Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Treay Notofication/no Control Panel


  • Please log in to reply
14 replies to this topic

#1 GadgetFreek

GadgetFreek

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Cat Spring TX
  • Local time:04:42 AM

Posted 05 September 2007 - 09:22 AM

Just wanted to start by saying thanks fol all the help ya'll provide. I have spent a little over an hour reading the topics before I posted.

The problem - I have a system tray icon that says "Your computer is infected. Windows has detected spyware infection!......" It just directs me to a bogus website.
I also have no acces to my control panel. I receive a message saying "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator." After a few minutes I receive a Windows Security Alert "Your computer is making unaothorized copies of your Internet files. Run full scan now....."

IE works fine and explorer appears to operate fine.

What I have done - Run AVG scan, run Spybot S&D as well as AdAware. Removed all found entries but still no luck.

Thanks in advance for any help.

Here is my Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:10 AM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Hijack This\HiJackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\8htgspkl.slt\prefs.js)
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: system.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab
O20 - AppInit_DLLs: hadjajr.ini
O20 - Winlogon Notify: atskocm - C:\WINDOWS\atskocm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 11643 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 05 September 2007 - 11:30 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum GadgetFreek :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

You have at least one Backdoor Trojan on your pc.
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

They are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one,if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.

Since your computer was compromised read:
How to report ID theft, fraud, drive-by installs, hijacking and malware:
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall:
http://www.dslreports.com/faq/10063

Let me know what you want to do in your next reply.

Edited by RichieUK, 05 September 2007 - 11:34 AM.

Posted Image
Posted Image

#3 GadgetFreek

GadgetFreek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Cat Spring TX
  • Local time:04:42 AM

Posted 05 September 2007 - 01:11 PM

Is a reformat my best option? Is there no way to clean the system?

I am comfortable with a reformat, just want to make that my last option.

Thanks for any input you can provide.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 05 September 2007 - 03:47 PM

Is there no way to clean the system?

Ok,lets make a start if you're happy cleaning up your system :thumbsup:

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 GadgetFreek

GadgetFreek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Cat Spring TX
  • Local time:04:42 AM

Posted 05 September 2007 - 04:55 PM

unable to access control panel to remove previous versions of Java.

Upon attempting to install new vresion from download I receive a text box that says "Warning: Failed to verify the authenticity of this certificate because there was an error parsing the certificate. No assertations can be made of the origin or validity of the code. Installing and running this code is not allowed."

ComboFix Log:
ComboFix 07-09-05.5 - "Owner" 2007-09-05 16:47:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.101 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\system.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe


((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 )))))))))))))))))))))))))))))))


2007-09-05 16:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-05 10:38 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-05 10:38 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-05 10:38 3,182 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-05 10:38 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-05 08:19 <DIR> d-------- C:\Hijack This
2007-09-04 19:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-04 19:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-04 19:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-04 19:09 19,142,000 --a------ C:\Program Files\aaw2007.exe
2007-09-04 19:06 7,467,056 --a------ C:\Program Files\spybotsd15.exe
2007-09-01 21:35 39,424 --a------ C:\WINDOWS\system32\vtr.dll
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-04 21:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-04 20:39 --------- d-------- C:\Program Files\VSToolbar
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-16 10:47 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\U3
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-04 10:33 781834 --a------ C:\WINDOWS\xobglu32.dll
2007-07-04 10:33 63488 --a------ C:\WINDOWS\xobglu16.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-08-03 12:31 17344752 --a------ C:\Program Files\avg71free_394a763.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 20:21]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-27 23:10]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2003-12-12 01:03]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-02-13 01:01]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 05:36]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-21 20:42]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-04-13 14:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-07-22 11:49]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 10:50]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-05-13 14:06:38]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-12-01 16:06:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atskocm]
C:\WINDOWS\atskocm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=hadjajr.ini

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
"2007-08-24 23:25:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 16:51:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-05 16:51:43
C:\ComboFix-quarantined-files.txt ... 2007-09-05 16:51

--- E O F ---



Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:03 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Hijack This\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\8htgspkl.slt\prefs.js)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab
O20 - AppInit_DLLs: hadjajr.ini
O20 - Winlogon Notify: atskocm - C:\WINDOWS\atskocm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 10944 bytes

#6 GadgetFreek

GadgetFreek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Cat Spring TX
  • Local time:04:42 AM

Posted 05 September 2007 - 08:18 PM

Not sure what has transpired but things are improving. Brought laptop to a different location/network and things seem to have improved. I did not restart before connecting - only came out of hibernation.

I am now able to access control panel - add/remove programs. I no longer get any pop-ups or system tray notification. I uninstalled/reinstalled the newest version of Jave per your reccommendation. Also installed all MS updates/patches.

Here is a new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:50 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\8htgspkl.slt\prefs.js)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab
O20 - AppInit_DLLs: hadjajr.ini
O20 - Winlogon Notify: atskocm - C:\WINDOWS\atskocm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 11473 bytes


New ComboFix log:
ComboFix 07-09-05.5 - "Owner" 2007-09-05 20:10:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.88 [GMT -5:00]


((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))


2007-09-05 20:07 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-05 19:57 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-09-05 19:49 <DIR> d-------- C:\Program Files\MSBuild
2007-09-05 19:44 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-09-05 19:43 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-09-05 19:42 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-09-05 19:35 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-05 19:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-05 19:33 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-05 19:19 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-09-05 19:19 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-09-05 19:19 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-09-05 19:01 14,566,808 --a------ C:\Program Files\jre-6u2-windows-i586-p.exe
2007-09-05 16:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-05 11:23 1,477,131 --a------ C:\Program Files\ComboFix.exe
2007-09-05 10:38 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-05 10:38 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-05 10:38 3,182 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-05 10:38 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-05 10:38 <DIR> d-------- C:\Program Files\SmitfraudFix
2007-09-05 08:19 <DIR> d-------- C:\Hijack This
2007-09-04 19:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-04 19:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-04 19:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-04 19:09 19,142,000 --a------ C:\Program Files\aaw2007.exe
2007-09-04 19:06 7,467,056 --a------ C:\Program Files\spybotsd15.exe
2007-09-01 21:35 39,424 --a------ C:\WINDOWS\system32\vtr.dll
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-05 19:14 --------- d-------- C:\Program Files\Symantec
2007-09-04 21:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-04 20:50 933 --a------ C:\Program Files\Spybot - Search & Destroy.lnk
2007-09-04 20:39 --------- d-------- C:\Program Files\VSToolbar
2007-09-04 20:37 192953 --a------ C:\Program Files\Ad-Aware 20070904 20-17-30.log.xml
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-16 10:47 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\U3
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-04 10:33 781834 --a------ C:\WINDOWS\xobglu32.dll
2007-07-04 10:33 63488 --a------ C:\WINDOWS\xobglu16.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-08-03 12:31 17344752 --a------ C:\Program Files\avg71free_394a763.exe


((((((((((((((((((((((((((((( snapshot_2007-09-05_165113.21 )))))))))))))))))))))))))))))))))))))))))

