEM32\cliconfg.exe
+ 2008-04-14 00:12:14 20,480 ----a-w c:\windows\SYSTEM32\cliconfg.exe
- 2002-08-29 10:00:00 98,816 ----a-w c:\windows\SYSTEM32\CLIPBRD.EXE
+ 2008-04-14 00:12:14 102,912 ----a-w c:\windows\SYSTEM32\clipbrd.exe
- 2002-08-29 10:00:00 30,720 ----a-w c:\windows\SYSTEM32\CLIPSRV.EXE
+ 2008-04-14 00:12:14 33,280 ----a-w c:\windows\SYSTEM32\clipsrv.exe
- 2002-08-29 10:00:00 54,272 ----a-w c:\windows\SYSTEM32\CLUSAPI.DLL
+ 2008-04-14 00:11:50 58,368 ----a-w c:\windows\SYSTEM32\clusapi.dll
- 2002-08-29 10:00:00 12,288 ----a-w c:\windows\SYSTEM32\CMCFG32.DLL
+ 2008-04-14 00:11:50 15,872 ----a-w c:\windows\SYSTEM32\cmcfg32.dll
- 2002-08-29 10:00:00 375,808 ------w c:\windows\SYSTEM32\CMD.EXE
+ 2008-04-14 00:12:14 389,120 ------w c:\windows\SYSTEM32\cmd.exe
- 2002-08-29 10:00:00 324,608 ----a-w c:\windows\SYSTEM32\CMDIAL32.DLL
+ 2008-04-14 00:11:50 344,064 ----a-w c:\windows\SYSTEM32\cmdial32.dll
- 2002-08-29 10:00:00 41,472 ----a-w c:\windows\SYSTEM32\CMDL32.EXE
+ 2008-04-14 00:12:14 25,600 ----a-w c:\windows\SYSTEM32\cmdl32.exe
- 2002-08-29 10:00:00 35,840 ----a-w c:\windows\SYSTEM32\CMMON32.EXE
+ 2008-04-14 00:12:15 39,936 ----a-w c:\windows\SYSTEM32\cmmon32.exe
- 2002-08-29 10:00:00 174,592 ----a-w c:\windows\SYSTEM32\CMPROPS.DLL
+ 2008-04-14 00:11:50 185,344 ----a-w c:\windows\SYSTEM32\cmprops.dll
+ 2008-04-14 00:11:50 13,312 ------w c:\windows\SYSTEM32\cmsetacl.dll
- 2002-08-29 10:00:00 54,784 ----a-w c:\windows\SYSTEM32\CMSTP.EXE
+ 2008-04-14 00:12:15 63,488 ----a-w c:\windows\SYSTEM32\cmstp.exe
- 2002-08-29 10:00:00 36,352 ----a-w c:\windows\SYSTEM32\CMUTIL.DLL
+ 2008-04-14 00:11:50 39,424 ----a-w c:\windows\SYSTEM32\cmutil.dll
- 2002-08-29 10:00:00 45,568 ----a-w c:\windows\SYSTEM32\CNBJMON.DLL
+ 2008-04-14 00:11:50 47,104 ----a-w c:\windows\SYSTEM32\cnbjmon.dll
- 2004-03-06 02:16:10 64,512 ----a-w c:\windows\SYSTEM32\COLBACT.DLL
+ 2008-04-14 00:11:51 60,416 ----a-w c:\windows\SYSTEM32\colbact.dll
- 2004-03-06 02:16:10 187,904 ----a-w c:\windows\SYSTEM32\Com\COMADMIN.DLL
+ 2008-04-14 00:11:51 195,072 ----a-w c:\windows\SYSTEM32\Com\comadmin.dll
- 2004-02-17 18:49:58 8,192 ----a-w c:\windows\SYSTEM32\Com\COMREPL.EXE
+ 2008-04-14 00:12:15 9,728 ----a-w c:\windows\SYSTEM32\Com\comrepl.exe
- 2002-08-29 10:00:00 5,120 ----a-w c:\windows\SYSTEM32\Com\COMREREG.EXE
+ 2008-04-14 00:12:15 6,144 ----a-w c:\windows\SYSTEM32\Com\comrereg.exe
- 2004-02-17 18:50:10 6,656 ----a-w c:\windows\SYSTEM32\Com\MIGREGDB.EXE
+ 2008-04-14 00:12:25 7,680 ----a-w c:\windows\SYSTEM32\Com\migregdb.exe
- 2002-08-29 10:00:00 25,600 ----a-w c:\windows\SYSTEM32\COMADDIN.DLL
+ 2008-04-14 00:11:51 28,160 ----a-w c:\windows\SYSTEM32\comaddin.dll
- 2002-08-29 10:00:00 557,056 ----a-w c:\windows\SYSTEM32\COMCTL32.DLL
+ 2008-04-14 00:11:51 617,472 ----a-w c:\windows\SYSTEM32\comctl32.dll
- 2002-08-29 10:00:00 258,048 ----a-w c:\windows\SYSTEM32\COMDLG32.DLL
+ 2008-04-14 00:11:51 276,992 ----a-w c:\windows\SYSTEM32\comdlg32.dll
- 2002-08-29 10:00:00 238,592 ----a-w c:\windows\SYSTEM32\compatUI.dll
+ 2008-04-14 00:11:51 252,928 ----a-w c:\windows\SYSTEM32\compatui.dll
- 2002-08-29 10:00:00 222,208 ----a-w c:\windows\SYSTEM32\COMPSTUI.DLL
+ 2008-04-14 00:11:51 229,376 ----a-w c:\windows\SYSTEM32\compstui.dll
- 2002-08-29 10:00:00 82,432 ----a-w c:\windows\SYSTEM32\COMREPL.DLL
+ 2008-04-14 00:11:51 97,792 ----a-w c:\windows\SYSTEM32\comrepl.dll
- 2002-08-29 10:00:00 792,064 ----a-w c:\windows\SYSTEM32\COMRES.DLL
+ 2008-04-14 00:11:51 792,064 ----a-w c:\windows\SYSTEM32\comres.dll
- 2002-08-29 10:00:00 147,456 ----a-w c:\windows\SYSTEM32\COMSNAP.DLL
+ 2008-04-14 00:11:51 167,424 ----a-w c:\windows\SYSTEM32\comsnap.dll
- 2004-03-06 02:16:12 1,194,496 ----a-w c:\windows\SYSTEM32\COMSVCS.DLL
+ 2008-04-14 00:11:51 1,267,200 ----a-w c:\windows\SYSTEM32\comsvcs.dll
- 2004-03-06 02:16:10 499,200 ----a-w c:\windows\SYSTEM32\COMUID.DLL
+ 2008-04-14 00:11:51 539,648 ----a-w c:\windows\SYSTEM32\comuid.dll
- 2009-01-16 02:37:48 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2009-01-19 06:30:48 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2009-01-16 02:37:48 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-01-19 06:30:48 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-01-19 06:30:43 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012009011920090120\index.dat
- 2009-01-16 02:38:22 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-19 06:30:48 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2002-08-29 10:00:00 345,600 ----a-w c:\windows\SYSTEM32\CONFMSP.DLL
+ 2008-04-14 00:11:51 357,888 ----a-w c:\windows\SYSTEM32\confmsp.dll
- 2002-08-29 10:00:00 24,576 ----a-w c:\windows\SYSTEM32\CONIME.EXE
+ 2008-04-14 00:12:15 27,648 ----a-w c:\windows\SYSTEM32\conime.exe
- 2002-08-29 10:00:00 14,877 ----a-w c:\windows\SYSTEM32\CORPOL.DLL
+ 2008-04-14 00:11:51 35,328 ----a-w c:\windows\SYSTEM32\corpol.dll
+ 2008-04-14 00:11:51 12,800 ------w c:\windows\SYSTEM32\credssp.dll
- 2002-08-29 10:00:00 158,720 ----a-w c:\windows\SYSTEM32\CREDUI.DLL
+ 2008-04-14 00:11:51 163,840 ----a-w c:\windows\SYSTEM32\credui.dll
- 2002-09-23 22:10:26 544,256 ----a-w c:\windows\SYSTEM32\crypt32.dll
+ 2008-04-14 00:11:51 599,040 ----a-w c:\windows\SYSTEM32\crypt32.dll
- 2002-08-29 10:00:00 70,144 ----a-w c:\windows\SYSTEM32\CRYPTDLG.DLL
+ 2008-04-14 00:11:51 74,752 ----a-w c:\windows\SYSTEM32\cryptdlg.dll
- 2002-08-29 10:00:00 29,184 ----a-w c:\windows\SYSTEM32\CRYPTDLL.DLL
+ 2008-04-14 00:11:51 33,280 ----a-w c:\windows\SYSTEM32\cryptdll.dll
- 2002-08-29 10:00:00 48,640 ----a-w c:\windows\SYSTEM32\CRYPTEXT.DLL
+ 2008-04-14 00:11:51 53,760 ----a-w c:\windows\SYSTEM32\cryptext.dll
- 2002-08-29 10:00:00 53,248 ----a-w c:\windows\SYSTEM32\CRYPTNET.DLL
+ 2008-04-14 00:11:51 64,512 ----a-w c:\windows\SYSTEM32\cryptnet.dll
- 2003-03-26 00:40:14 53,760 ----a-w c:\windows\SYSTEM32\cryptsvc.dll
+ 2008-04-14 00:11:51 62,464 ----a-w c:\windows\SYSTEM32\cryptsvc.dll
- 2003-07-24 21:40:22 477,696 ----a-w c:\windows\SYSTEM32\cryptui.dll
+ 2008-04-14 00:11:51 512,512 ----a-w c:\windows\SYSTEM32\cryptui.dll
- 2004-10-28 01:29:54 92,160 ----a-w c:\windows\SYSTEM32\cscdll.dll
+ 2008-04-14 00:11:51 101,888 ----a-w c:\windows\SYSTEM32\cscdll.dll
- 2002-08-29 10:00:00 102,450 ----a-w c:\windows\SYSTEM32\CSCRIPT.EXE
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\SYSTEM32\cscript.exe
- 2002-08-29 10:00:00 307,712 ----a-w c:\windows\SYSTEM32\CSCUI.DLL
+ 2008-04-14 00:11:51 326,656 ----a-w c:\windows\SYSTEM32\cscui.dll
- 2002-08-29 10:00:00 29,184 ----a-w c:\windows\SYSTEM32\CSRSRV.DLL
+ 2008-04-14 00:11:51 32,256 ----a-w c:\windows\SYSTEM32\csrsrv.dll
- 2002-08-29 10:00:00 4,096 ----a-w c:\windows\SYSTEM32\CSRSS.EXE
+ 2008-04-14 00:12:15 6,144 ----a-w c:\windows\SYSTEM32\csrss.exe
- 2002-08-29 10:00:00 13,312 ------w c:\windows\SYSTEM32\CTFMON.EXE
+ 2008-04-14 00:12:16 15,360 ----a-w c:\windows\SYSTEM32\ctfmon.exe
- 2002-12-12 05:14:32 1,177,600 ----a-w c:\windows\SYSTEM32\d3d8.dll
+ 2008-04-14 00:11:51 1,179,648 ----a-w c:\windows\SYSTEM32\d3d8.dll
- 2002-12-12 05:14:32 8,192 ----a-w c:\windows\SYSTEM32\d3d8thk.dll
+ 2008-04-14 00:11:51 8,192 ----a-w c:\windows\SYSTEM32\d3d8thk.dll
- 2003-05-30 14:00:02 1,634,304 ----a-w c:\windows\SYSTEM32\d3d9.dll
+ 2008-04-14 00:11:51 1,689,088 ----a-w c:\windows\SYSTEM32\d3d9.dll
- 2003-05-30 14:00:02 797,184 ----a-w c:\windows\SYSTEM32\d3dim700.dll
+ 2008-04-14 00:11:51 824,320 ----a-w c:\windows\SYSTEM32\d3dim700.dll
- 2002-08-29 10:00:00 986,112 ----a-w c:\windows\SYSTEM32\DANIM.DLL
+ 2008-04-14 00:11:51 1,054,208 ----a-w c:\windows\SYSTEM32\danim.dll
- 2002-08-29 10:00:00 51,712 ----a-w c:\windows\SYSTEM32\DATACLEN.DLL
+ 2008-04-14 00:11:51 54,272 ----a-w c:\windows\SYSTEM32\dataclen.dll
- 2002-08-29 10:00:00 152,064 ----a-w c:\windows\SYSTEM32\DATIME.DLL
+ 2008-04-14 00:11:51 165,376 ----a-w c:\windows\SYSTEM32\datime.dll
- 2002-08-29 10:00:00 22,016 ----a-w c:\windows\SYSTEM32\DAVCLNT.DLL
+ 2008-04-14 00:11:51 25,088 ----a-w c:\windows\SYSTEM32\davclnt.dll
- 2002-08-29 10:00:00 489,984 ----a-w c:\windows\SYSTEM32\DBGHELP.DLL
+ 2008-04-14 00:11:51 640,000 ----a-w c:\windows\SYSTEM32\dbghelp.dll
- 2002-08-29 10:00:00 24,576 ----a-w c:\windows\SYSTEM32\DBMSRPCN.DLL
+ 2008-04-14 00:11:51 24,576 ----a-w c:\windows\SYSTEM32\dbmsrpcn.dll
- 2003-10-28 01:12:42 61,440 ----a-w c:\windows\SYSTEM32\DBnetlib.dll
+ 2008-04-14 00:11:51 110,592 ----a-w c:\windows\SYSTEM32\dbnetlib.dll
- 2002-08-29 10:00:00 28,672 ----a-w c:\windows\SYSTEM32\DBNMPNTW.DLL
+ 2008-04-14 00:11:51 28,672 ----a-w c:\windows\SYSTEM32\dbnmpntw.dll
- 2002-08-29 10:00:00 1,740 ----a-w c:\windows\SYSTEM32\Dcache.bin
+ 2008-04-14 00:25:26 1,804 ----a-w c:\windows\SYSTEM32\dcache.bin
- 2002-08-29 10:00:00 7,680 ----a-w c:\windows\SYSTEM32\DCIMAN32.DLL
+ 2008-04-14 00:11:51 8,704 ----a-w c:\windows\SYSTEM32\dciman32.dll
- 2002-08-29 10:00:00 5,120 ----a-w c:\windows\SYSTEM32\DCOMCNFG.EXE
+ 2008-04-14 00:12:16 6,144 ----a-w c:\windows\SYSTEM32\dcomcnfg.exe
- 2002-08-29 10:00:00 27,136 ----a-w c:\windows\SYSTEM32\DDESHARE.EXE
+ 2008-04-14 00:12:16 30,208 ----a-w c:\windows\SYSTEM32\ddeshare.exe
- 2002-12-12 05:14:32 284,160 ----a-w c:\windows\SYSTEM32\ddraw.dll
+ 2008-04-14 00:11:51 279,552 ----a-w c:\windows\SYSTEM32\ddraw.dll
- 2002-12-12 05:14:32 24,064 ----a-w c:\windows\SYSTEM32\ddrawex.dll
+ 2008-04-14 00:11:51 27,136 ----a-w c:\windows\SYSTEM32\ddrawex.dll
- 2002-08-29 10:00:00 70,656 ----a-w c:\windows\SYSTEM32\DEFRAG.EXE
+ 2008-04-14 00:12:16 25,088 ----a-w c:\windows\SYSTEM32\defrag.exe
- 2003-05-30 14:00:02 132,608 ----a-w c:\windows\SYSTEM32\devenum.dll
+ 2008-04-14 00:11:51 59,904 ----a-w c:\windows\SYSTEM32\devenum.dll
- 2002-08-29 10:00:00 263,168 ----a-w c:\windows\SYSTEM32\DEVMGR.DLL
+ 2008-04-14 00:11:51 282,624 ----a-w c:\windows\SYSTEM32\devmgr.dll
- 2002-08-29 10:00:00 76,288 ----a-w c:\windows\SYSTEM32\DFRGFAT.EXE
+ 2008-04-14 00:12:16 82,944 ----a-w c:\windows\SYSTEM32\dfrgfat.exe
- 2002-08-29 10:00:00 99,328 ----a-w c:\windows\SYSTEM32\DFRGNTFS.EXE
+ 2008-04-14 00:12:16 105,472 ----a-w c:\windows\SYSTEM32\dfrgntfs.exe
- 2002-08-29 10:00:00 35,328 ----a-w c:\windows\SYSTEM32\DFRGSNAP.DLL
+ 2008-04-14 00:11:51 39,424 ----a-w c:\windows\SYSTEM32\dfrgsnap.dll
- 2002-08-29 10:00:00 113,152 ----a-w c:\windows\SYSTEM32\DFRGUI.DLL
+ 2008-04-14 00:11:51 124,416 ----a-w c:\windows\SYSTEM32\dfrgui.dll
- 2002-08-29 10:00:00 25,600 ----a-w c:\windows\SYSTEM32\DFSSHLEX.DLL
+ 2008-04-14 00:11:51 28,672 ----a-w c:\windows\SYSTEM32\dfsshlex.dll
- 2002-08-29 10:00:00 103,424 ----a-w c:\windows\SYSTEM32\DGNET.DLL
+ 2008-04-14 00:11:51 111,104 ----a-w c:\windows\SYSTEM32\dgnet.dll
- 2003-10-07 01:30:25 99,840 ----a-w c:\windows\SYSTEM32\dhcpcsvc.dll
+ 2008-04-14 00:11:51 126,976 ----a-w c:\windows\SYSTEM32\dhcpcsvc.dll
- 2002-08-29 10:00:00 370,176 ----a-w c:\windows\SYSTEM32\DHCPMON.DLL
+ 2008-04-14 00:11:52 379,904 ----a-w c:\windows\SYSTEM32\dhcpmon.dll
+ 2008-04-14 00:11:52 48,640 ------w c:\windows\SYSTEM32\dhcpqec.dll
- 2002-08-29 10:00:00 79,360 ----a-w c:\windows\SYSTEM32\DIANTZ.EXE
+ 2008-04-14 00:12:17 87,040 ----a-w c:\windows\SYSTEM32\diantz.exe
- 2002-08-29 10:00:00 55,296 ----a-w c:\windows\SYSTEM32\DIGEST.DLL
+ 2008-04-14 00:11:52 68,608 ----a-w c:\windows\SYSTEM32\digest.dll
+ 2008-04-14 00:11:52 19,456 ------w c:\windows\SYSTEM32\dimsntfy.dll
+ 2008-04-14 00:11:52 39,936 ------w c:\windows\SYSTEM32\dimsroam.dll
- 2002-08-29 10:00:00 151,552 ----a-w c:\windows\SYSTEM32\DINPUT.DLL
+ 2008-04-14 00:11:52 158,720 ----a-w c:\windows\SYSTEM32\dinput.dll
- 2002-08-29 10:00:00 168,960 ----a-w c:\windows\SYSTEM32\DINPUT8.DLL
+ 2008-04-14 00:11:52 181,760 ----a-w c:\windows\SYSTEM32\dinput8.dll
- 2002-08-29 10:00:00 1,501,696 ----a-w c:\windows\SYSTEM32\DISKCOPY.DLL
+ 2008-04-14 00:11:52 1,504,256 ----a-w c:\windows\SYSTEM32\diskcopy.dll
- 2002-08-29 10:00:00 145,920 ----a-w c:\windows\SYSTEM32\DISKPART.EXE
+ 2008-04-14 00:12:17 163,840 ----a-w c:\windows\SYSTEM32\diskpart.exe
- 2002-08-29 10:00:00 45,083 ----a-w c:\windows\SYSTEM32\DISPEX.DLL
+ 2008-04-14 00:11:52 32,768 ----a-w c:\windows\SYSTEM32\dispex.dll
+ 2007-08-13 23:39:20 71,680 ------w c:\windows\SYSTEM32\DLLCACHE\admparse.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-08-14 10:04:36 138,496 ------w c:\windows\SYSTEM32\DLLCACHE\afd.sys
- 2005-02-18 20:09:14 1,017,856 ----a-w c:\windows\SYSTEM32\DLLCACHE\BROWSEUI.DLL
+ 2006-09-23 18:12:50 1,022,976 ------w c:\windows\SYSTEM32\DLLCACHE\browseui.dll
- 2007-07-30 23:19:20 92,504 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
+ 2008-04-14 00:11:50 159,232 ------w c:\windows\SYSTEM32\DLLCACHE\cewmdm.dll
+ 2007-08-13 23:42:54 17,408 ------w c:\windows\SYSTEM32\DLLCACHE\corpol.dll
+ 2008-05-07 09:07:23 135,168 ------w c:\windows\SYSTEM32\DLLCACHE\cscript.exe
+ 2007-08-13 23:54:10 33,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\custsat.dll
+ 2008-04-14 00:12:17 294,912 ------w c:\windows\SYSTEM32\DLLCACHE\dlimport.exe
+ 2008-06-20 17:46:57 147,968 ------w c:\windows\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2008-04-14 00:13:00 299,520 ------w c:\windows\SYSTEM32\DLLCACHE\drmclien.dll
+ 2008-04-14 00:11:52 87,040 ------w c:\windows\SYSTEM32\DLLCACHE\drmstor.dll
+ 2008-04-14 00:11:52 498,742 ------w c:\windows\SYSTEM32\DLLCACHE\dxmasf.dll
+ 2008-10-16 20:38:34 347,136 ------w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 ------w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2004-03-06 02:16:12 226,816 ----a-w c:\windows\SYSTEM32\DLLCACHE\ES.DLL
+ 2008-07-07 20:26:58 253,952 ------w c:\windows\SYSTEM32\DLLCACHE\es.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2004-03-30 01:48:36 257,536 ----a-w c:\windows\SYSTEM32\DLLCACHE\GDI32.DLL
+ 2008-10-23 12:36:14 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
+ 2007-08-13 23:18:02 60,416 ------w c:\windows\SYSTEM32\DLLCACHE\hmmapi.dll
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-08-13 23:44:02 69,120 ------w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
+ 2007-08-13 23:45:18 78,336 ------w c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
+ 2007-08-13 23:54:10 191,488 ------w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-08-13 23:39:12 55,296 ------w c:\windows\SYSTEM32\DLLCACHE\iesetup.dll
+ 2008-10-15 07:06:26 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-08-13 23:36:06 36,352 ------w c:\windows\SYSTEM32\DLLCACHE\imgutil.dll
+ 2007-08-13 23:39:02 92,672 ------w c:\windows\SYSTEM32\DLLCACHE\inseng.dll
- 2003-01-13 19:57:58 589,881 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2008-05-09 10:53:39 512,000 ------w c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2008-10-16 20:38:37 27,648 ------w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-04-14 00:11:56 6,656 ------w c:\windows\SYSTEM32\DLLCACHE\laprxy.dll
+ 2007-08-13 23:44:18 40,960 ------w c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
+ 2008-06-10 08:11:20 103,936 ------w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
+ 2008-04-14 00:12:25 786,432 ------w c:\windows\SYSTEM32\DLLCACHE\migrate.exe
+ 2008-04-14 00:11:57 310,272 ------w c:\windows\SYSTEM32\DLLCACHE\mp43dmod.dll
+ 2008-04-14 00:11:57 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\mp4sdmod.dll
+ 2008-04-14 00:11:57 240,640 ------w c:\windows\SYSTEM32\DLLCACHE\mpg4dmod.dll
+ 2008-04-14 00:12:27 123,392 ------w c:\windows\SYSTEM32\DLLCACHE\mplay32.exe
+ 2008-04-14 00:12:27 4,639 ------w c:\windows\SYSTEM32\DLLCACHE\mplayer2.exe
+ 2008-04-14 00:11:57 368,640 ------w c:\windows\SYSTEM32\DLLCACHE\mpvis.dll
+ 2008-06-24 16:43:16 74,240 ------w c:\windows\SYSTEM32\DLLCACHE\mscms.dll
+ 2008-04-14 00:10:08 4,126 ------w c:\windows\SYSTEM32\DLLCACHE\msdxmlc.dll
+ 2007-08-13 23:32:30 45,568 ------w c:\windows\SYSTEM32\DLLCACHE\mshta.exe
+ 2008-10-16 20:38:38 477,696 ------w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-08-13 23:01:12 48,128 ------w c:\windows\SYSTEM32\DLLCACHE\mshtmler.dll
+ 2007-08-13 23:54:10 156,160 ------w c:\windows\SYSTEM32\DLLCACHE\msls31.dll
+ 2008-04-14 00:12:55 259,072 ------w c:\windows\SYSTEM32\DLLCACHE\msnetobj.dll
+ 2008-04-14 00:12:00 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\mspmsnsv.dll
+ 2008-04-14 00:12:00 201,728 ------w c:\windows\SYSTEM32\DLLCACHE\mspmsp.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-04-14 00:12:56 356,352 ------w c:\windows\SYSTEM32\DLLCACHE\msscp.dll
+ 2008-10-16 20:38:39 671,232 ------w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-04-14 00:12:01 245,760 ------w c:\windows\SYSTEM32\DLLCACHE\mswmdm.dll
+ 2008-06-20 17:46:57 245,248 ------w c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
+ 2008-04-13 17:27:18 79,872 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6r.dll
+ 2008-04-14 00:12:56 226,816 ------w c:\windows\SYSTEM32\DLLCACHE\npdrmv2.dll
+ 2008-04-14 00:12:02 364,544 ------w c:\windows\SYSTEM32\DLLCACHE\npdsplay.dll
+ 2008-04-14 00:12:02 10,240 ------w c:\windows\SYSTEM32\DLLCACHE\npwmsdrm.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2008-10-16 20:38:39 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2003-05-30 14:00:02 1,962,496 ----a-w c:\windows\SYSTEM32\DLLCACHE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ------w c:\windows\SYSTEM32\DLLCACHE\quartz.dll
+ 2008-05-09 10:53:39 180,224 ------w c:\windows\SYSTEM32\DLLCACHE\scrobj.dll
+ 2008-05-09 10:53:40 172,032 ------w c:\windows\SYSTEM32\DLLCACHE\scrrun.dll
+ 2008-04-14 00:12:35 774,144 ------w c:\windows\SYSTEM32\DLLCACHE\setup_wm.exe
- 2004-12-07 23:11:50 402,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\SHLWAPI.DLL
+ 2006-09-23 18:12:50 474,112 ------w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2008-04-14 00:12:05 152,064 ------w c:\windows\SYSTEM32\DLLCACHE\shmedia.dll
+ 2008-10-03 10:02:42 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
+ 2008-06-20 11:51:12 361,600 ------w c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ------w c:\windows\SYSTEM32\DLLCACHE\tcpip6.sys
+ 2008-04-14 00:12:38 208,896 ------w c:\windows\SYSTEM32\DLLCACHE\unregmp2.exe
+ 2008-10-16 20:38:39 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2008-05-09 10:53:40 430,080 ------w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2008-05-27 17:23:58 765,952 ------w c:\windows\SYSTEM32\DLLCACHE\vgx.dll
+ 2008-10-16 20:38:39 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-04-14 00:12:09 408,064 ------w c:\windows\SYSTEM32\DLLCACHE\wmadmod.dll
+ 2008-04-14 00:12:09 670,720 ------w c:\windows\SYSTEM32\DLLCACHE\wmadmoe.dll
+ 2008-04-14 00:12:09 230,912 ------w c:\windows\SYSTEM32\DLLCACHE\wmasf.dll
+ 2008-04-14 00:12:09 27,136 ------w c:\windows\SYSTEM32\DLLCACHE\wmdmlog.dll
+ 2008-04-14 00:12:09 23,552 ------w c:\windows\SYSTEM32\DLLCACHE\wmdmps.dll
+ 2008-04-13 17:23:24 168,448 ------w c:\windows\SYSTEM32\DLLCACHE\wmerror.dll
+ 2008-04-14 00:12:09 151,552 ------w c:\windows\SYSTEM32\DLLCACHE\wmidx.dll
+ 2008-06-10 11:11:46 1,053,696 ------w c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll
+ 2008-04-14 00:12:09 4,874,240 ------w c:\windows\SYSTEM32\DLLCACHE\wmp.dll
+ 2008-04-14 00:12:09 114,688 ------w c:\windows\SYSTEM32\DLLCACHE\wmpasf.dll
+ 2008-04-14 00:12:09 98,304 ------w c:\windows\SYSTEM32\DLLCACHE\wmpband.dll
+ 2008-04-14 00:12:09 20,480 ------w c:\windows\SYSTEM32\DLLCACHE\wmpcd.dll
- 2003-09-18 11:53:40 1,302,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmpcore.dll
+ 2008-04-14 00:12:09 20,480 ------w c:\windows\SYSTEM32\DLLCACHE\wmpcore.dll
+ 2008-04-14 00:12:09 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll
- 2003-04-11 20:11:34 520,192 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmplayer.exe
+ 2008-04-14 00:12:40 73,728 ------w c:\windows\SYSTEM32\DLLCACHE\wmplayer.exe
+ 2008-04-13 17:28:21 2,940,928 ------w c:\windows\SYSTEM32\DLLCACHE\wmploc.dll
+ 2008-04-14 00:12:09 221,184 ------w c:\windows\SYSTEM32\DLLCACHE\wmpns.dll
+ 2008-04-14 00:12:09 102,400 ------w c:\windows\SYSTEM32\DLLCACHE\wmpshell.dll
+ 2008-04-14 00:12:09 20,480 ------w c:\windows\SYSTEM32\DLLCACHE\wmpui.dll
+ 2008-04-14 00:12:09 759,296 ------w c:\windows\SYSTEM32\DLLCACHE\wmsdmod.dll
+ 2008-04-14 00:12:09 115,200 ------w c:\windows\SYSTEM32\DLLCACHE\wmsdmoe.dll
+ 2008-04-14 00:12:09 1,119,744 ------w c:\windows\SYSTEM32\DLLCACHE\wmsdmoe2.dll
+ 2008-04-14 00:12:09 485,376 ------w c:\windows\SYSTEM32\DLLCACHE\wmspdmod.dll
+ 2008-04-14 00:12:10 897,024 ------w c:\windows\SYSTEM32\DLLCACHE\wmspdmoe.dll
+ 2008-04-14 00:12:10 303,616 ------w c:\windows\SYSTEM32\DLLCACHE\wmstream.dll
+ 2008-11-07 21:45:32 2,174,976 ------w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
+ 2008-04-14 00:12:10 809,984 ------w c:\windows\SYSTEM32\DLLCACHE\wmvdmod.dll
+ 2008-04-14 00:12:10 1,001,472 ------w c:\windows\SYSTEM32\DLLCACHE\wmvdmoe2.dll
+ 2008-05-08 11:24:44 155,648 ------w c:\windows\SYSTEM32\DLLCACHE\wscript.exe
+ 2008-05-09 10:53:40 90,112 ------w c:\windows\SYSTEM32\DLLCACHE\wshext.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
- 2007-07-30 23:19:16 53,080 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
- 2002-08-29 10:00:00 4,608 ----a-w c:\windows\SYSTEM32\DLLHOST.EXE
+ 2008-04-14 00:12:17 5,120 ----a-w c:\windows\SYSTEM32\dllhost.exe
- 2002-08-29 10:00:00 204,800 ----a-w c:\windows\SYSTEM32\DMADMIN.EXE
+ 2008-04-14 00:12:17 224,768 ----a-w c:\windows\SYSTEM32\dmadmin.exe
- 2002-12-12 05:14:32 27,136 ----a-w c:\windows\SYSTEM32\dmband.dll
+ 2008-04-14 00:11:52 28,672 ----a-w c:\windows\SYSTEM32\dmband.dll
- 2002-12-12 05:14:32 58,368 ----a-w c:\windows\SYSTEM32\dmcompos.dll
+ 2008-04-14 00:11:52 61,440 ----a-w c:\windows\SYSTEM32\dmcompos.dll
- 2002-08-29 10:00:00 273,920 ----a-w c:\windows\SYSTEM32\DMDLGS.DLL
+ 2008-04-14 00:11:52 285,184 ----a-w c:\windows\SYSTEM32\dmdlgs.dll
- 2002-08-29 10:00:00 184,320 ----a-w c:\windows\SYSTEM32\DMDSKMGR.DLL
+ 2008-04-14 00:11:52 200,704 ----a-w c:\windows\SYSTEM32\dmdskmgr.dll
- 2002-12-12 05:14:32 171,520 ----a-w c:\windows\SYSTEM32\dmime.dll
+ 2008-04-14 00:11:52 181,248 ----a-w c:\windows\SYSTEM32\dmime.dll
- 2002-12-12 05:14:32 33,280 ----a-w c:\windows\SYSTEM32\dmloader.dll
+ 2008-04-14 00:11:52 35,840 ----a-w c:\windows\SYSTEM32\dmloader.dll
- 2002-08-29 10:00:00 14,336 ----a-w c:\windows\SYSTEM32\DMREMOTE.EXE
+ 2008-04-14 00:12:17 15,872 ----a-w c:\windows\SYSTEM32\dmremote.exe
- 2002-12-12 05:14:32 76,800 ----a-w c:\windows\SYSTEM32\dmscript.dll
+ 2008-04-14 00:11:52 82,432 ----a-w c:\windows\SYSTEM32\dmscript.dll
- 2002-08-29 10:00:00 21,504 ----a-w c:\windows\SYSTEM32\DMSERVER.DLL
+ 2008-04-14 00:11:52 23,552 ----a-w c:\windows\SYSTEM32\dmserver.dll
- 2002-12-12 05:14:32 98,816 ----a-w c:\windows\SYSTEM32\dmstyle.dll
+ 2008-04-14 00:11:52 105,984 ----a-w c:\windows\SYSTEM32\dmstyle.dll
- 2002-12-12 05:14:32 100,864 ----a-w c:\windows\SYSTEM32\dmsynth.dll
+ 2008-04-14 00:11:52 103,424 ----a-w c:\windows\SYSTEM32\dmsynth.dll
- 2002-12-12 05:14:32 116,736 ----a-w c:\windows\SYSTEM32\dmusic.dll
+ 2008-04-14 00:11:52 104,448 ----a-w c:\windows\SYSTEM32\dmusic.dll
- 2002-08-29 10:00:00 50,688 ----a-w c:\windows\SYSTEM32\DMUTIL.DLL
+ 2008-04-14 00:11:52 52,224 ----a-w c:\windows\SYSTEM32\dmutil.dll
- 2002-08-29 10:00:00 139,264 ----a-w c:\windows\SYSTEM32\DNSAPI.DLL
+ 2008-06-20 17:46:57 147,968 ----a-w c:\windows\SYSTEM32\dnsapi.dll
- 2002-08-29 10:00:00 44,032 ----a-w c:\windows\SYSTEM32\DNSRSLVR.DLL
+ 2008-04-14 00:11:52 45,568 ----a-w c:\windows\SYSTEM32\dnsrslvr.dll
- 2002-08-29 10:00:00 45,568 ----a-w c:\windows\SYSTEM32\DOCPROP2.DLL
+ 2008-04-14 00:11:52 48,128 ----a-w c:\windows\SYSTEM32\docprop2.dll
- 2002-08-29 10:00:00 53,840 ----a-w c:\windows\SYSTEM32\DOSX.EXE
+ 2004-08-04 05:51:21 53,840 ----a-w c:\windows\SYSTEM32\dosx.exe
+ 2008-04-14 00:11:52 26,112 ------w c:\windows\SYSTEM32\dot3api.dll
+ 2008-04-14 00:11:52 57,856 ------w c:\windows\SYSTEM32\dot3cfg.dll
+ 2008-04-14 00:11:52 9,216 ------w c:\windows\SYSTEM32\dot3dlg.dll
+ 2008-04-14 00:11:52 39,936 ------w c:\windows\SYSTEM32\dot3gpclnt.dll
+ 2008-04-14 00:11:52 56,320 ------w c:\windows\SYSTEM32\dot3msm.dll
+ 2008-04-14 00:11:52 132,096 ------w c:\windows\SYSTEM32\dot3svc.dll
+ 2008-04-14 00:11:52 650,752 ------w c:\windows\SYSTEM32\dot3ui.dll
- 2002-08-29 10:00:00 115,200 ----a-w c:\windows\SYSTEM32\DPCDLL.DLL
+ 2008-04-13 21:00:49 103,424 ----a-w c:\windows\SYSTEM32\dpcdll.dll
- 2002-12-12 05:14:32 28,160 ----a-w c:\windows\SYSTEM32\dplaysvr.exe
+ 2008-04-14 00:12:17 29,696 ----a-w c:\windows\SYSTEM32\dplaysvr.exe
- 2004-04-14 19:56:46 219,648 ----a-w c:\windows\SYSTEM32\dplayx.dll
+ 2008-04-14 00:11:52 229,888 ----a-w c:\windows\SYSTEM32\dplayx.dll
- 2002-12-12 05:14:32 77,824 ----a-w c:\windows\SYSTEM32\dpmodemx.dll
+ 2008-04-14 00:11:52 23,552 ----a-w c:\windows\SYSTEM32\dpmodemx.dll
- 2002-12-12 05:14:32 3,072 ----a-w c:\windows\SYSTEM32\dpnaddr.dll
+ 2008-04-14 00:09:19 3,072 ----a-w c:\windows\SYSTEM32\dpnaddr.dll
- 2002-12-12 05:14:32 723,968 ----a-w c:\windows\SYSTEM32\dpnet.dll
+ 2008-04-14 00:11:52 375,296 ----a-w c:\windows\SYSTEM32\dpnet.dll
- 2003-03-24 14:00:02 32,768 ----a-w c:\windows\SYSTEM32\dpnhpast.dll
+ 2008-04-14 00:11:52 35,328 ----a-w c:\windows\SYSTEM32\dpnhpast.dll
- 2003-03-24 14:00:02 68,096 ----a-w c:\windows\SYSTEM32\dpnhupnp.dll
+ 2008-04-14 00:11:52 60,928 ----a-w c:\windows\SYSTEM32\dpnhupnp.dll
- 2002-12-12 05:14:32 3,072 ----a-w c:\windows\SYSTEM32\dpnlobby.dll
+ 2008-04-14 00:09:20 3,072 ----a-w c:\windows\SYSTEM32\dpnlobby.dll
- 2002-12-12 05:14:32 16,896 ----a-w c:\windows\SYSTEM32\dpnsvr.exe
+ 2008-04-14 00:12:17 17,920 ----a-w c:\windows\SYSTEM32\dpnsvr.exe
- 2002-12-12 05:14:32 19,968 ----a-w c:\windows\SYSTEM32\dpvacm.dll
+ 2008-04-14 00:11:52 21,504 ----a-w c:\windows\SYSTEM32\dpvacm.dll
- 2002-12-12 05:14:32 381,952 ----a-w c:\windows\SYSTEM32\dpvoice.dll
+ 2008-04-14 00:11:52 212,480 ----a-w c:\windows\SYSTEM32\dpvoice.dll
- 2002-12-12 05:14:32 80,896 ----a-w c:\windows\SYSTEM32\dpvsetup.exe
+ 2008-04-14 00:12:18 83,456 ----a-w c:\windows\SYSTEM32\dpvsetup.exe
- 2002-12-12 05:14:32 112,128 ----a-w c:\windows\SYSTEM32\dpvvox.dll
+ 2008-04-14 00:11:52 116,736 ----a-w c:\windows\SYSTEM32\dpvvox.dll
- 2004-04-13 04:11:26 76,800 ----a-w c:\windows\SYSTEM32\dpwsockx.dll
+ 2008-04-14 00:11:52 57,344 ----a-w c:\windows\SYSTEM32\dpwsockx.dll
- 2002-08-29 10:00:00 179,328 ----a-w c:\windows\SYSTEM32\DRIVERS\ACPI.SYS
+ 2008-04-13 18:36:35 187,776 ----a-w c:\windows\SYSTEM32\DRIVERS\acpi.sys
+ 2008-04-14 00:11:48 4,255 ------w c:\windows\SYSTEM32\DRIVERS\adv01nt5.dll
+ 2008-04-14 00:11:48 3,967 ------w c:\windows\SYSTEM32\DRIVERS\adv02nt5.dll
+ 2008-04-14 00:11:48 3,615 ------w c:\windows\SYSTEM32\DRIVERS\adv05nt5.dll
+ 2008-04-14 00:11:48 3,647 ------w c:\windows\SYSTEM32\DRIVERS\adv07nt5.dll
+ 2008-04-14 00:11:48 3,135 ------w c:\windows\SYSTEM32\DRIVERS\adv08nt5.dll
+ 2008-04-14 00:11:48 3,711 ------w c:\windows\SYSTEM32\DRIVERS\adv09nt5.dll
+ 2008-04-14 00:11:48 3,775 ------w c:\windows\SYSTEM32\DRIVERS\adv11nt5.dll
- 2002-08-29 04:16:38 142,208 ----a-w c:\windows\SYSTEM32\DRIVERS\aec.sys
+ 2008-04-13 16:39:23 142,592 ----a-w c:\windows\SYSTEM32\DRIVERS\aec.sys
- 2002-08-29 10:00:00 131,968 ----a-w c:\windows\SYSTEM32\DRIVERS\AFD.SYS
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\SYSTEM32\DRIVERS\afd.sys
- 2001-08-17 18:58:00 25,472 ----a-w c:\windows\SYSTEM32\DRIVERS\AGP440.SYS
+ 2008-04-13 18:36:38 42,368 ----a-w c:\windows\SYSTEM32\DRIVERS\agp440.sys
- 2001-08-17 18:58:02 29,056 ----a-w c:\windows\SYSTEM32\DRIVERS\AGPCPQ.SYS
+ 2008-04-13 18:36:39 44,928 ----a-w c:\windows\SYSTEM32\DRIVERS\agpcpq.sys
- 2001-08-17 18:58:00 27,648 ----a-w c:\windows\SYSTEM32\DRIVERS\ALIM1541.SYS
+ 2008-04-13 18:36:38 42,752 ----a-w c:\windows\SYSTEM32\DRIVERS\alim1541.sys
- 2001-08-17 18:58:02 27,648 ----a-w c:\windows\SYSTEM32\DRIVERS\AMDAGP.SYS
+ 2008-04-13 18:36:39 43,008 ----a-w c:\windows\SYSTEM32\DRIVERS\amdagp.sys
- 2002-08-29 10:00:00 32,000 ----a-w c:\windows\SYSTEM32\DRIVERS\AMDK6.SYS
+ 2008-04-13 18:31:32 37,376 ----a-w c:\windows\SYSTEM32\DRIVERS\amdk6.sys
- 2002-08-29 10:00:00 32,512 ----a-w c:\windows\SYSTEM32\DRIVERS\AMDK7.SYS
+ 2008-04-13 18:31:33 37,760 ----a-w c:\windows\SYSTEM32\DRIVERS\amdk7.sys
- 2002-08-29 10:00:00 57,344 ----a-w c:\windows\SYSTEM32\DRIVERS\ARP1394.SYS
+ 2008-04-13 18:51:25 60,800 ----a-w c:\windows\SYSTEM32\DRIVERS\arp1394.sys
- 2002-08-29 10:00:00 13,568 ----a-w c:\windows\SYSTEM32\DRIVERS\ASYNCMAC.SYS
+ 2008-04-13 18:57:27 14,336 ----a-w c:\windows\SYSTEM32\DRIVERS\asyncmac.sys
- 2003-04-23 14:29:54 87,296 ----a-w c:\windows\SYSTEM32\DRIVERS\atapi.sys
+ 2008-04-13 18:40:30 96,512 ----a-w c:\windows\SYSTEM32\DRIVERS\atapi.sys
+ 2004-08-04 05:29:29 56,623 ------w c:\windows\SYSTEM32\DRIVERS\ati1btxx.sys
+ 2004-08-04 05:29:29 11,615 ------w c:\windows\SYSTEM32\DRIVERS\ati1mdxx.sys
+ 2004-08-04 05:29:29 12,047 ------w c:\windows\SYSTEM32\DRIVERS\ati1pdxx.sys
+ 2004-08-04 05:29:30 30,671 ------w c:\windows\SYSTEM32\DRIVERS\ati1raxx.sys
+ 2004-08-04 05:29:30 63,663 ------w c:\windows\SYSTEM32\DRIVERS\ati1rvxx.sys
+ 2004-08-04 05:29:31 26,367 ------w c:\windows\SYSTEM32\DRIVERS\ati1snxx.sys
+ 2004-08-04 05:29:31 21,343 ------w c:\windows\SYSTEM32\DRIVERS\ati1ttxx.sys
+ 2004-08-04 05:29:31 36,463 ------w c:\windows\SYSTEM32\DRIVERS\ati1tuxx.sys
+ 2004-08-04 05:29:31 29,455 ------w c:\windows\SYSTEM32\DRIVERS\ati1xbxx.sys
+ 2004-08-04 05:29:31 34,735 ------w c:\windows\SYSTEM32\DRIVERS\ati1xsxx.sys
+ 2004-08-04 05:29:26 327,040 ------w c:\windows\SYSTEM32\DRIVERS\ati2mtaa.sys
+ 2004-08-04 05:29:26 701,440 ------w c:\windows\SYSTEM32\DRIVERS\ati2mtag.sys
+ 2004-08-04 05:29:27 57,856 ------w c:\windows\SYSTEM32\DRIVERS\atinbtxx.sys
+ 2004-08-04 05:29:28 13,824 ------w c:\windows\SYSTEM32\DRIVERS\atinmdxx.sys
+ 2004-08-04 05:29:29 14,336 ------w c:\windows\SYSTEM32\DRIVERS\atinpdxx.sys
+ 2004-08-04 05:29:29 52,224 ------w c:\windows\SYSTEM32\DRIVERS\atinraxx.sys
+ 2004-08-04 05:29:30 104,960 ------w c:\windows\SYSTEM32\DRIVERS\atinrvxx.sys
+ 2004-08-04 05:29:30 28,672 ------w c:\windows\SYSTEM32\DRIVERS\atinsnxx.sys
+ 2004-08-04 05:29:30 13,824 ------w c:\windows\SYSTEM32\DRIVERS\atinttxx.sys
+ 2004-08-04 05:29:31 73,216 ------w c:\windows\SYSTEM32\DRIVERS\atintuxx.sys
+ 2004-08-04 05:29:31 31,744 ------w c:\windows\SYSTEM32\DRIVERS\atinxbxx.sys
+ 2004-08-04 05:29:31 63,488 ------w c:\windows\SYSTEM32\DRIVERS\atinxsxx.sys
- 2002-08-29 10:00:00 57,216 ----a-w c:\windows\SYSTEM32\DRIVERS\ATMARPC.SYS
+ 2008-04-13 18:51:25 59,904 ----a-w c:\windows\SYSTEM32\DRIVERS\atmarpc.sys
- 2002-08-29 10:00:00 53,888 ----a-w c:\windows\SYSTEM32\DRIVERS\ATMLANE.SYS
+ 2008-04-13 18:51:30 55,808 ----a-w c:\windows\SYSTEM32\DRIVERS\atmlane.sys
+ 2008-04-14 00:11:50 21,183 ------w c:\windows\SYSTEM32\DRIVERS\atv01nt5.dll
+ 2008-04-14 00:11:50 11,359 ------w c:\windows\SYSTEM32\DRIVERS\atv02nt5.dll
+ 2008-04-14 00:11:50 25,471 ------w c:\windows\SYSTEM32\DRIVERS\atv04nt5.dll
+ 2008-04-14 00:11:50 14,143 ------w c:\windows\SYSTEM32\DRIVERS\atv06nt5.dll
+ 2008-04-14 00:11:50 17,279 ------w c:\windows\SYSTEM32\DRIVERS\atv10nt5.dll
+ 2009-01-19 07:23:34 26,824 ----a-w c:\windows\SYSTEM32\DRIVERS\avgmfx86.sys
- 2003-02-17 15:16:26 11,392 ----a-w c:\windows\SYSTEM32\DRIVERS\bdasup.sys