----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB904942\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB904942\spuninst.exe
----a-w 49,152 2006-03-24 04:47:44 C:\WINDOWS\$hf_mig$\KB904942\SP2QFE\wdigest.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB904942\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB904942\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe
----a-w 121,856 2006-07-14 15:52:22 C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB920342\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB920342\spuninst.exe
----a-w 153,088 2006-10-11 16:35:59 C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2p.dll
----a-w 104,960 2006-10-11 16:35:59 C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pgasvc.dll
----a-w 313,344 2006-10-11 16:35:59 C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pgraph.dll
----a-w 115,712 2006-10-11 16:35:59 C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pnetsh.dll
----a-w 553,984 2006-10-11 16:35:59 C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2psvc.dll
----a-w 58,880 2006-10-11 16:35:59 C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
----a-w 212,480 2006-09-26 08:51:38 C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB920342\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB920342\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB920342\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB925876\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB925876\spuninst.exe
----a-w 116,736 2006-11-13 06:02:15 C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\aaclient.dll
----a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\lhmstsc.exe
----a-w 1,866,240 2006-11-13 06:02:15 C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\lhmstscx.dll
----a-w 288,768 2006-11-13 06:02:15 C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\rhttpaa.dll
----a-w 16,832 2006-11-07 08:06:47 C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tscinst.vbs
----a-w 12,451 2006-11-07 08:06:47 C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tscuinst.vbs
----a-w 36,352 2006-11-13 06:02:15 C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tsgqec.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB925876\update\spcustom.dll
----a-w 38,400 2006-11-13 06:02:58 C:\WINDOWS\$hf_mig$\KB925876\update\tscupdatecustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB925876\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB925876\update\updspapi.dll
-c----w 213,216 2006-05-25 15:29:04 C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
-c----w 371,424 2006-05-25 15:29:04 C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
-c----w 213,216 2006-05-24 17:32:48 C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
-c----w 371,424 2006-05-24 17:32:48 C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
-c----w 209,632 2005-10-21 22:11:02 C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe
-c----w 371,936 2005-10-21 22:11:02 C:\WINDOWS\$NtUninstallbasecsp$\spuninst\updspapi.dll
-c----w 123,904 2004-08-04 05:56:44 C:\WINDOWS\$NtUninstallKB896344$\guitrn.dll
-c----w 4,096 2004-08-04 05:56:44 C:\WINDOWS\$NtUninstallKB896344$\iconlib.dll
-c----w 19,968 2004-08-04 05:56:44 C:\WINDOWS\$NtUninstallKB896344$\log.dll
-c----w 201,216 2004-08-04 05:56:44 C:\WINDOWS\$NtUninstallKB896344$\migism.dll
-c----w 103,424 2004-08-04 05:56:52 C:\WINDOWS\$NtUninstallKB896344$\migload.exe
-c----w 240,128 2004-08-04 05:56:52 C:\WINDOWS\$NtUninstallKB896344$\migwiz.exe
-c----w 202,752 2004-08-04 05:56:46 C:\WINDOWS\$NtUninstallKB896344$\script.dll
-c----w 168,960 2004-08-04 05:56:48 C:\WINDOWS\$NtUninstallKB896344$\sysmod.dll
-c----w 209,632 2005-02-25 03:35:05 C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe
-c----w 371,936 2005-02-25 03:35:06 C:\WINDOWS\$NtUninstallKB896344$\spuninst\updspapi.dll
-c----w 49,152 2004-08-04 05:56:48 C:\WINDOWS\$NtUninstallKB904942$\wdigest.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB904942$\spuninst\updspapi.dll
-c----w 28,672 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallKB914440$\custsat.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB914440$\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB915865$\spuninst\updspapi.dll
-c----w 116,224 2004-08-04 05:56:46 C:\WINDOWS\$NtUninstallKB920342$\p2p.dll
-c----w 86,016 2004-08-04 05:56:46 C:\WINDOWS\$NtUninstallKB920342$\p2pgasvc.dll
-c----w 312,320 2004-08-04 05:56:46 C:\WINDOWS\$NtUninstallKB920342$\p2pgraph.dll
-c----w 88,064 2004-08-04 05:56:46 C:\WINDOWS\$NtUninstallKB920342$\p2pnetsh.dll
-c----w 526,848 2004-08-04 05:56:46 C:\WINDOWS\$NtUninstallKB920342$\p2psvc.dll
-c----w 48,640 2004-08-04 05:56:46 C:\WINDOWS\$NtUninstallKB920342$\pnrpnsp.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB920342$\spuninst\updspapi.dll
-c----w 407,552 2004-08-04 03:59:42 C:\WINDOWS\$NtUninstallKB925876$\mstsc.exe
-c----w 655,360 2004-08-04 03:59:44 C:\WINDOWS\$NtUninstallKB925876$\mstscax.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB925876$\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
-c----w 1,023,488 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB937143$\browseui.dll
-c----w 151,040 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB937143$\cdfview.dll
-c----w 1,054,208 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB937143$\danim.dll
-c----w 357,888 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB937143$\dxtmsft.dll
-c----w 205,312 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\dxtrans.dll
-c----w 55,808 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\extmgr.dll
-c----w 18,432 2007-06-14 14:07:24 C:\WINDOWS\$NtUninstallKB937143$\iedw.exe
-c----w 251,392 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\iepeers.dll
-c----w 96,256 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\inseng.dll
-c----w 16,384 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\jsproxy.dll
-c----w 3,058,688 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\mshtml.dll
-c----w 449,024 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\mshtmled.dll
-c----w 146,432 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\msrating.dll
-c----w 532,480 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\mstime.dll
-c----w 39,424 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\pngfilt.dll
-c----w 1,494,528 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\shdocvw.dll
-c----w 474,112 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\shlwapi.dll
-c----w 615,424 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\urlmon.dll
-c----w 658,944 2007-06-26 14:09:10 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
-c----w 115,712 2007-06-14 13:39:54 C:\WINDOWS\$NtUninstallKB937143$\xpsp3res.dll
-c----w 1,023,488 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143_0$\browseui.dll
-c----w 151,040 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143_0$\cdfview.dll
-c----w 1,054,208 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143_0$\danim.dll
-c----w 357,888 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143_0$\dxtmsft.dll
-c----w 205,312 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143_0$\dxtrans.dll
-c----w 55,808 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143_0$\extmgr.dll
-c----w 18,432 2007-04-18 10:22:13 C:\WINDOWS\$NtUninstallKB937143_0$\iedw.exe
-c----w 251,392 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143_0$\iepeers.dll
-c----w 96,256 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143_0$\inseng.dll
-c----w 16,384 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143_0$\jsproxy.dll
-c----w 3,058,688 2007-05-04 12:29:16 C:\WINDOWS\$NtUninstallKB937143_0$\mshtml.dll
-c----w 449,024 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143_0$\mshtmled.dll
-c----w 146,432 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143_0$\msrating.dll
-c----w 532,480 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143_0$\mstime.dll
-c----w 39,424 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143_0$\pngfilt.dll
-c----w 1,494,528 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143_0$\shdocvw.dll
-c----w 474,112 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143_0$\shlwapi.dll
-c----w 615,424 2007-04-18 12:31:39 C:\WINDOWS\$NtUninstallKB937143_0$\urlmon.dll
-c----w 658,944 2007-04-18 12:31:39 C:\WINDOWS\$NtUninstallKB937143_0$\wininet.dll
-c----w 115,200 2007-04-18 09:51:25 C:\WINDOWS\$NtUninstallKB937143_0$\xpsp3res.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB937143_0$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB937143_0$\spuninst\updspapi.dll
-c----w 221,488 2006-09-25 22:58:48 C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
-c----w 379,184 2006-09-25 22:58:48 C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
-c----w 221,488 2006-10-16 21:10:58 C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe
-c----w 379,184 2006-10-16 21:10:58 C:\WINDOWS\$NtUninstallWIC$\spuninst\updspapi.dll
-c----w 484,352 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
-c----w 294,912 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
-c----w 164,864 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
-c----w 502,272 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
-c----w 6,656 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
-c----w 96,768 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
-c----w 310,272 2004-08-04 05:56:44 C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
-c----w 384,512 2004-08-04 05:56:44 C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
-c----w 240,640 2004-08-04 05:56:44 C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
-c----w 142,336 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
-c----w 25,088 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
-c----w 173,568 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
-c----w 366,832 2005-06-26 19:13:36 C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
-c----w 315,904 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
-c----w 221,184 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
-c----w 47,104 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
-c----w 15,872 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
-c----w 38,912 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
-c----w 396,528 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
-c----w 716,288 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
-c----w 224,768 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
-c----w 28,160 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
-c----w 33,792 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
-c----w 335,872 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
-c----w 290,816 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
-c----w 150,016 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
-c----w 1,027,072 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
-c----w 774,904 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
-c----w 1,119,744 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
-c----w 819,200 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe
-c----w 413,944 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
-c----w 940,544 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
-c----w 1,218,808 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
-c----w 1,512,448 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
-c----w 2,374,472 2006-12-07 05:29:34 C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
-c----w 895,736 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
-c----w 1,003,008 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
-c----w 61,952 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
-c----w 114,176 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
-c----w 66,560 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
-c----w 331,264 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
-c----w 18,944 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
-c----w 38,912 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
-c----w 213,216 2006-05-16 23:11:54 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
-c----w 371,424 2006-05-16 23:11:54 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
-c----w 13,312 2006-11-02 16:46:52 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
-c----w 8,192 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
-c----w 352,256 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
-c----w 819,200 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
-c----w 192,512 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
-c----w 189,440 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
-c----w 122,880 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe
-c----w 5,537,792 2007-04-30 13:20:24 C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
-c----w 135,168 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
-c----w 77,824 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
-c----w 282,624 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
-c----w 28,672 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe
-c----w 1,594,880 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\wmpencen.dll
-c----w 73,728 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
-c----w 3,371,008 2004-09-23 00:46:22 C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
-c----w 86,016 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
-c----w 175,104 2005-01-28 19:44:28 C:\WINDOWS\$NtUninstallwmp11$\wmpsrcwp.dll
-c----w 213,216 2006-05-16 23:11:54 C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
-c----w 371,424 2006-05-16 23:11:54 C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
-c----w 221,488 2006-09-16 06:05:22 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
-c----w 379,184 2006-09-16 06:05:22 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
-c----w 58,368 2006-09-29 00:01:52 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
------w 39,424 2006-10-04 14:05:26 C:\WINDOWS\AppPatch\acadproc.dll
----a-w 8,192 2007-09-06 00:29:27 C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 32,768 2007-09-06 00:29:30 C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 720,896 2007-09-06 00:29:44 C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 299,008 2007-09-06 00:29:30 C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 32,768 2007-09-06 00:29:40 C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
----a-w 1,224,704 2007-09-06 00:29:46 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
----a-w 1,294,336 2007-09-06 00:29:41 C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
----a-w 303,104 2007-09-06 00:29:36 C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 1,703,936 2007-09-06 00:29:28 C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 90,112 2007-09-06 00:29:43 C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 466,944 2007-09-06 00:29:36 C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 241,664 2007-09-06 00:29:32 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 66,560 2007-09-06 00:29:32 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
----a-w 372,736 2007-09-06 00:29:39 C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 241,664 2007-09-06 00:29:45 C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 323,584 2007-09-06 00:29:37 C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-09-06 00:29:33 C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 77,824 2007-09-06 00:29:35 C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 126,976 2007-09-06 00:29:41 C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 1,257,472 2007-09-06 00:29:42 C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 819,200 2007-09-06 00:29:26 C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 57,344 2007-09-06 00:29:31 C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 573,440 2007-09-06 00:29:29 C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 2,052,096 2007-09-06 00:29:34 C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 1,339,392 2007-09-06 00:29:38 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
----a-w 68,608 2007-09-06 00:39:20 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-09-06 00:39:38 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 151,552 2007-09-06 00:43:50 C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
----a-w 4,308,992 2007-09-06 00:39:39 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 3,915,776 2007-09-06 00:44:40 C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
----a-w 2,878,976 2007-09-06 00:39:33 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-09-06 00:39:41 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-09-06 00:39:11 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-09-06 00:39:11 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 344,064 2007-09-06 00:44:42 C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
----a-w 260,096 2007-09-06 00:39:51 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,025,792 2007-09-06 00:39:26 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-09-06 00:39:18 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 503,808 2007-09-06 00:39:10 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-09-06 00:39:13 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-09-06 00:39:36 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-09-06 00:39:37 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-09-06 00:39:38 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-09-06 00:39:15 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-09-06 00:39:15 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-09-06 00:39:16 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-09-06 00:39:17 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 745,472 2007-09-06 00:39:14 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 352,256 2007-09-06 00:43:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
----a-w 667,648 2007-09-06 00:39:53 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-09-06 00:39:54 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-09-06 00:39:54 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-09-06 00:39:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-09-06 00:39:55 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-09-06 00:39:07 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-09-06 00:39:09 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-09-06 00:39:08 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 593,920 2007-09-06 00:44:39 C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
----a-w 32,768 2007-09-06 00:44:40 C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
----a-w 4,972,544 2007-09-06 00:44:40 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
----a-w 184,320 2007-09-06 00:44:42 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
----a-w 126,976 2007-09-06 00:44:42 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
----a-w 376,832 2007-09-06 00:44:42 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
----a-w 151,552 2007-09-06 00:44:42 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
----a-w 897,024 2007-09-06 00:44:41 C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
----a-w 528,384 2007-09-06 00:44:42 C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
----a-w 94,208 2007-09-06 00:43:51 C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
----a-w 110,592 2007-09-06 00:39:46 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 3,018,752 2007-09-06 00:39:49 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 389,120 2007-09-06 00:39:47 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-09-06 00:39:21 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-09-06 00:39:42 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 884,736 2007-09-06 00:39:12 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,050,368 2007-09-06 00:39:35 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-09-06 00:39:22 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-09-06 00:39:23 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 700,416 2007-09-06 00:39:50 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-09-06 00:39:23 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 401,408 2007-09-06 00:43:51 C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
----a-w 126,976 2007-09-06 00:43:52 C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
----a-w 131,072 2007-09-06 00:43:52 C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
----a-w 368,640 2007-09-06 00:39:43 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-09-06 00:39:51 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-09-06 00:39:44 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 884,736 2007-09-06 00:43:53 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
----a-w 131,072 2007-09-06 00:39:45 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-09-06 00:39:19 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 5,623,808 2007-09-06 00:43:54 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
----a-w 159,744 2007-09-06 00:43:58 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
----a-w 16,384 2007-09-06 00:43:59 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
----a-w 114,688 2007-09-06 00:39:24 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 688,128 2007-09-06 00:44:43 C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
----a-w 835,584 2007-09-06 00:39:52 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-09-06 00:39:27 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-09-06 00:39:28 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,316,608 2007-09-06 00:39:30 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 1,108,784 2007-09-06 00:49:06 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
----a-w 1,641,272 2007-09-06 00:49:07 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
----a-w 588,592 2007-09-06 00:49:06 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
----a-w 2,035,712 2007-09-06 00:39:31 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-w 163,840 2007-09-06 00:44:42 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
----a-w 372,736 2007-09-06 00:44:42 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
----a-w 32,768 2007-09-06 00:44:42 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
----a-w 86,016 2007-09-06 00:44:41 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
----a-w 1,167,360 2007-09-06 00:44:39 C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
----a-w 81,920 2007-09-06 00:44:43 C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
----a-w 61,440 2007-09-06 00:30:11 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_affbf256\CustomMarshalers.dll
----a-w 3,379,200 2007-09-06 00:30:56 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_98a96589\mscorlib.dll
----a-w 1,953,792 2007-09-06 00:30:09 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_45f31647\System.dll
----a-w 1,470,464 2007-09-06 00:30:49 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a3ef96a0\System.Design.dll
----a-w 835,584 2007-09-06 00:30:51 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_33344e92\System.Drawing.dll
----a-w 90,112 2007-09-06 00:30:16 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c94681fe\System.Drawing.Design.dll
----a-w 3,014,656 2007-09-06 00:30:29 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c3d658b9\System.Windows.Forms.dll
----a-w 2,088,960 2007-09-06 00:30:37 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0c6530d1\System.Xml.dll
----a-w 26,624 2007-09-06 00:46:02 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f239c3db4a8614e9e29e9b292d21509\Accessibility.ni.dll
----a-w 81,920 2007-09-06 00:49:29 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5ce1d25dab8dc54db3ca2b461808b15e\Microsoft.Build.Framework.ni.dll
----a-w 1,691,648 2007-09-06 00:49:32 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4b3b0bc4ec43cf49bd03743ba9f268da\Microsoft.Build.Tasks.ni.dll
----a-w 163,840 2007-09-06 00:49:28 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a59d5534ccc0c84da27ba8f34d63572e\Microsoft.Build.Utilities.ni.dll
----a-w 17,920 2007-09-06 00:45:27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\d8e375f84af0794cbf33632421f631b3\Microsoft.VisualC.ni.dll
----a-w 11,415,552 2007-09-06 00:40:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\d93c6ec3fc948c48a6f5adb3d85d8680\mscorlib.ni.dll
----a-w 40,448 2007-09-06 00:47:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0b2e94698f3b3d44bf99a93c92798fa5\PresentationCFFRasterizer.ni.dll
----a-w 12,038,144 2007-09-06 00:46:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\7026d225aeafa642a3d27b8e339f1cc3\PresentationCore.ni.dll
----a-w 49,152 2007-09-06 00:48:46 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\5c92512c4e703947a96958beddc26429\PresentationFontCache.ni.exe
----a-w 266,240 2007-09-06 00:48:43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3c009d8f2f5c404484849837f5013e4e\PresentationFramework.Royale.ni.dll
----a-w 14,643,200 2007-09-06 00:48:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7be939f032f98044a1e95c26c2b77d9c\PresentationFramework.ni.dll
----a-w 204,800 2007-09-06 00:48:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9aa196fad910394fb010cbeeb6d6d9ce\PresentationFramework.Classic.ni.dll
----a-w 548,864 2007-09-06 00:48:42 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c7305cf85c22c546a6857f9cbead417e\PresentationFramework.Luna.ni.dll
----a-w 393,216 2007-09-06 00:48:44 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d5b9fd6afdaae64d9399411bc7073ca0\PresentationFramework.Aero.ni.dll
----a-w 1,757,184 2007-09-06 00:48:27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\a2059b00f7d83149a586f6023fcae80d\PresentationUI.ni.dll
----a-w 2,338,816 2007-09-06 00:48:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\252db67620c0f443aca57906654376bf\ReachFramework.ni.dll
----a-w 8,093,696 2007-09-06 00:40:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\8c4c3d270bde4a47ba32adac66a94431\System.ni.dll
----a-w 167,936 2007-09-06 00:46:10 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\3d2bc7473361394393c9bc4fa5353d25\System.Configuration.Install.ni.dll
----a-w 962,560 2007-09-06 00:45:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bea8421c9871d04f92189bdc10173f91\System.Configuration.ni.dll
----a-w 6,688,768 2007-09-06 00:41:45 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5822ec245b07d54cb5e9ceadd9afb587\System.Data.ni.dll
----a-w 1,179,648 2007-09-06 00:46:07 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ab49bbfedcf5624a97ac07cdb24a12a1\System.Data.OracleClient.ni.dll
----a-w 2,703,360 2007-09-06 00:45:25 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\c9160bc5bc0c244888643ba42f1ea12c\System.Data.SqlXml.ni.dll
----a-w 1,712,128 2007-09-06 00:46:05 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\9b91069a47a5134d9fa255d8ca891b54\System.Deployment.ni.dll
----a-w 10,723,328 2007-09-06 00:42:03 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\0af365e85bf966428c1ac74a197d224a\System.Design.ni.dll
----a-w 1,220,608 2007-09-06 00:45:32 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9c038f75c0b93b48a74179db4bf0c159\System.DirectoryServices.ni.dll
----a-w 512,000 2007-09-06 00:46:09 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c58068a97943e844af9d0a91b5c68cd7\System.DirectoryServices.Protocols.ni.dll
----a-w 1,626,112 2007-09-06 00:41:05 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d93fc20833213344a6c0a635de80dad8\System.Drawing.ni.dll
----a-w 229,376 2007-09-06 00:41:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\9a3ba240c0b6a746a645754b0f4736dd\System.Drawing.Design.ni.dll
----a-w 659,456 2007-09-06 00:45:30 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\54f831139090c94a96117f89a8288ba8\System.EnterpriseServices.ni.dll
----a-w 294,912 2007-09-06 00:45:30 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\54f831139090c94a96117f89a8288ba8\System.EnterpriseServices.Wrapper.dll
----a-w 655,360 2007-09-06 00:49:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\202f4714a1a39847bcd604d5fd93ba32\System.Messaging.ni.dll
----a-w 1,052,672 2007-09-06 00:48:39 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\f680bd8f3d624c4ab4689ad8a7ca2a53\System.Printing.ni.dll
----a-w 815,104 2007-09-06 00:45:34 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c47e903be376f489dd304a30132fe4a\System.Runtime.Remoting.ni.dll
----a-w 339,968 2007-09-06 00:46:02 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\44a6c4591806c84ab755a9ca0bc97168\System.Runtime.Serialization.Formatters.Soap.ni.dll
----a-w 729,088 2007-09-06 00:45:26 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\efbe977731d35f4db15b9a0f19ae9afd\System.Security.ni.dll
----a-w 233,472 2007-09-06 00:46:09 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8568617388daf94a84cf58db28195392\System.ServiceProcess.ni.dll
----a-w 684,032 2007-09-06 00:45:28 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\1ea7a49df1ef0b4591de24b9e532440a\System.Transactions.ni.dll
----a-w 11,808,768 2007-09-06 00:45:56 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f1b108f5d870d343917dcd9ba1af870e\System.Web.ni.dll
----a-w 237,568 2007-09-06 00:46:08 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\cfc0fa787715e14b8618e3ee124cfb98\System.Web.RegularExpressions.ni.dll
----a-w 1,945,600 2007-09-06 00:46:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea5e73cb842aa6488e477b39f2239cb0\System.Web.Services.ni.dll
----a-w 13,107,200 2007-09-06 00:41:23 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b9c95b3df1547c4baab2a4a9b6e27aff\System.Windows.Forms.ni.dll
----a-w 2,965,504 2007-09-06 00:49:16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b258ca4498d0b24aa729d6048119c2e3\System.Workflow.Activities.ni.dll
----a-w 4,599,808 2007-09-06 00:49:27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\781e2573500e44419dce2331a7a7f0c5\System.Workflow.ComponentModel.ni.dll
----a-w 2,064,384 2007-09-06 00:49:38 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1892aa749afa6749a4145310a55a5bb3\System.Workflow.Runtime.ni.dll
----a-w 5,640,192 2007-09-06 00:41:33 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\5f754c993ab5524d91624a3dccc43bde\System.Xml.ni.dll
----a-w 51,200 2007-09-06 00:47:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\55acc1f14544fc46a38e4ba021a4033a\UIAutomationProvider.ni.dll
----a-w 196,608 2007-09-06 00:47:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\0b734d507d8b2040922f669889648bf7\UIAutomationTypes.ni.dll
----a-w 3,289,088 2007-09-06 00:45:15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\a8dc066d34a843409169c3391283c001\WindowsBase.ni.dll
------w 2,076,672 2007-04-12 16:02:58 C:\WINDOWS\assembly\temp\0AGNTZ6CIP\System.Xml.dll
------w 1,929,216 2007-04-12 16:02:47 C:\WINDOWS\assembly\temp\0AHNU06DJQ\System.dll
------w 2,994,176 2007-04-12 16:02:53 C:\WINDOWS\assembly\temp\9JPW28FLSY\System.Windows.Forms.dll
------w 1,335,296 2007-04-12 16:01:15 C:\WINDOWS\assembly\temp\ALRY4BHOU0\System.Xml.dll
------w 1,216,512 2007-04-12 16:01:13 C:\WINDOWS\assembly\temp\GQX3AGMTZ5\System.dll
------w 368,640 2007-04-12 16:01:13 C:\WINDOWS\assembly\temp\JSY5BIOV18\System.Management.dll
------w 2,039,808 2007-04-12 16:01:15 C:\WINDOWS\assembly\temp\MU17EKRX4A\System.Windows.Forms.dll
------w 835,584 2007-04-12 16:02:49 C:\WINDOWS\assembly\temp\Q06CJPW29F\System.Drawing.dll
------w 3,289,088 2007-04-12 16:02:33 C:\WINDOWS\assembly\temp\SZ5CIPV28F\mscorlib.dll
------w 466,944 2007-04-12 16:01:13 C:\WINDOWS\assembly\temp\T39FMSZ5CI\System.Drawing.dll
-c--a-w 61,440 2004-08-04 05:56:42 C:\WINDOWS\ie7\admparse.dll
-c--a-w 99,840 2004-08-04 05:56:42 C:\WINDOWS\ie7\advpack.dll
-c--a-w 35,328 2004-08-04 05:56:42 C:\WINDOWS\ie7\corpol.dll
-c--a-w 33,792 2006-06-03 11:40:49 C:\WINDOWS\ie7\custsat.dll
-c--a-w 357,888 2007-06-15 08:12:28 C:\WINDOWS\ie7\dxtmsft.dll
-c--a-w 205,824 2007-06-15 08:12:28 C:\WINDOWS\ie7\dxtrans.dll
-c--a-w 55,808 2007-06-15 08:12:28 C:\WINDOWS\ie7\extmgr.dll
-c--a-w 38,912 2004-08-04 05:56:44 C:\WINDOWS\ie7\hmmapi.dll
-c--a-w 34,304 2004-08-04 05:56:52 C:\WINDOWS\ie7\ie4uinit.exe
-c--a-w 139,264 2004-08-04 05:56:44 C:\WINDOWS\ie7\ieakeng.dll
-c--a-w 216,576 2004-08-04 05:56:44 C:\WINDOWS\ie7\ieaksie.dll