+ 2008-04-13 18:46:21 11,776 ----a-w c:\windows\SYSTEM32\DRIVERS\bdasup.sys
- 2002-08-29 10:00:00 68,864 ----a-w c:\windows\SYSTEM32\DRIVERS\BRIDGE.SYS
+ 2008-04-13 18:53:23 71,552 ----a-w c:\windows\SYSTEM32\DRIVERS\bridge.sys
+ 2008-04-13 18:46:33 17,024 ------w c:\windows\SYSTEM32\DRIVERS\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w c:\windows\SYSTEM32\DRIVERS\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w c:\windows\SYSTEM32\DRIVERS\bthpan.sys
+ 2008-06-13 11:05:51 272,128 ------w c:\windows\SYSTEM32\DRIVERS\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w c:\windows\SYSTEM32\DRIVERS\bthprint.sys
+ 2008-04-13 18:46:29 18,944 ------w c:\windows\SYSTEM32\DRIVERS\bthusb.sys
- 2003-02-17 15:16:26 16,384 ----a-w c:\windows\SYSTEM32\DRIVERS\ccdecode.sys
+ 2008-04-13 18:46:23 17,024 ----a-w c:\windows\SYSTEM32\DRIVERS\ccdecode.sys
- 2002-08-29 10:00:00 59,648 ----a-w c:\windows\SYSTEM32\DRIVERS\CDFS.SYS
+ 2008-04-13 19:14:21 63,744 ----a-w c:\windows\SYSTEM32\DRIVERS\cdfs.sys
- 2002-08-29 10:00:00 47,488 ----a-w c:\windows\SYSTEM32\DRIVERS\CDROM.SYS
+ 2008-04-13 18:40:46 62,976 ----a-w c:\windows\SYSTEM32\DRIVERS\cdrom.sys
+ 2008-04-14 00:11:50 15,423 ------w c:\windows\SYSTEM32\DRIVERS\ch7xxnt5.dll
- 2002-08-29 10:00:00 46,336 ----a-w c:\windows\SYSTEM32\DRIVERS\CLASSPNP.SYS
+ 2008-04-13 19:16:22 49,536 ----a-w c:\windows\SYSTEM32\DRIVERS\classpnp.sys
- 2002-08-29 10:00:00 31,488 ----a-w c:\windows\SYSTEM32\DRIVERS\CRUSOE.SYS
+ 2008-04-13 18:31:32 36,736 ----a-w c:\windows\SYSTEM32\DRIVERS\crusoe.sys
- 2002-08-29 10:00:00 33,792 ----a-w c:\windows\SYSTEM32\DRIVERS\DISK.SYS
+ 2008-04-13 18:40:47 36,352 ----a-w c:\windows\SYSTEM32\DRIVERS\disk.sys
- 2002-08-29 10:00:00 13,184 ----a-w c:\windows\SYSTEM32\DRIVERS\DISKDUMP.SYS
+ 2008-04-13 18:40:44 14,208 ----a-w c:\windows\SYSTEM32\DRIVERS\diskdump.sys
- 2002-08-29 10:00:00 780,928 ----a-w c:\windows\SYSTEM32\DRIVERS\DMBOOT.SYS
+ 2008-04-13 18:44:48 799,744 ----a-w c:\windows\SYSTEM32\DRIVERS\dmboot.sys
- 2002-08-29 10:00:00 146,304 ----a-w c:\windows\SYSTEM32\DRIVERS\DMIO.SYS
+ 2008-04-13 18:44:46 153,344 ----a-w c:\windows\SYSTEM32\DRIVERS\dmio.sys
- 2001-08-17 18:59:58 50,048 ----a-w c:\windows\SYSTEM32\DRIVERS\DMusic.sys
+ 2008-04-13 18:45:01 52,864 ----a-w c:\windows\SYSTEM32\DRIVERS\dmusic.sys
- 2002-08-29 07:32:34 57,856 ----a-w c:\windows\SYSTEM32\DRIVERS\drmk.sys
+ 2008-04-13 18:45:14 60,160 ----a-w c:\windows\SYSTEM32\DRIVERS\drmk.sys
- 2002-08-29 06:32:34 2,816 ----a-w c:\windows\SYSTEM32\DRIVERS\drmkaud.sys
+ 2008-04-13 18:45:13 2,944 ----a-w c:\windows\SYSTEM32\DRIVERS\drmkaud.sys
- 2002-08-29 10:00:00 68,992 ----a-w c:\windows\SYSTEM32\DRIVERS\DXG.SYS
+ 2008-04-13 18:38:29 71,168 ----a-w c:\windows\SYSTEM32\DRIVERS\dxg.sys
- 2002-08-29 10:00:00 145,152 ----a-w c:\windows\SYSTEM32\DRIVERS\FASTFAT.SYS
+ 2008-04-13 19:14:29 143,744 ----a-w c:\windows\SYSTEM32\DRIVERS\fastfat.sys
- 2002-08-29 10:00:00 26,240 ----a-w c:\windows\SYSTEM32\DRIVERS\FDC.SYS
+ 2008-04-13 18:40:25 27,392 ----a-w c:\windows\SYSTEM32\DRIVERS\fdc.sys
- 2002-08-29 10:00:00 34,944 ----a-w c:\windows\SYSTEM32\DRIVERS\FIPS.SYS
+ 2008-04-13 18:33:28 44,544 ----a-w c:\windows\SYSTEM32\DRIVERS\fips.sys
- 2002-08-29 10:00:00 19,712 ----a-w c:\windows\SYSTEM32\DRIVERS\FLPYDISK.SYS
+ 2008-04-13 18:40:25 20,480 ----a-w c:\windows\SYSTEM32\DRIVERS\flpydisk.sys
+ 2008-04-13 18:32:59 129,792 ------w c:\windows\SYSTEM32\DRIVERS\fltmgr.sys
+ 2008-04-13 18:36:40 46,464 ------w c:\windows\SYSTEM32\DRIVERS\gagp30kx.sys
+ 2008-04-13 16:36:05 144,384 ------w c:\windows\SYSTEM32\DRIVERS\hdaudbus.sys
+ 2008-04-13 18:46:30 25,600 ------w c:\windows\SYSTEM32\DRIVERS\hidbth.sys
- 2002-08-29 10:00:00 34,560 ----a-w c:\windows\SYSTEM32\DRIVERS\HIDCLASS.SYS
+ 2008-04-13 18:45:26 36,864 ----a-w c:\windows\SYSTEM32\DRIVERS\hidclass.sys
+ 2008-04-13 18:45:26 19,200 ------w c:\windows\SYSTEM32\DRIVERS\hidir.sys
- 2002-08-29 10:00:00 23,680 ----a-w c:\windows\SYSTEM32\DRIVERS\HIDPARSE.SYS
+ 2008-04-13 18:45:22 24,960 ----a-w c:\windows\SYSTEM32\DRIVERS\hidparse.sys
- 2005-10-21 22:58:52 49,920 ----a-w c:\windows\SYSTEM32\DRIVERS\hpzid412.sys
+ 2005-10-22 00:58:52 49,920 ----a-w c:\windows\SYSTEM32\DRIVERS\HPZid412.sys
- 2005-10-21 22:58:58 16,496 ----a-w c:\windows\SYSTEM32\DRIVERS\HPZipr12.sys
+ 2005-10-22 00:58:58 16,496 ----a-w c:\windows\SYSTEM32\DRIVERS\HPZipr12.sys
- 2005-10-21 22:52:48 21,568 ----a-w c:\windows\SYSTEM32\DRIVERS\HPZius12.sys
+ 2005-10-22 12:22:48 21,568 ----a-w c:\windows\SYSTEM32\DRIVERS\HPZius12.sys
+ 2004-08-04 05:41:46 220,032 ------w c:\windows\SYSTEM32\DRIVERS\hsfbs2s2.sys
+ 2004-08-04 05:41:48 685,056 ------w c:\windows\SYSTEM32\DRIVERS\hsfcxts2.sys
+ 2004-08-04 05:41:54 1,041,536 ------w c:\windows\SYSTEM32\DRIVERS\hsfdpsp2.sys
+ 2008-04-13 18:53:53 264,832 ------w c:\windows\SYSTEM32\DRIVERS\http.sys
- 2001-08-17 18:56:18 7,680 ----a-w c:\windows\SYSTEM32\DRIVERS\I2OMGMT.SYS
+ 2008-04-13 18:41:22 8,576 ----a-w c:\windows\SYSTEM32\DRIVERS\i2omgmt.sys
- 2001-08-17 18:56:12 17,536 ----a-w c:\windows\SYSTEM32\DRIVERS\I2OMP.SYS
+ 2008-04-13 18:41:22 18,560 ----a-w c:\windows\SYSTEM32\DRIVERS\i2omp.sys
- 2002-08-29 10:00:00 51,072 ----a-w c:\windows\SYSTEM32\DRIVERS\I8042PRT.SYS
+ 2008-04-13 19:18:00 52,480 ----a-w c:\windows\SYSTEM32\DRIVERS\i8042prt.sys
- 2001-08-17 17:49:18 138,240 ----a-w c:\windows\SYSTEM32\DRIVERS\I81XNT5.SYS
+ 2004-08-04 05:29:36 161,020 ----a-w c:\windows\SYSTEM32\DRIVERS\i81xnt5.sys
- 2003-04-15 15:39:46 90,907 ----a-w c:\windows\SYSTEM32\DRIVERS\ialmnt5.sys
+ 2005-10-19 13:59:12 807,998 ----a-w c:\windows\SYSTEM32\DRIVERS\ialmnt5.sys
- 2002-08-29 10:00:00 39,808 ----a-w c:\windows\SYSTEM32\DRIVERS\IMAPI.SYS
+ 2008-04-13 18:40:58 42,112 ----a-w c:\windows\SYSTEM32\DRIVERS\imapi.sys
- 2002-08-29 06:27:48 4,736 ----a-w c:\windows\SYSTEM32\DRIVERS\INTELIDE.SYS
+ 2008-04-13 18:40:29 5,504 ----a-w c:\windows\SYSTEM32\DRIVERS\intelide.sys
+ 2008-04-13 18:31:32 36,352 ------w c:\windows\SYSTEM32\DRIVERS\intelppm.sys
+ 2008-04-13 18:53:34 36,608 ------w c:\windows\SYSTEM32\DRIVERS\ip6fw.sys
- 2002-08-29 10:00:00 19,584 ----a-w c:\windows\SYSTEM32\DRIVERS\IPINIP.SYS
+ 2008-04-13 18:57:07 20,864 ----a-w c:\windows\SYSTEM32\DRIVERS\ipinip.sys
- 2002-08-29 10:00:00 79,488 ----a-w c:\windows\SYSTEM32\DRIVERS\IPNAT.SYS
+ 2008-04-13 18:57:15 152,832 ----a-w c:\windows\SYSTEM32\DRIVERS\ipnat.sys
- 2002-08-29 10:00:00 57,984 ----a-w c:\windows\SYSTEM32\DRIVERS\IPSEC.SYS
+ 2008-04-13 19:19:42 75,264 ----a-w c:\windows\SYSTEM32\DRIVERS\ipsec.sys
- 2002-08-29 10:00:00 10,496 ----a-w c:\windows\SYSTEM32\DRIVERS\IRENUM.SYS
+ 2008-04-13 18:54:28 11,264 ----a-w c:\windows\SYSTEM32\DRIVERS\irenum.sys
- 2001-08-17 19:58:02 35,840 ----a-w c:\windows\SYSTEM32\DRIVERS\isapnp.sys
+ 2008-04-13 18:36:41 37,248 ----a-w c:\windows\SYSTEM32\DRIVERS\isapnp.sys
- 2002-08-29 06:27:02 23,424 ----a-w c:\windows\SYSTEM32\DRIVERS\KBDCLASS.SYS
+ 2008-04-13 18:39:47 24,576 ----a-w c:\windows\SYSTEM32\DRIVERS\kbdclass.sys
- 2002-08-29 06:32:30 159,360 ----a-w c:\windows\SYSTEM32\DRIVERS\kmixer.sys
+ 2008-04-13 18:45:09 172,416 ----a-w c:\windows\SYSTEM32\DRIVERS\kmixer.sys
- 2002-12-12 05:14:32 130,304 ----a-w c:\windows\SYSTEM32\DRIVERS\ks.sys
+ 2008-04-13 19:16:36 141,056 ----a-w c:\windows\SYSTEM32\DRIVERS\ks.sys
- 2002-08-29 10:00:00 79,744 ----a-w c:\windows\SYSTEM32\DRIVERS\KSECDD.SYS
+ 2008-04-13 18:31:43 92,288 ----a-w c:\windows\SYSTEM32\DRIVERS\ksecdd.sys
- 2002-08-29 10:00:00 62,208 ----a-w c:\windows\SYSTEM32\DRIVERS\MF.SYS
+ 2008-04-13 18:36:41 63,744 ----a-w c:\windows\SYSTEM32\DRIVERS\mf.sys
- 2002-08-29 10:00:00 28,800 ----a-w c:\windows\SYSTEM32\DRIVERS\MODEM.SYS
+ 2008-04-13 19:00:19 30,080 ----a-w c:\windows\SYSTEM32\DRIVERS\modem.sys
- 2002-08-29 06:27:02 22,016 ----a-w c:\windows\SYSTEM32\DRIVERS\MOUCLASS.SYS
+ 2008-04-13 18:39:47 23,040 ----a-w c:\windows\SYSTEM32\DRIVERS\mouclass.sys
- 2002-08-29 10:00:00 37,504 ----a-w c:\windows\SYSTEM32\DRIVERS\MOUNTMGR.SYS
+ 2008-04-13 18:39:46 42,368 ----a-w c:\windows\SYSTEM32\DRIVERS\mountmgr.sys
- 2003-02-17 15:16:26 15,104 ----a-w c:\windows\SYSTEM32\DRIVERS\mpe.sys
+ 2008-04-13 18:46:22 15,232 ----a-w c:\windows\SYSTEM32\DRIVERS\mpe.sys
- 2005-04-26 01:58:03 173,312 ----a-w c:\windows\SYSTEM32\DRIVERS\mrxdav.sys
+ 2008-04-13 18:32:44 180,608 ----a-w c:\windows\SYSTEM32\DRIVERS\mrxdav.sys
- 2005-01-19 03:51:40 440,064 ----a-w c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys
- 2003-02-17 15:21:50 52,096 ----a-w c:\windows\SYSTEM32\DRIVERS\msdv.sys
+ 2008-04-13 18:46:09 51,200 ----a-w c:\windows\SYSTEM32\DRIVERS\msdv.sys
- 2002-08-29 10:00:00 18,048 ----a-w c:\windows\SYSTEM32\DRIVERS\MSFS.SYS
+ 2008-04-13 18:32:39 19,072 ----a-w c:\windows\SYSTEM32\DRIVERS\msfs.sys
- 2002-08-29 10:00:00 33,792 ----a-w c:\windows\SYSTEM32\DRIVERS\MSGPC.SYS
+ 2008-04-13 18:56:32 35,072 ----a-w c:\windows\SYSTEM32\DRIVERS\msgpc.sys
- 2002-12-12 05:14:32 7,424 ----a-w c:\windows\SYSTEM32\DRIVERS\mskssrv.sys
+ 2008-04-13 18:39:52 7,552 ----a-w c:\windows\SYSTEM32\DRIVERS\mskssrv.sys
- 2002-12-12 05:14:32 5,248 ----a-w c:\windows\SYSTEM32\DRIVERS\mspclock.sys
+ 2008-04-13 18:39:50 5,376 ----a-w c:\windows\SYSTEM32\DRIVERS\mspclock.sys
- 2001-08-23 10:00:00 4,608 ----a-w c:\windows\SYSTEM32\DRIVERS\mspqm.sys
+ 2008-04-13 18:39:51 4,992 ----a-w c:\windows\SYSTEM32\DRIVERS\mspqm.sys
+ 2008-04-13 18:36:46 15,488 ------w c:\windows\SYSTEM32\DRIVERS\mssmbios.sys
- 2002-12-12 05:14:32 5,504 ----a-w c:\windows\SYSTEM32\DRIVERS\mstee.sys
+ 2008-04-13 18:39:50 5,504 ----a-w c:\windows\SYSTEM32\DRIVERS\mstee.sys
+ 2004-08-04 05:41:38 126,686 ------w c:\windows\SYSTEM32\DRIVERS\mtlmnt5.sys
+ 2004-08-04 05:41:37 1,309,184 ------w c:\windows\SYSTEM32\DRIVERS\mtlstrm.sys
+ 2004-08-04 05:29:36 452,736 ------w c:\windows\SYSTEM32\DRIVERS\mtxparhm.sys
- 2002-08-29 10:00:00 104,064 ----a-w c:\windows\SYSTEM32\DRIVERS\MUP.SYS
+ 2008-04-13 19:17:05 105,344 ----a-w c:\windows\SYSTEM32\DRIVERS\mup.sys
+ 2008-04-13 18:43:55 12,672 ------w c:\windows\SYSTEM32\DRIVERS\mutohpen.sys
- 2003-02-17 15:16:28 83,968 ----a-w c:\windows\SYSTEM32\DRIVERS\nabtsfec.sys
+ 2008-04-13 18:46:25 85,248 ----a-w c:\windows\SYSTEM32\DRIVERS\nabtsfec.sys
- 2003-10-04 07:54:08 168,192 ----a-w c:\windows\SYSTEM32\DRIVERS\ndis.sys
+ 2008-04-13 19:20:37 182,656 ----a-w c:\windows\SYSTEM32\DRIVERS\ndis.sys
- 2003-02-17 15:16:28 10,112 ----a-w c:\windows\SYSTEM32\DRIVERS\ndisip.sys
+ 2008-04-13 18:46:22 10,880 ----a-w c:\windows\SYSTEM32\DRIVERS\ndisip.sys
- 2002-08-29 10:00:00 9,600 ----a-w c:\windows\SYSTEM32\DRIVERS\NDISTAPI.SYS
+ 2008-04-13 18:57:27 10,112 ----a-w c:\windows\SYSTEM32\DRIVERS\ndistapi.sys
- 2003-08-02 09:38:10 12,416 ----a-w c:\windows\SYSTEM32\DRIVERS\ndisuio.sys
+ 2008-04-13 18:55:58 14,592 ----a-w c:\windows\SYSTEM32\DRIVERS\ndisuio.sys
- 2002-08-29 10:00:00 87,552 ----a-w c:\windows\SYSTEM32\DRIVERS\NDISWAN.SYS
+ 2008-04-13 19:20:42 91,520 ----a-w c:\windows\SYSTEM32\DRIVERS\ndiswan.sys
- 2002-08-29 10:00:00 38,016 ----a-w c:\windows\SYSTEM32\DRIVERS\NDPROXY.SYS
+ 2008-04-13 18:57:29 40,576 ----a-w c:\windows\SYSTEM32\DRIVERS\ndproxy.sys
- 2002-08-29 10:00:00 33,152 ----a-w c:\windows\SYSTEM32\DRIVERS\NETBIOS.SYS
+ 2008-04-13 18:56:02 34,688 ----a-w c:\windows\SYSTEM32\DRIVERS\netbios.sys
- 2003-07-08 23:48:54 149,248 ----a-w c:\windows\SYSTEM32\DRIVERS\netbt.sys
+ 2008-04-13 19:21:00 162,816 ----a-w c:\windows\SYSTEM32\DRIVERS\netbt.sys
- 2002-08-29 10:00:00 57,984 ----a-w c:\windows\SYSTEM32\DRIVERS\NIC1394.SYS
+ 2008-04-13 18:51:25 61,824 ----a-w c:\windows\SYSTEM32\DRIVERS\nic1394.sys
- 2002-08-29 10:00:00 38,272 ----a-w c:\windows\SYSTEM32\DRIVERS\NMNT.SYS
+ 2008-04-13 18:53:09 40,320 ----a-w c:\windows\SYSTEM32\DRIVERS\nmnt.sys
- 2002-08-29 10:00:00 29,568 ----a-w c:\windows\SYSTEM32\DRIVERS\NPFS.SYS
+ 2008-04-13 18:32:39 30,848 ----a-w c:\windows\SYSTEM32\DRIVERS\npfs.sys
- 2002-08-29 10:00:00 561,920 ----a-w c:\windows\SYSTEM32\DRIVERS\NTFS.SYS
+ 2008-04-13 19:15:53 574,976 ----a-w c:\windows\SYSTEM32\DRIVERS\ntfs.sys
+ 2004-08-04 05:41:39 180,360 ------w c:\windows\SYSTEM32\DRIVERS\ntmtlfax.sys
- 2002-08-29 04:16:30 891,711 ----a-w c:\windows\SYSTEM32\DRIVERS\NV4_MINI.SYS
+ 2004-08-04 05:29:54 1,897,408 ----a-w c:\windows\SYSTEM32\DRIVERS\nv4_mini.sys
- 2002-08-29 10:00:00 84,864 ----a-w c:\windows\SYSTEM32\DRIVERS\NWLNKIPX.SYS
+ 2008-04-13 18:56:06 88,320 ----a-w c:\windows\SYSTEM32\DRIVERS\nwlnkipx.sys
- 2002-08-29 10:00:00 37,504 ----a-w c:\windows\SYSTEM32\DRIVERS\P3.SYS
+ 2008-04-13 18:31:31 42,752 ----a-w c:\windows\SYSTEM32\DRIVERS\p3.sys
- 2002-08-29 10:00:00 76,032 ----a-w c:\windows\SYSTEM32\DRIVERS\PARPORT.SYS
+ 2008-04-13 18:40:10 80,128 ----a-w c:\windows\SYSTEM32\DRIVERS\parport.sys
- 2002-08-29 10:00:00 18,688 ----a-w c:\windows\SYSTEM32\DRIVERS\PARTMGR.SYS
+ 2008-04-13 18:40:49 19,712 ----a-w c:\windows\SYSTEM32\DRIVERS\partmgr.sys
- 2002-08-29 07:09:12 62,976 ----a-w c:\windows\SYSTEM32\DRIVERS\pci.sys
+ 2008-04-13 18:36:44 68,224 ----a-w c:\windows\SYSTEM32\DRIVERS\pci.sys
- 2002-08-29 07:27:48 23,680 ----a-w c:\windows\SYSTEM32\DRIVERS\pciidex.sys
+ 2008-04-13 18:40:29 24,960 ----a-w c:\windows\SYSTEM32\DRIVERS\pciidex.sys
- 2002-08-29 10:00:00 115,712 ----a-w c:\windows\SYSTEM32\DRIVERS\PCMCIA.SYS
+ 2008-04-13 18:36:43 120,192 ----a-w c:\windows\SYSTEM32\DRIVERS\pcmcia.sys
- 2002-08-29 08:01:00 134,272 ----a-w c:\windows\SYSTEM32\DRIVERS\portcls.sys
+ 2008-04-13 19:19:41 146,048 ----a-w c:\windows\SYSTEM32\DRIVERS\portcls.sys
- 2002-08-29 10:00:00 30,592 ----a-w c:\windows\SYSTEM32\DRIVERS\PROCESSR.SYS
+ 2008-04-13 18:31:30 35,840 ----a-w c:\windows\SYSTEM32\DRIVERS\processr.sys
- 2002-08-29 10:00:00 66,048 ----a-w c:\windows\SYSTEM32\DRIVERS\PSCHED.SYS
+ 2008-04-13 18:56:38 69,120 ----a-w c:\windows\SYSTEM32\DRIVERS\psched.sys
- 2002-08-29 10:00:00 48,384 ----a-w c:\windows\SYSTEM32\DRIVERS\RASL2TP.SYS
+ 2008-04-13 19:19:43 51,328 ----a-w c:\windows\SYSTEM32\DRIVERS\rasl2tp.sys
- 2002-08-29 10:00:00 38,912 ----a-w c:\windows\SYSTEM32\DRIVERS\RASPPPOE.SYS
+ 2008-04-13 18:57:32 41,472 ----a-w c:\windows\SYSTEM32\DRIVERS\raspppoe.sys
- 2002-10-02 00:52:30 46,208 ----a-w c:\windows\SYSTEM32\DRIVERS\raspptp.sys
+ 2008-04-13 19:19:48 48,384 ----a-w c:\windows\SYSTEM32\DRIVERS\raspptp.sys
- 2004-10-12 16:22:24 170,112 ----a-w c:\windows\SYSTEM32\DRIVERS\rdbss.sys
+ 2008-04-13 19:28:39 175,744 ----a-w c:\windows\SYSTEM32\DRIVERS\rdbss.sys
- 2002-08-29 06:06:36 182,400 ----a-w c:\windows\SYSTEM32\DRIVERS\RDPDR.SYS
+ 2008-04-13 18:32:51 196,224 ----a-w c:\windows\SYSTEM32\DRIVERS\rdpdr.sys
- 2002-08-29 10:00:00 115,976 ----a-w c:\windows\SYSTEM32\DRIVERS\RDPWD.SYS
+ 2008-04-14 00:13:22 139,656 ----a-w c:\windows\SYSTEM32\DRIVERS\rdpwd.sys
+ 2004-08-04 05:41:39 13,776 ------w c:\windows\SYSTEM32\DRIVERS\recagent.sys
- 2002-08-29 06:27:46 56,576 ----a-w c:\windows\SYSTEM32\DRIVERS\REDBOOK.SYS
+ 2008-04-13 18:40:27 57,600 ----a-w c:\windows\SYSTEM32\DRIVERS\redbook.sys
+ 2008-04-13 18:46:32 59,136 ------w c:\windows\SYSTEM32\DRIVERS\rfcomm.sys
- 2002-08-29 10:00:00 200,064 ----a-w c:\windows\SYSTEM32\DRIVERS\RMCast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w c:\windows\SYSTEM32\DRIVERS\rmcast.sys
- 2002-08-29 10:00:00 27,648 ----a-w c:\windows\SYSTEM32\DRIVERS\RNDISMP.SYS
+ 2008-04-13 18:56:49 30,592 ----a-w c:\windows\SYSTEM32\DRIVERS\rndismp.sys
+ 2008-04-13 18:56:49 30,592 ------w c:\windows\SYSTEM32\DRIVERS\rndismpx.sys
+ 2004-08-04 05:29:51 166,912 ------w c:\windows\SYSTEM32\DRIVERS\s3gnbm.sys
- 2002-08-29 10:00:00 90,240 ----a-w c:\windows\SYSTEM32\DRIVERS\SCSIPORT.SYS
+ 2008-04-13 18:40:30 96,384 ----a-w c:\windows\SYSTEM32\DRIVERS\scsiport.sys
+ 2008-04-13 18:36:44 79,232 ------w c:\windows\SYSTEM32\DRIVERS\sdbus.sys
- 2002-08-29 10:00:00 14,976 ----a-w c:\windows\SYSTEM32\DRIVERS\SERENUM.SYS
+ 2008-04-13 18:40:12 15,744 ----a-w c:\windows\SYSTEM32\DRIVERS\serenum.sys
- 2002-08-29 10:00:00 62,464 ----a-w c:\windows\SYSTEM32\DRIVERS\SERIAL.SYS
+ 2008-04-13 19:15:45 64,512 ----a-w c:\windows\SYSTEM32\DRIVERS\serial.sys
+ 2008-04-13 18:40:47 11,904 ------w c:\windows\SYSTEM32\DRIVERS\sffdisk.sys
+ 2008-04-13 18:40:48 10,240 ------w c:\windows\SYSTEM32\DRIVERS\sffp_mmc.sys
+ 2008-04-13 18:40:47 11,008 ------w c:\windows\SYSTEM32\DRIVERS\sffp_sd.sys
- 2002-08-29 10:00:00 10,496 ----a-w c:\windows\SYSTEM32\DRIVERS\SFLOPPY.SYS
+ 2008-04-13 18:40:48 11,392 ----a-w c:\windows\SYSTEM32\DRIVERS\sfloppy.sys
+ 2008-04-14 00:12:05 3,901 ------w c:\windows\SYSTEM32\DRIVERS\siint5.dll
- 2001-08-17 18:58:02 26,112 ----a-w c:\windows\SYSTEM32\DRIVERS\SISAGP.SYS
+ 2008-04-13 18:36:39 40,960 ----a-w c:\windows\SYSTEM32\DRIVERS\sisagp.sys
- 2003-02-17 15:16:28 10,880 ----a-w c:\windows\SYSTEM32\DRIVERS\slip.sys
+ 2008-04-13 18:46:23 11,136 ----a-w c:\windows\SYSTEM32\DRIVERS\slip.sys
+ 2004-08-04 05:41:40 129,535 ------w c:\windows\SYSTEM32\DRIVERS\slnt7554.sys
+ 2004-08-04 05:41:42 404,990 ------w c:\windows\SYSTEM32\DRIVERS\slntamr.sys
+ 2004-08-04 05:41:44 95,424 ------w c:\windows\SYSTEM32\DRIVERS\slnthal.sys
+ 2004-08-04 05:41:45 13,240 ------w c:\windows\SYSTEM32\DRIVERS\slwdmsup.sys
+ 2008-04-13 18:36:34 5,888 ------w c:\windows\SYSTEM32\DRIVERS\smbali.sys
- 2002-08-29 10:00:00 24,448 ----a-w c:\windows\SYSTEM32\DRIVERS\SONYDCAM.SYS
+ 2008-04-13 18:46:07 25,344 ----a-w c:\windows\SYSTEM32\DRIVERS\sonydcam.sys
- 2002-08-29 06:32:28 5,888 ----a-w c:\windows\SYSTEM32\DRIVERS\splitter.sys
+ 2008-04-13 18:45:07 6,272 ----a-w c:\windows\SYSTEM32\DRIVERS\splitter.sys
- 2002-08-29 10:00:00 69,248 ----a-w c:\windows\SYSTEM32\DRIVERS\SR.SYS
+ 2008-04-13 18:36:52 73,472 ----a-w c:\windows\SYSTEM32\DRIVERS\sr.sys
- 2002-12-12 05:14:32 45,696 ----a-w c:\windows\SYSTEM32\DRIVERS\stream.sys
+ 2008-04-13 18:45:15 49,408 ----a-w c:\windows\SYSTEM32\DRIVERS\stream.sys
- 2003-02-17 15:16:28 14,976 ----a-w c:\windows\SYSTEM32\DRIVERS\streamip.sys
+ 2008-04-13 18:46:21 15,232 ----a-w c:\windows\SYSTEM32\DRIVERS\streamip.sys
- 2002-12-12 05:14:32 4,096 ----a-w c:\windows\SYSTEM32\DRIVERS\swenum.sys
+ 2008-04-13 18:39:53 4,352 ----a-w c:\windows\SYSTEM32\DRIVERS\swenum.sys
- 2001-08-17 19:00:52 54,272 ----a-w c:\windows\SYSTEM32\DRIVERS\swmidi.sys
+ 2008-04-13 18:45:09 56,576 ----a-w c:\windows\SYSTEM32\DRIVERS\swmidi.sys
- 2002-08-29 07:01:18 56,832 ----a-w c:\windows\SYSTEM32\DRIVERS\sysaudio.sys
+ 2008-04-13 19:15:55 60,800 ----a-w c:\windows\SYSTEM32\DRIVERS\sysaudio.sys
- 2002-08-29 10:00:00 13,824 ----a-w c:\windows\SYSTEM32\DRIVERS\TAPE.SYS
+ 2008-04-13 18:40:50 14,976 ----a-w c:\windows\SYSTEM32\DRIVERS\tape.sys
- 2005-05-25 19:41:10 339,968 ----a-w c:\windows\SYSTEM32\DRIVERS\tcpip.sys
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\SYSTEM32\DRIVERS\tcpip.sys
- 2002-08-29 10:00:00 196,288 ----a-w c:\windows\SYSTEM32\DRIVERS\TCPIP6.SYS
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\SYSTEM32\DRIVERS\tcpip6.sys
- 2002-08-29 10:00:00 16,256 ----a-w c:\windows\SYSTEM32\DRIVERS\TDI.SYS
+ 2008-04-13 19:00:05 19,072 ----a-w c:\windows\SYSTEM32\DRIVERS\tdi.sys
- 2002-08-29 10:00:00 11,144 ----a-w c:\windows\SYSTEM32\DRIVERS\TDPIPE.SYS
+ 2008-04-14 00:13:20 12,040 ----a-w c:\windows\SYSTEM32\DRIVERS\tdpipe.sys
- 2002-08-29 10:00:00 20,232 ----a-w c:\windows\SYSTEM32\DRIVERS\TDTCP.SYS
+ 2008-04-14 00:13:21 21,896 ----a-w c:\windows\SYSTEM32\DRIVERS\tdtcp.sys
- 2002-08-29 08:46:42 38,024 ----a-w c:\windows\SYSTEM32\DRIVERS\TERMDD.SYS
+ 2008-04-14 00:13:20 40,840 ----a-w c:\windows\SYSTEM32\DRIVERS\termdd.sys
- 2002-08-29 10:00:00 9,856 ----a-w c:\windows\SYSTEM32\DRIVERS\TUNMP.SYS
+ 2008-04-13 18:56:01 12,288 ----a-w c:\windows\SYSTEM32\DRIVERS\tunmp.sys
+ 2008-04-13 18:36:40 44,672 ------w c:\windows\SYSTEM32\DRIVERS\uagp35.sys
- 2002-12-17 23:17:38 64,000 ----a-w c:\windows\SYSTEM32\DRIVERS\udfs.sys
+ 2008-04-13 18:32:36 66,048 ----a-w c:\windows\SYSTEM32\DRIVERS\udfs.sys
- 2002-08-29 10:00:00 137,088 ----a-w c:\windows\SYSTEM32\DRIVERS\UPDATE.SYS
+ 2008-04-13 18:39:46 384,768 ----a-w c:\windows\SYSTEM32\DRIVERS\update.sys
- 2002-08-29 10:00:00 11,136 ----a-w c:\windows\SYSTEM32\DRIVERS\USB8023.SYS
+ 2008-04-13 18:56:49 12,800 ----a-w c:\windows\SYSTEM32\DRIVERS\usb8023.sys
+ 2008-04-13 18:56:49 12,800 ------w c:\windows\SYSTEM32\DRIVERS\usb8023x.sys
- 2002-08-29 10:00:00 23,808 ----a-w c:\windows\SYSTEM32\DRIVERS\USBCAMD.SYS
+ 2008-04-13 18:45:40 25,600 ----a-w c:\windows\SYSTEM32\DRIVERS\usbcamd.sys
- 2002-08-29 10:00:00 23,936 ----a-w c:\windows\SYSTEM32\DRIVERS\USBCAMD2.SYS
+ 2008-04-13 18:45:41 25,728 ----a-w c:\windows\SYSTEM32\DRIVERS\usbcamd2.sys
- 2003-08-02 07:34:38 28,160 ----a-w c:\windows\SYSTEM32\DRIVERS\usbccgp.sys
+ 2008-04-13 18:45:39 32,128 ----a-w c:\windows\SYSTEM32\DRIVERS\usbccgp.sys
- 2003-08-02 07:34:34 25,216 ----a-w c:\windows\SYSTEM32\DRIVERS\usbehci.sys
+ 2008-04-13 18:45:35 30,208 ----a-w c:\windows\SYSTEM32\DRIVERS\usbehci.sys
- 2003-08-02 07:34:34 53,120 ----a-w c:\windows\SYSTEM32\DRIVERS\usbhub.sys
+ 2008-04-13 18:45:37 59,520 ----a-w c:\windows\SYSTEM32\DRIVERS\usbhub.sys
- 2002-08-29 10:00:00 15,232 ----a-w c:\windows\SYSTEM32\DRIVERS\USBINTEL.SYS
+ 2008-04-13 18:45:43 15,872 ----a-w c:\windows\SYSTEM32\DRIVERS\usbintel.sys
- 2003-08-13 15:23:40 138,752 ----a-w c:\windows\SYSTEM32\DRIVERS\usbport.sys
+ 2008-04-13 18:45:36 143,872 ----a-w c:\windows\SYSTEM32\DRIVERS\usbport.sys
- 2002-08-29 06:50:02 24,960 ----a-w c:\windows\SYSTEM32\DRIVERS\usbprint.sys
+ 2008-04-13 18:47:37 25,856 ----a-w c:\windows\SYSTEM32\DRIVERS\usbprint.sys
- 2002-08-29 05:48:52 14,208 ----a-w c:\windows\SYSTEM32\DRIVERS\usbscan.sys
+ 2008-04-13 18:45:34 15,104 ----a-w c:\windows\SYSTEM32\DRIVERS\usbscan.sys
- 2002-08-29 06:32:52 21,760 ----a-w c:\windows\SYSTEM32\DRIVERS\USBSTOR.SYS
+ 2008-04-13 18:45:38 26,368 ----a-w c:\windows\SYSTEM32\DRIVERS\usbstor.sys
- 2003-08-02 07:34:34 19,328 ----a-w c:\windows\SYSTEM32\DRIVERS\usbuhci.sys
+ 2008-04-13 18:45:35 20,608 ----a-w c:\windows\SYSTEM32\DRIVERS\usbuhci.sys
+ 2008-04-13 18:46:20 121,984 ------w c:\windows\SYSTEM32\DRIVERS\usbvideo.sys
+ 2008-04-14 00:12:08 11,325 ------w c:\windows\SYSTEM32\DRIVERS\vchnt5.dll
- 2002-08-29 10:00:00 19,712 ----a-w c:\windows\SYSTEM32\DRIVERS\VGA.SYS
+ 2008-04-13 18:44:40 20,992 ----a-w c:\windows\SYSTEM32\DRIVERS\vga.sys
- 2001-08-17 18:58:02 27,392 ----a-w c:\windows\SYSTEM32\DRIVERS\VIAAGP.SYS
+ 2008-04-13 18:36:40 42,240 ----a-w c:\windows\SYSTEM32\DRIVERS\viaagp.sys
- 2002-08-29 06:27:50 4,864 ----a-w c:\windows\SYSTEM32\DRIVERS\VIAIDE.SYS
+ 2008-04-13 18:40:31 5,376 ----a-w c:\windows\SYSTEM32\DRIVERS\viaide.sys
- 2002-08-29 10:00:00 70,912 ----a-w c:\windows\SYSTEM32\DRIVERS\VIDEOPRT.SYS
+ 2008-04-13 18:44:40 81,664 ----a-w c:\windows\SYSTEM32\DRIVERS\videoprt.sys
- 2002-08-29 10:00:00 49,152 ----a-w c:\windows\SYSTEM32\DRIVERS\VOLSNAP.SYS
+ 2008-04-13 18:41:01 52,352 ----a-w c:\windows\SYSTEM32\DRIVERS\volsnap.sys
+ 2008-04-13 18:43:55 14,208 ------w c:\windows\SYSTEM32\DRIVERS\wacompen.sys
- 2001-08-17 17:49:22 12,672 ----a-w c:\windows\SYSTEM32\DRIVERS\wADV01nt.sys
+ 2004-08-04 05:29:37 12,415 ----a-w c:\windows\SYSTEM32\DRIVERS\wadv01nt.sys
- 2001-08-17 17:49:26 12,288 ----a-w c:\windows\SYSTEM32\DRIVERS\wADV02NT.sys
+ 2004-08-04 05:29:37 12,127 ----a-w c:\windows\SYSTEM32\DRIVERS\wadv02nt.sys
- 2001-08-17 17:49:32 12,032 ----a-w c:\windows\SYSTEM32\DRIVERS\wADV05NT.sys
+ 2004-08-04 05:29:37 11,775 ----a-w c:\windows\SYSTEM32\DRIVERS\wadv05nt.sys
+ 2004-08-04 05:29:38 11,807 ------w c:\windows\SYSTEM32\DRIVERS\wadv07nt.sys
+ 2004-08-04 05:29:39 11,295 ------w c:\windows\SYSTEM32\DRIVERS\wadv08nt.sys
+ 2004-08-04 05:29:40 11,871 ------w c:\windows\SYSTEM32\DRIVERS\wadv09nt.sys
+ 2004-08-04 05:29:40 11,935 ------w c:\windows\SYSTEM32\DRIVERS\wadv11nt.sys
- 2002-08-29 10:00:00 33,280 ----a-w c:\windows\SYSTEM32\DRIVERS\WANARP.SYS
+ 2008-04-13 18:57:21 34,560 ----a-w c:\windows\SYSTEM32\DRIVERS\wanarp.sys
- 2001-08-17 17:49:34 29,440 ----a-w c:\windows\SYSTEM32\DRIVERS\wATV01nt.sys
+ 2004-08-04 05:29:41 29,311 ----a-w c:\windows\SYSTEM32\DRIVERS\watv01nt.sys
- 2001-08-17 17:49:36 19,456 ----a-w c:\windows\SYSTEM32\DRIVERS\wATV02NT.sys
+ 2004-08-04 05:29:42 19,551 ----a-w c:\windows\SYSTEM32\DRIVERS\watv02nt.sys
- 2001-08-17 17:49:46 31,104 ----a-w c:\windows\SYSTEM32\DRIVERS\wATV04nt.sys
+ 2004-08-04 05:29:43 33,599 ----a-w c:\windows\SYSTEM32\DRIVERS\watv04nt.sys
+ 2004-08-04 05:29:44 22,271 ------w c:\windows\SYSTEM32\DRIVERS\watv06nt.sys
+ 2004-08-04 05:29:45 25,471 ------w c:\windows\SYSTEM32\DRIVERS\watv10nt.sys
- 2001-08-17 17:49:50 23,680 ----a-w c:\windows\SYSTEM32\DRIVERS\wCh7xxNT.sys
+ 2004-08-04 05:29:45 23,615 ----a-w c:\windows\SYSTEM32\DRIVERS\wch7xxnt.sys
- 2002-08-29 07:00:48 77,440 ----a-w c:\windows\SYSTEM32\DRIVERS\wdmaud.sys
+ 2008-04-13 19:17:18 83,072 ----a-w c:\windows\SYSTEM32\DRIVERS\wdmaud.sys
- 2001-08-17 17:49:54 12,160 ----a-w c:\windows\SYSTEM32\DRIVERS\wSiINTxx.sys
+ 2004-08-04 05:29:47 12,063 ----a-w c:\windows\SYSTEM32\DRIVERS\wsiintxx.sys
- 2003-02-17 15:16:32 18,688 ----a-w c:\windows\SYSTEM32\DRIVERS\wstcodec.sys
+ 2008-04-13 18:46:24 19,200 ----a-w c:\windows\SYSTEM32\DRIVERS\wstcodec.sys
- 2001-08-17 17:49:58 18,688 ----a-w c:\windows\SYSTEM32\DRIVERS\wVchNTxx.sys
+ 2004-08-04 05:29:49 19,455 ----a-w c:\windows\SYSTEM32\DRIVERS\wvchntxx.sys
- 2002-12-11 23:50:18 301,712 ----a-w c:\windows\SYSTEM32\drmclien.dll
+ 2008-04-14 00:13:00 299,520 ----a-w c:\windows\SYSTEM32\drmclien.dll
- 2002-12-11 22:34:42 82,432 ----a-w c:\windows\SYSTEM32\drmstor.dll
+ 2008-04-14 00:11:52 87,040 ----a-w c:\windows\SYSTEM32\drmstor.dll
- 2002-12-11 23:09:22 678,912 ----a-w c:\windows\SYSTEM32\drmv2clt.dll
+ 2008-04-14 00:12:57 695,808 ----a-w c:\windows\SYSTEM32\drmv2clt.dll
- 2002-08-29 10:00:00 11,776 ----a-w c:\windows\SYSTEM32\DRPROV.DLL
+ 2008-04-14 00:11:52 14,336 ----a-w c:\windows\SYSTEM32\drprov.dll
- 2002-08-29 10:00:00 16,384 ----a-w c:\windows\SYSTEM32\DS32GT.DLL
+ 2008-04-14 00:11:52 16,384 ----a-w c:\windows\SYSTEM32\ds32gt.dll
- 2002-12-12 05:14:32 186,880 ----a-w c:\windows\SYSTEM32\dsdmo.dll
+ 2008-04-14 00:11:52 181,248 ----a-w c:\windows\SYSTEM32\dsdmo.dll
- 2002-12-12 05:14:32 491,520 ----a-w c:\windows\SYSTEM32\dsdmoprp.dll
+ 2008-04-14 00:11:52 71,680 ----a-w c:\windows\SYSTEM32\dsdmoprp.dll
- 2002-08-29 10:00:00 84,992 ----a-w c:\windows\SYSTEM32\DSKQUOTA.DLL
+ 2008-04-14 00:11:52 92,672 ----a-w c:\windows\SYSTEM32\dskquota.dll
- 2002-08-29 10:00:00 144,384 ----a-w c:\windows\SYSTEM32\DSKQUOUI.DLL
+ 2008-04-14 00:11:52 155,648 ----a-w c:\windows\SYSTEM32\dskquoui.dll
- 2002-12-12 05:14:32 355,328 ----a-w c:\windows\SYSTEM32\dsound.dll
+ 2008-04-14 00:11:52 367,616 ----a-w c:\windows\SYSTEM32\dsound.dll
- 2002-12-12 05:14:32 1,294,336 ----a-w c:\windows\SYSTEM32\dsound3d.dll
+ 2008-04-14 00:11:52 1,293,824 ----a-w c:\windows\SYSTEM32\dsound3d.dll
- 2002-08-29 10:00:00 135,680 ----a-w c:\windows\SYSTEM32\DSPROP.DLL
+ 2008-04-14 00:11:52 142,848 ----a-w c:\windows\SYSTEM32\dsprop.dll
- 2002-08-29 10:00:00 3,584 ----a-w c:\windows\SYSTEM32\DSPRPRES.DLL
+ 2008-04-13 17:09:30 4,096 ----a-w c:\windows\SYSTEM32\dsprpres.dll
- 2002-08-29 10:00:00 227,840 ----a-w c:\windows\SYSTEM32\DSQUERY.DLL
+ 2008-04-14 00:11:52 239,104 ----a-w c:\windows\SYSTEM32\dsquery.dll
- 2002-08-29 10:00:00 47,104 ----a-w c:\windows\SYSTEM32\DSSEC.DLL
+ 2008-04-14 00:11:52 51,200 ----a-w c:\windows\SYSTEM32\dssec.dll
- 2002-08-29 10:00:00 124,928 ----a-w c:\windows\SYSTEM32\DSSENH.DLL
+ 2008-04-13 17:37:57 138,752 ----a-w c:\windows\SYSTEM32\dssenh.dll
- 2002-08-29 10:00:00 106,496 ----a-w c:\windows\SYSTEM32\DSUIEXT.DLL
+ 2008-04-14 00:11:52 113,152 ----a-w c:\windows\SYSTEM32\dsuiext.dll
- 2002-12-12 05:14:32 18,432 ----a-w c:\windows\SYSTEM32\dswave.dll
+ 2008-04-14 00:11:52 19,456 ----a-w c:\windows\SYSTEM32\dswave.dll
- 2002-08-29 10:00:00 9,216 ----a-w c:\windows\SYSTEM32\DUMPREP.EXE
+ 2008-04-14 00:12:18 10,752 ----a-w c:\windows\SYSTEM32\dumprep.exe
- 2002-08-29 10:00:00 263,680 ----a-w c:\windows\SYSTEM32\DUSER.DLL
+ 2008-04-14 00:11:52 304,128 ----a-w c:\windows\SYSTEM32\duser.dll
- 2002-08-29 10:00:00 15,872 ----a-w c:\windows\SYSTEM32\DVDUPGRD.EXE
+ 2008-04-14 00:12:18 17,920 ----a-w c:\windows\SYSTEM32\dvdupgrd.exe
- 2002-08-29 10:00:00 180,224 ----a-w c:\windows\SYSTEM32\DWWIN.EXE
+ 2008-04-14 00:12:18 180,224 ----a-w c:\windows\SYSTEM32\dwwin.exe
- 2002-12-12 05:14:32 602,624 ----a-w c:\windows\SYSTEM32\dx7vb.dll
+ 2008-04-14 00:11:52 619,008 ----a-w c:\windows\SYSTEM32\dx7vb.dll
- 2003-05-30 14:00:02 1,189,888 ----a-w c:\windows\SYSTEM32\dx8vb.dll
+ 2008-04-14 00:11:52 1,227,264 ----a-w c:\windows\SYSTEM32\dx8vb.dll
- 2003-05-30 14:00:02 937,984 ----a-w c:\windows\SYSTEM32\dxdiag.exe
+ 2008-04-14 00:12:18 1,298,432 ----a-w c:\windows\SYSTEM32\dxdiag.exe
- 2003-05-30 14:00:02 1,675,264 ----a-w c:\windows\SYSTEM32\dxdiagn.dll
+ 2008-04-14 00:11:52 2,113,536 ----a-w c:\windows\SYSTEM32\dxdiagn.dll
- 2002-08-29 10:00:00 498,205 ----a-w c:\windows\SYSTEM32\DXMASF.DLL
+ 2008-04-14 00:11:52 498,742 ----a-w c:\windows\SYSTEM32\dxmasf.dll
- 2002-08-29 10:00:00 337,920 ----a-w c:\windows\SYSTEM32\DXTMSFT.DLL
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
- 2002-08-29 10:00:00 194,560 ----a-w c:\windows\SYSTEM32\DXTRANS.DLL
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2008-04-14 00:11:52 30,720 ------w c:\windows\SYSTEM32\eapolqec.dll
+ 2008-04-14 00:11:52 184,832 ------w c:\windows\SYSTEM32\eapp3hst.dll
+ 2008-04-14 00:11:52 126,976 ------w c:\windows\SYSTEM32\eappcfg.dll
+ 2008-04-14 00:11:52 94,208 ------w c:\windows\SYSTEM32\eappgnui.dll
+ 2008-04-14 00:11:52 180,224 ------w c:\windows\SYSTEM32\eapphost.dll
+ 2008-04-14 00:11:52 40,960 ------w c:\windows\SYSTEM32\eappprxy.dll
+ 2008-04-14 00:11:52 59,392 ------w c:\windows\SYSTEM32\eapqec.dll
+ 2008-04-14 00:11:52 33,792 ------w c:\windows\SYSTEM32\eapsvc.dll
- 2002-08-29 10:00:00 165,376 ----a-w c:\windows\SYSTEM32\ELS.DLL
+ 2008-04-14 00:11:53 183,296 ----a-w c:\windows\SYSTEM32\els.dll
+ 2008-04-14 00:11:57 28,672 ------w c:\windows\SYSTEM32\en\microsoft.managementconsole.resources.dll
+ 2008-04-14 00:11:57 40,960 ------w c:\windows\SYSTEM32\en\mmcex.resources.dll
+ 2008-04-14 00:11:57 6,656 ------w c:\windows\SYSTEM32\en\mmcfxcommon.resources.dll
- 2002-12-12 05:14:32 18,944 ----a-w c:\windows\SYSTEM32\encapi.dll
+ 2008-04-14 00:11:53 20,480 ----a-w c:\windows\SYSTEM32\encapi.dll
- 2002-08-29 10:00:00 155,648 ----a-w c:\windows\SYSTEM32\ENCDEC.DLL
+ 2008-04-14 00:11:53 186,880 ----a-w c:\windows\SYSTEM32\encdec.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\SYSTEM32\ERSVC.DLL
+ 2008-04-14 00:11:53 23,040 ----a-w c:\windows\SYSTEM32\ersvc.dll
- 2004-03-06 02:16:12 226,816 ----a-w c:\windows\SYSTEM32\ES.DLL
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\SYSTEM32\es.dll
- 2002-08-29 10:00:00 1,018,368 ----a-w c:\windows\SYSTEM32\ESENT.DLL
+ 2008-04-14 00:11:53 1,082,368 ----a-w c:\windows\SYSTEM32\esent.dll
- 2002-08-29 10:00:00 178,688 ----a-w c:\windows\SYSTEM32\EUDCEDIT.EXE
+ 2008-04-14 00:12:19 193,024 ----a-w c:\windows\SYSTEM32\eudcedit.exe
- 2002-08-29 10:00:00 49,152 ----a-w c:\windows\SYSTEM32\EVENTLOG.DLL
+ 2008-04-14 00:11:53 56,320 ----a-w c:\windows\SYSTEM32\eventlog.dll