-c--a-w 221,184 2003-03-31 12:00:00 C:\WINDOWS\ie7\ieakui.dll
-c--a-w 323,584 2004-08-04 05:56:44 C:\WINDOWS\ie7\iedkcs32.dll
-c--a-w 18,432 2007-06-14 10:32:36 C:\WINDOWS\ie7\iedw.exe
-c--a-w 81,920 2004-08-04 05:56:44 C:\WINDOWS\ie7\ieencode.dll
-c--a-w 251,904 2007-06-15 08:12:28 C:\WINDOWS\ie7\iepeers.dll
-c--a-w 48,640 2004-08-04 05:56:44 C:\WINDOWS\ie7\iernonce.dll
-c--a-w 62,976 2004-08-04 05:56:44 C:\WINDOWS\ie7\iesetup.dll
-c--a-w 93,184 2004-08-04 05:56:52 C:\WINDOWS\ie7\iexplore.exe
-c--a-w 35,840 2004-08-04 05:56:44 C:\WINDOWS\ie7\imgutil.dll
-c--a-w 96,256 2007-06-15 08:12:28 C:\WINDOWS\ie7\inseng.dll
-c--a-w 450,560 2006-05-18 05:24:25 C:\WINDOWS\ie7\jscript.dll
-c--a-w 16,384 2007-06-15 08:12:28 C:\WINDOWS\ie7\jsproxy.dll
-c--a-w 22,016 2004-08-04 05:56:44 C:\WINDOWS\ie7\licmgr10.dll
-c--a-w 29,184 2004-08-04 05:56:54 C:\WINDOWS\ie7\mshta.exe
-c--a-w 3,064,320 2007-06-15 08:12:29 C:\WINDOWS\ie7\mshtml.dll
-c--a-w 449,024 2007-06-15 08:12:29 C:\WINDOWS\ie7\mshtmled.dll
-c--a-w 56,832 2004-08-04 05:56:16 C:\WINDOWS\ie7\mshtmler.dll
-c--a-w 146,432 2003-03-31 12:00:00 C:\WINDOWS\ie7\msls31.dll
-c--a-w 146,432 2007-06-15 08:12:29 C:\WINDOWS\ie7\msrating.dll
-c--a-w 532,480 2007-06-15 08:12:29 C:\WINDOWS\ie7\mstime.dll
-c--a-w 96,256 2004-08-04 05:56:46 C:\WINDOWS\ie7\occache.dll
-c--a-w 39,424 2007-06-15 08:12:29 C:\WINDOWS\ie7\pngfilt.dll
-c--a-w 37,888 2004-08-04 05:56:48 C:\WINDOWS\ie7\url.dll
-c--a-w 616,960 2007-06-15 08:12:30 C:\WINDOWS\ie7\urlmon.dll
-c--a-w 417,792 2004-08-04 05:56:48 C:\WINDOWS\ie7\vbscript.dll
-c--a-w 851,968 2007-06-26 15:13:22 C:\WINDOWS\ie7\vgx.dll
-c--a-w 276,480 2004-08-04 05:56:48 C:\WINDOWS\ie7\webcheck.dll
-c--a-w 665,600 2007-06-26 14:35:54 C:\WINDOWS\ie7\wininet.dll
-c--a-w 31,856 2006-11-08 02:04:18 C:\WINDOWS\ie7\spuninst\iecustom.dll
-c--a-w 66,048 2006-11-08 02:01:06 C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
-c--a-w 213,216 2006-09-06 21:43:16 C:\WINDOWS\ie7\spuninst\spuninst.exe
-c--a-w 371,424 2006-09-06 21:43:18 C:\WINDOWS\ie7\spuninst\updspapi.dll
----a-w 315,904 2006-11-01 23:31:34 C:\WINDOWS\inf\unregmp2.exe
------w 16,832 2006-11-07 08:06:47 C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
------w 12,451 2006-11-07 08:06:47 C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
----a-w 72,704 2005-09-23 12:28:52 C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
----a-w 7,680 2005-09-23 12:28:52 C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
----a-w 7,680 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
----a-w 7,680 2005-09-23 12:28:58 C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
----a-w 7,680 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
----a-w 86,528 2005-09-23 12:28:52 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w 258,048 2004-07-15 06:49:16 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
----a-w 20,480 2004-07-15 06:49:18 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
----a-w 32,768 2004-07-15 06:49:26 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
----a-w 32,768 2004-07-15 06:49:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
----a-w 81,920 2004-07-15 05:32:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
----a-w 49,152 2004-07-15 16:23:28 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
----a-w 626,688 2004-07-15 16:23:44 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
----a-w 282,624 2004-07-15 05:24:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
----a-w 81,920 2003-10-08 19:30:14 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
----a-w 8,192 2004-07-15 19:31:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
----a-w 32,768 2004-07-15 19:31:04 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
----a-w 196,608 2004-07-15 05:35:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
----a-w 720,896 2004-07-15 19:28:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
----a-w 299,008 2004-07-15 19:28:56 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
----a-w 49,152 2004-07-15 19:28:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
----a-w 49,152 2004-07-15 19:28:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
----a-w 86,016 2004-07-15 05:32:44 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
----a-w 233,472 2004-07-15 05:32:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
----a-w 315,392 2004-07-15 05:25:06 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
----a-w 102,400 2004-07-15 05:33:04 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
----a-w 2,138,112 2004-07-15 19:29:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
----a-w 143,360 2004-07-15 05:33:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
----a-w 81,920 2004-07-15 05:33:24 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
----a-w 2,510,848 2004-07-15 05:26:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
----a-w 2,502,656 2004-07-15 05:28:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
----a-w 106,496 2004-08-10 21:20:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
----a-w 94,208 2004-07-15 05:34:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
----a-w 32,768 2004-07-15 19:28:48 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
----a-w 319,488 2004-07-15 05:35:04 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
----a-w 1,294,336 2004-07-15 19:32:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
----a-w 303,104 2004-07-15 19:31:14 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
----a-w 1,703,936 2004-07-15 19:29:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
----a-w 90,112 2004-07-15 19:28:54 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
----a-w 1,224,704 2004-07-15 19:31:16 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
----a-w 466,944 2004-07-15 19:28:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
----a-w 241,664 2004-07-15 19:28:56 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
----a-w 66,560 2004-07-15 05:35:12 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
----a-w 372,736 2004-07-15 19:31:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
----a-w 241,664 2004-07-15 19:31:12 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
----a-w 323,584 2004-07-15 19:28:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
----a-w 131,072 2004-07-15 19:31:54 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 77,824 2004-07-15 19:28:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
----a-w 126,976 2004-07-15 19:28:54 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
----a-w 1,257,472 2004-07-15 19:29:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
----a-w 819,200 2004-07-15 19:28:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
----a-w 57,344 2004-07-15 19:28:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
----a-w 573,440 2004-07-15 19:31:16 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
----a-w 2,052,096 2004-07-15 19:32:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
----a-w 1,339,392 2004-07-15 19:29:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
----a-w 737,280 2004-07-15 16:23:20 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
----a-w 1,032,192 2004-07-15 13:15:14 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
----a-w 31,744 2004-07-15 07:11:56 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
----a-w 53,248 2004-06-22 18:51:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
----a-w 10,752 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
----a-w 138,240 2005-09-23 12:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
----a-w 87,552 2005-09-23 12:28:36 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
----a-w 55,488 2005-09-23 12:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 503,808 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 36,864 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
----a-w 10,752 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 70,656 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 13,824 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
----a-w 26,824 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 106,496 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
----a-w 29,896 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 29,888 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 106,496 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
----a-w 88,576 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 76,984 2005-09-23 12:28:42 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
----a-w 1,144,832 2005-09-23 12:28:42 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
----a-w 13,312 2005-09-23 12:28:42 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
----a-w 17,920 2005-09-23 12:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
----a-w 68,608 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
----a-w 31,936 2005-09-23 12:28:44 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
----a-w 52,736 2005-09-23 12:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
----a-w 4,608 2005-09-23 12:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 547,840 2005-09-23 12:29:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
----a-w 788,992 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
----a-w 9,216 2005-09-23 12:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
----a-w 9,728 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 8,192 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
----a-w 36,864 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
----a-w 5,632 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
----a-w 224,952 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 55,296 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
----a-w 72,192 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
----a-w 40,960 2005-09-23 12:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
----a-w 413,696 2005-09-23 12:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 36,864 2005-09-23 12:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
----a-w 647,168 2005-09-23 12:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 73,728 2005-09-23 12:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
----a-w 745,472 2005-09-23 12:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 110,592 2005-09-23 12:29:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 372,736 2005-09-23 12:29:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
----a-w 667,648 2005-09-23 12:29:08 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
----a-w 28,672 2005-09-23 12:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2005-09-23 12:29:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
----a-w 32,768 2005-09-23 12:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
----a-w 12,800 2005-09-23 12:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2005-09-23 12:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
----a-w 87,552 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 69,632 2005-09-23 12:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
----a-w 800,768 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 73,216 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
----a-w 288,768 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
----a-w 36,864 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,144 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 81,408 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
----a-w 4,308,992 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,400 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 330,752 2005-09-23 12:29:00 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
----a-w 67,072 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
----a-w 9,216 2005-09-23 12:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
----a-w 226,816 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 66,240 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 10,240 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
----a-w 5,615,616 2005-09-23 12:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 96,440 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 14,848 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 78,336 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
----a-w 136,192 2005-09-23 12:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 53,248 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
----a-w 32,768 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
----a-w 59,072 2005-09-23 12:29:02 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
----a-w 7,680 2005-09-23 12:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
----a-w 107,520 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
----a-w 85,504 2005-09-23 12:29:00 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
----a-w 377,344 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 389,120 2005-09-23 12:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 81,920 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
----a-w 2,878,976 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 884,736 2005-09-23 12:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,050,368 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 397,312 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
----a-w 188,416 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 3,018,752 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 81,920 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
----a-w 700,416 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 368,640 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 258,048 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
----a-w 299,008 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 131,072 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
----a-w 114,688 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
----a-w 260,096 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,025,792 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 835,584 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
----a-w 86,016 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
----a-w 823,296 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
----a-w 5,316,608 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,035,712 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 71,680 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
----a-w 1,140,920 2005-09-23 12:29:06 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,306,624 2005-09-23 12:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 298,496 2005-09-23 12:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 28,160 2005-09-23 12:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
----a-w 18,944 2005-09-23 12:28:36 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
----a-w 136,192 2005-09-23 12:28:42 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
----a-w 4,608 2005-09-23 12:28:44 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
----a-w 183,808 2005-09-23 12:29:04 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
----a-w 208,896 2005-09-23 12:28:28 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
----a-w 609,472 2005-09-23 12:01:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
----a-w 80,896 2005-09-23 11:29:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
----a-w 80,896 2005-09-23 11:32:24 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
----a-w 82,944 2005-09-23 11:34:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
----a-w 81,920 2005-09-23 11:34:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
----a-w 85,504 2005-09-23 11:34:44 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
----a-w 87,552 2005-09-23 11:36:24 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
----a-w 80,896 2005-09-23 08:46:14 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
----a-w 81,408 2005-09-23 11:38:26 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
----a-w 86,016 2005-09-23 11:38:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
----a-w 80,896 2005-09-23 11:40:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
----a-w 83,968 2005-09-23 11:40:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
----a-w 84,480 2005-09-23 11:40:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
----a-w 80,896 2005-09-23 11:42:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
----a-w 80,896 2005-09-23 11:44:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
----a-w 83,456 2005-09-23 11:46:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
----a-w 81,920 2005-09-23 11:46:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
----a-w 83,456 2005-09-23 11:46:40 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
----a-w 82,432 2005-09-23 11:47:04 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
----a-w 82,432 2005-09-23 11:47:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
----a-w 81,920 2005-09-23 11:47:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
----a-w 80,896 2005-09-23 11:47:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
----a-w 80,896 2005-09-23 11:30:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
----a-w 84,480 2005-09-23 11:47:06 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
----a-w 80,896 2005-09-23 11:29:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
----a-w 85,504 2005-09-23 11:36:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
----a-w 245,408 2005-09-23 12:57:06 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
----a-w 22,528 2005-09-23 12:29:00 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
----a-w 74,012 2006-10-30 09:06:24 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat
----a-w 99,600 2006-10-30 08:25:56 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe
----a-w 220,672 2006-10-30 04:15:06 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll
----a-w 1,054,720 2006-10-30 04:17:56 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll
----a-w 163,328 2006-10-30 04:14:26 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll
----a-w 194,320 2006-10-30 08:25:54 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe
----a-w 167,176 2006-10-30 08:25:56 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe
----a-w 365,320 2006-10-30 08:25:56 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
----a-w 80,384 2006-10-30 08:17:12 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll
----a-w 80,384 2006-10-30 08:17:30 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll
----a-w 86,016 2006-10-30 08:17:36 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll
----a-w 87,040 2006-10-30 08:17:44 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll
----a-w 89,600 2006-10-30 08:17:50 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll
----a-w 94,208 2006-10-30 08:17:56 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll
----a-w 82,944 2006-10-30 08:18:10 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll
----a-w 91,648 2006-10-30 08:18:16 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll
----a-w 80,384 2006-10-30 08:18:22 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll
----a-w 89,600 2006-10-30 08:18:30 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll
----a-w 88,064 2006-10-30 08:18:36 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll
----a-w 80,384 2006-10-30 08:18:42 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll
----a-w 80,384 2006-10-30 08:18:48 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll
----a-w 87,040 2006-10-30 08:18:56 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll
----a-w 83,968 2006-10-30 08:19:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll
----a-w 86,528 2006-10-30 08:19:08 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll
----a-w 84,480 2006-10-30 08:19:14 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll
----a-w 82,944 2006-10-30 08:19:28 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll
----a-w 83,968 2006-10-30 08:19:34 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll
----a-w 82,432 2006-10-30 08:19:42 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll
----a-w 80,384 2006-10-30 08:17:24 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll
----a-w 90,624 2006-10-30 08:19:22 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll
----a-w 90,112 2006-10-30 08:18:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll
----a-w 80,384 2006-10-30 04:15:20 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll
----a-w 1,621,504 2006-10-30 04:15:22 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll
----a-w 590,848 2006-10-30 04:18:26 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll
----a-w 541,184 2006-10-30 04:20:20 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll
----a-w 816,128 2006-10-30 04:18:12 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll
----a-w 1,139,712 2006-10-30 04:16:52 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll
----a-w 98,816 2006-10-30 08:17:14 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll
----a-w 98,816 2006-10-30 08:17:30 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll
----a-w 99,840 2006-10-30 08:17:38 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll
----a-w 99,840 2006-10-30 08:17:44 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll
----a-w 102,400 2006-10-30 08:17:50 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll
----a-w 104,448 2006-10-30 08:17:58 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll
----a-w 98,816 2006-10-30 08:18:10 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll
----a-w 103,424 2006-10-30 08:18:16 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll
----a-w 98,816 2006-10-30 08:18:24 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll
----a-w 102,400 2006-10-30 08:18:30 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll
----a-w 101,376 2006-10-30 08:18:36 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll
----a-w 98,816 2006-10-30 08:18:42 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll
----a-w 98,816 2006-10-30 08:18:50 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll
----a-w 99,840 2006-10-30 08:18:56 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll
----a-w 98,816 2006-10-30 08:19:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll
----a-w 99,840 2006-10-30 08:19:08 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll
----a-w 99,328 2006-10-30 08:19:16 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll
----a-w 98,816 2006-10-30 08:19:28 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll
----a-w 98,816 2006-10-30 08:19:36 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll
----a-w 98,816 2006-10-30 08:19:42 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll
----a-w 98,816 2006-10-30 08:17:24 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll
----a-w 101,376 2006-10-30 08:19:22 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll
----a-w 102,400 2006-10-30 08:18:04 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll
----a-w 98,816 2006-10-30 04:18:36 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll
----a-w 1,103,872 2006-10-30 04:19:30 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll
----a-w 159,744 2006-10-30 08:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
----a-w 741,376 2006-10-30 08:33:58 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
----a-w 626,440 2007-09-06 00:43:44 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe
----a-w 80,896 2007-09-06 00:43:44 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll
----a-w 352,256 2006-10-30 08:34:00 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
----a-w 151,552 2006-10-30 08:34:00 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
----a-w 61,440 2006-10-30 08:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
----a-w 11,264 2006-10-30 08:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
----a-w 94,208 2006-10-30 08:34:00 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
----a-w 122,880 2006-10-30 08:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
----a-w 884,736 2006-10-30 08:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
----a-w 5,623,808 2006-10-30 08:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
----a-w 159,744 2006-10-30 08:34:00 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
----a-w 16,384 2006-10-30 08:34:00 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
----a-w 143,360 2006-10-30 08:34:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
----a-w 14,648 2006-07-26 02:32:00 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
----a-w 797,696 2006-10-20 21:08:52 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
----a-w 4,874,240 2006-10-20 21:09:02 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
----a-w 2,628,608 2006-10-20 19:03:40 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
----a-w 72,992 2006-10-21 02:29:46 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
----a-w 32,768 2006-10-21 02:21:24 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
----a-w 36,864 2006-10-21 02:21:24 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
----a-w 106,272 2006-10-21 02:29:52 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
----a-w 897,024 2006-10-21 02:21:26 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
----a-w 14,848 2006-10-21 02:21:26 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
------w 33,792 2006-06-03 11:40:49 C:\WINDOWS\network diagnostic\custsat.dll
------w 557,568 2006-10-10 12:44:50 C:\WINDOWS\network diagnostic\xpnetdiag.exe
----a-w 14,048 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\spmsg.dll
----a-w 213,216 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\spuninst.exe
----a-w 72,704 2006-10-04 08:48:36 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\magnify.exe
----a-w 53,760 2006-10-04 08:48:36 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\narrator.exe
----a-w 215,552 2006-10-04 08:48:37 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\osk.exe
----a-w 35,840 2006-10-04 13:33:38 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\umandlg.dll
----a-w 50,176 2006-10-04 08:48:37 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\utilman.exe
----a-w 72,704 2006-10-04 10:40:05 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\magnify.exe
----a-w 53,760 2006-10-04 10:40:06 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\narrator.exe
----a-w 215,552 2006-10-04 10:40:06 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\osk.exe
----a-w 35,840 2006-10-04 14:05:57 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\umandlg.dll
----a-w 50,176 2006-10-04 10:40:06 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\utilman.exe
----a-w 22,752 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\spcustom.dll
----a-w 716,000 2005-10-12 23:16:51 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\update.exe
----a-w 371,424 2005-10-12 23:16:56 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\spuninst.exe
----a-w 33,792 2006-06-03 11:40:49 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\SP2QFE\custsat.dll
----a-w 557,568 2006-10-10 12:44:50 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\SP2QFE\xpnetdg.exe
----a-w 214,528 2006-10-10 06:12:10 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\spuninst.exe
----a-w 49,152 2006-03-24 04:37:50 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\sp2gdr\wdigest.dll
----a-w 49,152 2006-03-24 04:47:44 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\sp2qfe\wdigest.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\updspapi.dll
----a-w 28,160 2007-03-23 01:24:58 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\filterpipelineprintproc.dll
----a-w 762,880 2007-03-23 01:24:50 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\mxdwdrv.dll
----a-w 131,584 2007-03-23 01:24:34 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\mxdwdui.dll
----a-w 677,376 2007-03-23 01:25:42 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\printfilterpipelinesvc.exe
----a-w 124,928 2007-03-23 01:25:02 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\prntvpt.dll
----a-w 14,048 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spmsg2.dll
----a-w 213,216 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spuninst.exe
----a-w 22,752 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spupdsvc.exe
----a-w 376,832 2007-03-23 01:24:06 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unidrv.dll
----a-w 749,568 2007-03-23 02:03:54 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unidrvui.dll
----a-w 761,344 2007-03-23 02:03:58 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unires.dll
----a-w 583,504 2007-03-23 11:07:54 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\xpsshhdr.dll
----a-w 1,683,280 2007-03-23 11:07:56 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\xpssvcs.dll
----a-w 35,840 2007-03-23 01:54:06 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\filterpipelineprintproc.dll
----a-w 746,496 2007-03-23 01:53:16 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\mxdwdrv.dll
----a-w 2,932,224 2007-03-23 01:59:24 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\xpssvcs.dll
----a-w 28,160 2007-03-23 01:24:58 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\filterpipelineprintproc.dll
----a-w 762,880 2007-03-23 01:24:50 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\mxdwdrv.dll
----a-w 1,683,280 2007-03-23 11:07:56 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\xpssvcs.dll
----a-w 22,752 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\spcustom.dll
----a-w 716,000 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\update.exe
----a-w 371,424 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\updspapi.dll
----a-w 14,048 2005-02-25 03:35:05 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\spmsg.dll
----a-w 209,632 2005-02-25 03:35:05 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\spuninst.exe
----a-w 17,920 2005-04-27 23:15:36 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\cobramsg.dll
----a-w 133,120 2005-04-28 19:16:29 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\guitrn.dll
----a-w 115,200 2005-04-28 19:16:29 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\guitrna.dll
----a-w 19,968 2005-04-28 19:16:29 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\log.dll
----a-w 274,432 2005-04-28 19:16:29 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\migism.dll
----a-w 261,120 2005-04-28 17:16:30 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\migisma.dll
----a-w 103,424 2005-04-28 00:12:58 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\migload.exe
----a-w 245,248 2005-04-28 00:12:57 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\migwiz.exe
----a-w 241,152 2005-04-28 00:12:57 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\migwiza.exe
----a-w 215,552 2005-04-28 19:16:29 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\script.dll
----a-w 199,680 2005-04-28 19:16:29 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\scripta.dll
----a-w 193,024 2005-04-28 19:16:29 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\sysmod.dll
----a-w 173,568 2005-04-28 19:16:29 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\sysmoda.dll
----a-w 13,824 2005-04-28 00:08:33 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\sp2qfe\xpsp3res.dll
----a-w 22,240 2005-02-25 03:35:05 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\update\spcustom.dll
----a-w 718,048 2005-02-25 03:35:05 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\update\update.exe
----a-w 371,936 2005-02-25 03:35:06 C:\WINDOWS\SoftwareDistribution\Download\45bc3b0b1377e03536e65815a9f444ac\update\updspapi.dll
----a-w 27,648 2006-10-14 21:43:18 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\filterpipelineprintproc.dll
----a-w 751,104 2006-10-14 21:43:18 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\mxdwdrv.dll
----a-w 131,584 2006-10-14 21:42:40 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\mxdwdui.dll
----a-w 671,744 2006-10-14 21:44:44 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\printfilterpipelinesvc.exe
----a-w 124,416 2006-10-14 21:43:38 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\prntvpt.dll
----a-w 14,048 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spmsg2.dll