- 2004-01-10 11:37:02 380,957 ----a-w c:\windows\SYSTEM32\expsrv.dll
+ 2008-04-14 00:11:53 380,445 ----a-w c:\windows\SYSTEM32\expsrv.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\SYSTEM32\extmgr.dll
- 2002-08-29 10:00:00 40,960 ----a-w c:\windows\SYSTEM32\EXTRAC32.EXE
+ 2008-04-14 00:12:19 24,064 ----a-w c:\windows\SYSTEM32\extrac32.exe
- 2002-08-29 10:00:00 121,856 ----a-w c:\windows\SYSTEM32\EXTS.DLL
+ 2008-04-14 00:11:53 125,952 ----a-w c:\windows\SYSTEM32\exts.dll
- 2002-08-29 10:00:00 66,560 ----a-w c:\windows\SYSTEM32\FAULTREP.DLL
+ 2008-04-14 00:11:53 80,384 ----a-w c:\windows\SYSTEM32\faultrep.dll
+ 2008-04-14 00:12:20 20,992 ------w c:\windows\SYSTEM32\faxpatch.exe
- 2002-08-29 10:00:00 18,432 ----a-w c:\windows\SYSTEM32\FECLIENT.DLL
+ 2008-04-14 00:11:53 21,504 ----a-w c:\windows\SYSTEM32\feclient.dll
- 2002-08-29 10:00:00 323,072 ----a-w c:\windows\SYSTEM32\FILEMGMT.DLL
+ 2008-04-14 00:11:53 337,920 ----a-w c:\windows\SYSTEM32\filemgmt.dll
- 2002-08-29 10:00:00 25,088 ----a-w c:\windows\SYSTEM32\FINDSTR.EXE
+ 2008-04-14 00:12:20 27,136 ----a-w c:\windows\SYSTEM32\findstr.exe
- 2004-08-20 22:01:15 82,432 ----a-w c:\windows\SYSTEM32\fldrclnr.dll
+ 2008-04-14 00:11:53 87,552 ----a-w c:\windows\SYSTEM32\fldrclnr.dll
+ 2008-04-14 00:11:53 16,896 ------w c:\windows\SYSTEM32\fltlib.dll
+ 2008-04-14 00:12:20 23,040 ------w c:\windows\SYSTEM32\fltmc.exe
- 2005-06-20 14:56:37 239,944 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2009-01-19 06:53:54 241,536 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
- 2002-08-29 10:00:00 361,472 ----a-w c:\windows\SYSTEM32\FONTEXT.DLL
+ 2008-04-14 00:11:53 382,976 ----a-w c:\windows\SYSTEM32\fontext.dll
- 2002-08-29 10:00:00 79,360 ----a-w c:\windows\SYSTEM32\FONTSUB.DLL
+ 2008-04-14 00:11:53 80,896 ----a-w c:\windows\SYSTEM32\fontsub.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\SYSTEM32\FONTVIEW.EXE
+ 2008-04-14 00:12:20 20,992 ----a-w c:\windows\SYSTEM32\fontview.exe
- 2002-08-29 10:00:00 7,168 ----a-w c:\windows\SYSTEM32\FORCEDOS.EXE
+ 2008-04-14 00:12:20 7,680 ----a-w c:\windows\SYSTEM32\forcedos.exe
- 2002-08-29 10:00:00 25,600 ----a-w c:\windows\SYSTEM32\FORMAT.COM
+ 2008-04-14 00:12:42 29,696 ----a-w c:\windows\SYSTEM32\format.com
- 2002-08-29 10:00:00 8,832 ----a-w c:\windows\SYSTEM32\FRAMEBUF.DLL
+ 2008-04-14 00:09:33 9,344 ----a-w c:\windows\SYSTEM32\framebuf.dll
+ 2008-04-14 00:12:20 193,024 ------w c:\windows\SYSTEM32\fsquirt.exe
- 2002-08-29 10:00:00 40,448 ----a-w c:\windows\SYSTEM32\FTP.EXE
+ 2008-04-14 00:12:20 42,496 ----a-w c:\windows\SYSTEM32\ftp.exe
+ 2008-04-14 00:11:53 60,416 ------w c:\windows\SYSTEM32\fwcfg.dll
- 2002-08-29 10:00:00 443,392 ----a-w c:\windows\SYSTEM32\fxsapi.dll
+ 2008-04-14 00:11:53 451,584 ----a-w c:\windows\SYSTEM32\fxsapi.dll
- 2002-08-29 10:00:00 130,048 ----a-w c:\windows\SYSTEM32\fxsclnt.exe
+ 2008-04-14 00:12:21 142,848 ----a-w c:\windows\SYSTEM32\fxsclnt.exe
- 2002-08-29 10:00:00 68,096 ----a-w c:\windows\SYSTEM32\fxscom.dll
+ 2008-04-14 00:11:54 72,192 ----a-w c:\windows\SYSTEM32\fxscom.dll
- 2002-08-29 10:00:00 271,360 ----a-w c:\windows\SYSTEM32\fxscomex.dll
+ 2008-04-14 00:11:54 285,184 ----a-w c:\windows\SYSTEM32\fxscomex.dll
- 2002-08-29 10:00:00 216,064 ----a-w c:\windows\SYSTEM32\fxscover.exe
+ 2008-04-14 00:12:21 229,376 ----a-w c:\windows\SYSTEM32\fxscover.exe
- 2002-08-29 10:00:00 24,064 ----a-w c:\windows\SYSTEM32\fxsdrv.dll
+ 2008-04-14 00:11:54 26,624 ----a-w c:\windows\SYSTEM32\fxsdrv.dll
- 2002-08-29 10:00:00 53,760 ----a-w c:\windows\SYSTEM32\fxsevent.dll
+ 2008-04-14 00:11:54 55,296 ----a-w c:\windows\SYSTEM32\fxsevent.dll
- 2002-08-29 10:00:00 20,992 ----a-w c:\windows\SYSTEM32\fxsext32.dll
+ 2008-04-14 00:11:54 23,552 ----a-w c:\windows\SYSTEM32\fxsext32.dll
- 2002-08-29 10:00:00 22,016 ----a-w c:\windows\SYSTEM32\fxsmon.dll
+ 2008-04-14 00:11:54 23,552 ----a-w c:\windows\SYSTEM32\fxsmon.dll
- 2002-08-29 10:00:00 7,168 ----a-w c:\windows\SYSTEM32\fxsperf.dll
+ 2008-04-14 00:11:54 8,704 ----a-w c:\windows\SYSTEM32\fxsperf.dll
- 2002-08-29 10:00:00 6,656 ----a-w c:\windows\SYSTEM32\fxsres.dll
+ 2008-04-14 00:09:33 6,656 ----a-w c:\windows\SYSTEM32\fxsres.dll
- 2002-08-29 10:00:00 559,616 ----a-w c:\windows\SYSTEM32\fxsst.dll
+ 2008-04-14 00:11:54 562,176 ----a-w c:\windows\SYSTEM32\fxsst.dll
- 2002-08-29 10:00:00 250,368 ----a-w c:\windows\SYSTEM32\fxssvc.exe
+ 2008-04-14 00:12:21 267,776 ----a-w c:\windows\SYSTEM32\fxssvc.exe
- 2002-08-29 10:00:00 236,032 ----a-w c:\windows\SYSTEM32\fxst30.dll
+ 2008-04-14 00:11:54 246,272 ----a-w c:\windows\SYSTEM32\fxst30.dll
- 2002-08-29 10:00:00 391,168 ----a-w c:\windows\SYSTEM32\fxstiff.dll
+ 2008-04-14 00:11:54 397,312 ----a-w c:\windows\SYSTEM32\fxstiff.dll
- 2002-08-29 10:00:00 149,504 ----a-w c:\windows\SYSTEM32\fxsui.dll
+ 2008-04-14 00:11:54 154,112 ----a-w c:\windows\SYSTEM32\fxsui.dll
- 2002-08-29 10:00:00 185,856 ----a-w c:\windows\SYSTEM32\fxswzrd.dll
+ 2008-04-14 00:11:54 192,512 ----a-w c:\windows\SYSTEM32\fxswzrd.dll
- 2002-08-29 10:00:00 395,264 ----a-w c:\windows\SYSTEM32\fxsxp32.dll
+ 2008-04-14 00:11:54 400,384 ----a-w c:\windows\SYSTEM32\fxsxp32.dll
- 2004-03-30 01:48:36 257,536 ----a-w c:\windows\SYSTEM32\GDI32.DLL
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
- 2002-08-29 10:00:00 116,736 ----a-w c:\windows\SYSTEM32\GLU32.DLL
+ 2008-04-14 00:11:54 122,880 ----a-w c:\windows\SYSTEM32\glu32.dll
- 2002-08-29 10:00:00 9,728 ----a-w c:\windows\SYSTEM32\GPKRSRC.DLL
+ 2006-12-31 01:26:44 9,728 ----a-w c:\windows\SYSTEM32\gpkrsrc.dll
- 2004-07-29 22:50:08 38,400 ----a-w c:\windows\SYSTEM32\grpconv.exe
+ 2008-04-14 00:12:21 39,424 ----a-w c:\windows\SYSTEM32\grpconv.exe
- 2004-03-30 01:48:36 593,408 ----a-w c:\windows\SYSTEM32\H323MSP.DLL
+ 2008-04-14 00:11:54 614,912 ----a-w c:\windows\SYSTEM32\h323msp.dll
- 2002-08-29 06:05:04 127,872 ----a-w c:\windows\SYSTEM32\hal.dll
+ 2008-04-13 18:31:28 131,840 ----a-w c:\windows\SYSTEM32\HAL.DLL
- 2003-08-02 07:34:32 5,632 ----a-w c:\windows\SYSTEM32\hccoin.dll
+ 2008-04-14 00:11:54 7,168 ----a-w c:\windows\SYSTEM32\hccoin.dll
- 2003-04-07 05:05:16 118,784 ----a-w c:\windows\SYSTEM32\hccutils.dll
+ 2005-10-19 13:59:12 118,784 ----a-w c:\windows\SYSTEM32\hccutils.dll
- 2002-08-29 10:00:00 14,848 ----a-w c:\windows\SYSTEM32\HELP.EXE
+ 2008-04-14 00:12:21 15,872 ----a-w c:\windows\SYSTEM32\help.exe
- 2005-05-27 01:59:52 38,912 ----a-w c:\windows\SYSTEM32\hhsetup.dll
+ 2008-04-14 00:11:54 41,472 ----a-w c:\windows\SYSTEM32\hhsetup.dll
- 2002-08-29 10:00:00 22,528 ----a-w c:\windows\SYSTEM32\HID.DLL
+ 2008-04-14 00:11:54 20,992 ----a-w c:\windows\SYSTEM32\hid.dll
+ 2005-10-19 13:59:12 126,976 ----a-w c:\windows\SYSTEM32\hkcmd.exe
- 2004-11-16 21:32:24 68,096 ----a-w c:\windows\SYSTEM32\hlink.dll
+ 2008-04-14 00:11:54 72,704 ----a-w c:\windows\SYSTEM32\hlink.dll
- 2002-08-29 10:00:00 240,640 ----a-w c:\windows\SYSTEM32\HNETCFG.DLL
+ 2008-04-14 00:11:54 344,064 ----a-w c:\windows\SYSTEM32\hnetcfg.dll
- 2003-04-24 21:27:50 315,392 ----a-w c:\windows\SYSTEM32\hnetwiz.dll
+ 2008-04-14 00:11:54 330,752 ----a-w c:\windows\SYSTEM32\hnetwiz.dll
- 2002-08-29 10:00:00 137,216 ----a-w c:\windows\SYSTEM32\HOTPLUG.DLL
+ 2008-04-14 00:11:54 144,896 ----a-w c:\windows\SYSTEM32\hotplug.dll
+ 2008-04-14 00:11:54 32,285 ------w c:\windows\SYSTEM32\hsfcisp2.dll
+ 2008-04-14 00:11:54 24,576 ------w c:\windows\SYSTEM32\httpapi.dll
- 2002-08-29 10:00:00 39,936 ----a-w c:\windows\SYSTEM32\HTUI.DLL
+ 2008-04-14 00:11:54 41,984 ----a-w c:\windows\SYSTEM32\htui.dll
- 2004-11-17 17:57:01 493,056 ----a-w c:\windows\SYSTEM32\hypertrm.dll
+ 2008-04-14 00:11:54 347,136 ----a-w c:\windows\SYSTEM32\hypertrm.dll
- 2001-08-18 03:36:02 585,344 ----a-w c:\windows\SYSTEM32\I81XDNT5.DLL
+ 2008-04-14 00:11:54 702,845 ----a-w c:\windows\SYSTEM32\i81xdnt5.dll
+ 2005-10-19 13:59:12 61,440 ----a-w c:\windows\SYSTEM32\iAlmCoIn_v4342.dll
- 2003-04-15 15:39:10 459,330 ----a-w c:\windows\SYSTEM32\ialmdd5.dll
+ 2005-10-19 13:59:12 879,228 ----a-w c:\windows\SYSTEM32\ialmdd5.dll
- 2003-04-15 15:39:36 187,963 ----a-w c:\windows\SYSTEM32\ialmdev5.dll
+ 2005-10-19 13:59:12 178,844 ----a-w c:\windows\SYSTEM32\ialmdev5.dll
- 2003-04-15 15:39:44 115,772 ----a-w c:\windows\SYSTEM32\ialmdnt5.dll
+ 2005-10-19 13:59:12 108,157 ----a-w c:\windows\SYSTEM32\ialmdnt5.dll
- 2003-04-15 15:20:48 188,416 ----a-w c:\windows\SYSTEM32\ialmgdev.dll
+ 2005-10-19 13:59:12 516,096 ----a-w c:\windows\SYSTEM32\ialmgdev.dll
- 2003-04-15 15:20:12 1,859,584 ----a-w c:\windows\SYSTEM32\ialmgicd.dll
+ 2005-10-19 13:59:12 2,289,664 ----a-w c:\windows\SYSTEM32\ialmgicd.dll
- 2003-04-15 15:40:40 73,728 ----a-w c:\windows\SYSTEM32\ialmrem.dll
+ 2005-10-19 13:59:12 49,152 ----a-w c:\windows\SYSTEM32\ialmrem.dll
- 2003-04-15 15:40:56 33,792 ----a-w c:\windows\SYSTEM32\ialmrnt5.dll
+ 2005-10-19 13:59:12 38,016 ----a-w c:\windows\SYSTEM32\ialmrnt5.dll
- 2002-08-29 10:00:00 116,224 ----a-w c:\windows\SYSTEM32\IASRAD.DLL
+ 2008-04-14 00:11:54 119,808 ----a-w c:\windows\SYSTEM32\iasrad.dll
- 2002-08-29 10:00:00 9,216 ----a-w c:\windows\SYSTEM32\ICAAPI.DLL
+ 2008-04-14 00:11:54 11,264 ----a-w c:\windows\SYSTEM32\icaapi.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
- 2002-08-29 10:00:00 110,592 ----a-w c:\windows\SYSTEM32\ICCVID.DLL
+ 2008-04-14 00:11:54 80,384 ----a-w c:\windows\SYSTEM32\iccvid.dll
- 2002-08-29 10:00:00 236,032 ----a-w c:\windows\SYSTEM32\ICM32.DLL
+ 2008-04-14 00:11:54 254,976 ----a-w c:\windows\SYSTEM32\icm32.dll
- 2002-08-29 10:00:00 3,072 ----a-w c:\windows\SYSTEM32\ICMP.DLL
+ 2008-04-14 00:09:40 3,584 ----a-w c:\windows\SYSTEM32\icmp.dll
- 2002-08-29 10:00:00 69,632 ----a-w c:\windows\SYSTEM32\ICWDIAL.DLL
+ 2008-04-14 00:11:54 73,728 ----a-w c:\windows\SYSTEM32\icwdial.dll
- 2002-08-29 10:00:00 61,440 ----a-w c:\windows\SYSTEM32\ICWPHBK.DLL
+ 2008-04-14 00:11:54 65,536 ----a-w c:\windows\SYSTEM32\icwphbk.dll
+ 2006-06-29 13:05:44 26,112 ------w c:\windows\SYSTEM32\idndl.dll
- 2002-08-29 10:00:00 113,152 ----a-w c:\windows\SYSTEM32\IDQ.DLL
+ 2008-04-14 00:11:54 120,832 ----a-w c:\windows\SYSTEM32\idq.dll
- 2002-08-29 10:00:00 28,672 ----a-w c:\windows\SYSTEM32\IE4UINIT.EXE
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\SYSTEM32\ie4uinit.exe
- 2002-08-29 10:00:00 126,976 ----a-w c:\windows\SYSTEM32\IEAKENG.DLL
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\SYSTEM32\ieakeng.dll
- 2002-08-29 10:00:00 204,288 ----a-w c:\windows\SYSTEM32\IEAKSIE.DLL
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\SYSTEM32\ieaksie.dll
- 2002-08-29 10:00:00 221,184 ----a-w c:\windows\SYSTEM32\IEAKUI.DLL
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\SYSTEM32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dat
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
- 2002-08-29 10:00:00 294,912 ----a-w c:\windows\SYSTEM32\IEDKCS32.DLL
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\SYSTEM32\iedkcs32.dll
+ 2008-04-14 00:11:54 81,920 ------w c:\windows\SYSTEM32\ieencode.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
- 2005-02-18 17:43:20 236,032 ----a-w c:\windows\SYSTEM32\IEPEERS.DLL
+ 2007-08-13 23:54:10 191,488 ----a-w c:\windows\SYSTEM32\iepeers.dll
- 2002-08-29 10:00:00 23,040 ----a-w c:\windows\SYSTEM32\IERNONCE.DLL
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\SYSTEM32\iernonce.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
- 2002-08-29 10:00:00 59,392 ----a-w c:\windows\SYSTEM32\IESETUP.DLL
+ 2007-08-13 23:39:12 55,296 ----a-w c:\windows\SYSTEM32\iesetup.dll
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
+ 2007-08-13 23:54:10 180,736 ------w c:\windows\SYSTEM32\ieui.dll
- 2002-08-29 10:00:00 99,840 ----a-w c:\windows\SYSTEM32\IEXPRESS.EXE
+ 2008-04-14 00:12:22 114,688 ----a-w c:\windows\SYSTEM32\iexpress.exe
- 2002-08-29 10:00:00 125,952 ----a-w c:\windows\SYSTEM32\IFMON.DLL
+ 2008-04-14 00:11:54 135,680 ----a-w c:\windows\SYSTEM32\ifmon.dll
- 2003-04-07 05:13:58 487,424 ----a-w c:\windows\SYSTEM32\igfxcfg.exe
+ 2005-10-19 13:59:12 503,808 ----a-w c:\windows\SYSTEM32\igfxcfg.exe
- 2003-04-07 05:04:54 147,456 ----a-w c:\windows\SYSTEM32\igfxdev.dll
+ 2005-10-19 13:59:12 139,264 ----a-w c:\windows\SYSTEM32\igfxdev.dll
- 2003-04-07 05:15:52 45,056 ----a-w c:\windows\SYSTEM32\igfxdgps.dll
+ 2005-10-19 13:59:12 45,056 ----a-w c:\windows\SYSTEM32\igfxdgps.dll
- 2003-04-07 05:15:50 151,552 ----a-w c:\windows\SYSTEM32\igfxdiag.exe
+ 2005-10-19 13:59:12 151,552 ----a-w c:\windows\SYSTEM32\igfxdiag.exe
- 2003-04-07 05:04:14 86,016 ----a-w c:\windows\SYSTEM32\igfxdo.dll
+ 2005-10-19 13:59:12 86,016 ----a-w c:\windows\SYSTEM32\igfxdo.dll
- 2003-04-07 05:17:44 221,184 ----a-w c:\windows\SYSTEM32\igfxeud.dll
+ 2005-10-19 13:59:12 225,280 ----a-w c:\windows\SYSTEM32\igfxeud.dll
- 2003-04-07 05:20:14 32,768 ----a-w c:\windows\SYSTEM32\igfxexps.dll
+ 2005-10-19 13:59:12 36,864 ----a-w c:\windows\SYSTEM32\igfxexps.dll
- 2003-04-07 05:20:10 90,112 ----a-w c:\windows\SYSTEM32\igfxext.exe
+ 2005-10-19 13:59:12 106,496 ----a-w c:\windows\SYSTEM32\igfxext.exe
- 2003-04-07 05:07:12 118,784 ----a-w c:\windows\SYSTEM32\igfxhk.dll
+ 2005-10-19 13:59:14 126,976 ----a-w c:\windows\SYSTEM32\igfxhk.dll
- 2003-04-07 05:18:56 204,800 ----a-w c:\windows\SYSTEM32\igfxpph.dll
+ 2005-10-19 13:59:14 225,280 ----a-w c:\windows\SYSTEM32\igfxpph.dll
- 2003-04-07 05:05:42 503,808 ----a-w c:\windows\SYSTEM32\igfxress.dll
+ 2005-10-19 13:59:14 1,245,184 ----a-w c:\windows\SYSTEM32\igfxress.dll
- 2003-04-07 05:06:48 315,392 ----a-w c:\windows\SYSTEM32\igfxsrvc.dll
+ 2005-10-19 13:59:14 348,160 ----a-w c:\windows\SYSTEM32\igfxsrvc.dll
+ 2005-10-19 13:59:14 114,688 ----a-w c:\windows\SYSTEM32\igfxzoom.exe
- 2002-08-29 10:00:00 8,192 ----a-w c:\windows\SYSTEM32\IGMPAGNT.DLL
+ 2008-04-14 00:11:54 8,192 ----a-w c:\windows\SYSTEM32\igmpagnt.dll
- 2002-08-29 10:00:00 73,728 ----a-w c:\windows\SYSTEM32\ILS.DLL
+ 2008-04-14 00:11:54 81,920 ----a-w c:\windows\SYSTEM32\ils.dll
- 2002-08-29 10:00:00 126,976 ----a-w c:\windows\SYSTEM32\IMAGEHLP.DLL
+ 2008-04-14 00:11:54 144,384 ----a-w c:\windows\SYSTEM32\imagehlp.dll
- 2002-08-29 10:00:00 123,904 ----a-w c:\windows\SYSTEM32\IMAPI.EXE
+ 2008-04-14 00:12:22 150,528 ----a-w c:\windows\SYSTEM32\imapi.exe
- 2002-08-29 10:00:00 36,922 ----a-w c:\windows\SYSTEM32\IMESHARE.DLL
+ 2008-04-14 00:11:54 36,921 ----a-w c:\windows\SYSTEM32\imeshare.dll
- 2002-08-29 10:00:00 30,208 ----a-w c:\windows\SYSTEM32\IMGUTIL.DLL
+ 2007-08-13 23:36:06 36,352 ----a-w c:\windows\SYSTEM32\imgutil.dll
- 2002-08-29 10:00:00 103,936 ----a-w c:\windows\SYSTEM32\IMM32.DLL
+ 2008-04-14 00:11:54 110,080 ----a-w c:\windows\SYSTEM32\imm32.dll
- 2002-08-29 10:00:00 266,240 ----a-w c:\windows\SYSTEM32\INETCFG.DLL
+ 2008-04-14 00:11:54 274,432 ----a-w c:\windows\SYSTEM32\inetcfg.dll
- 2005-05-03 20:26:50 596,480 ----a-w c:\windows\SYSTEM32\INETCOMM.DLL
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\SYSTEM32\inetcomm.dll
- 2002-08-29 10:00:00 31,232 ----a-w c:\windows\SYSTEM32\INETMIB1.DLL
+ 2008-04-14 00:11:55 32,768 ----a-w c:\windows\SYSTEM32\inetmib1.dll
- 2002-08-29 10:00:00 68,096 ----a-w c:\windows\SYSTEM32\INETPP.DLL
+ 2008-04-14 00:11:55 75,264 ----a-w c:\windows\SYSTEM32\inetpp.dll
- 2002-08-29 10:00:00 14,336 ----a-w c:\windows\SYSTEM32\INETPPUI.DLL
+ 2008-04-14 00:11:55 15,872 ----a-w c:\windows\SYSTEM32\inetppui.dll
- 2002-10-11 20:08:36 47,616 ----a-w c:\windows\SYSTEM32\INETRES.DLL
+ 2008-04-13 16:22:12 48,128 ----a-w c:\windows\SYSTEM32\inetres.dll
- 2002-08-29 10:00:00 144,896 ----a-w c:\windows\SYSTEM32\INITPKI.DLL
+ 2008-04-14 00:11:55 147,456 ----a-w c:\windows\SYSTEM32\initpki.dll
- 2002-08-29 10:00:00 114,176 ----a-w c:\windows\SYSTEM32\INPUT.DLL
+ 2008-04-14 00:11:55 123,392 ----a-w c:\windows\SYSTEM32\input.dll
- 2004-08-26 14:53:48 69,632 ----a-w c:\windows\SYSTEM32\INSENG.DLL
+ 2007-08-13 23:39:02 92,672 ----a-w c:\windows\SYSTEM32\inseng.dll
- 2002-08-29 10:00:00 51,712 ----a-w c:\windows\SYSTEM32\IPCONFIG.EXE
+ 2008-04-14 00:12:22 55,808 ----a-w c:\windows\SYSTEM32\ipconfig.exe
- 2002-08-29 10:00:00 82,944 ----a-w c:\windows\SYSTEM32\IPHLPAPI.DLL
+ 2008-04-14 00:11:55 94,720 ----a-w c:\windows\SYSTEM32\iphlpapi.dll
- 2002-08-29 10:00:00 154,112 ----a-w c:\windows\SYSTEM32\IPMONTR.DLL
+ 2008-04-14 00:11:55 161,280 ----a-w c:\windows\SYSTEM32\ipmontr.dll
- 2004-03-30 01:48:36 439,808 ----a-w c:\windows\SYSTEM32\IPNATHLP.DLL
+ 2008-04-14 00:11:55 331,264 ----a-w c:\windows\SYSTEM32\ipnathlp.dll
- 2002-08-29 10:00:00 318,464 ----a-w c:\windows\SYSTEM32\IPPROMON.DLL
+ 2008-04-14 00:11:55 330,752 ----a-w c:\windows\SYSTEM32\ippromon.dll
- 2002-08-29 10:00:00 169,984 ----a-w c:\windows\SYSTEM32\IPRTRMGR.DLL
+ 2008-04-14 00:11:55 177,152 ----a-w c:\windows\SYSTEM32\iprtrmgr.dll
- 2002-08-29 10:00:00 332,800 ----a-w c:\windows\SYSTEM32\IPSECSNP.DLL
+ 2008-04-14 00:11:55 349,696 ----a-w c:\windows\SYSTEM32\ipsecsnp.dll
- 2002-08-29 10:00:00 155,648 ----a-w c:\windows\SYSTEM32\IPSECSVC.DLL
+ 2008-04-14 00:11:55 183,808 ----a-w c:\windows\SYSTEM32\ipsecsvc.dll
- 2002-08-29 10:00:00 364,032 ----a-w c:\windows\SYSTEM32\IPSMSNAP.DLL
+ 2008-04-14 00:11:55 384,000 ----a-w c:\windows\SYSTEM32\ipsmsnap.dll
- 2002-08-29 10:00:00 60,928 ----a-w c:\windows\SYSTEM32\IPV6.EXE
+ 2008-04-14 00:12:23 53,248 ----a-w c:\windows\SYSTEM32\ipv6.exe
- 2002-08-29 10:00:00 134,144 ----a-w c:\windows\SYSTEM32\IPV6MON.DLL
+ 2008-04-14 00:11:55 59,904 ----a-w c:\windows\SYSTEM32\ipv6mon.dll
- 2002-08-29 10:00:00 22,016 ----a-w c:\windows\SYSTEM32\IPXROUTE.EXE
+ 2008-04-14 00:12:23 23,552 ----a-w c:\windows\SYSTEM32\ipxroute.exe
- 2002-08-29 10:00:00 20,992 ----a-w c:\windows\SYSTEM32\IPXWAN.DLL
+ 2008-04-14 00:11:55 22,016 ----a-w c:\windows\SYSTEM32\ipxwan.dll
- 2002-11-14 17:58:02 120,320 ----a-w c:\windows\SYSTEM32\ir41_qc.dll
+ 2008-04-14 00:11:55 120,320 ----a-w c:\windows\SYSTEM32\ir41_qc.dll
- 2002-11-14 17:58:02 338,432 ----a-w c:\windows\SYSTEM32\ir41_qcx.dll
+ 2008-04-14 00:11:55 338,432 ----a-w c:\windows\SYSTEM32\ir41_qcx.dll
- 2002-11-14 17:58:02 755,200 ----a-w c:\windows\SYSTEM32\ir50_32.dll
+ 2008-04-14 00:11:55 755,200 ----a-w c:\windows\SYSTEM32\ir50_32.dll
- 2002-11-14 17:58:04 200,192 ----a-w c:\windows\SYSTEM32\ir50_qc.dll
+ 2008-04-14 00:11:55 200,192 ----a-w c:\windows\SYSTEM32\ir50_qc.dll
- 2002-11-14 17:58:04 183,808 ----a-w c:\windows\SYSTEM32\ir50_qcx.dll
+ 2008-04-14 00:11:55 183,808 ----a-w c:\windows\SYSTEM32\ir50_qcx.dll
- 2002-08-29 10:00:00 77,824 ----a-w c:\windows\SYSTEM32\ISIGN32.DLL
+ 2008-04-14 00:11:55 81,920 ----a-w c:\windows\SYSTEM32\isign32.dll
- 2002-08-29 10:00:00 28,672 ----a-w c:\windows\SYSTEM32\ISRDBG32.DLL
+ 2008-04-14 00:11:55 32,768 ----a-w c:\windows\SYSTEM32\isrdbg32.dll
- 2005-05-27 01:59:52 143,872 ----a-w c:\windows\SYSTEM32\itircl.dll
+ 2008-04-14 00:11:55 155,136 ----a-w c:\windows\SYSTEM32\itircl.dll
- 2005-05-27 01:59:52 128,000 ----a-w c:\windows\SYSTEM32\itss.dll
+ 2008-04-14 00:11:55 138,240 ----a-w c:\windows\SYSTEM32\itss.dll
- 2004-08-03 19:04:40 185,624 ----a-w c:\windows\SYSTEM32\iuengine.dll
+ 2008-04-14 00:11:55 191,488 ----a-w c:\windows\SYSTEM32\iuengine.dll
- 2002-08-29 10:00:00 49,664 ----a-w c:\windows\SYSTEM32\IXSSO.DLL
+ 2008-04-14 00:11:55 54,272 ----a-w c:\windows\SYSTEM32\ixsso.dll
- 2002-08-29 10:00:00 45,568 ----a-w c:\windows\SYSTEM32\IYUV_32.DLL
+ 2008-04-14 00:11:55 47,616 ----a-w c:\windows\SYSTEM32\iyuv_32.dll
- 2002-08-29 10:00:00 144,896 ----a-w c:\windows\SYSTEM32\JGDW400.DLL
+ 2008-04-14 00:11:55 163,840 ----a-w c:\windows\SYSTEM32\jgdw400.dll
- 2002-08-29 10:00:00 42,496 ----a-w c:\windows\SYSTEM32\JGPL400.DLL
+ 2008-04-14 00:11:55 27,648 ----a-w c:\windows\SYSTEM32\jgpl400.dll
- 2003-01-13 19:57:58 589,881 ----a-w c:\windows\SYSTEM32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w c:\windows\SYSTEM32\jscript.dll
- 2002-08-29 10:00:00 12,288 ----a-w c:\windows\SYSTEM32\JSPROXY.DLL
+ 2008-10-16 20:38:37 27,648 ------w c:\windows\SYSTEM32\jsproxy.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdbhc.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\SYSTEM32\kbdfi1.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdinbe1.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdinben.dll
+ 2008-04-14 00:09:55 6,656 ------w c:\windows\SYSTEM32\kbdinmal.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdiultn.dll
+ 2008-04-14 00:09:55 5,632 ------w c:\windows\SYSTEM32\kbdmaori.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdmlt47.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdmlt48.dll
- 2002-08-29 10:00:00 7,168 ----a-w c:\windows\SYSTEM32\KBDNEC.DLL
+ 2008-04-14 00:09:55 7,168 ----a-w c:\windows\SYSTEM32\kbdnec.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdnepr.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\SYSTEM32\kbdno1.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdpash.dll
+ 2008-04-14 00:09:55 7,680 ------w c:\windows\SYSTEM32\kbdsmsfi.dll
+ 2008-04-14 00:09:55 7,680 ------w c:\windows\SYSTEM32\kbdsmsno.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\SYSTEM32\kbdukx.dll
- 2002-08-29 10:00:00 7,040 ----a-w c:\windows\SYSTEM32\KD1394.DLL
+ 2008-04-13 18:31:35 7,424 ----a-w c:\windows\SYSTEM32\kd1394.dll
- 2002-08-29 10:00:00 272,896 ----a-w c:\windows\SYSTEM32\KERBEROS.DLL
+ 2008-04-14 00:11:56 299,520 ----a-w c:\windows\SYSTEM32\kerberos.dll
- 2002-08-29 10:00:00 930,304 ----a-w c:\windows\SYSTEM32\KERNEL32.DLL
+ 2008-04-14 00:11:56 989,696 ----a-w c:\windows\SYSTEM32\kernel32.dll
- 2002-08-29 10:00:00 146,432 ----a-w c:\windows\SYSTEM32\KEYMGR.DLL
+ 2008-04-14 00:11:56 150,528 ----a-w c:\windows\SYSTEM32\keymgr.dll
+ 2008-04-14 00:11:56 61,440 ------w c:\windows\SYSTEM32\kmsvc.dll
- 2002-08-29 10:00:00 92,160 ----a-w c:\windows\SYSTEM32\KRNL386.EXE
+ 2004-08-04 05:49:32 92,224 ----a-w c:\windows\SYSTEM32\krnl386.exe
- 2002-12-12 05:14:32 4,096 ----a-w c:\windows\SYSTEM32\ksuser.dll
+ 2008-04-14 00:11:56 4,096 ----a-w c:\windows\SYSTEM32\ksuser.dll
+ 2008-04-14 00:11:56 37,376 ------w c:\windows\SYSTEM32\l2gpstore.dll
- 2002-12-11 20:16:58 6,656 ----a-w c:\windows\SYSTEM32\laprxy.dll
+ 2008-04-14 00:11:56 6,656 ----a-w c:\windows\SYSTEM32\laprxy.dll
+ 2008-03-20 23:06:36 1,480,232 ------w c:\windows\SYSTEM32\LegitCheckControl.dll
- 2002-08-29 10:00:00 367,616 ----a-w c:\windows\SYSTEM32\LICDLL.DLL
+ 2008-04-14 10:41:58 423,936 ----a-w c:\windows\SYSTEM32\licdll.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\SYSTEM32\LICMGR10.DLL
+ 2007-08-13 23:44:18 40,960 ----a-w c:\windows\SYSTEM32\licmgr10.dll
- 2002-08-29 10:00:00 57,856 ----a-w c:\windows\SYSTEM32\LICWMI.DLL
+ 2008-04-14 00:11:56 58,880 ----a-w c:\windows\SYSTEM32\licwmi.dll
- 2004-08-20 22:01:15 15,872 ----a-w c:\windows\SYSTEM32\linkinfo.dll
+ 2008-04-14 00:11:56 19,968 ----a-w c:\windows\SYSTEM32\linkinfo.dll
- 2002-08-29 10:00:00 12,288 ----a-w c:\windows\SYSTEM32\LMHSVC.DLL
+ 2008-04-14 00:11:56 13,824 ----a-w c:\windows\SYSTEM32\lmhsvc.dll
- 2002-08-29 10:00:00 381,440 ----a-w c:\windows\SYSTEM32\LMRT.DLL
+ 2008-04-14 00:11:56 399,872 ----a-w c:\windows\SYSTEM32\lmrt.dll
- 2002-08-29 10:00:00 91,648 ----a-w c:\windows\SYSTEM32\LOADPERF.DLL
+ 2008-04-14 00:11:56 97,280 ----a-w c:\windows\SYSTEM32\loadperf.dll
- 2002-08-29 10:00:00 202,752 ----a-w c:\windows\SYSTEM32\LOCALSEC.DLL
+ 2008-04-14 00:11:56 221,696 ----a-w c:\windows\SYSTEM32\localsec.dll
- 2002-08-29 10:00:00 295,936 ----a-w c:\windows\SYSTEM32\LOCALSPL.DLL
+ 2008-04-14 00:11:56 343,040 ----a-w c:\windows\SYSTEM32\localspl.dll
- 2002-08-29 10:00:00 10,240 ----a-w c:\windows\SYSTEM32\LOCALUI.DLL
+ 2008-04-14 00:11:56 11,776 ----a-w c:\windows\SYSTEM32\localui.dll
- 2002-12-04 01:50:10 68,608 ----a-w c:\windows\SYSTEM32\locator.exe
+ 2008-04-14 00:12:24 75,264 ----a-w c:\windows\SYSTEM32\locator.exe
- 2002-12-11 20:04:20 81,408 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2008-06-10 08:11:20 103,936 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2008-04-14 00:12:24 59,392 ------w c:\windows\SYSTEM32\logman.exe
- 2002-08-29 10:00:00 219,648 ----a-w c:\windows\SYSTEM32\LOGON.SCR
+ 2008-04-14 00:12:43 220,672 ----a-w c:\windows\SYSTEM32\logon.scr
- 2002-08-29 10:00:00 504,320 ------w c:\windows\SYSTEM32\LOGONUI.EXE
+ 2008-04-14 00:12:24 514,560 ------w c:\windows\SYSTEM32\logonui.exe
- 2002-08-29 10:00:00 18,944 ----a-w c:\windows\SYSTEM32\LPK.DLL
+ 2008-04-14 00:11:56 22,016 ----a-w c:\windows\SYSTEM32\lpk.dll
- 2002-08-29 10:00:00 8,704 ----a-w c:\windows\SYSTEM32\LPRHELP.DLL
+ 2008-04-14 00:11:56 10,240 ----a-w c:\windows\SYSTEM32\lprhelp.dll
- 2004-10-28 01:29:54 681,984 ----a-w c:\windows\SYSTEM32\lsasrv.dll
+ 2008-04-14 00:11:56 728,064 ----a-w c:\windows\SYSTEM32\lsasrv.dll
- 2002-08-29 10:00:00 11,776 ----a-w c:\windows\SYSTEM32\LSASS.EXE
+ 2008-04-14 00:12:24 13,312 ----a-w c:\windows\SYSTEM32\lsass.exe
- 2002-11-20 18:50:52 67,584 ----a-w c:\windows\SYSTEM32\magnify.exe
+ 2008-04-14 00:12:24 72,704 ----a-w c:\windows\SYSTEM32\magnify.exe
- 2002-08-29 10:00:00 79,360 ----a-w c:\windows\SYSTEM32\MAKECAB.EXE
+ 2008-04-14 00:12:25 57,344 ----a-w c:\windows\SYSTEM32\makecab.exe
- 2002-08-29 10:00:00 12,800 ----a-w c:\windows\SYSTEM32\MCASTMIB.DLL
+ 2008-04-14 00:11:56 14,336 ----a-w c:\windows\SYSTEM32\mcastmib.dll
- 2002-08-29 10:00:00 80,384 ----a-w c:\windows\SYSTEM32\MCIAVI32.DLL
+ 2008-04-14 00:11:56 84,480 ----a-w c:\windows\SYSTEM32\mciavi32.dll
- 2002-12-12 05:14:32 34,304 ----a-w c:\windows\SYSTEM32\mciqtz32.dll
+ 2008-04-14 00:11:56 35,328 ----a-w c:\windows\SYSTEM32\mciqtz32.dll
- 2002-08-29 10:00:00 20,992 ----a-w c:\windows\SYSTEM32\MCISEQ.DLL
+ 2008-04-14 00:11:56 23,040 ----a-w c:\windows\SYSTEM32\mciseq.dll
- 2002-08-29 10:00:00 22,016 ----a-w c:\windows\SYSTEM32\MCIWAVE.DLL
+ 2008-04-14 00:11:56 23,552 ----a-w c:\windows\SYSTEM32\mciwave.dll
- 2002-08-29 10:00:00 108,544 ----a-w c:\windows\SYSTEM32\MDMINST.DLL
+ 2008-04-14 00:11:56 118,272 ----a-w c:\windows\SYSTEM32\mdminst.dll
- 2004-03-30 01:48:36 36,864 ----a-w c:\windows\SYSTEM32\MF3216.DLL
+ 2008-04-14 00:11:56 40,960 ----a-w c:\windows\SYSTEM32\mf3216.dll
- 2002-08-29 10:00:00 924,432 ----a-w c:\windows\SYSTEM32\MFC40U.DLL
+ 2008-04-14 00:11:56 927,504 ----a-w c:\windows\SYSTEM32\mfc40u.dll
- 2002-08-29 10:00:00 995,383 ----a-w c:\windows\SYSTEM32\MFC42.DLL
+ 2008-04-14 00:11:56 1,028,096 ----a-w c:\windows\SYSTEM32\mfc42.dll
- 2002-08-29 10:00:00 995,384 ----a-w c:\windows\SYSTEM32\MFC42U.DLL
+ 2007-04-03 03:14:47 981,760 ----a-w c:\windows\SYSTEM32\mfc42u.dll
- 2002-08-29 10:00:00 20,992 ----a-w c:\windows\SYSTEM32\MFCSUBS.DLL
+ 2008-04-14 00:11:56 22,528 ----a-w c:\windows\SYSTEM32\mfcsubs.dll
- 2002-08-29 10:00:00 12,800 ----a-w c:\windows\SYSTEM32\MGMTAPI.DLL
+ 2008-04-14 00:11:56 14,848 ----a-w c:\windows\SYSTEM32\mgmtapi.dll
+ 2008-04-14 00:11:57 184,320 ------w c:\windows\SYSTEM32\microsoft.managementconsole.dll
- 2002-08-29 10:00:00 17,920 ----a-w c:\windows\SYSTEM32\MIDIMAP.DLL
+ 2008-04-14 00:11:57 18,944 ----a-w c:\windows\SYSTEM32\midimap.dll
- 2002-08-29 10:00:00 56,320 ----a-w c:\windows\SYSTEM32\MIGLIBNT.DLL
+ 2008-04-14 00:11:57 60,928 ----a-w c:\windows\SYSTEM32\miglibnt.dll
- 2002-08-29 10:00:00 18,944 ----a-w c:\windows\SYSTEM32\MIMEFILT.DLL
+ 2008-04-14 00:11:57 29,696 ----a-w c:\windows\SYSTEM32\mimefilt.dll
- 2002-08-29 10:00:00 577,024 ----a-w c:\windows\SYSTEM32\MLANG.DLL
+ 2008-04-14 00:11:57 586,240 ----a-w c:\windows\SYSTEM32\mlang.dll
- 2002-08-29 10:00:00 774,144 ----a-w c:\windows\SYSTEM32\MMC.EXE
+ 2008-04-14 00:12:25 1,414,656 ----a-w c:\windows\SYSTEM32\mmc.exe
- 2002-08-29 10:00:00 66,560 ----a-w c:\windows\SYSTEM32\MMCBASE.DLL
+ 2008-04-14 00:11:57 163,328 ----a-w c:\windows\SYSTEM32\mmcbase.dll
+ 2008-04-14 00:11:57 397,312 ------w c:\windows\SYSTEM32\mmcex.dll
+ 2008-04-14 00:11:57 106,496 ------w c:\windows\SYSTEM32\mmcfxcommon.dll
- 2002-08-29 10:00:00 1,128,960 ----a-w c:\windows\SYSTEM32\MMCNDMGR.DLL
+ 2008-04-14 00:11:57 1,872,896 ----a-w c:\windows\SYSTEM32\mmcndmgr.dll
+ 2008-04-14 00:12:25 33,792 ------w c:\windows\SYSTEM32\mmcperf.exe
- 2002-08-29 10:00:00 46,592 ----a-w c:\windows\SYSTEM32\MMCSHEXT.DLL
+ 2008-04-14 00:11:57 61,440 ----a-w c:\windows\SYSTEM32\mmcshext.dll
- 2002-08-29 10:00:00 16,384 ----a-w c:\windows\SYSTEM32\MMFUTIL.DLL
+ 2008-04-14 00:11:57 17,408 ----a-w c:\windows\SYSTEM32\mmfutil.dll
- 2002-08-29 10:00:00 68,928 ----a-w c:\windows\SYSTEM32\MMSYSTEM.DLL
+ 2004-08-04 05:51:11 68,768 ----a-w c:\windows\SYSTEM32\mmsystem.dll
- 2002-08-29 10:00:00 32,256 ----a-w c:\windows\SYSTEM32\MNMDD.DLL
+ 2008-04-14 00:11:57 34,560 ----a-w c:\windows\SYSTEM32\mnmdd.dll
- 2002-08-29 10:00:00 32,768 ----a-w c:\windows\SYSTEM32\MNMSRVC.EXE
+ 2008-04-14 00:12:25 32,768 ----a-w c:\windows\SYSTEM32\mnmsrvc.exe
- 2002-08-29 10:00:00 196,096 ----a-w c:\windows\SYSTEM32\MOBSYNC.DLL
+ 2008-04-14 00:11:57 207,360 ----a-w c:\windows\SYSTEM32\mobsync.dll
- 2002-08-29 10:00:00 135,680 ----a-w c:\windows\SYSTEM32\MOBSYNC.EXE
+ 2008-04-14 00:12:26 143,360 ----a-w c:\windows\SYSTEM32\mobsync.exe
- 2002-08-29 10:00:00 145,408 ----a-w c:\windows\SYSTEM32\MODEMUI.DLL
+ 2008-04-14 00:11:57 153,600 ----a-w c:\windows\SYSTEM32\modemui.dll
- 2002-08-29 10:00:00 15,872 ----a-w c:\windows\SYSTEM32\MORE.COM
+ 2008-04-14 00:12:42 16,896 ----a-w c:\windows\SYSTEM32\more.com
- 2002-08-29 10:00:00 210,944 ----a-w c:\windows\SYSTEM32\MORICONS.DLL
+ 2008-04-13 16:45:30 216,064 ----a-w c:\windows\SYSTEM32\moricons.dll
- 2002-12-12 00:12:02 316,040 ----a-w c:\windows\SYSTEM32\mp43dmod.dll
+ 2008-04-14 00:11:57 310,272 ----a-w c:\windows\SYSTEM32\mp43dmod.dll
- 2002-12-11 20:16:58 384,512 ----a-w c:\windows\SYSTEM32\mp4sdmod.dll
+ 2008-04-14 00:11:57 384,512 ----a-w c:\windows\SYSTEM32\mp4sdmod.dll
- 2002-12-11 22:34:40 241,664 ----a-w c:\windows\SYSTEM32\mpg4dmod.dll
+ 2008-04-14 00:11:57 240,640 ----a-w c:\windows\SYSTEM32\mpg4dmod.dll
- 2002-08-29 10:00:00 116,736 ----a-w c:\windows\SYSTEM32\MPLAY32.EXE
+ 2008-04-14 00:12:27 123,392 ----a-w c:\windows\SYSTEM32\mplay32.exe
- 2002-08-29 10:00:00 55,808 ----a-w c:\windows\SYSTEM32\MPR.DLL
+ 2008-04-14 00:11:57 59,904 ----a-w c:\windows\SYSTEM32\mpr.dll
- 2002-08-29 10:00:00 79,360 ----a-w c:\windows\SYSTEM32\MPRAPI.DLL
+ 2008-04-14 00:11:57 87,040 ----a-w c:\windows\SYSTEM32\mprapi.dll
- 2002-08-29 10:00:00 49,152 ----a-w c:\windows\SYSTEM32\MPRDIM.DLL
+ 2008-04-14 00:11:57 53,248 ----a-w c:\windows\SYSTEM32\mprdim.dll
- 2005-06-09 18:35:28 1,292,120 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2009-01-09 22:35:30 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe
- 2002-08-29 10:00:00 67,072 ----a-w c:\windows\SYSTEM32\MSACM32.DLL
+ 2008-04-14 00:11:58 71,680 ----a-w c:\windows\SYSTEM32\msacm32.dll
- 2002-08-29 10:00:00 3,584 ----a-w c:\windows\SYSTEM32\MSAFD.DLL
+ 2008-04-14 00:10:06 3,584 ----a-w c:\windows\SYSTEM32\msafd.dll
- 2002-08-29 10:00:00 80,128 ----a-w c:\windows\SYSTEM32\MSAPSSPC.DLL
+ 2008-04-14 00:11:58 86,016 ----a-w c:\windows\SYSTEM32\msapsspc.dll
- 2004-03-30 01:48:36 51,712 ----a-w c:\windows\SYSTEM32\MSASN1.DLL
+ 2008-04-14 00:11:58 57,344 ----a-w c:\windows\SYSTEM32\msasn1.dll
- 2002-08-29 10:00:00 68,096 ----a-w c:\windows\SYSTEM32\MSCMS.DLL
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\SYSTEM32\mscms.dll