----a-w 213,216 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spuninst.exe
----a-w 22,752 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spupdsvc.exe
----a-w 376,320 2006-10-14 21:42:18 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unidrv.dll
----a-w 510,464 2006-10-14 21:42:28 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unidrvui.dll
----a-w 619,008 2006-10-14 21:40:36 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unires.dll
----a-w 580,352 2006-10-15 01:21:58 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\xpsshhdr.dll
----a-w 1,698,048 2006-10-15 01:22:00 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\xpssvcs.dll
----a-w 34,304 2006-10-14 22:13:02 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\filterpipelineprintproc.dll
----a-w 737,792 2006-10-14 22:12:14 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\mxdwdrv.dll
----a-w 2,946,304 2006-10-15 01:09:04 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\xpssvcs.dll
----a-w 27,648 2006-10-14 21:43:18 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\filterpipelineprintproc.dll
----a-w 751,104 2006-10-14 21:43:18 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\mxdwdrv.dll
----a-w 1,698,048 2006-10-15 01:22:00 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\xpssvcs.dll
----a-w 22,752 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\spcustom.dll
----a-w 716,000 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\update.exe
----a-w 371,424 2006-06-29 18:07:36 C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\updspapi.dll
----a-w 13,536 2005-06-28 15:20:24 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spmsg.dll
----a-w 213,216 2005-06-28 15:23:26 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spuninst.exe
----a-w 22,752 2005-06-28 15:21:34 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spupdsvc.exe
----a-w 10,834,944 2007-06-12 04:51:12 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\wmp.dll
----a-w 716,000 2005-06-28 15:24:52 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\update.exe
----a-w 371,424 2005-06-28 15:23:54 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\spuninst.exe
----a-w 116,736 2006-11-13 06:02:58 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\aaclient.dll
----a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\lhmstsc.exe
----a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\lhmstscx.dll
----a-w 288,768 2006-11-13 06:02:58 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\rhttpaa.dll
----a-w 16,832 2006-11-07 08:06:47 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tscinst.vbs
----a-w 12,451 2006-11-07 08:06:47 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tscuinst.vbs
----a-w 36,352 2006-11-13 06:02:58 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tsgqec.dll
----a-w 116,736 2006-11-13 06:02:15 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\aaclient.dll
----a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\lhmstsc.exe
----a-w 1,866,240 2006-11-13 06:02:15 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\lhmstscx.dll
----a-w 288,768 2006-11-13 06:02:15 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\rhttpaa.dll
----a-w 16,832 2006-11-07 08:06:47 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tscinst.vbs
----a-w 12,451 2006-11-07 08:06:47 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tscuinst.vbs
----a-w 36,352 2006-11-13 06:02:15 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tsgqec.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\spcustom.dll
----a-w 38,400 2006-11-13 06:02:58 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\tscupdatecustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\spuninst.exe
----a-w 153,088 2006-10-11 16:24:45 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2p.dll
----a-w 104,960 2006-10-11 16:24:45 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pgasvc.dll
----a-w 313,344 2006-10-11 16:24:45 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pgraph.dll
----a-w 116,224 2006-10-11 16:24:45 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pnetsh.dll
----a-w 553,984 2006-10-11 16:24:45 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2psvc.dll
----a-w 58,880 2006-10-11 16:24:45 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\pnrpnsp.dll
----a-w 153,088 2006-10-11 16:35:59 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2p.dll
----a-w 104,960 2006-10-11 16:35:59 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pgasvc.dll
----a-w 313,344 2006-10-11 16:35:59 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pgraph.dll
----a-w 115,712 2006-10-11 16:35:59 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pnetsh.dll
----a-w 553,984 2006-10-11 16:35:59 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2psvc.dll
----a-w 58,880 2006-10-11 16:35:59 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\pnrpnsp.dll
----a-w 212,480 2006-09-26 08:51:38 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\updspapi.dll
----a-w 412,160 2006-10-24 17:30:20 C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\photometadatahandler.dll
----a-w 14,640 2006-10-16 21:10:58 C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spmsg.dll
----a-w 221,488 2006-10-16 21:10:58 C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spuninst.exe
----a-w 23,856 2006-10-16 21:10:58 C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spupdsvc.exe
----a-w 716,288 2006-10-24 17:30:06 C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\windowscodecs.dll
----a-w 352,256 2006-10-24 17:29:50 C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\windowscodecsext.dll
----a-w 276,992 2006-10-24 17:30:00 C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\wmphoto.dll
----a-w 23,856 2006-10-16 21:10:56 C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\spcustom.dll
----a-w 742,192 2006-10-16 21:10:58 C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\update.exe
----a-w 379,184 2006-10-16 21:10:58 C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\updspapi.dll
----a-w 13,536 2005-06-28 15:20:24 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
----a-w 213,216 2005-06-28 15:23:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
----a-w 317,440 2007-06-27 03:10:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
----a-w 716,000 2005-06-28 15:24:52 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
----a-w 371,424 2005-06-28 15:23:54 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
----a-w 1,485,696 2007-04-24 16:32:06 C:\WINDOWS\SoftwareDistribution\Download\d219c5aa727ee8fc0f9eb775006e580a\legitcheckcontrol.dll
----a-w 14,640 2006-11-17 21:14:30 C:\WINDOWS\SoftwareDistribution\Download\d219c5aa727ee8fc0f9eb775006e580a\spmsg.dll
----a-w 742,192 2006-11-17 21:14:30 C:\WINDOWS\SoftwareDistribution\Download\d219c5aa727ee8fc0f9eb775006e580a\update\update.exe
----a-w 379,184 2006-11-17 21:14:30 C:\WINDOWS\SoftwareDistribution\Download\d219c5aa727ee8fc0f9eb775006e580a\update\updspapi.dll
----a-w 70,528 2007-04-24 16:30:24 C:\WINDOWS\SoftwareDistribution\Download\d219c5aa727ee8fc0f9eb775006e580a\update\wgacustom.dll
----a-w 414,720 2006-12-04 21:21:50 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\msscp.dll
----a-w 13,536 2005-06-28 15:20:24 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spmsg.dll
----a-w 213,216 2005-06-28 15:23:26 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spuninst.exe
----a-w 22,752 2005-06-28 15:21:34 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spupdsvc.exe
----a-w 716,000 2005-06-28 15:24:52 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\update.exe
----a-w 371,424 2005-06-28 15:23:54 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\updspapi.dll
----a-w 133,120 2005-10-29 04:49:40 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\axaltocm.dll
----a-w 96,792 2005-10-28 21:40:16 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\basecsp.dll
----a-w 25,600 2005-10-29 04:49:40 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\bcsprsrc.dll
----a-w 151,552 2005-10-29 04:49:40 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\ifxcardm.dll
----a-w 84,480 2005-10-29 04:49:42 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\pintool.exe
----a-w 14,048 2005-10-21 22:10:58 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\spmsg.dll
----a-w 209,632 2005-10-21 22:11:02 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\spuninst.exe
----a-w 22,752 2005-10-21 22:11:02 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\spupdsvc.exe
----a-w 22,240 2005-10-21 22:10:58 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\update\spcustom.dll
----a-w 718,048 2005-10-21 22:11:02 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\update\update.exe
----a-w 371,936 2005-10-21 22:11:02 C:\WINDOWS\SoftwareDistribution\Download\f9b5f6f3464868b8afcd5271d92cd432\update\updspapi.dll
----a-w 71,680 2006-11-07 08:26:44 C:\WINDOWS\system32\admparse.dll
----a-w 123,904 2006-11-07 08:26:24 C:\WINDOWS\system32\advpack.dll
----a-w 7,168 2006-10-19 02:47:08 C:\WINDOWS\system32\asferror.dll
----a-w 276,992 2006-10-19 02:47:08 C:\WINDOWS\system32\audiodev.dll
------w 133,120 2005-10-29 04:49:40 C:\WINDOWS\system32\axaltocm.dll
------w 96,792 2005-10-28 21:40:16 C:\WINDOWS\system32\basecsp.dll
------w 25,600 2005-10-29 04:49:40 C:\WINDOWS\system32\bcsprsrc.dll
----a-w 542,720 2006-10-19 02:47:10 C:\WINDOWS\system32\blackbox.dll
----a-w 1,022,976 2007-06-15 08:12:28 C:\WINDOWS\system32\browseui.dll
----a-w 151,040 2007-06-15 08:12:28 C:\WINDOWS\system32\cdfview.dll
----a-w 229,376 2006-10-19 02:47:10 C:\WINDOWS\system32\cewmdm.dll
----a-w 17,408 2006-10-17 17:03:56 C:\WINDOWS\system32\corpol.dll
----a-w 1,054,208 2007-06-15 08:12:28 C:\WINDOWS\system32\danim.dll
----a-w 83,456 2005-09-23 12:28:38 C:\WINDOWS\system32\dfshim.dll
------w 249,856 2006-10-19 01:00:46 C:\WINDOWS\system32\drmupgds.exe
----a-w 991,744 2006-10-19 02:47:10 C:\WINDOWS\system32\drmv2clt.dll
----a-w 346,624 2006-10-17 16:58:06 C:\WINDOWS\system32\dxtmsft.dll
----a-w 214,528 2006-10-17 16:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 69,408 2006-10-21 02:29:46 C:\WINDOWS\system32\dxva2.dll
----a-w 478,496 2006-10-21 02:30:00 C:\WINDOWS\system32\evr.dll
----a-w 131,584 2006-11-08 02:03:36 C:\WINDOWS\system32\extmgr.dll
----a-w 172,280 2007-09-06 00:59:17 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 556,296 2006-10-30 08:33:58 C:\WINDOWS\system32\icardagt.exe
------w 61,952 2006-10-17 16:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 9,480 2006-10-30 08:33:58 C:\WINDOWS\system32\icardres.dll
------w 26,112 2006-06-29 13:05:44 C:\WINDOWS\system32\idndl.dll
----a-w 54,784 2006-11-07 08:26:28 C:\WINDOWS\system32\ie4uinit.exe
----a-w 152,064 2006-11-07 08:26:56 C:\WINDOWS\system32\ieakeng.dll
----a-w 229,376 2006-11-07 08:27:02 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2006-11-07 08:25:14 C:\WINDOWS\system32\ieakui.dll
------w 2,451,824 2006-09-06 04:01:26 C:\WINDOWS\system32\ieapfltr.dat
------w 380,928 2006-10-17 16:27:56 C:\WINDOWS\system32\ieapfltr.dll
----a-w 382,976 2006-11-07 08:27:10 C:\WINDOWS\system32\iedkcs32.dll
----a-w 78,336 2006-10-17 17:06:00 C:\WINDOWS\system32\ieencode.dll
------w 6,049,280 2006-11-08 02:03:36 C:\WINDOWS\system32\ieframe.dll
----a-w 191,488 2006-11-08 02:03:36 C:\WINDOWS\system32\iepeers.dll
----a-w 43,008 2006-11-07 08:26:28 C:\WINDOWS\system32\iernonce.dll
------w 266,752 2006-10-17 16:57:20 C:\WINDOWS\system32\iertutil.dll
----a-w 55,296 2006-11-07 08:26:42 C:\WINDOWS\system32\iesetup.dll
----a-w 13,312 2006-11-07 08:26:32 C:\WINDOWS\system32\ieudinit.exe
------w 180,736 2006-11-08 02:03:36 C:\WINDOWS\system32\ieui.dll
------w 151,552 2005-10-29 04:49:40 C:\WINDOWS\system32\ifxcardm.dll
----a-w 36,352 2006-10-17 16:57:58 C:\WINDOWS\system32\imgutil.dll
----a-w 83,968 2006-10-30 08:33:58 C:\WINDOWS\system32\infocardapi.dll
----a-w 92,672 2006-11-07 08:26:24 C:\WINDOWS\system32\inseng.dll
----a-w 135,168 2007-07-12 06:22:00 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-07-12 06:22:04 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-07-12 07:22:38 C:\WINDOWS\system32\javaws.exe
----a-w 491,520 2006-10-17 17:00:00 C:\WINDOWS\system32\jscript.dll
----a-w 27,136 2006-11-08 02:03:36 C:\WINDOWS\system32\jsproxy.dll
----a-w 11,264 2006-10-19 02:47:14 C:\WINDOWS\system32\LAPRXY.dll
------w 1,485,696 2007-04-24 16:32:06 C:\WINDOWS\system32\LegitCheckControl.dll
----a-w 40,960 2006-10-17 17:05:10 C:\WINDOWS\system32\licmgr10.dll
----a-w 100,864 2006-10-19 01:03:58 C:\WINDOWS\system32\logagent.exe
------w 212,992 2006-10-19 02:47:14 C:\WINDOWS\system32\MFPLAT.dll
----a-w 1,980,704 2006-10-21 02:30:06 C:\WINDOWS\system32\milcore.dll
------w 259,072 2006-10-19 02:47:14 C:\WINDOWS\system32\MP43DECD.dll
----a-w 4,096 2006-10-19 02:47:14 C:\WINDOWS\system32\MP43DMOD.dll
------w 317,440 2006-10-19 02:47:14 C:\WINDOWS\system32\MP4SDECD.dll
----a-w 4,096 2006-10-19 02:47:14 C:\WINDOWS\system32\MP4SDMOD.dll
------w 259,072 2006-10-19 02:47:14 C:\WINDOWS\system32\MPG4DECD.dll
----a-w 4,096 2006-10-19 02:47:14 C:\WINDOWS\system32\MPG4DMOD.dll
----a-w 270,848 2005-09-23 12:28:52 C:\WINDOWS\system32\mscoree.dll
----a-w 150,016 2005-09-23 12:28:52 C:\WINDOWS\system32\mscorier.dll
----a-w 74,240 2005-09-23 12:28:52 C:\WINDOWS\system32\mscories.dll
------w 312,128 2006-10-02 20:28:42 C:\WINDOWS\system32\msdelta.dll
------w 458,752 2006-11-08 02:03:36 C:\WINDOWS\system32\msfeeds.dll
------w 50,688 2006-11-08 02:03:36 C:\WINDOWS\system32\msfeedsbs.dll
------w 12,288 2006-10-17 16:58:32 C:\WINDOWS\system32\msfeedssync.exe
----a-w 45,568 2006-10-17 16:56:10 C:\WINDOWS\system32\mshta.exe
----a-w 3,577,856 2006-11-08 02:03:36 C:\WINDOWS\system32\mshtml.dll
----a-w 475,648 2006-11-08 02:03:36 C:\WINDOWS\system32\mshtmled.dll
----a-w 48,128 2006-10-17 16:28:56 C:\WINDOWS\system32\mshtmler.dll
----a-w 156,160 2006-11-08 02:03:36 C:\WINDOWS\system32\msls31.dll
----a-w 179,712 2006-10-19 02:47:16 C:\WINDOWS\system32\msnetobj.dll
----a-w 27,136 2006-10-19 02:47:16 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 175,616 2006-10-19 02:47:16 C:\WINDOWS\system32\mspmsp.dll
----a-w 192,000 2006-10-17 17:05:10 C:\WINDOWS\system32\msrating.dll
----a-w 414,208 2006-10-19 02:47:16 C:\WINDOWS\system32\msscp.dll
----a-w 670,720 2006-11-08 02:03:36 C:\WINDOWS\system32\mstime.dll
----a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\system32\mstsc.exe
----a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\system32\mstscax.dll
----a-w 321,536 2006-10-19 02:47:16 C:\WINDOWS\system32\mswmdm.dll
----a-w 1,317,648 2006-12-04 19:37:58 C:\WINDOWS\system32\msxml6.dll
----a-w 86,728 2006-10-19 18:33:20 C:\WINDOWS\system32\msxml6r.dll
------w 24,576 2006-06-28 22:59:26 C:\WINDOWS\system32\nlsdl.dll
------w 23,552 2006-06-29 13:05:44 C:\WINDOWS\system32\normaliz.dll
----a-w 101,376 2006-10-17 17:04:46 C:\WINDOWS\system32\occache.dll
----a-w 153,088 2006-10-11 16:24:45 C:\WINDOWS\system32\p2p.dll
----a-w 104,960 2006-10-11 16:24:45 C:\WINDOWS\system32\p2pgasvc.dll
----a-w 313,344 2006-10-11 16:24:45 C:\WINDOWS\system32\p2pgraph.dll
----a-w 116,224 2006-10-11 16:24:45 C:\WINDOWS\system32\p2pnetsh.dll
----a-w 553,984 2006-10-11 16:24:45 C:\WINDOWS\system32\p2psvc.dll
----a-w 71,370 2007-09-06 00:49:43 C:\WINDOWS\system32\perfc009.dat
----a-w 439,832 2007-09-06 00:49:43 C:\WINDOWS\system32\perfh009.dat
------w 412,160 2006-10-24 17:30:20 C:\WINDOWS\system32\photometadatahandler.dll
------w 84,480 2005-10-29 04:49:42 C:\WINDOWS\system32\pintool.exe
----a-w 44,544 2006-10-17 16:58:08 C:\WINDOWS\system32\pngfilt.dll
----a-w 58,880 2006-10-11 16:24:45 C:\WINDOWS\system32\pnrpnsp.dll
------w 284,160 2006-10-19 02:47:18 C:\WINDOWS\system32\PortableDeviceApi.dll
------w 101,888 2006-10-19 02:47:18 C:\WINDOWS\system32\PortableDeviceClassExtension.dll
------w 166,912 2006-10-19 02:47:18 C:\WINDOWS\system32\PortableDeviceTypes.dll
------w 132,096 2006-10-19 02:47:18 C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
------w 199,168 2006-10-19 02:47:18 C:\WINDOWS\system32\PortableDeviceWMDRM.dll
----a-w 104,224 2006-10-21 02:29:52 C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
----a-w 344,352 2006-10-21 02:29:58 C:\WINDOWS\system32\PresentationHost.exe
----a-w 20,768 2006-10-21 02:29:46 C:\WINDOWS\system32\PresentationHostProxy.dll
----a-w 769,312 2006-10-21 02:30:02 C:\WINDOWS\system32\PresentationNative_v0300.dll
------w 124,416 2006-10-14 21:43:38 C:\WINDOWS\system32\prntvpt.dll
----a-w 211,456 2006-10-19 02:47:18 C:\WINDOWS\system32\qasf.dll
----a-w 150,808 2006-08-24 21:15:06 C:\WINDOWS\system32\rgb9rast_2.dll
----a-w 1,498,112 2007-06-15 08:12:30 C:\WINDOWS\system32\shdocvw.dll
----a-w 474,112 2007-06-15 08:12:30 C:\WINDOWS\system32\shlwapi.dll
------w 14,640 2006-10-16 21:10:58 C:\WINDOWS\system32\spmsg.dll
----a-w 23,856 2006-10-16 21:10:58 C:\WINDOWS\system32\spupdsvc.exe
----a-w 159,008 2006-10-21 02:29:54 C:\WINDOWS\system32\UIAutomationCore.dll
----a-w 105,984 2006-10-17 17:05:22 C:\WINDOWS\system32\url.dll
----a-w 1,162,240 2006-11-08 02:03:36 C:\WINDOWS\system32\urlmon.dll
----a-w 8,704 2006-10-19 02:58:00 C:\WINDOWS\system32\uwdf.exe
----a-w 413,696 2006-11-08 02:03:36 C:\WINDOWS\system32\vbscript.dll
----a-w 4,096 2006-10-19 02:47:18 C:\WINDOWS\system32\wdfapi.dll
----a-w 8,704 2006-10-19 02:58:00 C:\WINDOWS\system32\wdfmgr.exe
----a-w 49,152 2006-03-24 04:37:50 C:\WINDOWS\system32\wdigest.dll
----a-w 231,424 2006-11-08 02:03:36 C:\WINDOWS\system32\webcheck.dll
------w 716,288 2006-10-24 17:30:06 C:\WINDOWS\system32\WindowsCodecs.dll
------w 352,256 2006-10-24 17:29:50 C:\WINDOWS\system32\WindowsCodecsExt.dll
------w 206,336 2006-10-17 17:05:58 C:\WINDOWS\system32\WinFXDocObj.exe
----a-w 818,688 2006-11-08 02:03:36 C:\WINDOWS\system32\wininet.dll
----a-w 757,248 2006-10-19 02:47:18 C:\WINDOWS\system32\WMADMOD.dll
----a-w 1,117,696 2006-10-19 02:47:18 C:\WINDOWS\system32\WMADMOE.dll
----a-w 222,208 2006-10-19 02:47:18 C:\WINDOWS\system32\WMASF.dll
----a-w 33,792 2006-10-19 02:47:18 C:\WINDOWS\system32\wmdmlog.dll
----a-w 37,376 2006-10-19 02:47:18 C:\WINDOWS\system32\wmdmps.dll
----a-w 429,056 2006-10-19 02:47:18 C:\WINDOWS\system32\wmdrmdev.dll
----a-w 348,672 2006-10-19 02:47:20 C:\WINDOWS\system32\wmdrmnet.dll
------w 535,040 2006-10-19 02:47:20 C:\WINDOWS\system32\wmdrmsdk.dll
----a-w 227,328 2006-10-19 02:47:20 C:\WINDOWS\system32\wmerror.dll
----a-w 157,184 2006-10-19 02:47:20 C:\WINDOWS\system32\wmidx.dll
----a-w 937,984 2006-10-19 02:47:20 C:\WINDOWS\system32\WMNetMgr.dll
------w 10,834,432 2006-10-19 02:47:20 C:\WINDOWS\system32\wmp.dll
----a-w 242,688 2006-10-19 02:47:20 C:\WINDOWS\system32\wmpasf.dll
----a-w 314,880 2006-10-19 02:47:20 C:\WINDOWS\system32\wmpdxm.dll
------w 295,936 2006-10-19 02:47:20 C:\WINDOWS\system32\wmpeffects.dll
----a-w 1,661,440 2006-10-19 02:47:20 C:\WINDOWS\system32\wmpencen.dll
------w 276,992 2006-10-24 17:30:00 C:\WINDOWS\system32\WMPhoto.dll
----a-w 8,231,936 2006-10-19 02:47:20 C:\WINDOWS\system32\wmploc.dll
------w 613,376 2006-10-19 02:47:20 C:\WINDOWS\system32\wmpmde.dll
------w 130,048 2006-10-19 02:47:20 C:\WINDOWS\system32\wmpps.dll
----a-w 99,840 2006-10-19 02:47:20 C:\WINDOWS\system32\wmpshell.dll
----a-w 204,288 2006-10-19 02:47:20 C:\WINDOWS\system32\wmpsrcwp.dll
----a-w 4,096 2006-10-19 02:47:22 C:\WINDOWS\system32\wmsdmod.dll
----a-w 4,096 2006-10-19 02:47:22 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 603,648 2006-10-19 02:47:22 C:\WINDOWS\system32\WMSPDMOD.dll
----a-w 1,329,152 2006-10-19 02:47:22 C:\WINDOWS\system32\WMSPDMOE.dll
----a-w 4,096 2006-10-19 02:47:22 C:\WINDOWS\system32\WMVADVD.dll
----a-w 4,096 2006-10-19 02:47:22 C:\WINDOWS\system32\WMVADVE.DLL
----a-w 2,450,944 2006-10-19 02:47:22 C:\WINDOWS\system32\wmvcore.dll
------w 1,543,680 2006-10-19 02:47:22 C:\WINDOWS\system32\WMVDECOD.dll
----a-w 4,096 2006-10-19 02:47:22 C:\WINDOWS\system32\wmvdmod.dll
----a-w 4,096 2006-10-19 02:47:22 C:\WINDOWS\system32\wmvdmoe2.dll
------w 1,574,912 2006-10-19 02:47:22 C:\WINDOWS\system32\WMVENCOD.dll
------w 1,382,912 2006-10-19 02:47:22 C:\WINDOWS\system32\WMVSDECD.dll
------w 767,488 2006-10-19 02:47:22 C:\WINDOWS\system32\WMVSENCD.dll
------w 656,896 2006-10-19 02:47:22 C:\WINDOWS\system32\WMVXENCD.dll
----a-w 35,840 2006-10-19 02:47:22 C:\WINDOWS\system32\wpdconns.dll
----a-w 154,624 2006-10-19 02:47:22 C:\WINDOWS\system32\wpdmtp.dll
----a-w 63,488 2006-10-19 02:47:22 C:\WINDOWS\system32\wpdmtpus.dll
------w 2,603,008 2006-10-19 02:47:22 C:\WINDOWS\system32\WpdShext.dll
------w 17,408 2006-10-19 01:00:14 C:\WINDOWS\system32\wpdshextautoplay.exe
------w 38,400 2006-10-19 02:47:22 C:\WINDOWS\system32\wpdshextres.dll
------w 133,632 2006-10-19 02:47:22 C:\WINDOWS\system32\WPDShServiceObj.dll
----a-w 356,352 2006-10-19 02:47:22 C:\WINDOWS\system32\wpdsp.dll
----a-w 629,760 2006-10-19 02:47:22 C:\WINDOWS\system32\wpd_ci.dll
------w 95,344 2006-09-29 01:13:26 C:\WINDOWS\system32\WUDFCoinstaller.dll
------w 146,432 2006-09-28 23:56:38 C:\WINDOWS\system32\WudfHost.exe
------w 165,376 2006-09-28 23:56:16 C:\WINDOWS\system32\WudfPlatform.dll
------w 55,808 2006-09-28 23:56:14 C:\WINDOWS\system32\WudfSvc.dll
------w 316,416 2006-09-28 23:56:38 C:\WINDOWS\system32\WUDFx.dll
------w 121,856 2006-07-14 15:51:51 C:\WINDOWS\system32\xmllite.dll
----a-w 350,720 2007-06-14 10:08:46 C:\WINDOWS\system32\xpsp3res.dll
------w 580,352 2006-10-15 01:21:58 C:\WINDOWS\system32\XPSSHHDR.dll
------w 1,698,048 2006-10-15 01:22:00 C:\WINDOWS\system32\XpsSvcs.dll
-c----w 71,680 2006-11-07 08:26:44 C:\WINDOWS\system32\dllcache\admparse.dll
-c----w 123,904 2006-11-07 08:26:24 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 7,168 2006-10-19 02:47:08 C:\WINDOWS\system32\dllcache\asferror.dll
-c--a-w 542,720 2006-10-19 02:47:10 C:\WINDOWS\system32\dllcache\blackbox.dll
-c----w 1,022,976 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\browseui.dll
-c----w 151,040 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\cdfview.dll
-c--a-w 229,376 2006-10-19 02:47:10 C:\WINDOWS\system32\dllcache\cewmdm.dll
-c----w 17,408 2006-10-17 17:03:56 C:\WINDOWS\system32\dllcache\corpol.dll
-c--a-w 33,792 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\custsat.dll
-c----w 1,054,208 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\danim.dll
-c--a-w 991,744 2006-10-19 02:47:10 C:\WINDOWS\system32\dllcache\drmv2clt.dll
-c--a-w 346,624 2006-10-17 16:58:06 C:\WINDOWS\system32\dllcache\dxtmsft.dll
-c--a-w 214,528 2006-10-17 16:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 131,584 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 27,648 2006-10-14 21:43:18 C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
-c----w 60,416 2006-10-17 16:44:36 C:\WINDOWS\system32\dllcache\hmmapi.dll
-c----w 54,784 2006-11-07 08:26:28 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 152,064 2006-11-07 08:26:56 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 229,376 2006-11-07 08:27:02 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c----w 161,792 2006-11-07 08:25:14 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 382,976 2006-11-07 08:27:10 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 69,120 2006-10-17 17:04:50 C:\WINDOWS\system32\dllcache\iedw.exe
-c----w 78,336 2006-10-17 17:06:00 C:\WINDOWS\system32\dllcache\ieencode.dll
-c--a-w 191,488 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\iepeers.dll
-c----w 43,008 2006-11-07 08:26:28 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 55,296 2006-11-07 08:26:42 C:\WINDOWS\system32\dllcache\iesetup.dll
-c----w 622,080 2006-10-17 17:04:40 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 36,352 2006-10-17 16:57:58 C:\WINDOWS\system32\dllcache\imgutil.dll
-c--a-w 92,672 2006-11-07 08:26:24 C:\WINDOWS\system32\dllcache\inseng.dll
-c--a-w 491,520 2006-10-17 17:00:00 C:\WINDOWS\system32\dllcache\jscript.dll
-c--a-w 27,136 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c--a-w 11,264 2006-10-19 02:47:14 C:\WINDOWS\system32\dllcache\LAPRXY.dll
-c----w 40,960 2006-10-17 17:05:10 C:\WINDOWS\system32\dllcache\licmgr10.dll
-c--a-w 100,864 2006-10-19 01:03:58 C:\WINDOWS\system32\dllcache\logagent.exe
-c--a-w 243,712 2006-10-19 02:47:14 C:\WINDOWS\system32\dllcache\mpvis.dll
-c----w 45,568 2006-10-17 16:56:10 C:\WINDOWS\system32\dllcache\mshta.exe
-c--a-w 3,577,856 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 475,648 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 48,128 2006-10-17 16:28:56 C:\WINDOWS\system32\dllcache\mshtmler.dll
-c----w 156,160 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\msls31.dll
-c--a-w 179,712 2006-10-19 02:47:16 C:\WINDOWS\system32\dllcache\msnetobj.dll
-c--a-w 27,136 2006-10-19 02:47:16 C:\WINDOWS\system32\dllcache\mspmsnsv.dll
-c--a-w 175,616 2006-10-19 02:47:16 C:\WINDOWS\system32\dllcache\mspmsp.dll
-c--a-w 192,000 2006-10-17 17:05:10 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 414,208 2006-10-19 02:47:16 C:\WINDOWS\system32\dllcache\msscp.dll
-c--a-w 670,720 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 321,536 2006-10-19 02:47:16 C:\WINDOWS\system32\dllcache\mswmdm.dll
-c----w 101,376 2006-10-17 17:04:46 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 153,088 2006-10-11 16:24:45 C:\WINDOWS\system32\dllcache\p2p.dll
-c----w 104,960 2006-10-11 16:24:45 C:\WINDOWS\system32\dllcache\p2pgasvc.dll
-c----w 313,344 2006-10-11 16:24:45 C:\WINDOWS\system32\dllcache\p2pgraph.dll
-c----w 116,224 2006-10-11 16:24:45 C:\WINDOWS\system32\dllcache\p2pnetsh.dll
-c----w 553,984 2006-10-11 16:24:45 C:\WINDOWS\system32\dllcache\p2psvc.dll
-c--a-w 44,544 2006-10-17 16:58:08 C:\WINDOWS\system32\dllcache\pngfilt.dll
-c----w 58,880 2006-10-11 16:24:45 C:\WINDOWS\system32\dllcache\pnrpnsp.dll
-c----w 671,744 2006-10-14 21:44:44 C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
-c--a-w 211,456 2006-10-19 02:47:18 C:\WINDOWS\system32\dllcache\qasf.dll
-c--a-w 1,669,120 2006-11-01 23:31:38 C:\WINDOWS\system32\dllcache\setup_wm.exe
-c----w 1,498,112 2007-06-15 08:12:30 C:\WINDOWS\system32\dllcache\shdocvw.dll
-c----w 474,112 2007-06-15 08:12:30 C:\WINDOWS\system32\dllcache\shlwapi.dll
-c--a-w 315,904 2006-11-01 23:31:34 C:\WINDOWS\system32\dllcache\unregmp2.exe
-c----w 105,984 2006-10-17 17:05:22 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,162,240 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 413,696 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\vbscript.dll
-c--a-w 765,952 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\VGX.dll
-c----w 231,424 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 818,688 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\wininet.dll
-c--a-w 757,248 2006-10-19 02:47:18 C:\WINDOWS\system32\dllcache\WMADMOD.dll
-c--a-w 1,117,696 2006-10-19 02:47:18 C:\WINDOWS\system32\dllcache\WMADMOE.dll
-c--a-w 222,208 2006-10-19 02:47:18 C:\WINDOWS\system32\dllcache\WMASF.dll
-c--a-w 33,792 2006-10-19 02:47:18 C:\WINDOWS\system32\dllcache\wmdmlog.dll
-c--a-w 37,376 2006-10-19 02:47:18 C:\WINDOWS\system32\dllcache\wmdmps.dll
-c--a-w 227,328 2006-10-19 02:47:20 C:\WINDOWS\system32\dllcache\wmerror.dll
-c--a-w 157,184 2006-10-19 02:47:20 C:\WINDOWS\system32\dllcache\wmidx.dll
-c--a-w 937,984 2006-10-19 02:47:20 C:\WINDOWS\system32\dllcache\WMNetMgr.dll
-c--a-w 10,834,432 2006-10-19 02:47:20 C:\WINDOWS\system32\dllcache\wmp.dll
-c--a-w 242,688 2006-10-19 02:47:20 C:\WINDOWS\system32\dllcache\wmpasf.dll
-c--a-w 96,256 2006-10-19 02:47:20 C:\WINDOWS\system32\dllcache\wmpband.dll
-c--a-w 314,880 2006-10-19 02:47:20 C:\WINDOWS\system32\dllcache\wmpdxm.dll
-c--a-w 64,000 2006-10-19 02:46:20 C:\WINDOWS\system32\dllcache\wmplayer.exe
-c--a-w 8,231,936 2006-10-19 02:47:20 C:\WINDOWS\system32\dllcache\wmploc.dll
-c--a-w 99,840 2006-10-19 02:47:20 C:\WINDOWS\system32\dllcache\wmpshell.dll
-c--a-w 4,096 2006-10-19 02:47:22 C:\WINDOWS\system32\dllcache\wmsdmod.dll
-c--a-w 4,096 2006-10-19 02:47:22 C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
-c--a-w 603,648 2006-10-19 02:47:22 C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
-c--a-w 1,329,152 2006-10-19 02:47:22 C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
-c--a-w 2,450,944 2006-10-19 02:47:22 C:\WINDOWS\system32\dllcache\wmvcore.dll
-c--a-w 4,096 2006-10-19 02:47:22 C:\WINDOWS\system32\dllcache\wmvdmod.dll
-c--a-w 4,096 2006-10-19 02:47:22 C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
-c----w 580,352 2006-10-15 01:21:58 C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
-c----w 1,698,048 2006-10-15 01:22:00 C:\WINDOWS\system32\dllcache\XpsSvcs.dll
----a-w 95,488 2007-06-01 19:28:38 C:\WINDOWS\system32\drivers\Rtnicxp.sys
----a-w 38,528 2006-10-19 01:00:00 C:\WINDOWS\system32\drivers\wpdusb.sys
------w 77,568 2006-09-28 23:55:50 C:\WINDOWS\system32\drivers\WudfPf.sys
------w 82,944 2006-09-29 00:00:34 C:\WINDOWS\system32\drivers\WudfRd.sys
------w 671,232 2006-10-19 02:47:22 C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
----a-w 6,144 2005-09-23 12:29:00 C:\WINDOWS\system32\mui\0409\mscorees.dll
----a-w 67,712 2003-11-07 18:28:34 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\Rtlnic51.sys
----a-w 751,104 2006-10-14 21:43:18 C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
----a-w 131,584 2006-10-14 21:42:40 C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
----a-w 376,320 2006-10-14 21:42:18 C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
----a-w 510,464 2006-10-14 21:42:28 C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
----a-w 619,008 2006-10-14 21:40:36 C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
----a-w 1,698,048 2006-10-15 01:22:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
----a-w 27,648 2006-10-14 21:43:18 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
------w 671,744 2006-10-14 21:44:44 C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
----a-w 34,304 2006-10-14 22:13:02 C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
----a-w 737,792 2006-10-14 22:12:14 C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
----a-w 2,946,304 2006-10-15 01:09:04 C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
----a-w 737,792 2006-10-14 22:12:14 C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
----a-w 2,946,304 2006-10-15 01:09:04 C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
----a-w 751,104 2006-10-14 21:43:18 C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
----a-w 1,698,048 2006-10-15 01:22:00 C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
----a-w 751,104 2006-10-14 21:43:18 C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
----a-w 1,698,048 2006-10-15 01:22:00 C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
------w 17,920 2005-04-27 23:15:36 C:\WINDOWS\system32\usmt\cobramsg.dll
----a-w 133,120 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\guitrn.dll
------w 115,200 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\guitrna.dll
----a-w 19,968 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\log.dll
----a-w 274,432 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\migism.dll
------w 261,120 2005-04-28 17:16:30 C:\WINDOWS\system32\usmt\migisma.dll
----a-w 103,424 2005-04-28 00:12:58 C:\WINDOWS\system32\usmt\migload.exe
----a-w 245,248 2005-04-28 00:12:57 C:\WINDOWS\system32\usmt\migwiz.exe
------w 241,152 2005-04-28 00:12:57 C:\WINDOWS\system32\usmt\migwiza.exe
----a-w 215,552 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\script.dll
------w 199,680 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\scripta.dll
----a-w 193,024 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\sysmod.dll
------w 173,568 2005-04-28 19:16:29 C:\WINDOWS\system32\usmt\sysmoda.dll
----a-w 304,928 2006-10-21 02:29:54 C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
----atw 16,384 2007-09-06 00:50:43 C:\WINDOWS\Temp\Perflib_Perfdata_56c.dat
----atw 16,384 2007-09-06 01:01:26 C:\WINDOWS\Temp\Perflib_Perfdata_814.dat
----a-w 479,232 2005-09-23 12:29:16 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
----a-w 548,864 2005-09-23 12:29:16 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
----a-w 626,688 2005-09-23 12:29:16 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
----a-w 258,048 2007-09-06 00:39:11 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-09-06 00:39:11 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