- 2002-08-29 10:00:00 65,536 ----a-w c:\windows\SYSTEM32\MSCONF.DLL
+ 2008-04-14 00:11:58 69,632 ----a-w c:\windows\SYSTEM32\msconf.dll
- 2004-07-15 05:24:50 155,648 ----a-w c:\windows\SYSTEM32\mscoree.dll
+ 2006-12-22 17:28:14 271,360 ----a-w c:\windows\SYSTEM32\mscoree.dll
- 2002-08-29 10:00:00 12,288 ----a-w c:\windows\SYSTEM32\mscpx32r.dLL
+ 2008-04-13 17:26:07 12,288 ----a-w c:\windows\SYSTEM32\mscpx32r.dll
- 2002-08-29 10:00:00 36,864 ----a-w c:\windows\SYSTEM32\mscpxl32.dLL
+ 2008-04-14 00:11:58 36,864 ----a-w c:\windows\SYSTEM32\mscpxl32.dll
- 2002-08-29 10:00:00 266,752 ----a-w c:\windows\SYSTEM32\MSCTF.DLL
+ 2008-04-14 00:11:58 297,984 ----a-w c:\windows\SYSTEM32\msctf.dll
- 2002-08-29 10:00:00 67,584 ----a-w c:\windows\SYSTEM32\MSCTFP.DLL
+ 2008-04-14 00:11:58 68,608 ----a-w c:\windows\SYSTEM32\msctfp.dll
+ 2008-04-14 00:11:58 118,784 ------w c:\windows\SYSTEM32\msdadiag.dll
- 2003-10-28 01:09:50 126,976 ----a-w c:\windows\SYSTEM32\msdart.dll
+ 2008-04-14 00:11:59 151,552 ----a-w c:\windows\SYSTEM32\msdart.dll
- 2002-12-12 05:14:32 13,312 ----a-w c:\windows\SYSTEM32\msdmo.dll
+ 2008-04-14 00:11:59 14,336 ----a-w c:\windows\SYSTEM32\msdmo.dll
- 2002-08-29 10:00:00 6,144 ----a-w c:\windows\SYSTEM32\MSDTC.EXE
+ 2008-04-14 00:12:27 6,144 ----a-w c:\windows\SYSTEM32\msdtc.exe
- 2002-08-29 10:00:00 54,784 ----a-w c:\windows\SYSTEM32\MSDTCLOG.DLL
+ 2008-04-14 00:11:59 58,880 ----a-w c:\windows\SYSTEM32\msdtclog.dll
- 2004-03-06 02:16:10 367,616 ----a-w c:\windows\SYSTEM32\MSDTCPRX.DLL
+ 2008-04-14 00:11:59 427,008 ----a-w c:\windows\SYSTEM32\msdtcprx.dll
- 2004-03-06 02:16:12 977,920 ----a-w c:\windows\SYSTEM32\MSDTCTM.DLL
+ 2008-04-14 00:11:59 956,928 ----a-w c:\windows\SYSTEM32\msdtctm.dll
- 2004-03-06 02:16:10 150,528 ----a-w c:\windows\SYSTEM32\MSDTCUIU.DLL
+ 2008-04-14 00:11:59 161,792 ----a-w c:\windows\SYSTEM32\msdtcuiu.dll
- 2002-08-29 10:00:00 4,126 ----a-w c:\windows\SYSTEM32\MSDXMLC.DLL
+ 2008-04-14 00:10:08 4,126 ----a-w c:\windows\SYSTEM32\msdxmlc.dll
- 2004-03-01 18:55:23 512,029 ----a-w c:\windows\SYSTEM32\msexch40.dll
+ 2007-04-02 12:47:43 518,944 ----a-w c:\windows\SYSTEM32\msexch40.dll
- 2004-03-01 18:55:24 319,517 ----a-w c:\windows\SYSTEM32\msexcl40.dll
+ 2007-04-02 12:47:58 326,432 ----a-w c:\windows\SYSTEM32\msexcl40.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
+ 2007-08-13 23:36:40 12,288 ------w c:\windows\SYSTEM32\msfeedssync.exe
- 2002-08-29 10:00:00 504,832 ----a-w c:\windows\SYSTEM32\MSFTEDIT.DLL
+ 2008-04-14 00:11:59 539,136 ----a-w c:\windows\SYSTEM32\msftedit.dll
- 2004-03-30 01:48:36 971,264 ----a-w c:\windows\SYSTEM32\MSGINA.DLL
+ 2008-04-14 00:11:59 997,376 ----a-w c:\windows\SYSTEM32\msgina.dll
- 2003-10-21 22:06:42 32,256 ----a-w c:\windows\SYSTEM32\MSGSVC.DLL
+ 2008-04-14 00:11:59 33,792 ----a-w c:\windows\SYSTEM32\msgsvc.dll
- 2002-08-29 10:00:00 184,320 ----a-w c:\windows\SYSTEM32\MSH261.DRV
+ 2008-04-14 00:12:45 188,416 ----a-w c:\windows\SYSTEM32\msh261.drv
- 2002-08-29 10:00:00 286,720 ----a-w c:\windows\SYSTEM32\MSH263.DRV
+ 2008-04-14 00:12:45 294,912 ----a-w c:\windows\SYSTEM32\msh263.drv
- 2002-08-29 10:00:00 24,064 ----a-w c:\windows\SYSTEM32\MSHTA.EXE
+ 2007-08-13 23:32:30 45,568 ----a-w c:\windows\SYSTEM32\mshta.exe
- 2005-04-27 14:52:56 2,698,752 ----a-w c:\windows\SYSTEM32\MSHTML.DLL
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
- 2002-08-29 10:00:00 440,320 ----a-w c:\windows\SYSTEM32\MSHTMLED.DLL
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
- 2002-08-29 10:00:00 56,320 ----a-w c:\windows\SYSTEM32\MSHTMLER.DLL
+ 2007-08-13 23:01:12 48,128 ----a-w c:\windows\SYSTEM32\mshtmler.dll
- 2005-05-04 18:45:32 2,890,240 ----a-w c:\windows\SYSTEM32\msi.dll
+ 2008-04-14 00:11:59 2,843,136 ----a-w c:\windows\SYSTEM32\msi.dll
- 2003-03-03 21:57:20 44,032 ----a-w c:\windows\SYSTEM32\MSIDENT.DLL
+ 2008-04-14 00:11:59 51,712 ----a-w c:\windows\SYSTEM32\msident.dll
- 2002-08-29 10:00:00 5,120 ----a-w c:\windows\SYSTEM32\MSIDLE.DLL
+ 2008-04-14 00:11:59 6,656 ----a-w c:\windows\SYSTEM32\msidle.dll
- 2002-08-29 10:00:00 229,888 ----a-w c:\windows\SYSTEM32\MSIEFTP.DLL
+ 2008-04-14 00:11:59 248,832 ----a-w c:\windows\SYSTEM32\msieftp.dll
- 2005-05-04 18:45:36 78,848 ----a-w c:\windows\SYSTEM32\msiexec.exe
+ 2008-04-14 00:12:28 78,848 ----a-w c:\windows\SYSTEM32\msiexec.exe
- 2005-05-04 18:45:36 271,360 ----a-w c:\windows\SYSTEM32\msihnd.dll
+ 2008-04-14 00:11:59 271,360 ----a-w c:\windows\SYSTEM32\msihnd.dll
- 2002-08-29 10:00:00 4,608 ----a-w c:\windows\SYSTEM32\MSIMG32.DLL
+ 2008-04-14 00:11:59 4,608 ----a-w c:\windows\SYSTEM32\msimg32.dll
- 2005-05-04 18:45:36 884,736 ----a-w c:\windows\SYSTEM32\msimsg.dll
+ 2008-04-13 15:39:43 884,736 ----a-w c:\windows\SYSTEM32\msimsg.dll
- 2002-08-29 10:00:00 143,872 ----a-w c:\windows\SYSTEM32\MSIMTF.DLL
+ 2008-04-14 00:11:59 159,232 ----a-w c:\windows\SYSTEM32\msimtf.dll
- 2005-05-04 18:45:36 15,360 ----a-w c:\windows\SYSTEM32\msisip.dll
+ 2008-04-14 00:11:59 15,360 ----a-w c:\windows\SYSTEM32\msisip.dll
- 2004-03-16 18:44:10 1,507,356 ----a-w c:\windows\SYSTEM32\msjet40.dll
+ 2007-10-22 09:30:50 1,516,568 ----a-w c:\windows\SYSTEM32\msjet40.dll
- 2004-03-01 18:52:15 358,976 ----a-w c:\windows\SYSTEM32\msjetoledb40.dll
+ 2007-04-02 12:49:20 355,112 ----a-w c:\windows\SYSTEM32\msjetoledb40.dll
- 2004-03-16 17:38:32 151,583 ----a-w c:\windows\SYSTEM32\msjint40.dll
+ 2008-04-14 00:12:00 151,583 ----a-w c:\windows\SYSTEM32\msjint40.dll
- 2004-01-10 11:36:33 53,279 ----a-w c:\windows\SYSTEM32\msjter40.dll
+ 2007-04-02 12:49:33 60,192 ----a-w c:\windows\SYSTEM32\msjter40.dll
- 2004-03-01 18:55:29 241,693 ----a-w c:\windows\SYSTEM32\msjtes40.dll
+ 2007-04-02 12:49:37 248,608 ----a-w c:\windows\SYSTEM32\msjtes40.dll
- 2002-08-29 10:00:00 22,528 ----a-w c:\windows\SYSTEM32\MSLBUI.DLL
+ 2008-04-14 00:12:00 25,088 ----a-w c:\windows\SYSTEM32\mslbui.dll
- 2002-08-29 10:00:00 146,432 ----a-w c:\windows\SYSTEM32\MSLS31.DLL
+ 2007-08-13 23:54:10 156,160 ----a-w c:\windows\SYSTEM32\msls31.dll
- 2004-01-10 11:36:38 213,023 ----a-w c:\windows\SYSTEM32\msltus40.dll
+ 2007-04-02 12:49:50 219,936 ----a-w c:\windows\SYSTEM32\msltus40.dll
- 2002-12-11 23:09:22 253,952 ----a-w c:\windows\SYSTEM32\msnetobj.dll
+ 2008-04-14 00:12:55 259,072 ----a-w c:\windows\SYSTEM32\msnetobj.dll
- 2002-08-29 10:00:00 319,760 ----a-w c:\windows\SYSTEM32\MSNSSPC.DLL
+ 2008-04-14 00:12:00 290,816 ----a-w c:\windows\SYSTEM32\msnsspc.dll
- 2003-03-03 21:57:20 228,864 ----a-w c:\windows\SYSTEM32\MSOEACCT.DLL
+ 2008-04-14 00:12:00 252,928 ----a-w c:\windows\SYSTEM32\msoeacct.dll
- 2003-03-03 21:57:18 91,136 ----a-w c:\windows\SYSTEM32\MSOERT2.DLL
+ 2008-04-14 00:12:00 105,984 ----a-w c:\windows\SYSTEM32\msoert2.dll
- 2002-08-29 10:00:00 20,480 ----a-w c:\windows\SYSTEM32\MSORC32R.DLL
+ 2008-04-13 17:24:14 20,480 ----a-w c:\windows\SYSTEM32\msorc32r.dll
- 2002-08-29 10:00:00 131,072 ----a-w c:\windows\SYSTEM32\MSORCL32.DLL
+ 2008-04-14 00:12:00 143,360 ----a-w c:\windows\SYSTEM32\msorcl32.dll
- 2002-08-29 10:00:00 339,968 ----a-w c:\windows\SYSTEM32\MSPAINT.EXE
+ 2008-04-14 00:12:28 343,040 ----a-w c:\windows\SYSTEM32\mspaint.exe
- 2002-08-29 10:00:00 27,136 ----a-w c:\windows\SYSTEM32\MSPATCHA.DLL
+ 2008-04-14 00:12:00 29,696 ----a-w c:\windows\SYSTEM32\mspatcha.dll
- 2004-03-01 18:55:31 348,189 ----a-w c:\windows\SYSTEM32\mspbde40.dll
+ 2007-04-02 12:50:05 355,104 ----a-w c:\windows\SYSTEM32\mspbde40.dll
- 2002-11-27 00:03:32 52,224 ----a-w c:\windows\SYSTEM32\mspmsnsv.dll
+ 2008-04-14 00:12:00 52,224 ----a-w c:\windows\SYSTEM32\mspmsnsv.dll
- 2002-11-27 00:03:32 201,728 ----a-w c:\windows\SYSTEM32\mspmsp.dll
+ 2008-04-14 00:12:00 201,728 ----a-w c:\windows\SYSTEM32\mspmsp.dll
- 2002-08-29 10:00:00 45,056 ----a-w c:\windows\SYSTEM32\MSPRIVS.DLL
+ 2008-04-13 16:23:31 48,128 ----a-w c:\windows\SYSTEM32\msprivs.dll
- 2005-02-24 16:54:42 132,096 ----a-w c:\windows\SYSTEM32\MSRATING.DLL
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\SYSTEM32\msrating.dll
- 2004-01-10 11:36:42 421,919 ----a-w c:\windows\SYSTEM32\msrd2x40.dll
+ 2007-04-02 12:50:26 432,928 ----a-w c:\windows\SYSTEM32\msrd2x40.dll
- 2004-01-10 11:36:43 315,423 ----a-w c:\windows\SYSTEM32\msrd3x40.dll
+ 2007-04-02 12:50:43 322,336 ----a-w c:\windows\SYSTEM32\msrd3x40.dll
- 2004-03-01 18:55:35 552,989 ----a-w c:\windows\SYSTEM32\msrepl40.dll
+ 2007-04-02 12:51:05 559,904 ----a-w c:\windows\SYSTEM32\msrepl40.dll
- 2002-08-29 10:00:00 10,240 ----a-w c:\windows\SYSTEM32\MSRLE32.DLL
+ 2008-04-14 00:12:00 11,264 ----a-w c:\windows\SYSTEM32\msrle32.dll
- 2002-08-29 10:00:00 172,032 ----a-w c:\windows\SYSTEM32\MSSAP.DLL
+ 2008-04-14 00:12:00 134,656 ----a-w c:\windows\SYSTEM32\mssap.dll
- 2002-12-12 00:09:22 358,912 ----a-w c:\windows\SYSTEM32\MSSCP.dll
+ 2008-04-14 00:12:56 356,352 ----a-w c:\windows\SYSTEM32\msscp.dll
+ 2008-04-14 00:12:00 155,136 ------w c:\windows\SYSTEM32\mssha.dll
+ 2008-04-13 18:14:58 76,800 ------w c:\windows\SYSTEM32\msshavmsg.dll
- 2004-06-08 22:02:21 260,096 ----a-w c:\windows\SYSTEM32\mstask.dll
+ 2008-04-14 00:12:00 274,944 ----a-w c:\windows\SYSTEM32\mstask.dll
- 2004-03-01 18:55:35 258,077 ----a-w c:\windows\SYSTEM32\mstext40.dll
+ 2007-04-02 12:51:27 264,992 ----a-w c:\windows\SYSTEM32\mstext40.dll
- 2002-08-29 10:00:00 496,128 ----a-w c:\windows\SYSTEM32\MSTIME.DLL
+ 2008-10-16 20:38:39 671,232 ------w c:\windows\SYSTEM32\mstime.dll
- 2004-06-08 19:59:23 10,752 ----a-w c:\windows\SYSTEM32\mstinit.exe
+ 2008-04-14 00:12:29 12,288 ----a-w c:\windows\SYSTEM32\mstinit.exe
- 2002-08-29 10:00:00 103,936 ----a-w c:\windows\SYSTEM32\MSTLSAPI.DLL
+ 2008-04-14 00:12:00 116,224 ----a-w c:\windows\SYSTEM32\mstlsapi.dll
- 2002-08-29 10:00:00 388,608 ----a-w c:\windows\SYSTEM32\MSTSC.EXE
+ 2008-04-14 00:12:23 677,888 ----a-w c:\windows\SYSTEM32\mstsc.exe
- 2002-08-29 10:00:00 598,016 ----a-w c:\windows\SYSTEM32\MSTSCAX.DLL
+ 2008-04-14 00:11:56 2,061,824 ----a-w c:\windows\SYSTEM32\mstscax.dll
- 2002-08-29 10:00:00 182,784 ----a-w c:\windows\SYSTEM32\MSUTB.DLL
+ 2008-04-14 00:12:00 195,072 ----a-w c:\windows\SYSTEM32\msutb.dll
- 2002-08-29 10:00:00 108,544 ----a-w c:\windows\SYSTEM32\MSV1_0.DLL
+ 2008-04-14 00:12:00 132,608 ----a-w c:\windows\SYSTEM32\msv1_0.dll
- 2002-08-29 10:00:00 1,388,544 ----a-w c:\windows\SYSTEM32\MSVBVM60.DLL
+ 2008-04-14 00:12:00 1,384,479 ----a-w c:\windows\SYSTEM32\msvbvm60.dll
- 2002-08-29 10:00:00 50,688 ----a-w c:\windows\SYSTEM32\MSVCIRT.DLL
+ 2008-04-14 00:12:01 57,344 ----a-w c:\windows\SYSTEM32\msvcirt.dll
- 2002-08-29 10:00:00 401,462 ----a-w c:\windows\SYSTEM32\MSVCP60.DLL
+ 2008-04-14 00:12:01 413,696 ----a-w c:\windows\SYSTEM32\msvcp60.dll
- 2002-08-29 10:00:00 323,072 ----a-w c:\windows\SYSTEM32\MSVCRT.DLL
+ 2008-04-14 00:12:01 343,040 ----a-w c:\windows\SYSTEM32\msvcrt.dll
- 2002-08-29 10:00:00 65,024 ----a-w c:\windows\SYSTEM32\MSVCRT40.DLL
+ 2008-04-13 18:30:46 61,440 ----a-w c:\windows\SYSTEM32\msvcrt40.dll
- 2002-08-29 10:00:00 113,664 ----a-w c:\windows\SYSTEM32\MSVFW32.DLL
+ 2008-04-14 00:12:01 121,344 ----a-w c:\windows\SYSTEM32\msvfw32.dll
- 2003-02-17 15:16:28 1,230,336 ----a-w c:\windows\SYSTEM32\msvidctl.dll
+ 2008-04-14 00:12:01 1,428,992 ----a-w c:\windows\SYSTEM32\msvidctl.dll
- 2002-08-29 10:00:00 66,048 ----a-w c:\windows\SYSTEM32\MSW3PRT.DLL
+ 2008-04-14 00:12:01 72,704 ----a-w c:\windows\SYSTEM32\msw3prt.dll
- 2004-01-10 11:36:50 831,519 ----a-w c:\windows\SYSTEM32\mswdat10.dll
+ 2007-04-02 12:51:47 838,432 ----a-w c:\windows\SYSTEM32\mswdat10.dll
- 2002-12-12 05:14:32 324,096 ----a-w c:\windows\SYSTEM32\mswebdvd.dll
+ 2008-04-14 00:12:01 203,776 ----a-w c:\windows\SYSTEM32\mswebdvd.dll
- 2002-11-27 01:03:32 245,760 ----a-w c:\windows\SYSTEM32\MSWMDM.dll
+ 2008-04-14 00:12:01 245,760 ----a-w c:\windows\SYSTEM32\mswmdm.dll
- 2002-08-29 10:00:00 228,352 ----a-w c:\windows\SYSTEM32\MSWSOCK.DLL
+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\SYSTEM32\mswsock.dll
- 2004-03-16 17:38:33 614,431 ----a-w c:\windows\SYSTEM32\mswstr10.dll
+ 2007-04-02 12:51:53 621,344 ----a-w c:\windows\SYSTEM32\mswstr10.dll
- 2004-03-01 18:55:39 348,189 ----a-w c:\windows\SYSTEM32\msxbde40.dll
+ 2007-04-02 12:52:01 355,104 ----a-w c:\windows\SYSTEM32\msxbde40.dll
- 2002-08-29 10:00:00 495,376 ----a-w c:\windows\SYSTEM32\MSXML.DLL
+ 2008-04-14 00:12:01 506,368 ----a-w c:\windows\SYSTEM32\msxml.dll
- 2002-08-29 10:00:00 699,392 ----a-w c:\windows\SYSTEM32\MSXML2.DLL
+ 2008-04-14 00:12:01 701,440 ----a-w c:\windows\SYSTEM32\msxml2.dll
- 2002-08-29 10:00:00 1,122,304 ----a-w c:\windows\SYSTEM32\MSXML3.DLL
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
- 2003-09-24 14:44:00 1,230,336 ----a-r c:\windows\SYSTEM32\MSXML4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
+ 2008-04-13 17:27:18 79,872 ------w c:\windows\SYSTEM32\msxml6r.dll
- 2003-02-17 15:16:28 16,896 ----a-w c:\windows\SYSTEM32\msyuv.dll
+ 2008-04-14 00:12:01 16,896 ----a-w c:\windows\SYSTEM32\msyuv.dll
- 2004-03-06 02:16:10 64,512 ----a-w c:\windows\SYSTEM32\MTXCLU.DLL
+ 2008-04-14 00:12:01 66,560 ----a-w c:\windows\SYSTEM32\mtxclu.dll
- 2002-08-29 10:00:00 20,480 ----a-w c:\windows\SYSTEM32\MTXDM.DLL
+ 2008-04-14 00:12:01 30,720 ----a-w c:\windows\SYSTEM32\mtxdm.dll
- 2002-08-29 10:00:00 4,096 ----a-w c:\windows\SYSTEM32\MTXEX.DLL
+ 2008-04-14 00:12:01 4,096 ----a-w c:\windows\SYSTEM32\mtxex.dll
- 2002-08-29 10:00:00 25,088 ----a-w c:\windows\SYSTEM32\MTXLEGIH.DLL
+ 2008-04-14 00:12:01 34,304 ----a-w c:\windows\SYSTEM32\mtxlegih.dll
- 2004-03-06 02:16:10 82,432 ----a-w c:\windows\SYSTEM32\MTXOCI.DLL
+ 2008-04-14 00:12:01 91,648 ----a-w c:\windows\SYSTEM32\mtxoci.dll
+ 2008-04-14 00:12:01 1,737,856 ------w c:\windows\SYSTEM32\mtxparhd.dll
+ 2006-12-22 18:02:36 6,144 ----a-w c:\windows\SYSTEM32\MUI\0409\mscorees.dll
+ 2008-04-13 18:40:52 405,504 ------w c:\windows\SYSTEM32\MUI\041b\xpob2res.dll
+ 2008-04-13 18:35:28 192,512 ------w c:\windows\SYSTEM32\MUI\041b\xpsp1res.dll
+ 2008-04-13 18:38:37 757,248 ------w c:\windows\SYSTEM32\MUI\041b\xpsp2res.dll
+ 2008-04-13 18:40:04 577,536 ------w c:\windows\SYSTEM32\MUI\041b\xpsp3res.dll
+ 2008-04-13 17:39:22 187,392 ------w c:\windows\SYSTEM32\MUI\041e\xpsp1res.dll
+ 2008-04-13 17:39:24 2,897,920 ------w c:\windows\SYSTEM32\MUI\041e\xpsp2res.dll
+ 2008-04-13 18:40:56 408,576 ------w c:\windows\SYSTEM32\MUI\0424\xpob2res.dll
+ 2008-04-13 18:35:28 192,512 ------w c:\windows\SYSTEM32\MUI\0424\xpsp1res.dll
+ 2008-04-13 18:38:36 732,160 ------w c:\windows\SYSTEM32\MUI\0424\xpsp2res.dll
+ 2008-04-13 18:40:05 576,512 ------w c:\windows\SYSTEM32\MUI\0424\xpsp3res.dll
- 2002-08-29 10:00:00 88,064 ----a-w c:\windows\SYSTEM32\MYDOCS.DLL
+ 2008-04-14 00:12:01 90,624 ----a-w c:\windows\SYSTEM32\mydocs.dll
+ 2008-04-14 00:12:01 30,208 ------w c:\windows\SYSTEM32\napipsec.dll
+ 2008-04-14 00:12:01 193,024 ------w c:\windows\SYSTEM32\napmontr.dll
+ 2008-04-14 00:12:29 176,640 ------w c:\windows\SYSTEM32\napstat.exe
- 2002-11-20 18:50:52 51,200 ----a-w c:\windows\SYSTEM32\narrator.exe
+ 2008-04-14 00:12:29 53,760 ----a-w c:\windows\SYSTEM32\narrator.exe
- 2002-08-29 10:00:00 42,496 ----a-w c:\windows\SYSTEM32\NCOBJAPI.DLL
+ 2008-04-14 00:12:01 36,352 ----a-w c:\windows\SYSTEM32\ncobjapi.dll
- 2002-08-29 10:00:00 15,360 ----a-w c:\windows\SYSTEM32\NDDEAPI.DLL
+ 2008-04-14 00:12:01 17,920 ----a-w c:\windows\SYSTEM32\nddeapi.dll
- 2002-08-29 10:00:00 4,096 ----a-w c:\windows\SYSTEM32\NDDEAPIR.EXE
+ 2008-04-14 00:12:29 4,096 ----a-w c:\windows\SYSTEM32\nddeapir.exe
- 2002-08-29 10:00:00 16,384 ----a-w c:\windows\SYSTEM32\NDDENB32.DLL
+ 2008-04-14 00:12:01 18,944 ----a-w c:\windows\SYSTEM32\nddenb32.dll
- 2002-08-29 10:00:00 39,424 ----a-w c:\windows\SYSTEM32\NET.EXE
+ 2008-04-14 00:12:29 42,496 ----a-w c:\windows\SYSTEM32\net.exe
- 2002-08-29 10:00:00 115,200 ----a-w c:\windows\SYSTEM32\NET1.EXE
+ 2008-04-14 00:12:29 124,928 ----a-w c:\windows\SYSTEM32\net1.exe
- 2004-06-08 22:02:21 306,688 ----a-w c:\windows\SYSTEM32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\SYSTEM32\netapi32.dll
- 2002-08-29 10:00:00 584,192 ----a-w c:\windows\SYSTEM32\NETCFGX.DLL
+ 2008-04-14 00:12:01 622,592 ----a-w c:\windows\SYSTEM32\netcfgx.dll
- 2002-08-29 10:00:00 105,984 ----a-w c:\windows\SYSTEM32\NETDDE.EXE
+ 2008-04-14 00:12:29 111,104 ----a-w c:\windows\SYSTEM32\netdde.exe
- 2002-08-29 10:00:00 134,656 ----a-w c:\windows\SYSTEM32\NETID.DLL
+ 2008-04-14 00:12:01 139,264 ----a-w c:\windows\SYSTEM32\netid.dll
- 2002-08-29 10:00:00 399,360 ----a-w c:\windows\SYSTEM32\NETLOGON.DLL
+ 2008-04-14 00:12:01 407,040 ----a-w c:\windows\SYSTEM32\netlogon.dll
- 2002-08-29 10:00:00 154,112 ----a-w c:\windows\SYSTEM32\NETMAN.DLL
+ 2008-04-14 00:12:01 198,144 ----a-w c:\windows\SYSTEM32\netman.dll
- 2002-08-29 10:00:00 857,600 ----a-w c:\windows\SYSTEM32\NETPLWIZ.DLL
+ 2008-04-14 00:12:01 875,008 ----a-w c:\windows\SYSTEM32\netplwiz.dll
- 2002-08-29 10:00:00 10,752 ----a-w c:\windows\SYSTEM32\NETRAP.DLL
+ 2008-04-14 00:12:01 11,776 ----a-w c:\windows\SYSTEM32\netrap.dll
- 2002-08-29 10:00:00 326,656 ----a-w c:\windows\SYSTEM32\NETSETUP.EXE
+ 2008-04-14 00:16:51 329,728 ----a-w c:\windows\SYSTEM32\netsetup.exe
- 2002-08-29 10:00:00 82,944 ----a-w c:\windows\SYSTEM32\NETSH.EXE
+ 2008-04-14 00:12:29 86,016 ----a-w c:\windows\SYSTEM32\netsh.exe
- 2003-10-07 01:30:24 1,630,208 ----a-w c:\windows\SYSTEM32\netshell.dll
+ 2008-04-14 00:12:02 1,703,936 ----a-w c:\windows\SYSTEM32\netshell.dll
- 2002-08-29 10:00:00 30,720 ----a-w c:\windows\SYSTEM32\NETSTAT.EXE
+ 2008-04-14 00:12:29 36,864 ----a-w c:\windows\SYSTEM32\netstat.exe
- 2002-08-29 10:00:00 74,752 ----a-w c:\windows\SYSTEM32\NETUI0.DLL
+ 2008-04-14 00:12:02 80,896 ----a-w c:\windows\SYSTEM32\netui0.dll
- 2002-08-29 10:00:00 230,400 ----a-w c:\windows\SYSTEM32\NETUI1.DLL
+ 2008-04-14 00:12:02 245,760 ----a-w c:\windows\SYSTEM32\netui1.dll
- 2003-01-31 23:46:24 238,080 ----a-w c:\windows\SYSTEM32\newdev.dll
+ 2008-04-14 00:12:02 247,808 ----a-w c:\windows\SYSTEM32\newdev.dll
- 2002-08-29 10:00:00 95,744 ----a-w c:\windows\SYSTEM32\NLHTML.DLL
+ 2008-04-14 00:12:02 98,304 ----a-w c:\windows\SYSTEM32\nlhtml.dll
+ 2006-06-28 22:59:26 24,576 ------w c:\windows\SYSTEM32\nlsdl.dll
- 2002-08-29 10:00:00 24,576 ----a-w c:\windows\SYSTEM32\NMMKCERT.DLL
+ 2008-04-14 00:12:02 28,672 ----a-w c:\windows\SYSTEM32\nmmkcert.dll
+ 2006-06-29 13:05:44 23,552 ------w c:\windows\SYSTEM32\normaliz.dll
- 2002-08-29 10:00:00 66,048 ----a-w c:\windows\SYSTEM32\NOTEPAD.EXE
+ 2008-04-14 00:12:29 69,120 ----a-w c:\windows\SYSTEM32\notepad.exe
- 2002-08-29 10:00:00 54,272 ----a-w c:\windows\SYSTEM32\NPP\NDISNPP.DLL
+ 2008-04-14 00:12:01 57,344 ----a-w c:\windows\SYSTEM32\NPP\ndisnpp.dll
- 2002-08-29 10:00:00 13,824 ----a-w c:\windows\SYSTEM32\NPP\NPPAGENT.EXE
+ 2008-04-14 00:12:29 15,360 ----a-w c:\windows\SYSTEM32\NPP\nppagent.exe
- 2002-08-29 10:00:00 49,152 ----a-w c:\windows\SYSTEM32\NPPTOOLS.DLL
+ 2008-04-14 00:12:02 54,784 ----a-w c:\windows\SYSTEM32\npptools.dll
- 2002-08-29 10:00:00 71,680 ----a-w c:\windows\SYSTEM32\NSLOOKUP.EXE
+ 2008-04-14 00:12:29 76,800 ----a-w c:\windows\SYSTEM32\nslookup.exe
- 2003-05-01 23:56:12 654,336 ----a-w c:\windows\SYSTEM32\ntdll.dll
+ 2008-04-14 00:11:24 706,048 ----a-w c:\windows\SYSTEM32\ntdll.dll
- 2002-08-29 10:00:00 64,512 ----a-w c:\windows\SYSTEM32\NTDSAPI.DLL
+ 2008-04-14 00:12:02 67,072 ----a-w c:\windows\SYSTEM32\ntdsapi.dll
- 2002-08-29 10:00:00 33,808 ----a-w c:\windows\SYSTEM32\NTIO.SYS
+ 2004-08-04 05:45:08 33,840 ----a-w c:\windows\SYSTEM32\ntio.sys
- 2002-08-29 10:00:00 34,528 ----a-w c:\windows\SYSTEM32\NTIO404.SYS
+ 2004-08-04 05:45:14 34,560 ----a-w c:\windows\SYSTEM32\ntio404.sys
- 2002-08-29 10:00:00 35,632 ----a-w c:\windows\SYSTEM32\NTIO411.SYS
+ 2004-08-04 05:45:10 35,648 ----a-w c:\windows\SYSTEM32\ntio411.sys
- 2002-08-29 10:00:00 35,392 ----a-w c:\windows\SYSTEM32\NTIO412.SYS
+ 2004-08-04 05:45:15 35,424 ----a-w c:\windows\SYSTEM32\ntio412.sys
- 2002-08-29 10:00:00 34,528 ----a-w c:\windows\SYSTEM32\NTIO804.SYS
+ 2004-08-04 05:45:12 34,560 ----a-w c:\windows\SYSTEM32\ntio804.sys
- 2005-03-02 00:36:42 1,955,840 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,066,048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
- 2002-08-29 10:00:00 38,400 ----a-w c:\windows\SYSTEM32\NTLANMAN.DLL
+ 2008-04-14 00:12:02 44,032 ----a-w c:\windows\SYSTEM32\ntlanman.dll
- 2002-08-29 10:00:00 6,656 ----a-w c:\windows\SYSTEM32\NTLSAPI.DLL
+ 2008-04-14 00:12:02 8,192 ----a-w c:\windows\SYSTEM32\ntlsapi.dll
- 2002-08-29 10:00:00 112,128 ----a-w c:\windows\SYSTEM32\NTMARTA.DLL
+ 2008-04-14 00:12:02 118,784 ----a-w c:\windows\SYSTEM32\ntmarta.dll
- 2002-08-29 10:00:00 38,400 ----a-w c:\windows\SYSTEM32\NTMSAPI.DLL
+ 2008-04-14 00:12:02 40,960 ----a-w c:\windows\SYSTEM32\ntmsapi.dll
- 2002-08-29 10:00:00 165,888 ----a-w c:\windows\SYSTEM32\NTMSDBA.DLL
+ 2008-04-14 00:12:02 179,200 ----a-w c:\windows\SYSTEM32\ntmsdba.dll
- 2002-08-29 10:00:00 460,288 ----a-w c:\windows\SYSTEM32\NTMSMGR.DLL
+ 2008-04-14 00:12:02 488,448 ----a-w c:\windows\SYSTEM32\ntmsmgr.dll
- 2002-08-29 10:00:00 392,704 ----a-w c:\windows\SYSTEM32\NTMSSVC.DLL
+ 2008-04-14 00:12:02 435,200 ----a-w c:\windows\SYSTEM32\ntmssvc.dll
- 2005-03-02 01:33:36 2,040,832 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
+ 2008-08-14 10:11:02 2,189,184 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
- 2002-08-29 10:00:00 80,896 ----a-w c:\windows\SYSTEM32\NTPRINT.DLL
+ 2008-04-14 00:12:02 91,136 ----a-w c:\windows\SYSTEM32\ntprint.dll
- 2002-08-29 10:00:00 137,216 ----a-w c:\windows\SYSTEM32\NTSHRUI.DLL
+ 2008-04-14 00:12:02 143,360 ----a-w c:\windows\SYSTEM32\ntshrui.dll
- 2002-08-29 10:00:00 395,776 ----a-w c:\windows\SYSTEM32\NTVDM.EXE
+ 2008-04-14 00:12:30 420,864 ----a-w c:\windows\SYSTEM32\ntvdm.exe
- 2002-08-29 10:00:00 13,312 ----a-w c:\windows\SYSTEM32\NTVDMD.DLL
+ 2008-04-14 00:12:02 15,360 ----a-w c:\windows\SYSTEM32\ntvdmd.dll
- 2002-08-29 08:41:10 3,494,303 ----a-w c:\windows\SYSTEM32\NV4_DISP.DLL
+ 2008-04-14 00:12:02 4,274,816 ----a-w c:\windows\SYSTEM32\nv4_disp.dll
- 2002-08-29 10:00:00 133,632 ----a-w c:\windows\SYSTEM32\NWPROVAU.DLL
+ 2008-04-14 00:12:02 142,336 ----a-w c:\windows\SYSTEM32\nwprovau.dll
- 2002-08-29 10:00:00 328,704 ----a-w c:\windows\SYSTEM32\OAKLEY.DLL
+ 2008-04-14 00:12:02 270,336 ----a-w c:\windows\SYSTEM32\oakley.dll
- 2002-08-29 10:00:00 271,360 ----a-w c:\windows\SYSTEM32\OBJSEL.DLL
+ 2008-04-14 00:12:02 286,208 ----a-w c:\windows\SYSTEM32\objsel.dll
- 2002-08-29 10:00:00 87,552 ----a-w c:\windows\SYSTEM32\OCCACHE.DLL
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\SYSTEM32\occache.dll
- 2002-08-29 10:00:00 60,928 ----a-w c:\windows\SYSTEM32\OCMANAGE.DLL
+ 2008-04-14 00:12:02 67,584 ----a-w c:\windows\SYSTEM32\ocmanage.dll
- 2003-10-28 01:09:44 204,800 ----a-w c:\windows\SYSTEM32\ODBC32.dll
+ 2008-04-14 00:12:02 249,856 ----a-w c:\windows\SYSTEM32\odbc32.dll
- 2002-08-29 10:00:00 16,384 ----a-w c:\windows\SYSTEM32\ODBC32GT.DLL
+ 2008-04-14 00:12:02 16,384 ----a-w c:\windows\SYSTEM32\odbc32gt.dll
- 2002-08-29 10:00:00 32,768 ----a-w c:\windows\SYSTEM32\ODBCAD32.EXE
+ 2008-04-14 00:12:30 32,768 ----a-w c:\windows\SYSTEM32\odbcad32.exe
- 2003-10-28 01:13:16 24,576 ----a-w c:\windows\SYSTEM32\odbcbcp.dll
+ 2008-04-14 00:12:02 24,576 ----a-w c:\windows\SYSTEM32\odbcbcp.dll
- 2002-08-29 10:00:00 122,880 ----a-w c:\windows\SYSTEM32\ODBCCONF.DLL
+ 2008-04-14 00:12:02 135,168 ----a-w c:\windows\SYSTEM32\odbcconf.dll
- 2002-08-29 10:00:00 53,248 ----a-w c:\windows\SYSTEM32\ODBCCONF.EXE
+ 2008-04-14 00:12:30 69,632 ----a-w c:\windows\SYSTEM32\odbcconf.exe
- 2003-10-28 01:13:06 98,304 ----a-w c:\windows\SYSTEM32\ODBCCP32.dll
+ 2008-04-14 00:12:02 106,496 ----a-w c:\windows\SYSTEM32\odbccp32.dll
- 2002-08-29 10:00:00 61,440 ----a-w c:\windows\SYSTEM32\ODBCCR32.DLL
+ 2008-04-14 00:12:02 65,536 ----a-w c:\windows\SYSTEM32\odbccr32.dll
- 2002-08-29 10:00:00 61,440 ----a-w c:\windows\SYSTEM32\ODBCCU32.DLL
+ 2008-04-14 00:12:02 65,536 ----a-w c:\windows\SYSTEM32\odbccu32.dll
- 2002-08-29 10:00:00 90,112 ----a-w c:\windows\SYSTEM32\ODBCINT.DLL
+ 2008-04-13 17:26:05 94,208 ----a-w c:\windows\SYSTEM32\odbcint.dll
- 2002-08-29 10:00:00 53,279 ----a-w c:\windows\SYSTEM32\ODBCJI32.DLL
+ 2008-04-14 00:10:31 53,279 ----a-w c:\windows\SYSTEM32\odbcji32.dll
- 2002-08-29 10:00:00 270,365 ----a-w c:\windows\SYSTEM32\ODBCJT32.DLL
+ 2008-04-14 00:12:02 278,559 ----a-w c:\windows\SYSTEM32\odbcjt32.dll
- 2002-08-29 10:00:00 12,288 ----a-w c:\windows\SYSTEM32\ODBCP32R.DLL
+ 2008-04-13 17:26:05 12,288 ----a-w c:\windows\SYSTEM32\odbcp32r.dll
- 2002-08-29 10:00:00 147,456 ----a-w c:\windows\SYSTEM32\ODBCTRAC.DLL
+ 2008-04-14 00:12:02 147,456 ----a-w c:\windows\SYSTEM32\odbctrac.dll
- 2002-08-29 10:00:00 20,554 ----a-w c:\windows\SYSTEM32\ODDBSE32.DLL
+ 2008-04-14 00:12:02 20,511 ----a-w c:\windows\SYSTEM32\oddbse32.dll
- 2002-08-29 10:00:00 20,553 ----a-w c:\windows\SYSTEM32\ODEXL32.DLL
+ 2008-04-14 00:12:02 20,510 ----a-w c:\windows\SYSTEM32\odexl32.dll
- 2002-08-29 10:00:00 20,553 ----a-w c:\windows\SYSTEM32\ODFOX32.DLL
+ 2008-04-14 00:12:02 20,510 ----a-w c:\windows\SYSTEM32\odfox32.dll
- 2002-08-29 10:00:00 20,553 ----a-w c:\windows\SYSTEM32\ODPDX32.DLL
+ 2008-04-14 00:12:02 20,510 ----a-w c:\windows\SYSTEM32\odpdx32.dll
- 2002-08-29 10:00:00 20,554 ----a-w c:\windows\SYSTEM32\ODTEXT32.DLL
+ 2008-04-14 00:12:02 20,511 ----a-w c:\windows\SYSTEM32\odtext32.dll
- 2002-08-29 10:00:00 109,568 ----a-w c:\windows\SYSTEM32\OFFFILT.DLL
+ 2008-04-14 00:12:02 192,000 ----a-w c:\windows\SYSTEM32\offfilt.dll
- 2005-01-14 05:33:52 1,258,496 ----a-w c:\windows\SYSTEM32\ole32.dll
+ 2008-04-14 00:12:02 1,287,168 ----a-w c:\windows\SYSTEM32\ole32.dll
- 2002-08-29 10:00:00 569,344 ----a-w c:\windows\SYSTEM32\OLEAUT32.DLL
+ 2008-04-14 00:12:02 551,936 ----a-w c:\windows\SYSTEM32\oleaut32.dll
- 2005-01-14 05:33:52 68,608 ----a-w c:\windows\SYSTEM32\olecli32.dll
+ 2008-04-14 00:12:02 74,752 ----a-w c:\windows\SYSTEM32\olecli32.dll
- 2005-01-14 05:33:52 35,328 ----a-w c:\windows\SYSTEM32\olecnv32.dll
+ 2008-04-14 00:12:02 37,376 ----a-w c:\windows\SYSTEM32\olecnv32.dll
- 2002-08-29 10:00:00 117,760 ----a-w c:\windows\SYSTEM32\OLEDLG.DLL
+ 2008-04-14 00:12:02 122,880 ----a-w c:\windows\SYSTEM32\oledlg.dll
- 2002-08-29 10:00:00 98,304 ----a-w c:\windows\SYSTEM32\OLEPRN.DLL
+ 2008-04-14 00:12:02 107,008 ----a-w c:\windows\SYSTEM32\oleprn.dll
- 2002-08-29 10:00:00 106,496 ----a-w c:\windows\SYSTEM32\OLEPRO32.DLL
+ 2008-04-14 00:12:02 84,992 ----a-w c:\windows\SYSTEM32\olepro32.dll
+ 2008-04-14 00:12:02 144,384 ------w c:\windows\SYSTEM32\onex.dll
- 2002-08-29 10:00:00 112,128 ----a-w c:\windows\SYSTEM32\OOBE\MSOBCOMM.DLL
+ 2008-04-14 00:12:00 122,368 ----a-w c:\windows\SYSTEM32\OOBE\msobcomm.dll
- 2002-08-29 10:00:00 14,336 ----a-w c:\windows\SYSTEM32\OOBE\MSOBDL.DLL
+ 2008-04-14 00:12:00 16,384 ----a-w c:\windows\SYSTEM32\OOBE\msobdl.dll
- 2002-08-29 10:00:00 536,576 ----a-w c:\windows\SYSTEM32\OOBE\MSOBMAIN.DLL
+ 2008-04-14 00:12:00 565,248 ----a-w c:\windows\SYSTEM32\OOBE\msobmain.dll
- 2002-08-29 10:00:00 28,160 ----a-w c:\windows\SYSTEM32\OOBE\MSOBSHEL.DLL
+ 2008-04-14 00:12:00 30,720 ----a-w c:\windows\SYSTEM32\OOBE\msobshel.dll
- 2002-08-29 10:00:00 16,896 ----a-w c:\windows\SYSTEM32\OOBE\MSOBWEB.DLL
+ 2008-04-14 00:12:00 19,456 ----a-w c:\windows\SYSTEM32\OOBE\msobweb.dll
- 2002-08-29 10:00:00 28,160 ----a-w c:\windows\SYSTEM32\OOBE\MSOOBE.EXE
+ 2008-04-14 00:12:28 29,184 ----a-w c:\windows\SYSTEM32\OOBE\msoobe.exe
- 2002-08-29 10:00:00 49,664 ----a-w c:\windows\SYSTEM32\OOBE\OOBEBALN.EXE
+ 2008-04-14 00:12:31 51,200 ----a-w c:\windows\SYSTEM32\OOBE\oobebaln.exe
- 2002-08-29 10:00:00 686,080 ----a-w c:\windows\SYSTEM32\OPENGL32.DLL
+ 2008-04-14 00:12:02 713,728 ----a-w c:\windows\SYSTEM32\opengl32.dll
- 2003-02-10 15:58:20 212,480 ----a-w c:\windows\SYSTEM32\osk.exe
+ 2008-04-14 00:12:31 215,552 ----a-w c:\windows\SYSTEM32\osk.exe
- 2002-08-29 10:00:00 61,952 ----a-w c:\windows\SYSTEM32\OSUNINST.DLL
+ 2008-04-14 00:12:02 67,584 ----a-w c:\windows\SYSTEM32\osuninst.dll
+ 2008-04-14 00:12:02 153,600 ------w c:\windows\SYSTEM32\p2p.dll
+ 2008-04-14 00:12:02 105,472 ------w c:\windows\SYSTEM32\p2pgasvc.dll
+ 2008-04-14 00:12:02 313,856 ------w c:\windows\SYSTEM32\p2pgraph.dll
+ 2008-04-14 00:12:02 115,712 ------w c:\windows\SYSTEM32\p2pnetsh.dll
+ 2008-04-14 00:12:02 554,496 ------w c:\windows\SYSTEM32\p2psvc.dll
- 2002-08-29 10:00:00 53,248 ----a-w c:\windows\SYSTEM32\PACKAGER.EXE
+ 2008-04-14 00:12:31 58,368 ----a-w c:\windows\SYSTEM32\packager.exe
- 2002-08-29 10:00:00 58,880 ----a-w c:\windows\SYSTEM32\PAUTOENR.DLL
+ 2008-04-14 00:12:02 67,584 ----a-w c:\windows\SYSTEM32\pautoenr.dll
- 2002-08-29 10:00:00 254,976 ----a-w c:\windows\SYSTEM32\PDH.DLL
+ 2008-04-14 00:12:02 284,160 ----a-w c:\windows\SYSTEM32\pdh.dll
- 2009-01-16 02:27:44 62,134 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-01-19 06:33:57 62,134 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
- 2002-08-29 10:00:00 37,376 ----a-w c:\windows\SYSTEM32\PERFCTRS.DLL
+ 2008-04-14 00:12:02 39,936 ----a-w c:\windows\SYSTEM32\perfctrs.dll
- 2002-08-29 10:00:00 23,552 ----a-w c:\windows\SYSTEM32\PERFDISK.DLL
+ 2008-04-14 00:12:02 26,624 ----a-w c:\windows\SYSTEM32\perfdisk.dll
- 2009-01-16 02:27:44 402,756 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
+ 2009-01-19 06:33:57 402,756 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
- 2002-08-29 10:00:00 14,336 ----a-w c:\windows\SYSTEM32\PERFMON.EXE
+ 2008-04-14 00:12:31 15,872 ----a-w c:\windows\SYSTEM32\perfmon.exe
- 2002-08-29 10:00:00 16,896 ----a-w c:\windows\SYSTEM32\PERFNET.DLL
+ 2008-04-14 00:12:02 17,920 ----a-w c:\windows\SYSTEM32\perfnet.dll
- 2002-08-29 10:00:00 23,040 ----a-w c:\windows\SYSTEM32\PERFOS.DLL
+ 2008-04-14 00:12:02 25,088 ----a-w c:\windows\SYSTEM32\perfos.dll
- 2002-08-29 10:00:00 32,256 ----a-w c:\windows\SYSTEM32\PERFPROC.DLL
+ 2008-04-14 00:12:02 34,816 ----a-w c:\windows\SYSTEM32\perfproc.dll
+ 2008-04-14 00:12:02 412,160 ------w c:\windows\SYSTEM32\photometadatahandler.dll
- 2002-08-29 10:00:00 166,912 ----a-w c:\windows\SYSTEM32\PHOTOWIZ.DLL
+ 2008-04-14 00:12:02 176,128 ----a-w c:\windows\SYSTEM32\photowiz.dll
- 2002-08-29 10:00:00 31,744 ----a-w c:\windows\SYSTEM32\PID.DLL
+ 2008-04-14 00:12:02 35,328 ----a-w c:\windows\SYSTEM32\pid.dll
- 2002-08-29 10:00:00 27,648 ----a-w c:\windows\SYSTEM32\PIDGEN.DLL
+ 2008-04-13 18:35:22 24,064 ----a-w c:\windows\SYSTEM32\pidgen.dll
- 2002-08-29 10:00:00 16,384 ----a-w c:\windows\SYSTEM32\PING.EXE
+ 2008-04-14 00:12:31 17,920 ----a-w c:\windows\SYSTEM32\ping.exe
- 2002-08-29 10:00:00 12,800 ----a-w c:\windows\SYSTEM32\PJLMON.DLL
+ 2008-04-14 00:12:02 15,360 ----a-w c:\windows\SYSTEM32\pjlmon.dll
- 2005-04-27 14:53:06 34,816 ----a-w c:\windows\SYSTEM32\PNGFILT.DLL
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2008-04-14 00:12:02 58,880 ------w c:\windows\SYSTEM32\pnrpnsp.dll
- 2002-08-29 10:00:00 87,552 ----a-w c:\windows\SYSTEM32\POLSTORE.DLL
+ 2008-04-14 00:12:02 105,472 ----a-w c:\windows\SYSTEM32\polstore.dll
+ 2008-04-14 00:12:31 49,152 ------w c:\windows\SYSTEM32\powercfg.exe
- 2002-08-29 10:00:00 14,848 ----a-w c:\windows\SYSTEM32\POWRPROF.DLL
+ 2008-04-14 00:12:03 17,408 ----a-w c:\windows\SYSTEM32\powrprof.dll
- 2002-08-29 10:00:00 522,240 ----a-w c:\windows\SYSTEM32\PRINTUI.DLL
+ 2008-04-14 00:12:03 560,640 ----a-w c:\windows\SYSTEM32\printui.dll
- 2002-08-29 10:00:00 28,672 ----a-w c:\windows\SYSTEM32\PROFMAP.DLL
+ 2008-04-14 00:12:03 27,648 ----a-w c:\windows\SYSTEM32\profmap.dll
- 2002-08-29 10:00:00 205,824 ----a-w c:\windows\SYSTEM32\PROGMAN.EXE
+ 2008-04-14 00:12:31 109,568 ----a-w c:\windows\SYSTEM32\progman.exe
- 2002-08-29 10:00:00 45,056 ----a-w c:\windows\SYSTEM32\PROQUOTA.EXE
+ 2008-04-14 00:12:32 50,176 ----a-w c:\windows\SYSTEM32\proquota.exe
+ 2008-04-14 00:12:32 9,216 ------w c:\windows\SYSTEM32\proxycfg.exe
- 2002-08-29 10:00:00 17,408 ----a-w c:\windows\SYSTEM32\PSAPI.DLL
+ 2008-04-14 00:12:03 23,040 ----a-w c:\windows\SYSTEM32\psapi.dll
- 2002-08-29 10:00:00 82,944 ----a-w c:\windows\SYSTEM32\PSBASE.DLL
+ 2008-04-14 00:12:03 96,768 ----a-w c:\windows\SYSTEM32\psbase.dll
- 2003-02-17 15:16:28 354,816 ----a-w c:\windows\SYSTEM32\psisdecd.dll
+ 2008-04-14 00:12:03 363,520 ----a-w c:\windows\SYSTEM32\psisdecd.dll
- 2002-08-29 10:00:00 37,888 ----a-w c:\windows\SYSTEM32\PSTOREC.DLL
+ 2008-04-14 00:12:03 43,520 ----a-w c:\windows\SYSTEM32\pstorec.dll
- 2002-08-29 10:00:00 25,600 ----a-w c:\windows\SYSTEM32\PSTORSVC.DLL
+ 2008-04-14 00:12:03 34,304 ----a-w c:\windows\SYSTEM32\pstorsvc.dll
+ 2008-04-14 00:12:03 150,528 ------w c:\windows\SYSTEM32\qagent.dll
+ 2008-04-14 00:12:03 291,328 ------w c:\windows\SYSTEM32\qagentrt.dll
- 2002-12-11 22:34:40 241,664 ----a-w c:\windows\SYSTEM32\qasf.dll
+ 2008-04-14 00:12:03 237,568 ----a-w c:\windows\SYSTEM32\qasf.dll
- 2002-12-12 05:14:32 257,024 ----a-w c:\windows\SYSTEM32\qcap.dll
+ 2008-04-14 00:12:03 192,512 ----a-w c:\windows\SYSTEM32\qcap.dll
+ 2008-04-14 00:12:03 62,464 ------w c:\windows\SYSTEM32\qcliprov.dll
- 2002-12-12 05:14:32 311,808 ----a-w c:\windows\SYSTEM32\qdv.dll
+ 2008-04-14 00:12:03 279,040 ----a-w c:\windows\SYSTEM32\qdv.dll
- 2003-05-30 14:00:02 449,024 ----a-w c:\windows\SYSTEM32\qdvd.dll
+ 2008-04-14 00:12:03 386,048 ----a-w c:\windows\SYSTEM32\qdvd.dll
- 2002-12-12 05:14:32 1,798,144 ----a-w c:\windows\SYSTEM32\qedit.dll
+ 2008-04-14 00:12:03 562,176 ----a-w c:\windows\SYSTEM32\qedit.dll
- 2002-12-12 05:14:32 733,184 ----a-w c:\windows\SYSTEM32\qedwipes.dll
+ 2008-04-13 17:21:32 733,696 ----a-w c:\windows\SYSTEM32\qedwipes.dll
- 2004-07-01 22:08:18 361,984 ----a-w c:\windows\SYSTEM32\qmgr.dll
+ 2008-04-14 00:12:03 409,088 ----a-w c:\windows\SYSTEM32\qmgr.dll
- 2004-07-01 22:08:18 17,408 ----a-w c:\windows\SYSTEM32\qmgrprxy.dll
+ 2008-04-14 00:12:03 18,944 ----a-w c:\windows\SYSTEM32\qmgrprxy.dll
- 2002-08-29 10:00:00 18,432 ----a-w c:\windows\SYSTEM32\QPROCESS.EXE
+ 2008-04-14 00:12:32 19,968 ----a-w c:\windows\SYSTEM32\qprocess.exe
- 2003-05-30 14:00:02 1,962,496 ----a-w c:\windows\SYSTEM32\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\SYSTEM32\quartz.dll
- 2004-10-28 15:45:59 1,350,144 ----a-w c:\windows\SYSTEM32\query.dll
+ 2008-04-14 00:12:03 1,435,648 ----a-w c:\windows\SYSTEM32\query.dll
+ 2008-04-14 00:12:03 76,800 ------w c:\windows\SYSTEM32\qutil.dll
- 2002-08-29 10:00:00 33,280 ----a-w c:\windows\SYSTEM32\RACPLDLG.DLL
+ 2008-04-14 00:12:03 43,520 ----a-w c:\windows\SYSTEM32\racpldlg.dll
- 2002-08-29 10:00:00 6,144 ----a-w c:\windows\SYSTEM32\RASADHLP.DLL
+ 2008-04-14 00:12:03 7,680 ----a-w c:\windows\SYSTEM32\rasadhlp.dll
- 2002-08-29 10:00:00 217,088 ----a-w c:\windows\SYSTEM32\RASAPI32.DLL
+ 2008-04-14 00:12:03 237,056 ----a-w c:\windows\SYSTEM32\rasapi32.dll
- 2002-08-29 10:00:00 82,944 ----a-w c:\windows\SYSTEM32\RASAUTO.DLL
+ 2008-04-14 00:12:03 88,576 ----a-w c:\windows\SYSTEM32\rasauto.dll
- 2002-08-29 10:00:00 57,856 ----a-w c:\windows\SYSTEM32\RASCHAP.DLL
+ 2008-04-14 00:12:03 79,872 ----a-w c:\windows\SYSTEM32\raschap.dll
- 2002-08-29 10:00:00 631,808 ----a-w c:\windows\SYSTEM32\RASDLG.DLL
+ 2008-04-14 00:12:03 658,432 ----a-w c:\windows\SYSTEM32\rasdlg.dll
- 2002-08-29 10:00:00 55,808 ----a-w c:\windows\SYSTEM32\RASMAN.DLL
+ 2008-04-14 00:12:03 61,440 ----a-w c:\windows\SYSTEM32\rasman.dll
- 2002-08-29 10:00:00 158,720 ----a-w c:\windows\SYSTEM32\RASMANS.DLL
+ 2008-04-14 00:12:03 186,368 ----a-w c:\windows\SYSTEM32\rasmans.dll
- 2002-08-29 10:00:00 54,272 ----a-w c:\windows\SYSTEM32\RASPHONE.EXE
+ 2008-04-14 00:12:32 56,832 ----a-w c:\windows\SYSTEM32\rasphone.exe
- 2002-08-29 10:00:00 193,536 ----a-w c:\windows\SYSTEM32\RASPPP.DLL
+ 2008-04-14 00:12:03 210,944 ----a-w c:\windows\SYSTEM32\rasppp.dll
+ 2008-04-14 00:12:03 61,952 ------w c:\windows\SYSTEM32\rasqec.dll
- 2002-08-29 10:00:00 13,824 ----a-w c:\windows\SYSTEM32\RASSAPI.DLL
+ 2008-04-14 00:12:03 16,384 ----a-w c:\windows\SYSTEM32\rassapi.dll
- 2002-08-29 10:00:00 54,272 ----a-w c:\windows\SYSTEM32\RASTAPI.DLL
+ 2008-04-14 00:12:03 58,368 ----a-w c:\windows\SYSTEM32\rastapi.dll
- 2002-08-29 10:00:00 91,136 ----a-w c:\windows\SYSTEM32\RASTLS.DLL
+ 2008-04-14 00:12:03 150,016 ----a-w c:\windows\SYSTEM32\rastls.dll
- 2002-08-29 10:00:00 96,256 ----a-w c:\windows\SYSTEM32\RCBDYCTL.DLL
+ 2008-04-14 00:12:03 102,400 ----a-w c:\windows\SYSTEM32\rcbdyctl.dll
- 2002-08-29 10:00:00 34,304 ----a-w c:\windows\SYSTEM32\RCIMLBY.EXE
+ 2008-04-14 00:12:32 35,840 ----a-w c:\windows\SYSTEM32\rcimlby.exe
- 2002-08-29 10:00:00 19,968 ----a-w c:\windows\SYSTEM32\RCP.EXE
+ 2008-04-14 00:12:32 21,504 ----a-w c:\windows\SYSTEM32\rcp.exe
- 2002-08-29 10:00:00 135,680 ----a-w c:\windows\SYSTEM32\RDCHOST.DLL
+ 2008-04-14 00:12:03 147,968 ----a-w c:\windows\SYSTEM32\rdchost.dll
- 2002-08-29 10:00:00 44,032 ----a-w c:\windows\SYSTEM32\RDPCLIP.EXE
+ 2008-04-14 00:12:32 62,976 ----a-w c:\windows\SYSTEM32\rdpclip.exe
- 2002-08-29 10:00:00 87,304 ----a-w c:\windows\SYSTEM32\RDPDD.DLL
+ 2008-04-14 00:13:22 92,424 ----a-w c:\windows\SYSTEM32\rdpdd.dll
- 2002-08-29 10:00:00 14,848 ----a-w c:\windows\SYSTEM32\RDPSND.DLL
+ 2008-04-14 00:12:04 19,968 ----a-w c:\windows\SYSTEM32\rdpsnd.dll
- 2002-08-29 10:00:00 75,912 ----a-w c:\windows\SYSTEM32\RDPWSX.DLL
+ 2008-04-14 00:13:22 87,176 ----a-w c:\windows\SYSTEM32\rdpwsx.dll
- 2002-08-29 10:00:00 12,288 ----a-w c:\windows\SYSTEM32\RDSADDIN.EXE
+ 2008-04-14 00:12:32 13,824 ----a-w c:\windows\SYSTEM32\rdsaddin.exe
- 2002-08-29 10:00:00 61,952 ----a-w c:\windows\SYSTEM32\RDSHOST.EXE
+ 2008-04-14 00:12:32 67,072 ----a-w c:\windows\SYSTEM32\rdshost.exe
- 2002-08-29 10:00:00 3,338 ----a-w c:\windows\SYSTEM32\REDIR.EXE
+ 2004-08-04 05:48:44 3,338 ----a-w c:\windows\SYSTEM32\redir.exe
- 2002-08-29 10:00:00 48,128 ----a-w c:\windows\SYSTEM32\REG.EXE
+ 2008-04-14 00:12:32 50,176 ----a-w c:\windows\SYSTEM32\reg.exe
- 2002-08-29 10:00:00 44,032 ----a-w c:\windows\SYSTEM32\REGAPI.DLL
+ 2008-04-14 00:12:04 49,664 ----a-w c:\windows\SYSTEM32\regapi.dll
- 2002-08-29 10:00:00 51,712 ----a-w c:\windows\SYSTEM32\REGSVC.DLL
+ 2008-04-14 00:12:04 59,904 ----a-w c:\windows\SYSTEM32\regsvc.dll
- 2002-08-29 10:00:00 9,728 ------w c:\windows\SYSTEM32\REGSVR32.EXE
+ 2008-04-14 00:12:32 11,776 ------w c:\windows\SYSTEM32\regsvr32.exe
- 2002-08-29 10:00:00 387,584 ----a-w c:\windows\SYSTEM32\REGWIZC.DLL
+ 2008-04-14 00:12:04 397,824 ----a-w c:\windows\SYSTEM32\regwizc.dll
+ 2004-08-04 05:59:19 36,096 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0009\DriverFiles\i386\intelppm.sys
+ 2003-04-15 15:39:54 11,319 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a302.sys
+ 2003-04-15 15:39:58 29,239 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a303.sys
+ 2003-04-15 15:40:04 46,647 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a304.sys
+ 2003-04-15 15:40:08 11,831 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a305.sys
+ 2003-04-15 15:40:12 16,439 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a306.sys
+ 2003-04-15 15:40:16 21,559 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a307.sys
+ 2003-04-15 15:40:20 10,807 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a308.sys
+ 2003-04-15 15:40:24 25,655 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a309.sys
+ 2003-04-15 15:40:28 33,335 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a310.sys
+ 2003-04-15 15:40:32 32,823 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a311.sys
+ 2003-04-15 15:41:00 37,431 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a313.sys
+ 2003-04-15 15:41:04 10,807 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\a314.sys
+ 2003-04-07 05:05:16 118,784 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\hccutils.dll
+ 2003-04-15 15:39:48 65,536 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\iAlmCoIn.dll
+ 2003-04-15 15:39:10 459,330 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\ialmdd5.dll
+ 2003-04-15 15:39:36 187,963 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\ialmdev5.dll
+ 2003-04-15 15:39:44 115,772 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\ialmdnt5.dll
+ 2003-04-15 15:20:48 188,416 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\ialmgdev.dll
+ 2003-04-15 15:20:12 1,859,584 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\ialmgicd.dll
+ 2003-04-15 15:40:46 78,752 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\ialmkchw.sys
+ 2003-04-15 15:39:46 90,907 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\ialmnt5.sys
+ 2003-04-15 15:40:40 73,728 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\ialmrem.dll
+ 2003-04-15 15:40:56 33,792 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\ialmrnt5.dll
+ 2003-04-15 15:40:54 113,504 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\ialmsbw.sys
+ 2003-04-07 05:13:58 487,424 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxcfg.exe
+ 2003-04-07 05:04:54 147,456 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxdev.dll
+ 2003-04-07 05:15:52 45,056 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxdgps.dll
+ 2003-04-07 05:15:50 151,552 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxdiag.exe
+ 2003-04-07 05:04:14 86,016 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxdo.dll
+ 2003-04-07 05:17:44 221,184 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxeud.dll
+ 2003-04-07 05:20:14 32,768 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxexps.dll
+ 2003-04-07 05:20:10 90,112 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxext.exe
+ 2003-04-07 05:07:12 118,784 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxhk.dll
+ 2003-04-07 05:18:56 204,800 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxpph.dll
+ 2003-04-07 05:05:42 503,808 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxress.dll
+ 2003-04-07 05:06:48 315,392 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxsrvc.dll
+ 2003-04-15 15:40:36 20,533 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\vch.sys
+ 2003-04-15 15:39:50 33,335 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\wa301a.sys
+ 2003-04-15 15:39:50 33,335 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0010\DriverFiles\wa301b.sys
+ 2004-08-04 05:59:19 36,096 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0011\DriverFiles\i386\intelppm.sys
+ 2005-10-21 22:52:48 21,568 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0012\DriverFiles\drivers\dot4\Win2000\HPZius12.sys
+ 2004-03-14 07:34:10 270,336 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0012\DriverFiles\HPZc3212.dll
+ 2005-10-21 22:58:58 16,496 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0013\DriverFiles\drivers\dot4\Win2000\HPZipr12.sys
+ 2005-10-21 22:58:52 49,920 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0014\DriverFiles\drivers\dot4\Win2000\hpzid412.sys
- 2002-08-29 10:00:00 56,320 ----a-w c:\windows\SYSTEM32\REMOTEPG.DLL
+ 2008-04-14 00:12:04 60,416 ----a-w c:\windows\SYSTEM32\remotepg.dll
- 2002-08-29 10:00:00 370,688 ----a-w c:\windows\SYSTEM32\Restore\RSTRUI.EXE
+ 2008-04-14 00:12:33 380,416 ----a-w c:\windows\SYSTEM32\Restore\rstrui.exe
- 2002-08-29 10:00:00 54,784 ----a-w c:\windows\SYSTEM32\RESUTILS.DLL
+ 2008-04-14 00:12:04 58,880 ----a-w c:\windows\SYSTEM32\resutils.dll
- 2002-08-29 10:00:00 11,776 ----a-w c:\windows\SYSTEM32\REXEC.EXE
+ 2008-04-14 00:12:33 13,824 ----a-w c:\windows\SYSTEM32\rexec.exe
+ 2008-04-14 00:12:04 290,304 ------w c:\windows\SYSTEM32\rhttpaa.dll
- 2002-08-29 10:00:00 423,424 ----a-w c:\windows\SYSTEM32\RICHED20.DLL
+ 2008-04-14 00:12:04 433,664 ----a-w c:\windows\SYSTEM32\riched20.dll
- 2004-03-06 02:16:12 535,552 ----a-w c:\windows\SYSTEM32\RPCRT4.DLL
+ 2008-04-14 00:12:04 584,704 ----a-w c:\windows\SYSTEM32\rpcrt4.dll
- 2005-01-14 05:33:52 284,672 ----a-w c:\windows\SYSTEM32\rpcss.dll
+ 2008-04-14 00:12:04 399,360 ----a-w c:\windows\SYSTEM32\rpcss.dll
- 2002-08-29 10:00:00 133,632 ----a-w c:\windows\SYSTEM32\RSAENH.DLL
+ 2008-04-13 17:37:57 208,384 ----a-w c:\windows\SYSTEM32\rsaenh.dll
- 2002-08-29 10:00:00 13,312 ----a-w c:\windows\SYSTEM32\RSH.EXE
+ 2008-04-14 00:12:33 14,848 ----a-w c:\windows\SYSTEM32\rsh.exe
- 2002-08-29 10:00:00 36,352 ----a-w c:\windows\SYSTEM32\RSHX32.DLL
+ 2008-04-14 00:12:04 39,936 ----a-w c:\windows\SYSTEM32\rshx32.dll
- 2002-08-29 10:00:00 18,432 ----a-w c:\windows\SYSTEM32\RSMPS.DLL
+ 2008-04-14 00:12:04 18,944 ----a-w c:\windows\SYSTEM32\rsmps.dll
- 2002-08-29 10:00:00 90,112 ----a-w c:\windows\SYSTEM32\RSVPSP.DLL
+ 2008-04-14 00:12:04 92,672 ----a-w c:\windows\SYSTEM32\rsvpsp.dll
- 2002-08-29 10:00:00 74,240 ----a-w c:\windows\SYSTEM32\RTCSHARE.EXE
+ 2008-04-14 00:12:33 77,312 ----a-w c:\windows\SYSTEM32\rtcshare.exe
- 2002-08-29 10:00:00 29,696 ----a-w c:\windows\SYSTEM32\RTIPXMIB.DLL
+ 2008-04-14 00:12:04 31,744 ----a-w c:\windows\SYSTEM32\rtipxmib.dll
- 2002-08-29 10:00:00 39,936 ----a-w c:\windows\SYSTEM32\RTUTILS.DLL
+ 2008-04-14 00:12:04 44,032 ----a-w c:\windows\SYSTEM32\rtutils.dll
- 2002-08-29 10:00:00 31,744 ----a-w c:\windows\SYSTEM32\RUNDLL32.EXE
+ 2008-04-14 00:12:33 33,280 ----a-w c:\windows\SYSTEM32\rundll32.exe
- 2002-08-29 10:00:00 12,800 ----a-w c:\windows\SYSTEM32\RUNONCE.EXE
+ 2008-04-14 00:12:33 14,336 ----a-w c:\windows\SYSTEM32\runonce.exe
+ 2008-04-14 00:12:04 397,056 ------w c:\windows\SYSTEM32\s3gnb.dll
- 2002-08-29 10:00:00 39,424 ----a-w c:\windows\SYSTEM32\SAFRCDLG.DLL
+ 2008-04-14 00:12:04 43,520 ----a-w c:\windows\SYSTEM32\safrcdlg.dll
- 2002-08-29 10:00:00 26,624 ----a-w c:\windows\SYSTEM32\SAFRDM.DLL
+ 2008-04-14 00:12:04 29,696 ----a-w c:\windows\SYSTEM32\safrdm.dll
- 2002-08-29 10:00:00 40,960 ----a-w c:\windows\SYSTEM32\SAFRSLV.DLL
+ 2008-04-14 00:12:04 45,568 ----a-w c:\windows\SYSTEM32\safrslv.dll
- 2002-08-29 10:00:00 54,784 ----a-w c:\windows\SYSTEM32\SAMLIB.DLL
+ 2008-04-14 00:12:04 64,000 ----a-w c:\windows\SYSTEM32\samlib.dll
- 2002-08-29 10:00:00 411,136 ----a-w c:\windows\SYSTEM32\SAMSRV.DLL
+ 2008-04-14 00:12:04 415,744 ----a-w c:\windows\SYSTEM32\samsrv.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\SYSTEM32\SAVEDUMP.EXE
+ 2008-04-14 00:12:33 13,312 ----a-w c:\windows\SYSTEM32\savedump.exe
- 2002-08-29 10:00:00 218,112 ----a-w c:\windows\SYSTEM32\SBE.DLL
+ 2008-04-14 00:12:04 270,848 ----a-w c:\windows\SYSTEM32\sbe.dll
- 2002-08-29 10:00:00 110,080 ----a-w c:\windows\SYSTEM32\SBEIO.DLL
+ 2008-04-14 00:12:04 159,232 ----a-w c:\windows\SYSTEM32\sbeio.dll
- 2002-08-29 10:00:00 66,560 ----a-w c:\windows\SYSTEM32\SCARDDLG.DLL
+ 2008-04-14 00:12:04 69,632 ----a-w c:\windows\SYSTEM32\scarddlg.dll
- 2002-08-29 10:00:00 93,184 ----a-w c:\windows\SYSTEM32\SCARDSVR.EXE
+ 2008-04-14 00:12:33 95,744 ----a-w c:\windows\SYSTEM32\scardsvr.exe
- 2002-08-29 10:00:00 171,008 ----a-w c:\windows\SYSTEM32\SCCSCCP.DLL
+ 2008-04-14 00:12:05 171,008 ----a-w c:\windows\SYSTEM32\sccsccp.dll
- 2002-08-29 10:00:00 174,592 ----a-w c:\windows\SYSTEM32\SCECLI.DLL
+ 2008-04-14 00:12:05 181,248 ----a-w c:\windows\SYSTEM32\scecli.dll
- 2002-08-29 10:00:00 297,984 ----a-w c:\windows\SYSTEM32\SCESRV.DLL
+ 2008-04-14 00:12:05 314,880 ----a-w c:\windows\SYSTEM32\scesrv.dll
- 2004-03-30 01:48:36 136,704 ----a-w c:\windows\SYSTEM32\SCHANNEL.DLL
+ 2008-04-14 00:12:05 144,384 ----a-w c:\windows\SYSTEM32\schannel.dll
- 2004-06-08 22:02:21 172,544 ----a-w c:\windows\SYSTEM32\schedsvc.dll
+ 2008-04-14 00:12:05 192,512 ----a-w c:\windows\SYSTEM32\schedsvc.dll
- 2002-08-29 10:00:00 18,432 ----a-w c:\windows\SYSTEM32\SCLGNTFY.DLL
+ 2008-04-14 00:12:05 20,480 ----a-w c:\windows\SYSTEM32\sclgntfy.dll
- 2002-08-29 10:00:00 8,192 ----a-w c:\windows\SYSTEM32\SCRNSAVE.SCR
+ 2008-04-14 00:12:43 9,216 ----a-w c:\windows\SYSTEM32\scrnsave.scr
- 2002-08-29 10:00:00 155,675 ----a-w c:\windows\SYSTEM32\SCROBJ.DLL
+ 2008-05-09 10:53:39 180,224 ----a-w c:\windows\SYSTEM32\scrobj.dll
- 2002-08-29 10:00:00 147,483 ----a-w c:\windows\SYSTEM32\SCRRUN.DLL
+ 2008-05-09 10:53:40 172,032 ----a-w c:\windows\SYSTEM32\scrrun.dll
- 2002-08-29 10:00:00 71,168 ----a-w c:\windows\SYSTEM32\SDBINST.EXE
+ 2008-04-14 00:12:34 77,312 ----a-w c:\windows\SYSTEM32\sdbinst.exe
+ 2008-04-14 00:12:05 29,184 ------w c:\windows\SYSTEM32\sdhcinst.dll
- 2002-08-29 10:00:00 20,992 ----a-w c:\windows\SYSTEM32\SECLOGON.DLL
+ 2008-04-14 00:12:05 18,944 ----a-w c:\windows\SYSTEM32\seclogon.dll
- 2002-08-29 10:00:00 4,573 ----a-w c:\windows\SYSTEM32\SECUPD.DAT
+ 2004-08-02 19:20:40 4,569 ------w c:\windows\SYSTEM32\secupd.dat
- 2002-08-29 10:00:00 52,224 ----a-w c:\windows\SYSTEM32\SECUR32.DLL
+ 2008-04-14 00:12:05 56,320 ----a-w c:\windows\SYSTEM32\secur32.dll
- 2002-08-29 10:00:00 5,632 ----a-w c:\windows\SYSTEM32\SECURITY.DLL
+ 2008-04-14 00:12:05 5,632 ----a-w c:\windows\SYSTEM32\security.dll
- 2002-08-29 10:00:00 27,136 ----a-w c:\windows\SYSTEM32\SENDCMSG.DLL
+ 2008-04-14 00:12:05 29,184 ----a-w c:\windows\SYSTEM32\sendcmsg.dll
- 2002-08-29 10:00:00 53,248 ----a-w c:\windows\SYSTEM32\SENDMAIL.DLL
+ 2008-04-14 00:12:05 54,784 ----a-w c:\windows\SYSTEM32\sendmail.dll
- 2002-08-29 10:00:00 36,352 ----a-w c:\windows\SYSTEM32\SENS.DLL
+ 2008-04-14 00:12:05 39,424 ----a-w c:\windows\SYSTEM32\sens.dll
- 2002-08-29 10:00:00 6,144 ----a-w c:\windows\SYSTEM32\SENSAPI.DLL
+ 2008-04-14 00:12:05 7,168 ----a-w c:\windows\SYSTEM32\sensapi.dll
- 2002-08-29 10:00:00 53,248 ----a-w c:\windows\SYSTEM32\SERVDEPS.DLL
+ 2008-04-14 00:12:05 56,320 ----a-w c:\windows\SYSTEM32\servdeps.dll
- 2002-08-29 10:00:00 101,376 ----a-w c:\windows\SYSTEM32\SERVICES.EXE
+ 2008-04-14 00:12:34 108,544 ----a-w c:\windows\SYSTEM32\services.exe
- 2002-08-29 10:00:00 129,024 ----a-w c:\windows\SYSTEM32\SESSMGR.EXE
+ 2008-04-14 00:12:34 141,312 ----a-w c:\windows\SYSTEM32\sessmgr.exe
- 2002-08-29 10:00:00 28,672 ----a-w c:\windows\SYSTEM32\SETHC.EXE
+ 2008-04-14 00:12:34 31,232 ----a-w c:\windows\SYSTEM32\sethc.exe
- 2002-08-29 10:00:00 20,992 ----a-w c:\windows\SYSTEM32\SETUP.EXE
+ 2008-04-14 00:12:34 23,040 ----a-w c:\windows\SYSTEM32\setup.exe
- 2002-08-29 10:00:00 259,584 ----a-w c:\windows\SYSTEM32\Setup\COMSETUP.DLL
+ 2008-04-14 00:11:51 274,944 ----a-w c:\windows\SYSTEM32\Setup\comsetup.dll
- 2002-08-29 10:00:00 32,828 ----a-w c:\windows\SYSTEM32\Setup\FP40EXT.DLL
+ 2008-04-14 00:11:53 32,828 ----a-w c:\windows\SYSTEM32\Setup\fp40ext.dll
- 2002-08-29 10:00:00 122,880 ----a-w c:\windows\SYSTEM32\Setup\FXSOCM.DLL
+ 2008-04-14 00:11:54 132,608 ----a-w c:\windows\SYSTEM32\Setup\fxsocm.dll
- 2002-08-29 10:00:00 468,480 ----a-w c:\windows\SYSTEM32\Setup\IIS.DLL
+ 2008-04-14 00:11:54 505,344 ----a-w c:\windows\SYSTEM32\Setup\iis.dll
- 2002-08-29 10:00:00 115,712 ----a-w c:\windows\SYSTEM32\Setup\IMSINSNT.DLL
+ 2008-04-14 00:11:54 123,392 ----a-w c:\windows\SYSTEM32\Setup\imsinsnt.dll
+ 2008-04-14 00:11:56 8,192 ----a-w c:\windows\SYSTEM32\Setup\koc.dll
- 2002-08-29 10:00:00 82,432 ----a-w c:\windows\SYSTEM32\Setup\MSDTCSTP.DLL
+ 2008-04-14 00:11:59 90,112 ----a-w c:\windows\SYSTEM32\Setup\msdtcstp.dll
- 2002-08-29 10:00:00 57,374 ----a-w c:\windows\SYSTEM32\Setup\MSGROCM.DLL
+ 2008-04-14 00:11:59 15,360 ----a-w c:\windows\SYSTEM32\Setup\msgrocm.dll
- 2002-08-29 10:00:00 71,168 ----a-w c:\windows\SYSTEM32\Setup\NETOC.DLL
+ 2008-04-14 00:12:01 77,312 ----a-w c:\windows\SYSTEM32\Setup\netoc.dll
- 2002-08-29 10:00:00 61,440 ----a-w c:\windows\SYSTEM32\Setup\NTOC.DLL
+ 2008-04-14 00:12:02 62,976 ----a-w c:\windows\SYSTEM32\Setup\ntoc.dll
- 2002-08-29 10:00:00 12,800 ----a-w c:\windows\SYSTEM32\Setup\OCGEN.DLL
+ 2008-04-14 00:12:02 15,360 ----a-w c:\windows\SYSTEM32\Setup\ocgen.dll
- 2002-08-29 10:00:00 40,960 ----a-w c:\windows\SYSTEM32\Setup\OCMSN.DLL
+ 2008-04-14 00:12:02 17,408 ----a-w c:\windows\SYSTEM32\Setup\ocmsn.dll
- 2002-08-29 10:00:00 99,328 ----a-w c:\windows\SYSTEM32\Setup\SETUPQRY.DLL
+ 2008-04-14 00:12:05 101,376 ----a-w c:\windows\SYSTEM32\Setup\setupqry.dll
+ 2008-04-14 00:12:07 26,624 ----a-w c:\windows\SYSTEM32\Setup\startoc.dll
- 2002-08-29 10:00:00 113,664 ----a-w c:\windows\SYSTEM32\Setup\TSOC.DLL
+ 2008-04-14 00:12:07 130,048 ----a-w c:\windows\SYSTEM32\Setup\tsoc.dll
- 2002-08-29 10:00:00 932,864 ----a-w c:\windows\SYSTEM32\SETUPAPI.DLL
+ 2008-04-14 10:42:06 985,088 ----a-w c:\windows\SYSTEM32\setupapi.dll
+ 2008-04-14 00:12:35 32,768 ------w c:\windows\SYSTEM32\setupn.exe
- 2002-08-29 10:00:00 4,096 ----a-w c:\windows\SYSTEM32\SFC.DLL
+ 2008-04-14 00:12:05 5,120 ----a-w c:\windows\SYSTEM32\sfc.dll
- 2002-08-29 10:00:00 133,120 ----a-w c:\windows\SYSTEM32\SFC_OS.DLL
+ 2008-04-14 00:12:05 140,288 ----a-w c:\windows\SYSTEM32\sfc_os.dll
- 2002-08-29 10:00:00 1,157,632 ----a-w c:\windows\SYSTEM32\SFCFILES.DLL
+ 2008-04-14 00:12:05 1,614,848 ----a-w c:\windows\SYSTEM32\sfcfiles.dll
- 2002-08-29 10:00:00 548,864 ----a-w c:\windows\SYSTEM32\SHDOCLC.DLL
+ 2008-04-13 17:03:19 549,376 ----a-w c:\windows\SYSTEM32\shdoclc.dll
- 2005-04-27 18:50:48 1,338,368 ----a-w c:\windows\SYSTEM32\SHDOCVW.DLL
+ 2008-10-16 01:00:10 1,499,136 ----a-w c:\windows\SYSTEM32\shdocvw.dll
- 2005-03-12 01:51:16 8,348,672 ----a-w c:\windows\SYSTEM32\shell32.dll
+ 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\SYSTEM32\shell32.dll
- 2002-08-29 10:00:00 22,528 ----a-w c:\windows\SYSTEM32\SHFOLDER.DLL
+ 2008-04-14 00:12:05 25,088 ----a-w c:\windows\SYSTEM32\shfolder.dll
- 2002-08-29 10:00:00 62,976 ----a-w c:\windows\SYSTEM32\SHGINA.DLL
+ 2008-04-14 00:12:05 68,096 ----a-w c:\windows\SYSTEM32\shgina.dll
- 2002-08-29 10:00:00 60,416 ----a-w c:\windows\SYSTEM32\SHIMENG.DLL
+ 2008-04-14 00:12:05 65,024 ----a-w c:\windows\SYSTEM32\shimeng.dll
- 2002-08-29 10:00:00 420,864 ----a-w c:\windows\SYSTEM32\SHIMGVW.DLL
+ 2008-04-14 00:12:05 438,272 ----a-w c:\windows\SYSTEM32\shimgvw.dll
- 2004-12-07 23:11:50 402,432 ----a-w c:\windows\SYSTEM32\SHLWAPI.DLL
+ 2008-04-14 00:12:05 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll
- 2002-09-30 17:58:10 125,440 ----a-w c:\windows\SYSTEM32\shmedia.dll
+ 2008-04-14 00:12:05 152,064 ----a-w c:\windows\SYSTEM32\shmedia.dll
- 2002-08-29 10:00:00 33,280 ----a-w c:\windows\SYSTEM32\SHMGRATE.EXE
+ 2008-04-14 00:12:35 45,056 ----a-w c:\windows\SYSTEM32\shmgrate.exe
- 2002-08-29 10:00:00 69,632 ----a-w c:\windows\SYSTEM32\SHRPUBW.EXE
+ 2008-04-14 00:12:35 77,824 ----a-w c:\windows\SYSTEM32\shrpubw.exe
- 2002-08-29 10:00:00 23,040 ----a-w c:\windows\SYSTEM32\SHSCRAP.DLL
+ 2008-04-14 00:12:05 27,648 ----a-w c:\windows\SYSTEM32\shscrap.dll
- 2004-10-28 01:29:54 116,736 ----a-w c:\windows\SYSTEM32\shsvcs.dll
+ 2008-04-14 00:12:05 135,168 ----a-w c:\windows\SYSTEM32\shsvcs.dll
- 2002-08-29 10:00:00 17,920 ----a-w c:\windows\SYSTEM32\SHUTDOWN.EXE
+ 2008-04-14 00:12:35 19,456 ----a-w c:\windows\SYSTEM32\shutdown.exe
- 2002-08-29 10:00:00 11,776 ----a-w c:\windows\SYSTEM32\SIGTAB.DLL
+ 2008-04-14 00:12:05 13,312 ----a-w c:\windows\SYSTEM32\sigtab.dll
- 2002-08-29 10:00:00 66,048 ----a-w c:\windows\SYSTEM32\SIGVERIF.EXE
+ 2008-04-14 00:12:35 70,144 ----a-w c:\windows\SYSTEM32\sigverif.exe
- 2002-08-29 10:00:00 24,064 ----a-w c:\windows\SYSTEM32\SKEYS.EXE
+ 2008-04-14 00:12:35 26,112 ----a-w c:\windows\SYSTEM32\skeys.exe
- 2002-08-29 10:00:00 22,528 ----a-w c:\windows\SYSTEM32\SLAYERXP.DLL
+ 2008-04-14 00:12:06 25,088 ----a-w c:\windows\SYSTEM32\slayerxp.dll
- 2002-08-29 10:00:00 276,480 ----a-w c:\windows\SYSTEM32\SLBCSP.DLL
+ 2004-08-04 05:31:43 306,176 ----a-w c:\windows\SYSTEM32\slbcsp.dll
- 2002-08-29 10:00:00 89,600 ----a-w c:\windows\SYSTEM32\SLBIOP.DLL
+ 2008-04-14 00:12:06 98,304 ----a-w c:\windows\SYSTEM32\slbiop.dll
+ 2008-04-14 00:12:06 73,832 ------w c:\windows\SYSTEM32\slcoinst.dll
+ 2008-04-14 00:12:06 286,792 ------w c:\windows\SYSTEM32\slextspk.dll
+ 2008-04-14 00:12:06 188,508 ------w c:\windows\SYSTEM32\slgen.dll
+ 2008-04-14 00:12:35 32,866 ------w c:\windows\SYSTEM32\slrundll.exe
+ 2008-04-14 00:12:35 73,796 ------w c:\windows\SYSTEM32\slserv.exe
+ 2008-04-14 00:12:35 8,192 ------w c:\windows\SYSTEM32\smbinst.exe
- 2002-08-29 10:00:00 334,848 ----a-w c:\windows\SYSTEM32\SMLOGCFG.DLL
+ 2008-04-14 00:12:06 362,496 ----a-w c:\windows\SYSTEM32\smlogcfg.dll
- 2002-08-29 10:00:00 82,944 ----a-w c:\windows\SYSTEM32\SMLOGSVC.EXE
+ 2008-04-14 00:12:35 89,600 ----a-w c:\windows\SYSTEM32\smlogsvc.exe
- 2002-08-29 10:00:00 45,568 ------w c:\windows\SYSTEM32\SMSS.EXE
+ 2008-04-14 00:12:36 50,688 ------w c:\windows\SYSTEM32\smss.exe
- 2002-08-29 10:00:00 124,416 ----a-w c:\windows\SYSTEM32\SNDREC32.EXE
+ 2008-04-14 00:12:36 131,584 ----a-w c:\windows\SYSTEM32\sndrec32.exe
- 2002-08-29 10:00:00 16,896 ----a-w c:\windows\SYSTEM32\SNMPAPI.DLL
+ 2008-04-14 00:12:06 18,944 ----a-w c:\windows\SYSTEM32\snmpapi.dll
- 2002-08-29 10:00:00 172,032 ----a-w c:\windows\SYSTEM32\SNMPSNAP.DLL
+ 2008-04-14 00:12:06 182,272 ----a-w c:\windows\SYSTEM32\snmpsnap.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.788\wuapi.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2002-08-29 10:00:00 23,552 ----a-w c:\windows\SYSTEM32\SORT.EXE
+ 2008-04-14 00:12:36 24,576 ----a-w c:\windows\SYSTEM32\sort.exe
+ 2008-04-14 00:12:36 7,680 ----a-w c:\windows\SYSTEM32\spdwnwxp.exe
- 2002-08-29 10:00:00 534,016 ----a-w c:\windows\SYSTEM32\SPIDER.EXE
+ 2008-04-14 00:12:36 538,624 ----a-w c:\windows\SYSTEM32\spider.exe
- 2005-02-25 00:35:06 14,048 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2008-04-14 10:42:38 11,264 ------w c:\windows\SYSTEM32\spnpinst.exe
- 2002-08-29 10:00:00 443,392 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\FXSAPI.DLL
+ 2008-04-14 00:11:53 451,584 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsapi.dll
- 2002-08-29 10:00:00 24,064 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\FXSDRV.DLL
+ 2008-04-14 00:11:54 26,624 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsdrv.dll
- 2002-08-29 10:00:00 6,656 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\FXSRES.DLL
+ 2008-04-14 00:09:33 6,656 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsres.dll
- 2002-08-29 10:00:00 391,168 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\FXSTIFF.DLL
+ 2008-04-14 00:11:54 397,312 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxstiff.dll
- 2002-08-29 10:00:00 149,504 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\FXSUI.DLL
+ 2008-04-14 00:11:54 154,112 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsui.dll
- 2002-08-29 10:00:00 185,856 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\FXSWZRD.DLL
+ 2008-04-14 00:11:54 192,512 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxswzrd.dll
- 2002-08-29 10:00:00 66,560 ----a-w c:\windows\SYSTEM32\SPOOLSS.DLL
+ 2008-04-14 00:12:06 75,264 ----a-w c:\windows\SYSTEM32\spoolss.dll
- 2002-08-29 10:00:00 51,200 ------w c:\windows\SYSTEM32\SPOOLSV.EXE
+ 2008-04-14 00:12:36 57,856 ----a-w c:\windows\SYSTEM32\spoolsv.exe
- 2005-02-24 17:21:42 22,752 ----a-w c:\windows\SYSTEM32\spupdsvc.exe
+ 2007-08-11 01:46:18 26,488 ----a-w c:\windows\SYSTEM32\spupdsvc.exe
+ 2008-04-14 00:12:36 20,992 ------w c:\windows\SYSTEM32\spupdwxp.exe
- 2003-10-28 01:12:44 385,024 ----a-w c:\windows\SYSTEM32\SQLSRV32.dll
+ 2008-04-14 00:12:06 442,368 ----a-w c:\windows\SYSTEM32\sqlsrv32.dll
- 2002-10-02 20:32:28 180,800 ----a-w c:\windows\SYSTEM32\sqlunirl.dll
+ 2008-04-14 00:12:06 180,800 ----a-w c:\windows\SYSTEM32\sqlunirl.dll
- 2002-08-29 10:00:00 63,488 ----a-w c:\windows\SYSTEM32\SRCLIENT.DLL
+ 2008-04-14 00:12:07 67,584 ----a-w c:\windows\SYSTEM32\srclient.dll
- 2002-11-14 20:50:42 226,816 ----a-w c:\windows\SYSTEM32\srrstr.dll
+ 2008-04-14 00:12:07 239,104 ----a-w c:\windows\SYSTEM32\srrstr.dll
- 2002-08-29 10:00:00 158,720 ----a-w c:\windows\SYSTEM32\SRSVC.DLL
+ 2008-04-14 00:12:07 171,008 ----a-w c:\windows\SYSTEM32\srsvc.dll
- 2004-12-07 19:34:37 79,872 ----a-w c:\windows\SYSTEM32\srvsvc.dll
+ 2008-04-14 00:12:07 96,768 ----a-w c:\windows\SYSTEM32\srvsvc.dll
- 2002-08-29 10:00:00 667,648 ------w c:\windows\SYSTEM32\SS3DFO.SCR
+ 2008-04-14 00:12:43 704,512 ------w c:\windows\SYSTEM32\ss3dfo.scr
- 2002-08-29 10:00:00 18,944 ----a-w c:\windows\SYSTEM32\SSBEZIER.SCR
+ 2008-04-14 00:12:43 19,968 ----a-w c:\windows\SYSTEM32\ssbezier.scr
- 2002-08-29 10:00:00 27,136 ----a-w c:\windows\SYSTEM32\SSDPAPI.DLL
+ 2008-04-14 00:12:07 34,816 ----a-w c:\windows\SYSTEM32\ssdpapi.dll
- 2002-08-29 10:00:00 43,008 ----a-w c:\windows\SYSTEM32\SSDPSRV.DLL
+ 2008-04-14 00:12:07 71,680 ----a-w c:\windows\SYSTEM32\ssdpsrv.dll
- 2002-08-29 10:00:00 364,544 ----a-w c:\windows\SYSTEM32\SSFLWBOX.SCR
+ 2008-04-14 00:12:43 393,216 ----a-w c:\windows\SYSTEM32\ssflwbox.scr
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\SYSTEM32\SSMARQUE.SCR
+ 2008-04-14 00:12:44 20,992 ----a-w c:\windows\SYSTEM32\ssmarque.scr
- 2002-08-29 10:00:00 43,008 ----a-w c:\windows\SYSTEM32\SSMYPICS.SCR
+ 2008-04-14 00:12:44 47,104 ----a-w c:\windows\SYSTEM32\ssmypics.scr
- 2002-08-29 10:00:00 17,408 ----a-w c:\windows\SYSTEM32\SSMYST.SCR
+ 2008-04-14 00:12:44 18,944 ----a-w c:\windows\SYSTEM32\ssmyst.scr
- 2002-08-29 10:00:00 569,344 ----a-w c:\windows\SYSTEM32\SSPIPES.SCR
+ 2008-04-14 00:12:44 610,304 ----a-w c:\windows\SYSTEM32\sspipes.scr
- 2002-08-29 10:00:00 13,312 ----a-w c:\windows\SYSTEM32\SSSTARS.SCR
+ 2008-04-14 00:12:44 14,336 ----a-w c:\windows\SYSTEM32\ssstars.scr
- 2002-08-29 10:00:00 638,976 ----a-w c:\windows\SYSTEM32\SSTEXT3D.SCR
+ 2008-04-14 00:12:44 679,936 ----a-w c:\windows\SYSTEM32\sstext3d.scr
- 2002-08-29 10:00:00 54,272 ----a-w c:\windows\SYSTEM32\STCLIENT.DLL
+ 2008-04-14 00:12:07 59,392 ----a-w c:\windows\SYSTEM32\stclient.dll
- 2002-08-29 10:00:00 61,952 ----a-w c:\windows\SYSTEM32\STI.DLL
+ 2008-04-14 00:12:07 68,096 ----a-w c:\windows\SYSTEM32\sti.dll
- 2002-08-29 10:00:00 130,560 ----a-w c:\windows\SYSTEM32\STI_CI.DLL
+ 2008-04-14 00:12:07 136,704 ----a-w c:\windows\SYSTEM32\sti_ci.dll
- 2002-08-29 10:00:00 20,480 ----a-w c:\windows\SYSTEM32\STIMON.EXE
+ 2008-04-14 00:12:36 14,848 ----a-w c:\windows\SYSTEM32\stimon.exe
- 2002-08-29 10:00:00 117,760 ----a-w c:\windows\SYSTEM32\STOBJECT.DLL
+ 2008-04-14 00:12:07 121,856 ----a-w c:\windows\SYSTEM32\stobject.dll
- 2002-08-29 08:41:18 71,168 ----a-w c:\windows\SYSTEM32\STORPROP.DLL
+ 2008-04-14 00:12:07 74,752 ----a-w c:\windows\SYSTEM32\storprop.dll
- 2002-08-29 10:00:00 251,904 ----a-w c:\windows\SYSTEM32\STRMDLL.DLL
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
+ 2008-04-14 00:12:07 75,776 ------w c:\windows\SYSTEM32\strmfilt.dll
- 2002-08-29 10:00:00 12,800 ------w c:\windows\SYSTEM32\SVCHOST.EXE
+ 2008-04-14 00:12:36 14,336 ----a-w c:\windows\SYSTEM32\svchost.exe
- 2004-08-20 22:01:15 700,928 ----a-w c:\windows\SYSTEM32\sxs.dll
+ 2008-04-14 00:12:07 713,216 ----a-w c:\windows\SYSTEM32\sxs.dll
- 2002-08-29 10:00:00 51,712 ----a-w c:\windows\SYSTEM32\SYNCENG.DLL
+ 2008-04-14 00:12:07 57,856 ----a-w c:\windows\SYSTEM32\synceng.dll
- 2002-08-29 10:00:00 183,296 ----a-w c:\windows\SYSTEM32\SYNCUI.DLL
+ 2008-04-14 00:12:07 191,488 ----a-w c:\windows\SYSTEM32\syncui.dll
- 2002-08-29 10:00:00 103,936 ----a-w c:\windows\SYSTEM32\SYSOCMGR.EXE
+ 2008-04-14 00:12:37 106,496 ----a-w c:\windows\SYSTEM32\sysocmgr.exe
- 2002-08-29 10:00:00 938,496 ----a-w c:\windows\SYSTEM32\SYSSETUP.DLL
+ 2008-04-14 00:12:07 990,208 ----a-w c:\windows\SYSTEM32\syssetup.dll
- 2002-08-29 10:00:00 198,656 ----a-w c:\windows\SYSTEM32\T2EMBED.DLL
+ 2008-04-14 00:12:07 117,760 ----a-w c:\windows\SYSTEM32\t2embed.dll
- 2002-08-29 10:00:00 829,952 ----a-w c:\windows\SYSTEM32\TAPI3.DLL
+ 2008-04-14 00:12:07 858,624 ----a-w c:\windows\SYSTEM32\tapi3.dll
- 2002-08-29 10:00:00 165,376 ----a-w c:\windows\SYSTEM32\TAPI32.DLL
+ 2008-04-14 00:12:07 181,760 ----a-w c:\windows\SYSTEM32\tapi32.dll
- 2002-08-29 10:00:00 233,984 ----a-w c:\windows\SYSTEM32\TAPISRV.DLL
+ 2008-04-14 00:12:07 249,856 ----a-w c:\windows\SYSTEM32\tapisrv.dll
- 2002-08-29 10:00:00 128,512 ----a-w c:\windows\SYSTEM32\TASKMGR.EXE
+ 2008-04-14 00:12:37 135,680 ----a-w c:\windows\SYSTEM32\taskmgr.exe
- 2002-08-29 10:00:00 13,312 ----a-w c:\windows\SYSTEM32\TCPMIB.DLL
+ 2008-04-14 00:12:07 14,848 ----a-w c:\windows\SYSTEM32\tcpmib.dll
- 2002-08-29 10:00:00 40,448 ----a-w c:\windows\SYSTEM32\TCPMON.DLL
+ 2008-04-14 00:12:07 45,568 ----a-w c:\windows\SYSTEM32\tcpmon.dll
- 2002-08-29 10:00:00 40,960 ----a-w c:\windows\SYSTEM32\TCPMONUI.DLL
+ 2008-04-14 00:12:07 45,568 ----a-w c:\windows\SYSTEM32\tcpmonui.dll
- 2005-05-11 00:09:48 72,192 ----a-w c:\windows\SYSTEM32\telnet.exe
+ 2008-04-14 00:12:37 75,776 ----a-w c:\windows\SYSTEM32\telnet.exe
- 2002-08-29 10:00:00 343,552 ----a-w c:\windows\SYSTEM32\TERMMGR.DLL
+ 2008-04-14 00:12:07 358,400 ----a-w c:\windows\SYSTEM32\termmgr.dll
- 2002-08-29 10:00:00 200,192 ----a-w c:\windows\SYSTEM32\TERMSRV.DLL
+ 2008-04-14 00:12:07 295,424 ----a-w c:\windows\SYSTEM32\termsrv.dll
- 2002-08-29 10:00:00 384,000 ----a-w c:\windows\SYSTEM32\THEMEUI.DLL
+ 2008-04-14 00:12:07 385,536 ----a-w c:\windows\SYSTEM32\themeui.dll
- 2002-08-29 10:00:00 346,624 ----a-w c:\windows\SYSTEM32\tourstart.exe
+ 2008-04-14 00:12:38 347,136 ----a-w c:\windows\SYSTEM32\tourstart.exe
- 2002-08-29 10:00:00 10,752 ----a-w c:\windows\SYSTEM32\TRACERT.EXE
+ 2008-04-14 00:12:38 12,288 ----a-w c:\windows\SYSTEM32\tracert.exe
- 2002-08-29 10:00:00 11,264 ----a-w c:\windows\SYSTEM32\TREE.COM
+ 2008-04-14 00:12:42 12,800 ----a-w c:\windows\SYSTEM32\tree.com
- 2002-08-29 10:00:00 81,920 ----a-w c:\windows\SYSTEM32\TRKWKS.DLL
+ 2008-04-14 00:12:07 90,112 ----a-w c:\windows\SYSTEM32\trkwks.dll
- 2002-08-29 10:00:00 88,064 ----a-w c:\windows\SYSTEM32\TSCFGWMI.DLL
+ 2008-04-14 00:12:07 93,696 ----a-w c:\windows\SYSTEM32\tscfgwmi.dll
- 2002-08-29 10:00:00 40,960 ----a-w c:\windows\SYSTEM32\TSCUPGRD.EXE
+ 2004-08-04 05:59:27 44,544 ----a-w c:\windows\SYSTEM32\tscupgrd.exe
- 2002-08-29 10:00:00 8,456 ----a-w c:\windows\SYSTEM32\TSDDD.DLL
+ 2008-04-14 00:13:21 12,168 ----a-w c:\windows\SYSTEM32\tsddd.dll
+ 2008-04-14 00:12:07 53,248 ------w c:\windows\SYSTEM32\tsgqec.dll
+ 2008-04-14 00:12:07 50,688 ------w c:\windows\SYSTEM32\tspkg.dll
+ 2008-04-14 00:12:07 57,856 ------w c:\windows\SYSTEM32\twext.dll
- 2004-03-06 02:16:10 97,280 ----a-w c:\windows\SYSTEM32\TXFLOG.DLL
+ 2008-04-14 00:12:07 101,376 ----a-w c:\windows\SYSTEM32\txflog.dll
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\SYSTEM32\tzchange.exe
- 2002-08-29 10:00:00 22,016 ----a-w c:\windows\SYSTEM32\UDHISAPI.DLL
+ 2008-04-14 00:12:07 26,624 ----a-w c:\windows\SYSTEM32\udhisapi.dll
- 2002-08-29 10:00:00 268,800 ----a-w c:\windows\SYSTEM32\ULIB.DLL
+ 2008-04-14 00:12:07 275,456 ----a-w c:\windows\SYSTEM32\ulib.dll
- 2002-08-29 10:00:00 32,256 ----a-w c:\windows\SYSTEM32\UMANDLG.DLL
+ 2008-04-14 00:12:07 35,840 ----a-w c:\windows\SYSTEM32\umandlg.dll
- 2002-08-29 10:00:00 107,008 ----a-w c:\windows\SYSTEM32\UMPNPMGR.DLL
+ 2008-04-14 00:12:07 123,392 ----a-w c:\windows\SYSTEM32\umpnpmgr.dll
- 2002-08-29 10:00:00 69,120 ----a-w c:\windows\SYSTEM32\UNIMDMAT.DLL
+ 2008-04-14 00:12:07 74,240 ----a-w c:\windows\SYSTEM32\unimdmat.dll
- 2002-08-29 10:00:00 13,824 ----a-w c:\windows\SYSTEM32\UNIPLAT.DLL
+ 2008-04-14 00:12:07 13,824 ----a-w c:\windows\SYSTEM32\uniplat.dll
- 2002-08-29 10:00:00 302,080 ----a-w c:\windows\SYSTEM32\UNTFS.DLL
+ 2008-04-14 00:12:07 316,416 ----a-w c:\windows\SYSTEM32\untfs.dll
- 2002-08-29 10:00:00 120,320 ----a-w c:\windows\SYSTEM32\UPNP.DLL
+ 2008-04-14 00:12:08 133,632 ----a-w c:\windows\SYSTEM32\upnp.dll
- 2002-08-29 10:00:00 14,848 ----a-w c:\windows\SYSTEM32\UPNPCONT.EXE
+ 2008-04-14 00:12:38 16,896 ----a-w c:\windows\SYSTEM32\upnpcont.exe
- 2002-08-29 10:00:00 164,864 ----a-w c:\windows\SYSTEM32\UPNPHOST.DLL
+ 2008-04-14 00:12:08 185,856 ----a-w c:\windows\SYSTEM32\upnphost.dll
- 2002-08-29 10:00:00 231,424 ----a-w c:\windows\SYSTEM32\UPNPUI.DLL
+ 2008-04-14 00:12:08 239,616 ----a-w c:\windows\SYSTEM32\upnpui.dll
- 2002-08-29 10:00:00 16,384 ----a-w c:\windows\SYSTEM32\UPS.EXE
+ 2008-04-14 00:12:38 18,432 ----a-w c:\windows\SYSTEM32\ups.exe
- 2002-08-29 10:00:00 106,496 ----a-w c:\windows\SYSTEM32\URL.DLL
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\SYSTEM32\url.dll
- 2004-12-07 21:37:46 495,104 ----a-w c:\windows\SYSTEM32\URLMON.DLL
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\urlmon.dll
- 2002-08-29 10:00:00 14,848 ----a-w c:\windows\SYSTEM32\USBMON.DLL
+ 2008-04-14 00:12:08 16,896 ----a-w c:\windows\SYSTEM32\usbmon.dll
- 2001-08-18 04:36:34 67,072 ----a-w c:\windows\SYSTEM32\usbui.dll
+ 2008-04-14 00:12:08 74,240 ----a-w c:\windows\SYSTEM32\usbui.dll
- 2005-03-02 18:20:03 561,152 ----a-w c:\windows\SYSTEM32\user32.dll
+ 2008-04-14 00:12:08 578,560 ----a-w c:\windows\SYSTEM32\user32.dll
- 2002-08-29 10:00:00 667,136 ----a-w c:\windows\SYSTEM32\USERENV.DLL
+ 2008-04-14 00:12:08 727,040 ----a-w c:\windows\SYSTEM32\userenv.dll
- 2002-08-29 10:00:00 22,016 ----a-w c:\windows\SYSTEM32\USERINIT.EXE
+ 2008-04-14 00:12:38 26,112 ----a-w c:\windows\SYSTEM32\userinit.exe
+ 2008-04-13 16:44:16 17,920 ------w c:\windows\SYSTEM32\USMT\cobramsg.dll
- 2002-08-29 10:00:00 114,688 ----a-w c:\windows\SYSTEM32\USMT\GUITRN.DLL
+ 2008-04-14 00:11:54 133,120 ----a-w c:\windows\SYSTEM32\USMT\guitrn.dll
- 2002-08-29 10:00:00 100,352 ----a-w c:\windows\SYSTEM32\USMT\GUITRN_A.DLL
+ 2004-08-04 07:56:42 108,544 ----a-w c:\windows\SYSTEM32\USMT\guitrn_a.dll
+ 2008-04-14 00:11:54 115,200 ------w c:\windows\SYSTEM32\USMT\guitrna.dll
- 2002-08-29 10:00:00 3,584 ----a-w c:\windows\SYSTEM32\USMT\ICONLIB.DLL
+ 2008-04-13 16:44:29 2,560 ----a-w c:\windows\SYSTEM32\USMT\iconlib.dll
- 2002-08-29 10:00:00 17,408 ----a-w c:\windows\SYSTEM32\USMT\LOG.DLL
+ 2008-04-14 00:11:56 19,968 ----a-w c:\windows\SYSTEM32\USMT\log.dll
- 2002-08-29 10:00:00 179,200 ----a-w c:\windows\SYSTEM32\USMT\MIGISM.DLL
+ 2008-04-14 00:11:57 274,432 ----a-w c:\windows\SYSTEM32\USMT\migism.dll
- 2002-08-29 10:00:00 170,496 ----a-w c:\windows\SYSTEM32\USMT\MIGISM_A.DLL
+ 2004-08-04 07:56:42 192,512 ----a-w c:\windows\SYSTEM32\USMT\migism_a.dll
+ 2008-04-14 00:11:57 261,120 ------w c:\windows\SYSTEM32\USMT\migisma.dll
- 2002-08-29 10:00:00 98,816 ----a-w c:\windows\SYSTEM32\USMT\MIGLOAD.EXE
+ 2008-04-14 00:12:25 103,936 ----a-w c:\windows\SYSTEM32\USMT\migload.exe
- 2002-11-20 19:22:36 230,400 ----a-w c:\windows\SYSTEM32\USMT\migwiz.exe
+ 2008-04-14 00:12:25 245,248 ----a-w c:\windows\SYSTEM32\USMT\migwiz.exe
- 2002-08-29 10:00:00 226,816 ----a-w c:\windows\SYSTEM32\USMT\MIGWIZ_A.EXE
+ 2004-08-04 07:56:51 236,032 ----a-w c:\windows\SYSTEM32\USMT\migwiz_a.exe
+ 2008-04-14 00:12:25 241,152 ------w c:\windows\SYSTEM32\USMT\migwiza.exe
- 2002-08-29 10:00:00 173,056 ----a-w c:\windows\SYSTEM32\USMT\SCRIPT.DLL
+ 2008-04-14 00:12:05 215,552 ----a-w c:\windows\SYSTEM32\USMT\script.dll
- 2002-08-29 10:00:00 158,720 ----a-w c:\windows\SYSTEM32\USMT\SCRIPT_A.DLL
+ 2004-08-04 07:56:44 188,416 ----a-w c:\windows\SYSTEM32\USMT\script_a.dll
+ 2008-04-14 00:12:05 199,680 ------w c:\windows\SYSTEM32\USMT\scripta.dll
- 2002-08-29 10:00:00 141,312 ----a-w c:\windows\SYSTEM32\USMT\SYSMOD.DLL
+ 2008-04-14 00:12:07 193,024 ----a-w c:\windows\SYSTEM32\USMT\sysmod.dll
- 2002-08-29 10:00:00 130,048 ----a-w c:\windows\SYSTEM32\USMT\SYSMOD_A.DLL
+ 2004-08-04 07:56:46 155,648 ----a-w c:\windows\SYSTEM32\USMT\sysmod_a.dll
+ 2008-04-14 00:12:07 173,568 ------w c:\windows\SYSTEM32\USMT\sysmoda.dll
- 2002-08-29 10:00:00 339,456 ----a-w c:\windows\SYSTEM32\USP10.DLL
+ 2008-04-14 00:12:08 406,016 ----a-w c:\windows\SYSTEM32\usp10.dll
- 2002-08-29 10:00:00 47,616 ----a-w c:\windows\SYSTEM32\UTILMAN.EXE
+ 2008-04-14 00:12:38 50,176 ----a-w c:\windows\SYSTEM32\utilman.exe
- 2002-08-29 10:00:00 203,264 ----a-w c:\windows\SYSTEM32\UXTHEME.DLL
+ 2008-04-14 00:12:08 218,624 ----a-w c:\windows\SYSTEM32\uxtheme.dll
- 2004-03-16 18:44:16 30,749 ----a-w c:\windows\SYSTEM32\vbajet32.dll
+ 2008-04-14 00:12:08 30,749 ----a-w c:\windows\SYSTEM32\vbajet32.dll
- 2002-08-29 10:00:00 479,261 ----a-w c:\windows\SYSTEM32\VBSCRIPT.DLL
+ 2008-05-09 10:53:40 430,080 ----a-w c:\windows\SYSTEM32\vbscript.dll
- 2002-08-29 10:00:00 24,064 ----a-w c:\windows\SYSTEM32\VDMDBG.DLL
+ 2008-04-14 00:12:08 26,112 ----a-w c:\windows\SYSTEM32\vdmdbg.dll
- 2002-08-29 10:00:00 48,640 ----a-w c:\windows\SYSTEM32\VDMREDIR.DLL
+ 2008-04-14 00:12:08 51,712 ----a-w c:\windows\SYSTEM32\vdmredir.dll
+ 2008-04-14 00:12:38 28,672 ------w c:\windows\SYSTEM32\verclsid.exe
- 2002-08-29 10:00:00 13,312 ----a-w c:\windows\SYSTEM32\VERIFIER.DLL
+ 2008-04-14 00:12:08 26,624 ----a-w c:\windows\SYSTEM32\verifier.dll
- 2002-08-29 10:00:00 16,384 ----a-w c:\windows\SYSTEM32\VERSION.DLL
+ 2008-04-14 00:12:08 18,944 ----a-w c:\windows\SYSTEM32\version.dll
- 2002-08-29 10:00:00 409,088 ----a-w c:\windows\SYSTEM32\VSSAPI.DLL
+ 2008-04-14 00:12:08 430,592 ----a-w c:\windows\SYSTEM32\vssapi.dll
- 2002-08-29 10:00:00 275,456 ----a-w c:\windows\SYSTEM32\VSSVC.EXE
+ 2008-04-14 00:12:38 289,792 ----a-w c:\windows\SYSTEM32\vssvc.exe
- 2002-08-29 10:00:00 165,376 ----a-w c:\windows\SYSTEM32\W32TIME.DLL
+ 2008-04-14 00:12:08 175,104 ----a-w c:\windows\SYSTEM32\w32time.dll
+ 2008-04-14 00:12:08 15,872 ------w c:\windows\SYSTEM32\w3ssl.dll
- 2002-08-29 10:00:00 16,384 ----a-w c:\windows\SYSTEM32\WATCHDOG.SYS
+ 2008-04-13 18:44:59 17,664 ----a-w c:\windows\SYSTEM32\watchdog.sys
- 2002-08-29 10:00:00 208,896 ----a-w c:\windows\SYSTEM32\WAVEMSP.DLL
+ 2008-04-14 00:12:08 215,552 ----a-w c:\windows\SYSTEM32\wavemsp.dll
- 2002-08-29 10:00:00 1,267,712 ----a-w c:\windows\SYSTEM32\WBEM\CIMWIN32.DLL
+ 2008-04-14 00:11:50 1,358,848 ----a-w c:\windows\SYSTEM32\WBEM\cimwin32.dll
- 2002-08-29 10:00:00 235,520 ----a-w c:\windows\SYSTEM32\WBEM\ESSCLI.DLL
+ 2008-04-14 00:11:53 247,808 ----a-w c:\windows\SYSTEM32\WBEM\esscli.dll
- 2002-08-29 10:00:00 19,456 ----a-w c:\windows\SYSTEM32\WBEM\EVNTRPRV.DLL
+ 2008-04-14 00:11:53 21,504 ----a-w c:\windows\SYSTEM32\WBEM\evntrprv.dll
- 2002-08-29 10:00:00 565,248 ----a-w c:\windows\SYSTEM32\WBEM\FASTPROX.DLL
+ 2008-04-14 00:11:53 472,064 ----a-w c:\windows\SYSTEM32\WBEM\fastprox.dll
- 2002-08-29 10:00:00 174,592 ----a-w c:\windows\SYSTEM32\WBEM\FRAMEDYN.DLL
+ 2008-04-14 00:11:53 185,344 ----a-w c:\windows\SYSTEM32\WBEM\framedyn.dll
- 2002-08-29 10:00:00 23,552 ----a-w c:\windows\SYSTEM32\WBEM\KRNLPROV.DLL
+ 2008-04-14 00:11:56 24,576 ----a-w c:\windows\SYSTEM32\WBEM\krnlprov.dll
- 2002-08-29 10:00:00 15,360 ----a-w c:\windows\SYSTEM32\WBEM\MOFCOMP.EXE
+ 2008-04-14 00:12:26 16,384 ----a-w c:\windows\SYSTEM32\WBEM\mofcomp.exe
- 2002-08-29 10:00:00 104,960 ----a-w c:\windows\SYSTEM32\WBEM\MOFD.DLL
+ 2008-04-14 00:11:57 123,904 ----a-w c:\windows\SYSTEM32\WBEM\mofd.dll
- 2002-08-29 10:00:00 60,416 ----a-w c:\windows\SYSTEM32\WBEM\NCPROV.DLL
+ 2008-04-14 00:12:01 47,104 ----a-w c:\windows\SYSTEM32\WBEM\ncprov.dll
- 2002-08-29 10:00:00 203,264 ----a-w c:\windows\SYSTEM32\WBEM\NTEVT.DLL
+ 2008-04-14 00:12:02 212,992 ----a-w c:\windows\SYSTEM32\WBEM\ntevt.dll
- 2002-08-29 10:00:00 226,304 ----a-w c:\windows\SYSTEM32\WBEM\PROVTHRD.DLL
+ 2008-04-14 00:12:03 237,056 ----a-w c:\windows\SYSTEM32\WBEM\provthrd.dll
- 2002-08-29 10:00:00 138,240 ----a-w c:\windows\SYSTEM32\WBEM\REPDRVFS.DLL
+ 2008-04-14 00:12:04 178,176 ----a-w c:\windows\SYSTEM32\WBEM\repdrvfs.dll
- 2002-08-29 10:00:00 33,792 ----a-w c:\windows\SYSTEM32\WBEM\SCRCONS.EXE
+ 2008-04-14 00:12:34 36,352 ----a-w c:\windows\SYSTEM32\WBEM\scrcons.exe
- 2002-08-29 10:00:00 80,896 ----a-w c:\windows\SYSTEM32\WBEM\STDPROV.DLL
+ 2008-04-14 00:12:07 86,528 ----a-w c:\windows\SYSTEM32\WBEM\stdprov.dll
- 2002-08-29 10:00:00 125,952 ----a-w c:\windows\SYSTEM32\WBEM\VIEWPROV.DLL
+ 2008-04-14 00:12:08 131,584 ----a-w c:\windows\SYSTEM32\WBEM\viewprov.dll
- 2002-08-29 10:00:00 183,808 ----a-w c:\windows\SYSTEM32\WBEM\WBEMCNTL.DLL
+ 2008-04-14 00:12:08 196,608 ----a-w c:\windows\SYSTEM32\WBEM\wbemcntl.dll
- 2002-08-29 10:00:00 215,040 ----a-w c:\windows\SYSTEM32\WBEM\WBEMCOMN.DLL
+ 2008-04-14 00:12:08 214,528 ----a-w c:\windows\SYSTEM32\WBEM\wbemcomn.dll
- 2002-08-29 10:00:00 66,048 ----a-w c:\windows\SYSTEM32\WBEM\WBEMCONS.DLL
+ 2008-04-14 00:12:08 71,680 ----a-w c:\windows\SYSTEM32\WBEM\wbemcons.dll
- 2002-08-29 10:00:00 480,256 ----a-w c:\windows\SYSTEM32\WBEM\WBEMCORE.DLL
+ 2008-04-14 00:12:08 531,456 ----a-w c:\windows\SYSTEM32\WBEM\wbemcore.dll
- 2002-08-29 10:00:00 167,936 ----a-w c:\windows\SYSTEM32\WBEM\WBEMDISP.DLL
+ 2008-04-14 00:12:08 178,176 ----a-w c:\windows\SYSTEM32\WBEM\wbemdisp.dll
- 2002-08-29 10:00:00 259,072 ----a-w c:\windows\SYSTEM32\WBEM\WBEMESS.DLL
+ 2008-04-14 00:12:08 273,920 ----a-w c:\windows\SYSTEM32\WBEM\wbemess.dll
- 2002-08-29 10:00:00 38,400 ----a-w c:\windows\SYSTEM32\WBEM\WBEMPERF.DLL
+ 2008-04-14 00:12:08 43,008 ----a-w c:\windows\SYSTEM32\WBEM\wbemperf.dll
- 2002-08-29 10:00:00 28,160 ----a-w c:\windows\SYSTEM32\WBEM\WBEMPROX.DLL
+ 2008-04-14 00:12:08 18,944 ----a-w c:\windows\SYSTEM32\WBEM\wbemprox.dll
- 2002-08-29 10:00:00 48,128 ----a-w c:\windows\SYSTEM32\WBEM\WBEMSVC.DLL
+ 2008-04-14 00:12:08 43,520 ----a-w c:\windows\SYSTEM32\WBEM\wbemsvc.dll
- 2002-08-29 10:00:00 157,696 ----a-w c:\windows\SYSTEM32\WBEM\WBEMTEST.EXE
+ 2008-04-14 00:12:39 116,224 ----a-w c:\windows\SYSTEM32\WBEM\wbemtest.exe
- 2002-08-29 10:00:00 111,104 ----a-w c:\windows\SYSTEM32\WBEM\WBEMUPGD.DLL
+ 2008-04-14 00:12:08 197,120 ----a-w c:\windows\SYSTEM32\WBEM\wbemupgd.dll
- 2002-08-29 10:00:00 183,808 ----a-w c:\windows\SYSTEM32\WBEM\WMIADAP.EXE
+ 2008-04-14 00:12:40 196,608 ----a-w c:\windows\SYSTEM32\WBEM\wmiadap.exe
- 2002-08-29 10:00:00 6,144 ----a-w c:\windows\SYSTEM32\WBEM\WMIAPRES.DLL
+ 2008-04-13 17:10:20 6,656 ----a-w c:\windows\SYSTEM32\WBEM\wmiapres.dll
- 2002-08-29 10:00:00 82,432 ----a-w c:\windows\SYSTEM32\WBEM\WMIAPRPL.DLL
+ 2008-04-14 00:12:09 88,576 ----a-w c:\windows\SYSTEM32\WBEM\wmiaprpl.dll
- 2002-08-29 10:00:00 117,248 ----a-w c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
+ 2008-04-14 00:12:40 126,464 ----a-w c:\windows\SYSTEM32\WBEM\wmiapsrv.exe
- 2002-08-29 10:00:00 55,808 ----a-w c:\windows\SYSTEM32\WBEM\WMICOOKR.DLL
+ 2008-04-14 00:12:09 60,928 ----a-w c:\windows\SYSTEM32\WBEM\wmicookr.dll
- 2002-08-29 10:00:00 138,752 ----a-w c:\windows\SYSTEM32\WBEM\WMIDCPRV.DLL
+ 2008-04-14 00:12:09 140,800 ----a-w c:\windows\SYSTEM32\WBEM\wmidcprv.dll
- 2002-08-29 10:00:00 149,504 ----a-w c:\windows\SYSTEM32\WBEM\WMIPCIMA.DLL
+ 2008-04-14 00:12:09 156,672 ----a-w c:\windows\SYSTEM32\WBEM\wmipcima.dll
- 2002-08-29 10:00:00 124,928 ----a-w c:\windows\SYSTEM32\WBEM\WMIPDSKQ.DLL
+ 2008-04-14 00:12:09 132,096 ----a-w c:\windows\SYSTEM32\WBEM\wmipdskq.dll
- 2002-08-29 10:00:00 58,880 ----a-w c:\windows\SYSTEM32\WBEM\WMIPIPRT.DLL
+ 2008-04-14 00:12:09 61,952 ----a-w c:\windows\SYSTEM32\WBEM\wmipiprt.dll
- 2002-08-29 10:00:00 59,904 ----a-w c:\windows\SYSTEM32\WBEM\WMIPJOBJ.DLL
+ 2008-04-14 00:12:09 62,464 ----a-w c:\windows\SYSTEM32\WBEM\wmipjobj.dll
- 2002-08-29 10:00:00 122,368 ----a-w c:\windows\SYSTEM32\WBEM\WMIPROV.DLL
+ 2008-04-14 00:12:09 144,896 ----a-w c:\windows\SYSTEM32\WBEM\wmiprov.dll
- 2002-08-29 10:00:00 408,576 ----a-w c:\windows\SYSTEM32\WBEM\WMIPRVSD.DLL
+ 2008-04-14 00:12:09 437,248 ----a-w c:\windows\SYSTEM32\WBEM\wmiprvsd.dll
- 2002-08-29 10:00:00 203,776 ----a-w c:\windows\SYSTEM32\WBEM\WMIPRVSE.EXE
+ 2008-04-14 00:12:40 218,112 ----a-w c:\windows\SYSTEM32\WBEM\wmiprvse.exe
- 2002-08-29 10:00:00 38,912 ----a-w c:\windows\SYSTEM32\WBEM\WMIPSESS.DLL
+ 2008-04-14 00:12:09 41,472 ----a-w c:\windows\SYSTEM32\WBEM\wmipsess.dll
- 2002-08-29 10:00:00 101,376 ----a-w c:\windows\SYSTEM32\WBEM\WMISVC.DLL
+ 2008-04-14 00:12:09 144,896 ----a-w c:\windows\SYSTEM32\WBEM\wmisvc.dll
- 2002-08-29 10:00:00 96,256 ----a-w c:\windows\SYSTEM32\WBEM\WMIUTILS.DLL
+ 2008-04-14 00:12:09 95,232 ----a-w c:\windows\SYSTEM32\WBEM\wmiutils.dll
- 2002-08-29 10:00:00 46,592 ----a-w c:\windows\SYSTEM32\WDIGEST.DLL
+ 2008-04-14 00:12:08 49,152 ----a-w c:\windows\SYSTEM32\wdigest.dll
- 2001-08-18 04:37:04 22,016 ----a-w c:\windows\SYSTEM32\wdmaud.drv
+ 2008-04-14 00:12:45 23,552 ----a-w c:\windows\SYSTEM32\wdmaud.drv
- 2002-08-29 10:00:00 258,048 ----a-w c:\windows\SYSTEM32\WEBCHECK.DLL
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
- 2005-04-26 06:29:15 62,976 ----a-w c:\windows\SYSTEM32\webclnt.dll
+ 2008-04-14 00:12:08 68,096 ----a-w c:\windows\SYSTEM32\webclnt.dll
- 2002-08-29 10:00:00 124,928 ----a-w c:\windows\SYSTEM32\WEBVW.DLL
+ 2008-04-14 00:12:08 135,680 ----a-w c:\windows\SYSTEM32\webvw.dll
- 2002-08-29 10:00:00 60,416 ----a-w c:\windows\SYSTEM32\WEXTRACT.EXE
+ 2008-04-14 00:12:39 65,024 ----a-w c:\windows\SYSTEM32\wextract.exe
- 2002-08-29 10:00:00 414,720 ----a-w c:\windows\SYSTEM32\WIAACMGR.EXE
+ 2008-04-14 00:12:39 433,664 ----a-w c:\windows\SYSTEM32\wiaacmgr.exe
- 2002-08-29 10:00:00 449,536 ----a-w c:\windows\SYSTEM32\WIADEFUI.DLL
+ 2008-04-14 00:12:08 463,360 ----a-w c:\windows\SYSTEM32\wiadefui.dll
- 2002-08-29 10:00:00 119,808 ----a-w c:\windows\SYSTEM32\WIADSS.DLL
+ 2008-04-14 00:12:08 124,416 ----a-w c:\windows\SYSTEM32\wiadss.dll
- 2002-08-29 10:00:00 70,656 ----a-w c:\windows\SYSTEM32\WIASCR.DLL
+ 2008-04-14 00:12:08 75,776 ----a-w c:\windows\SYSTEM32\wiascr.dll
- 2002-08-29 10:00:00 316,416 ----a-w c:\windows\SYSTEM32\WIASERVC.DLL
+ 2008-04-14 00:12:08 333,824 ----a-w c:\windows\SYSTEM32\wiaservc.dll
- 2002-08-29 10:00:00 568,832 ----a-w c:\windows\SYSTEM32\WIASHEXT.DLL
+ 2008-04-14 00:12:08 589,312 ----a-w c:\windows\SYSTEM32\wiashext.dll
- 2002-08-29 10:00:00 104,448 ----a-w c:\windows\SYSTEM32\WIAVIDEO.DLL
+ 2008-04-14 00:12:08 111,104 ----a-w c:\windows\SYSTEM32\wiavideo.dll
- 2005-03-02 01:34:32 1,797,120 ----a-w c:\windows\SYSTEM32\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
- 2002-08-29 10:00:00 99,328 ----a-w c:\windows\SYSTEM32\WIN32SPL.DLL
+ 2008-04-14 00:12:08 102,400 ----a-w c:\windows\SYSTEM32\win32spl.dll
- 2002-08-29 10:00:00 403,456 ----a-w c:\windows\SYSTEM32\WINBRAND.DLL
+ 2008-04-13 16:48:53 1,647,616 ----a-w c:\windows\SYSTEM32\winbrand.dll
+ 2008-04-14 00:12:08 712,704 ------w c:\windows\SYSTEM32\windowscodecs.dll
+ 2008-04-14 00:12:08 346,112 ------w c:\windows\SYSTEM32\windowscodecsext.dll
+ 2007-08-13 23:45:16 206,336 ------w c:\windows\SYSTEM32\WinFXDocObj.exe
- 2004-07-01 22:08:18 331,776 ----a-w c:\windows\SYSTEM32\winhttp.dll
+ 2008-04-14 00:12:08 354,304 ----a-w c:\windows\SYSTEM32\winhttp.dll
- 2005-04-27 14:54:24 574,976 ----a-w c:\windows\SYSTEM32\WININET.DLL
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
- 2002-08-29 10:00:00 25,600 ----a-w c:\windows\SYSTEM32\WINIPSEC.DLL
+ 2008-04-14 00:12:09 32,256 ----a-w c:\windows\SYSTEM32\winipsec.dll
- 2002-08-29 10:00:00 516,608 ------w c:\windows\SYSTEM32\WINLOGON.EXE
+ 2008-04-14 00:12:39 507,904 ----a-w c:\windows\SYSTEM32\winlogon.exe
- 2002-08-29 10:00:00 171,520 ----a-w c:\windows\SYSTEM32\WINMM.DLL
+ 2008-04-14 00:12:09 176,128 ----a-w c:\windows\SYSTEM32\winmm.dll
- 2002-08-29 10:00:00 762,368 ----a-w c:\windows\SYSTEM32\WINNTBBU.DLL
+ 2008-04-14 00:11:11 756,224 ----a-w c:\windows\SYSTEM32\winntbbu.dll
- 2002-08-29 10:00:00 14,848 ----a-w c:\windows\SYSTEM32\WINRNR.DLL
+ 2008-04-14 00:12:09 16,896 ----a-w c:\windows\SYSTEM32\winrnr.dll
- 2002-08-29 10:00:00 93,184 ----a-w c:\windows\SYSTEM32\WINSCARD.DLL
+ 2008-04-14 00:12:09 99,328 ----a-w c:\windows\SYSTEM32\winscard.dll
+ 2008-04-14 00:12:09 17,408 ------w c:\windows\SYSTEM32\winshfhc.dll
- 2002-08-29 10:00:00 132,096 ----a-w c:\windows\SYSTEM32\WINSPOOL.DRV
+ 2008-04-14 00:12:45 146,432 ----a-w c:\windows\SYSTEM32\winspool.drv
- 2005-03-02 18:20:03 277,504 ----a-w c:\windows\SYSTEM32\winsrv.dll
+ 2008-04-14 00:12:09 293,376 ----a-w c:\windows\SYSTEM32\winsrv.dll
- 2002-08-29 10:00:00 48,128 ----a-w c:\windows\SYSTEM32\WINSTA.DLL
+ 2008-04-14 00:12:09 53,760 ----a-w c:\windows\SYSTEM32\winsta.dll
- 2002-08-29 10:00:00 166,912 ----a-w c:\windows\SYSTEM32\WINTRUST.DLL
+ 2008-04-14 00:12:09 176,640 ----a-w c:\windows\SYSTEM32\wintrust.dll
- 2002-08-29 10:00:00 4,096 ----a-w c:\windows\SYSTEM32\WINVER.EXE
+ 2008-04-14 00:12:40 5,632 ----a-w c:\windows\SYSTEM32\winver.exe
- 2003-10-21 22:06:42 119,808 ----a-w c:\windows\SYSTEM32\WKSSVC.DLL
+ 2008-04-14 00:12:09 132,096 ----a-w c:\windows\SYSTEM32\wkssvc.dll
+ 2008-04-14 00:12:09 69,120 ------w c:\windows\SYSTEM32\wlanapi.dll
- 2002-08-29 10:00:00 168,448 ----a-w c:\windows\SYSTEM32\WLDAP32.DLL
+ 2008-04-14 00:12:09 172,032 ----a-w c:\windows\SYSTEM32\wldap32.dll
- 2002-08-29 10:00:00 86,528 ----a-w c:\windows\SYSTEM32\WLNOTIFY.DLL
+ 2008-04-14 00:12:09 92,672 ----a-w c:\windows\SYSTEM32\wlnotify.dll
- 2002-12-12 00:11:02 410,248 ----a-w c:\windows\SYSTEM32\wmadmod.dll
+ 2008-04-14 00:12:09 408,064 ----a-w c:\windows\SYSTEM32\wmadmod.dll
- 2002-12-11 22:34:40 670,208 ----a-w c:\windows\SYSTEM32\wmadmoe.dll
+ 2008-04-14 00:12:09 670,720 ----a-w c:\windows\SYSTEM32\wmadmoe.dll
- 2002-12-11 22:23:48 218,112 ----a-w c:\windows\SYSTEM32\wmasf.dll
+ 2008-04-14 00:12:09 230,912 ----a-w c:\windows\SYSTEM32\wmasf.dll
- 2002-11-27 01:03:32 27,136 ----a-w c:\windows\SYSTEM32\WMDMLOG.dll
+ 2008-04-14 00:12:09 27,136 ----a-w c:\windows\SYSTEM32\wmdmlog.dll
- 2002-11-27 01:03:32 23,552 ----a-w c:\windows\SYSTEM32\WMDMPS.dll
+ 2008-04-14 00:12:09 23,552 ----a-w c:\windows\SYSTEM32\wmdmps.dll
+ 2008-04-13 17:23:24 168,448 ------w c:\windows\SYSTEM32\wmerror.dll
- 2002-08-29 10:00:00 5,632 ----a-w c:\windows\SYSTEM32\WMI.DLL
+ 2008-04-14 00:11:15 5,632 ----a-w c:\windows\SYSTEM32\wmi.dll
- 2002-12-11 20:16:58 143,360 ----a-w c:\windows\SYSTEM32\wmidx.dll
+ 2008-04-14 00:12:09 151,552 ----a-w c:\windows\SYSTEM32\wmidx.dll
- 2002-12-11 22:23:58 981,504 ----a-w c:\windows\SYSTEM32\wmnetmgr.dll
+ 2008-06-10 11:11:46 1,053,696 ----a-w c:\windows\SYSTEM32\WMNetmgr.dll
+ 2008-04-14 00:12:09 4,874,240 ------w c:\windows\SYSTEM32\wmp.dll
+ 2008-04-14 00:12:09 114,688 ------w c:\windows\SYSTEM32\wmpasf.dll
- 2002-08-29 10:00:00 253,952 ----a-w c:\windows\SYSTEM32\WMPCD.DLL
+ 2008-04-14 00:12:09 20,480 ----a-w c:\windows\SYSTEM32\wmpcd.dll
- 2003-09-18 11:53:40 1,302,528 ----a-w c:\windows\SYSTEM32\wmpcore.dll
+ 2008-04-14 00:12:09 20,480 ----a-w c:\windows\SYSTEM32\wmpcore.dll
+ 2008-04-14 00:12:09 233,472 ------w c:\windows\SYSTEM32\wmpdxm.dll
+ 2008-04-14 00:12:09 276,992 ------w c:\windows\SYSTEM32\wmphoto.dll
- 2002-08-29 10:00:00 1,998,848 ----a-w c:\windows\SYSTEM32\WMPLOC.DLL
+ 2008-04-13 17:28:21 2,940,928 ----a-w c:\windows\SYSTEM32\wmploc.dll
- 2002-08-29 10:00:00 77,824 ----a-w c:\windows\SYSTEM32\WMPSHELL.DLL
+ 2008-04-14 00:12:09 102,400 ----a-w c:\windows\SYSTEM32\wmpshell.dll
- 2002-08-29 10:00:00 1,404,928 ----a-w c:\windows\SYSTEM32\WMPUI.DLL
+ 2008-04-14 00:12:09 20,480 ----a-w c:\windows\SYSTEM32\wmpui.dll
- 2002-12-12 00:12:50 760,968 ----a-w c:\windows\SYSTEM32\wmsdmod.dll
+ 2008-04-14 00:12:09 759,296 ----a-w c:\windows\SYSTEM32\wmsdmod.dll
- 2002-08-29 10:00:00 118,784 ----a-w c:\windows\SYSTEM32\WMSDMOE.DLL
+ 2008-04-14 00:12:09 115,200 ----a-w c:\windows\SYSTEM32\wmsdmoe.dll
- 2002-12-11 22:34:40 1,111,040 ----a-w c:\windows\SYSTEM32\wmsdmoe2.dll
+ 2008-04-14 00:12:09 1,119,744 ----a-w c:\windows\SYSTEM32\wmsdmoe2.dll
- 2002-12-12 00:07:54 486,536 ----a-w c:\windows\SYSTEM32\wmspdmod.dll
+ 2008-04-14 00:12:09 485,376 ----a-w c:\windows\SYSTEM32\wmspdmod.dll
- 2002-12-11 22:34:40 892,416 ----a-w c:\windows\SYSTEM32\wmspdmoe.dll
+ 2008-04-14 00:12:10 897,024 ----a-w c:\windows\SYSTEM32\wmspdmoe.dll
- 2002-08-29 10:00:00 296,448 ----a-w c:\windows\SYSTEM32\WMSTREAM.DLL
+ 2008-04-14 00:12:10 303,616 ----a-w c:\windows\SYSTEM32\wmstream.dll
- 2002-12-12 00:02:38 2,058,888 ----a-w c:\windows\SYSTEM32\wmvcore.dll
+ 2008-11-07 21:45:32 2,174,976 ----a-w c:\windows\SYSTEM32\WMVCore.dll
- 2002-12-12 00:10:00 816,264 ----a-w c:\windows\SYSTEM32\wmvdmod.dll
+ 2008-04-14 00:12:10 809,984 ----a-w c:\windows\SYSTEM32\wmvdmod.dll
- 2002-12-11 22:34:40 997,888 ----a-w c:\windows\SYSTEM32\wmvdmoe2.dll
+ 2008-04-14 00:12:10 1,001,472 ----a-w c:\windows\SYSTEM32\wmvdmoe2.dll
- 2002-08-29 10:00:00 247,808 ----a-w c:\windows\SYSTEM32\WOW32.DLL
+ 2008-04-14 00:12:10 264,192 ----a-w c:\windows\SYSTEM32\wow32.dll
- 2002-08-29 10:00:00 31,232 ----a-w c:\windows\SYSTEM32\WPABALN.EXE
+ 2008-04-14 00:12:40 32,256 ----a-w c:\windows\SYSTEM32\wpabaln.exe
- 2002-08-29 10:00:00 29,184 ----a-w c:\windows\SYSTEM32\WPNPINST.EXE
+ 2008-04-14 00:12:41 11,264 ----a-w c:\windows\SYSTEM32\wpnpinst.exe
- 2002-08-29 10:00:00 75,264 ----a-w c:\windows\SYSTEM32\WS2_32.DLL
+ 2008-04-14 00:12:10 82,432 ----a-w c:\windows\SYSTEM32\ws2_32.dll
- 2002-08-29 10:00:00 18,944 ----a-w c:\windows\SYSTEM32\WS2HELP.DLL
+ 2008-04-14 00:12:10 19,968 ----a-w c:\windows\SYSTEM32\ws2help.dll
+ 2008-04-14 00:12:41 13,824 ----a-w c:\windows\SYSTEM32\wscntfy.exe
- 2002-08-29 10:00:00 118,834 ----a-w c:\windows\SYSTEM32\WSCRIPT.EXE
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\SYSTEM32\wscript.exe
+ 2008-04-14 00:12:10 80,896 ----a-w c:\windows\SYSTEM32\wscsvc.dll
+ 2008-04-14 00:12:10 108,032 ------w c:\windows\SYSTEM32\wshbth.dll
- 2002-08-29 10:00:00 28,721 ----a-w c:\windows\SYSTEM32\WSHCON.DLL
+ 2008-04-14 00:12:10 36,864 ----a-w c:\windows\SYSTEM32\wshcon.dll
- 2002-08-29 10:00:00 65,585 ----a-w c:\windows\SYSTEM32\WSHEXT.DLL
+ 2008-05-09 10:53:40 90,112 ----a-w c:\windows\SYSTEM32\wshext.dll
- 2002-08-29 10:00:00 13,312 ----a-w c:\windows\SYSTEM32\WSHIP6.DLL
+ 2008-04-14 00:12:10 14,336 ----a-w c:\windows\SYSTEM32\wship6.dll
- 2002-08-29 10:00:00 10,240 ----a-w c:\windows\SYSTEM32\WshRm.dll
+ 2008-04-14 00:12:10 11,264 ----a-w c:\windows\SYSTEM32\wshrm.dll
- 2002-08-29 10:00:00 17,408 ----a-w c:\windows\SYSTEM32\WSHTCPIP.DLL
+ 2008-04-14 00:12:10 19,456 ----a-w c:\windows\SYSTEM32\wshtcpip.dll
- 2002-08-29 10:00:00 38,912 ----a-w c:\windows\SYSTEM32\WSNMP32.DLL
+ 2008-04-14 00:12:10 41,984 ----a-w c:\windows\SYSTEM32\wsnmp32.dll
- 2002-08-29 10:00:00 21,504 ----a-w c:\windows\SYSTEM32\WSOCK32.DLL
+ 2008-04-14 00:12:10 22,528 ----a-w c:\windows\SYSTEM32\wsock32.dll
- 2003-02-17 15:16:32 47,104 ----a-w c:\windows\SYSTEM32\wstdecod.dll
+ 2008-04-14 00:12:10 50,688 ----a-w c:\windows\SYSTEM32\wstdecod.dll
- 2002-08-29 10:00:00 17,408 ----a-w c:\windows\SYSTEM32\WTSAPI32.DLL
+ 2008-04-14 00:12:10 18,432 ----a-w c:\windows\SYSTEM32\wtsapi32.dll
- 2007-07-30 23:19:36 549,720 ----a-w c:\windows\SYSTEM32\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
- 2007-07-30 23:19:16 53,080 ----a-w c:\windows\SYSTEM32\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
- 2004-08-03 19:01:38 167,704 ----a-w c:\windows\SYSTEM32\wuauclt1.exe
+ 2008-04-14 00:12:41 165,888 ----a-w c:\windows\SYSTEM32\wuauclt1.exe
- 2007-07-30 23:19:42 1,712,984 ----a-w c:\windows\SYSTEM32\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
- 2004-08-03 19:03:20 186,136 ----a-w c:\windows\SYSTEM32\wuaueng1.dll
+ 2008-04-14 00:12:11 183,296 ----a-w c:\windows\SYSTEM32\wuaueng1.dll
- 2002-08-29 10:00:00 9,216 ----a-w c:\windows\SYSTEM32\WUAUSERV.DLL
+ 2008-04-14 00:12:11 6,656 ----a-w c:\windows\SYSTEM32\wuauserv.dll
- 2007-07-30 23:19:32 325,976 ----a-w c:\windows\SYSTEM32\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
- 2007-07-30 23:18:40 33,624 ----a-w c:\windows\SYSTEM32\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
- 2007-07-30 23:19:12 43,352 ----a-w c:\windows\SYSTEM32\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
- 2007-07-30 23:19:28 203,096 ----a-w c:\windows\SYSTEM32\wuweb.dll
+ 2008-10-16 19:12:24 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
- 2003-10-07 01:30:17 57,344 ----a-w c:\windows\SYSTEM32\wzcdlg.dll
+ 2008-04-14 00:12:11 383,488 ----a-w c:\windows\SYSTEM32\wzcdlg.dll
- 2003-10-07 01:30:22 31,232 ----a-w c:\windows\SYSTEM32\wzcsapi.dll
+ 2008-04-14 00:12:11 52,736 ----a-w c:\windows\SYSTEM32\wzcsapi.dll
- 2003-10-07 01:30:20 281,088 ----a-w c:\windows\SYSTEM32\wzcsvc.dll
+ 2008-04-14 00:12:11 483,840 ----a-w c:\windows\SYSTEM32\wzcsvc.dll
- 2002-08-29 10:00:00 86,016 ----a-w c:\windows\SYSTEM32\XACTSRV.DLL
+ 2008-04-14 00:12:11 91,648 ----a-w c:\windows\SYSTEM32\xactsrv.dll
- 2002-08-29 10:00:00 28,160 ----a-w c:\windows\SYSTEM32\XCOPY.EXE
+ 2008-04-14 00:12:41 30,720 ----a-w c:\windows\SYSTEM32\xcopy.exe
- 2002-08-29 10:00:00 172,664 ----a-w c:\windows\SYSTEM32\XENROLL.DLL
+ 2004-07-17 18:39:14 174,200 ----a-w c:\windows\SYSTEM32\xenroll.dll
+ 2008-04-14 00:12:11 121,856 ------w c:\windows\SYSTEM32\xmllite.dll
+ 2008-04-14 00:12:11 129,024 ------w c:\windows\SYSTEM32\xmlprov.dll
+ 2008-04-14 00:12:11 50,176 ------w c:\windows\SYSTEM32\xmlprovi.dll
- 2002-08-29 10:00:00 9,728 ----a-w c:\windows\SYSTEM32\XOLEHLP.DLL
+ 2008-04-14 00:12:11 11,776 ----a-w c:\windows\SYSTEM32\xolehlp.dll
- 2004-06-30 23:59:25 158,720 ----a-w c:\windows\SYSTEM32\xpob2res.dll
+ 2008-04-13 17:39:29 438,784 ----a-w c:\windows\SYSTEM32\xpob2res.dll
- 2002-08-29 10:00:00 187,904 ----a-w c:\windows\SYSTEM32\XPSP1RES.DLL
+ 2008-04-13 17:39:22 187,392 ----a-w c:\windows\SYSTEM32\xpsp1res.dll
- 2005-03-11 22:07:13 594,432 ----a-w c:\windows\SYSTEM32\xpsp2res.dll
+ 2008-04-13 17:39:24 2,897,920 ----a-w c:\windows\SYSTEM32\xpsp2res.dll
- 2005-05-17 00:43:39 7,168 ------w c:\windows\SYSTEM32\xpsp3res.dll
+ 2008-04-13 17:39:26 689,152 ----a-w c:\windows\SYSTEM32\xpsp3res.dll
- 2002-09-25 22:18:58 316,928 ----a-w c:\windows\SYSTEM32\zipfldr.dll
+ 2008-04-14 00:12:11 338,432 ----a-w c:\windows\SYSTEM32\zipfldr.dll
+ 2009-01-21 23:18:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6ac.dat
- 2002-08-29 10:00:00 46,592 ----a-w c:\windows\TWAIN_32.DLL
+ 2008-04-14 00:12:07 50,688 ----a-w c:\windows\twain_32.dll
- 2002-08-29 10:00:00 266,752 ----a-w c:\windows\WINHLP32.EXE
+ 2008-04-14 00:12:39 283,648 ----a-w c:\windows\winhlp32.exe

+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-14 00:12:50 74,802 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2008-04-14 00:12:50 995,383 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2008-04-14 00:12:50 1,011,774 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2008-04-14 00:12:50 401,462 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2006-12-02 03:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 03:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 03:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 03:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 05:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 05:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2004-08-04 07:57:00 1,050,624 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
+ 2008-04-14 00:12:51 1,054,208 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
+ 2004-08-04 07:57:00 54,784 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
+ 2004-08-04 07:57:00 343,040 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
+ 2008-04-14 00:12:51 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2008-04-14 00:12:51 343,040 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
+ 2004-08-04 07:56:58 1,712,128 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
+ 2008-04-14 00:12:47 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
+ 2008-04-14 00:12:49 853,504 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
+ 2008-04-14 00:12:50 991,232 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
+ 2008-04-13 18:26:33 132,096 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc
0\rtcres.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 11:01 8704 c:\windows\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-01-19 02:23 1261336 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-03-23 14:34 58992 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 08:59 126976 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"PavPrSrv"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"awhost32"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-01-19 97928]
R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [2008-01-22 38968]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2009-01-19 76040]
R4 CtlSvr;CtlSvr;c:\alohaqs\BIN\CTLSVR.EXE [2004-08-05 1703936]
R4 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [2008-01-22 178872]
S0 sipuf;sipuf;c:\windows\system32\drivers\gviteepr.sys --> c:\windows\system32\drivers\gviteepr.sys [?]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-19 875288]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-19 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9970c7a8-e5e3-11dd-95bd-000874c226c3}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\At1.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-21 c:\windows\Tasks\At2.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-21 c:\windows\Tasks\At3.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-21 c:\windows\Tasks\At4.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-21 c:\windows\Tasks\At5.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-21 c:\windows\Tasks\At6.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-21 c:\windows\Tasks\At7.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-21 c:\windows\Tasks\At8.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2005-03-24 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2008-04-13 19:12]

2009-01-17 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Alohboh.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-01-10 11:20]

2009-01-21 c:\windows\Tasks\PCA.job
- c:\b50\StopStartpcA.bat [2005-05-20 15:37]

2009-01-21 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HPDJ Taskbar Utility - c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe
MSConfigStartUp-IgfxTray - c:\windows\system32\igfxtray.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: google.com\www
Trusted Zone: microsoft.com
Trusted Zone: yahoo.com\login
TCP: {4C8379DF-D0D2-4C2E-999C-F03572DBA64A} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 18:20:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-21 18:22:59 - machine was rebooted [Alohboh]
ComboFix-quarantined-files.txt 2009-01-21 23:22:53
ComboFix2.txt 2009-01-16 02:42:28

Pre-Run: 62,467,170,304 bytes free
Post-Run: 62,479,716,352 bytes free

5243
GRBrown
Jan 21 2009, 07:03 PM
Hi Wan,

Sorry about the size of the combo-fix log. I didn't realize what all it would record. It seems that during one of the previous steps when you told me to use an anti-virus program I had to install AVG Free 8.0.... which "required" Windows XP service pack 2 to be installed in order to run. Since I did not have SP2 I installed it along with the other updates at Windows Update. I am now left with the impression that this update is what has made the new Combo-Fix Log so huge?

Sorry about that. But at the time I didn't know any better, and AVG refused to run without it.

Thanks,

G
fenzodahl512
Jan 22 2009, 03:57 AM
Hello.. Tell me, what do you know about these files..

c:\b50\AlohaPoll.bat
c:\b50\StopStartpcA.bat



1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
KillAll::

Driver::
sipuf

File::
c:\documents and settings\Alohboh\del.bat
c:\windows\system32\drivers\gviteepr.sys


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
GRBrown
Jan 22 2009, 10:00 AM
Hey Wan,

The two programs/files in the B50 folder are/were a part of an automated sales reporting system that we used some time ago. It would collect appropriate data and automatically send it to a central location for compiling. It's a legitimate program. However, we no longer use this program, so I will remove it from the system for the sake of keeping things clean and orderly.

I'll now run the script, Combo-Fix, and HijackThis as you requested and post the logs below.

Thanks,

G
GRBrown
Jan 22 2009, 12:12 PM
Hey Wan,

Here is the Combo-Fix Log using the script you provided:


ComboFix 09-01-21.04 - Alohboh 2009-01-22 11:59:32.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.300 [GMT -5:00]
Running from: c:\documents and settings\Alohboh\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Alohboh\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\documents and settings\Alohboh\del.bat
c:\windows\system32\drivers\gviteepr.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alohboh\del.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_sipuf


((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 )))))))))))))))))))))))))))))))
.

2009-01-19 02:36 . 2009-01-19 16:04 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-19 02:23 . 2009-01-19 02:27 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2009-01-19 02:23 . 2009-01-19 02:23 <DIR> d-------- c:\program files\AVG
2009-01-19 02:23 . 2009-01-19 02:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-19 02:23 . 2009-01-19 02:23 97,928 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2009-01-19 02:23 . 2009-01-19 02:23 76,040 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2009-01-19 02:23 . 2009-01-19 02:23 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2009-01-19 02:05 . 2008-10-16 15:38 6,066,176 --------- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2009-01-19 02:05 . 2007-04-17 04:32 2,455,488 --------- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
2009-01-19 02:05 . 2007-03-08 00:10 991,232 --------- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll.mui
2009-01-19 02:05 . 2008-10-16 15:38 459,264 --------- c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2009-01-19 02:05 . 2008-10-16 15:38 383,488 --------- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2009-01-19 02:05 . 2008-10-16 15:38 267,776 --------- c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2009-01-19 02:05 . 2008-10-16 15:38 63,488 --------- c:\windows\SYSTEM32\DLLCACHE\icardie.dll
2009-01-19 02:05 . 2008-10-16 15:38 52,224 --------- c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
2009-01-19 02:05 . 2008-10-16 08:11 13,824 --------- c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2009-01-19 01:54 . 2005-10-19 08:59 163,840 --a------ c:\windows\SYSTEM32\igfxres.dll
2009-01-19 01:49 . 2009-01-19 01:49 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-19 01:44 . 2008-12-11 05:57 333,952 --------- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2009-01-19 01:43 . 2008-12-13 01:40 3,593,216 --------- c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-01-19 01:43 . 2008-10-15 20:00 1,499,136 --------- c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2009-01-19 01:43 . 2008-10-16 15:38 1,160,192 --------- c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2009-01-19 01:43 . 2008-10-16 15:38 826,368 --------- c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-01-19 01:42 . 2008-09-04 12:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2009-01-19 01:42 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2009-01-19 01:42 . 2008-10-15 11:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2009-01-19 01:41 . 2008-08-14 05:11 2,189,184 --------- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-01-19 01:41 . 2008-08-14 05:09 2,145,280 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-01-19 01:41 . 2008-08-14 04:33 2,066,048 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-01-19 01:41 . 2008-08-14 04:33 2,023,936 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-01-19 01:41 . 2008-09-15 07:12 1,846,400 --------- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-19 01:40 . 2008-04-11 14:04 691,712 --------- c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
2009-01-19 01:40 . 2008-05-01 09:33 331,776 --------- c:\windows\SYSTEM32\DLLCACHE\msadce.dll
2009-01-19 01:39 . 2008-06-13 06:05 272,128 --------- c:\windows\SYSTEM32\DLLCACHE\bthport.sys
2009-01-19 01:39 . 2008-05-08 09:02 203,136 --------- c:\windows\SYSTEM32\DLLCACHE\rmcast.sys
2009-01-19 01:19 . 2009-01-19 01:19 <DIR> d-------- c:\windows\SYSTEM32\scripting
2009-01-19 01:19 . 2009-01-19 01:19 <DIR> d-------- c:\windows\SYSTEM32\en
2009-01-19 01:19 . 2009-01-19 01:19 <DIR> d-------- c:\windows\l2schemas
2009-01-19 00:59 . 2008-09-09 20:14 1,307,648 --a------ c:\windows\SYSTEM32\msxml6.dll
2009-01-19 00:58 . 2008-04-13 19:12 695,808 --------- c:\windows\SYSTEM32\DLLCACHE\drmv2clt.dll
2009-01-19 00:57 . 2008-04-13 19:11 286,720 --------- c:\windows\SYSTEM32\DLLCACHE\blackbox.dll
2009-01-19 00:57 . 2008-04-13 19:11 233,472 --------- c:\windows\SYSTEM32\azroles.dll
2009-01-19 00:57 . 2008-04-13 19:11 136,192 --------- c:\windows\SYSTEM32\aaclient.dll
2009-01-19 00:57 . 2008-04-13 12:23 8,192 --------- c:\windows\SYSTEM32\DLLCACHE\asferror.dll
2009-01-19 00:57 . 2008-04-13 19:11 7,168 --------- c:\windows\SYSTEM32\bitsprx4.dll
2009-01-19 00:57 . 2002-08-29 05:00 999 --------- c:\windows\SYSTEM32\DLLCACHE\bktrh.gif
2009-01-19 00:13 . 2008-04-13 19:12 221,184 --a------ c:\windows\SYSTEM32\wmpns.dll
2009-01-19 00:11 . 2009-01-19 00:11 <DIR> d-------- c:\windows\provisioning
2009-01-19 00:11 . 2009-01-19 01:19 <DIR> d-------- c:\windows\peernet
2009-01-19 00:08 . 2009-01-19 00:08 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-19 00:01 . 2009-01-19 01:07 <DIR> d-------- c:\windows\EHome
2009-01-18 23:53 . 2002-04-15 21:11 67,866 --------- c:\windows\SYSTEM32\DRIVERS\netwlan5.img
2009-01-18 23:48 . 2008-10-16 14:07 23,576 --a------ c:\windows\SYSTEM32\wuapi.dll.mui
2009-01-18 15:16 . 2009-01-18 23:04 <DIR> d-------- c:\documents and settings\Alohboh\.housecall6.6
2009-01-17 03:27 . 2009-01-17 04:42 <DIR> d-------- c:\documents and settings\Alohboh\DoctorWeb
2009-01-14 17:31 . 2009-01-14 17:31 250 --a------ c:\windows\gmer.ini
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d-------- C:\rsit
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d-------- c:\program files\trend micro
2009-01-14 16:38 . 2009-01-14 16:38 <DIR> d-------- c:\documents and settings\Alohboh\Application Data\Malwarebytes
2009-01-14 16:38 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-14 16:28 . 2009-01-14 16:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 16:28 . 2009-01-14 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 16:28 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 16:51 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-21 21:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 21:33 --------- d-----w c:\program files\Intel
2009-01-17 10:59 --------- d-----w c:\program files\UltraVNC.CHANGED
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( snapshot_2009-01-21_18.22.02.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 17:03:56 16,384 ----atw c:\windows\temp\Perflib_Perfdata_424.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-01-19 02:23 1261336 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 08:59 126976 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"PavPrSrv"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"awhost32"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-01-19 97928]
R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [2008-01-22 38968]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2009-01-19 76040]
R4 CtlSvr;CtlSvr;c:\alohaqs\BIN\CTLSVR.EXE [2004-08-05 1703936]
R4 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [2008-01-22 178872]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-19 875288]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-19 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9970c7a8-e5e3-11dd-95bd-000874c226c3}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-22 c:\windows\Tasks\At1.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-22 c:\windows\Tasks\At2.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-22 c:\windows\Tasks\At3.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-22 c:\windows\Tasks\At4.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-22 c:\windows\Tasks\At5.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-22 c:\windows\Tasks\At6.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-22 c:\windows\Tasks\At7.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2009-01-22 c:\windows\Tasks\At8.job
- c:\b50\AlohaPoll.bat [2005-05-18 14:06]

2005-03-24 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2008-04-13 19:12]

2009-01-22 c:\windows\Tasks\PCA.job
- c:\b50\StopStartpcA.bat [2005-05-20 15:37]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: google.com\www
Trusted Zone: microsoft.com
Trusted Zone: yahoo.com\login
TCP: {4C8379DF-D0D2-4C2E-999C-F03572DBA64A} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 12:04:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-22 12:08:24 - machine was rebooted [Alohboh]
ComboFix-quarantined-files.txt 2009-01-22 17:08:08
ComboFix2.txt 2009-01-16 02:42:28

Pre-Run: 62,593,200,128 bytes free
Post-Run: 62,601,273,344 bytes free

201
GRBrown
Jan 22 2009, 12:14 PM
The Hijackthis Log after running Combo-Fix and also the Startup Log from Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:02 PM, on 1/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\AlohaQS\bin\CTLSVR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Alohboh\Desktop\HJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.2.1
O15 - Trusted IP range: http://192.168.0.1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232340460906
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8379DF-D0D2-4C2E-999C-F03572DBA64A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8379DF-D0D2-4C2E-999C-F03572DBA64A}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: CtlSvr - Ibertech, Inc - C:\AlohaQS\bin\CTLSVR.EXE

--
End of file - 3381 bytes




StartupList report, 1/22/2009, 12:10:31 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Alohboh\Desktop\HJackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16762)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\AlohaQS\bin\CTLSVR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Alohboh\Desktop\HJackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

At1.job
At2.job
At3.job
At4.job
At5.job
At6.job
At7.job
At8.job
ISP signup reminder 1.job
PCA.job

--------------------------------------------------

Enumerating Download Program Files:

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/windowsupd...b?1232340460906

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 3,699 bytes
Report generated in 0.015 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


That's it Wan, let me know what we need to do next. Oh, and have we made a bit of progress so far? It seems to be running better, are we mostly clean yeat? smile.gif Just curious.

Thanks,

G
fenzodahl512
Jan 23 2009, 06:09 AM
QUOTE
That's it Wan, let me know what we need to do next. Oh, and have we made a bit of progress so far? It seems to be running better, are we mostly clean yeat? smile.gif Just curious.


Looks good to me.. Lets do an online scan just to see what we might missed...


Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.


When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save


Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


fenzodahl512
Feb 5 2009, 03:39 AM
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.