-c----w 1,023,488 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143$\browseui.dll
-c----w 151,040 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143$\cdfview.dll
-c----w 1,054,208 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143$\danim.dll
-c----w 357,888 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143$\dxtmsft.dll
-c----w 205,312 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143$\dxtrans.dll
-c----w 55,808 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143$\extmgr.dll
-c----w 18,432 2007-04-18 10:22:13 C:\WINDOWS\$NtUninstallKB937143$\iedw.exe
-c----w 251,392 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143$\iepeers.dll
-c----w 96,256 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143$\inseng.dll
-c----w 16,384 2007-04-18 12:31:37 C:\WINDOWS\$NtUninstallKB937143$\jsproxy.dll
-c----w 3,058,688 2007-05-04 12:29:16 C:\WINDOWS\$NtUninstallKB937143$\mshtml.dll
-c----w 449,024 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143$\mshtmled.dll
-c----w 146,432 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143$\msrating.dll
-c----w 532,480 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143$\mstime.dll
-c----w 39,424 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143$\pngfilt.dll
-c----w 1,494,528 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143$\shdocvw.dll
-c----w 474,112 2007-04-18 12:31:38 C:\WINDOWS\$NtUninstallKB937143$\shlwapi.dll
-c----w 615,424 2007-04-18 12:31:39 C:\WINDOWS\$NtUninstallKB937143$\urlmon.dll
-c----w 658,944 2007-04-18 12:31:39 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
-c----w 115,200 2007-04-18 09:51:25 C:\WINDOWS\$NtUninstallKB937143$\xpsp3res.dll
----a-w 7,168 2007-04-12 16:01:15 C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 32,768 2007-04-12 16:01:11 C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 716,800 2007-04-12 16:01:07 C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 299,008 2007-04-12 16:01:07 C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 32,768 2007-04-12 16:01:15 C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
----a-w 1,216,512 2007-04-12 16:01:13 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
----a-w 1,290,240 2007-04-12 16:01:12 C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
----a-w 299,008 2007-04-12 16:01:16 C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 1,699,840 2007-04-12 16:01:12 C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 86,016 2007-04-12 16:01:12 C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 466,944 2007-04-12 16:01:13 C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 241,664 2007-04-12 16:01:13 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 64,000 2007-04-12 16:01:13 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
----a-w 368,640 2007-04-12 16:01:13 C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 241,664 2007-04-12 16:01:13 C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 323,584 2007-04-12 16:01:14 C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-04-12 16:01:14 C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 77,824 2007-04-12 16:01:14 C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 126,976 2007-04-12 16:01:14 C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 1,245,184 2007-04-12 16:01:14 C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 819,200 2007-04-12 16:01:16 C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 57,344 2007-04-12 16:01:14 C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 569,344 2007-04-12 16:01:14 C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 2,039,808 2007-04-12 16:01:15 C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 1,335,296 2007-04-12 16:01:15 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
----a-w 192,512 2005-01-28 19:44:28 C:\WINDOWS\inf\unregmp2.exe
----a-w 57,344 2003-02-21 00:09:46 C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
----a-w 5,120 2003-02-21 00:09:32 C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
----a-w 131,072 2003-02-20 23:43:50 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w 253,952 2003-02-21 00:19:32 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
----a-w 20,480 2003-02-21 00:19:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
----a-w 32,768 2003-02-21 00:19:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
----a-w 32,768 2003-02-21 00:19:36 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
----a-w 77,824 2003-02-21 00:09:08 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
----a-w 49,152 2003-02-21 15:20:44 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
----a-w 626,688 2003-02-21 15:21:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
----a-w 282,624 2003-02-21 00:06:20 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
----a-w 7,168 2003-02-21 12:24:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
----a-w 32,768 2003-02-21 12:24:40 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
----a-w 196,608 2003-02-21 00:09:40 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
----a-w 716,800 2003-02-21 12:26:36 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
----a-w 299,008 2003-02-21 12:26:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
----a-w 49,152 2003-02-21 12:25:04 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
----a-w 49,152 2003-02-21 12:25:04 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
----a-w 77,824 2003-02-21 00:09:12 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
----a-w 233,472 2003-02-21 00:09:12 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
----a-w 311,296 2003-02-21 00:06:32 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
----a-w 98,304 2003-02-21 00:09:16 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
----a-w 2,088,960 2003-02-21 12:26:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
----a-w 143,360 2003-02-21 00:09:18 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
----a-w 81,920 2003-02-21 00:09:18 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
----a-w 2,494,464 2003-02-21 00:07:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
----a-w 2,482,176 2003-02-21 00:08:32 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
----a-w 90,112 2003-02-21 00:09:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
----a-w 32,768 2003-02-21 12:26:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
----a-w 319,488 2003-02-21 00:09:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
----a-w 1,290,240 2003-02-21 12:26:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
----a-w 299,008 2003-02-21 12:25:42 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
----a-w 1,699,840 2003-02-21 12:26:42 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
----a-w 86,016 2003-02-21 12:26:44 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
----a-w 1,216,512 2003-02-21 12:26:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
----a-w 466,944 2003-02-21 12:26:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
----a-w 241,664 2003-02-21 12:26:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
----a-w 64,000 2003-02-21 00:09:36 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
----a-w 368,640 2003-02-21 12:26:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
----a-w 241,664 2003-02-21 12:26:54 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
----a-w 323,584 2003-02-21 12:26:56 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
----a-w 131,072 2003-02-21 12:26:56 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 77,824 2003-02-21 12:26:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
----a-w 126,976 2003-02-21 12:27:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
----a-w 1,245,184 2003-02-21 12:27:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
----a-w 819,200 2003-02-21 12:27:06 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
----a-w 57,344 2003-02-21 12:24:18 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
----a-w 569,344 2003-02-21 12:27:06 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
----a-w 2,039,808 2003-02-21 12:27:08 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
----a-w 1,335,296 2003-02-21 12:27:10 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
----a-w 737,280 2003-02-21 15:20:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
----a-w 1,032,192 2003-02-21 10:04:18 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
----a-w 31,744 2003-02-21 01:10:40 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
----a-w 61,440 2004-08-04 05:56:42 C:\WINDOWS\system32\admparse.dll
----a-w 99,840 2004-08-04 05:56:42 C:\WINDOWS\system32\advpack.dll
----a-w 8,192 2005-01-28 19:44:28 C:\WINDOWS\system32\asferror.dll
----a-w 484,352 2005-01-28 19:44:28 C:\WINDOWS\system32\Audiodev.dll
----a-w 294,912 2005-01-28 19:44:28 C:\WINDOWS\system32\blackbox.dll
----a-w 1,023,488 2007-06-14 18:09:18 C:\WINDOWS\system32\browseui.dll
----a-w 151,040 2007-06-14 18:09:18 C:\WINDOWS\system32\cdfview.dll
----a-w 164,864 2005-01-28 19:44:28 C:\WINDOWS\system32\cewmdm.dll
----a-w 35,328 2004-08-04 05:56:42 C:\WINDOWS\system32\corpol.dll
----a-w 1,054,208 2007-06-14 18:09:18 C:\WINDOWS\system32\danim.dll
----a-w 502,272 2005-01-28 19:44:28 C:\WINDOWS\system32\drmv2clt.dll
----a-w 357,888 2007-06-14 18:09:18 C:\WINDOWS\system32\dxtmsft.dll
----a-w 205,312 2007-06-14 18:09:19 C:\WINDOWS\system32\dxtrans.dll
------w 55,808 2007-06-14 18:09:19 C:\WINDOWS\system32\extmgr.dll
----a-w 169,096 2007-05-13 19:12:12 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 34,304 2004-08-04 05:56:52 C:\WINDOWS\system32\ie4uinit.exe
----a-w 139,264 2004-08-04 05:56:44 C:\WINDOWS\system32\ieakeng.dll
----a-w 216,576 2004-08-04 05:56:44 C:\WINDOWS\system32\ieaksie.dll
----a-w 221,184 2003-03-31 12:00:00 C:\WINDOWS\system32\ieakui.dll
----a-w 323,584 2004-08-04 05:56:44 C:\WINDOWS\system32\iedkcs32.dll
------w 81,920 2004-08-04 05:56:44 C:\WINDOWS\system32\ieencode.dll
----a-w 251,392 2007-06-14 18:09:19 C:\WINDOWS\system32\iepeers.dll
----a-w 48,640 2004-08-04 05:56:44 C:\WINDOWS\system32\iernonce.dll
----a-w 62,976 2004-08-04 05:56:44 C:\WINDOWS\system32\iesetup.dll
----a-w 35,840 2004-08-04 05:56:44 C:\WINDOWS\system32\imgutil.dll
----a-w 96,256 2007-06-14 18:09:19 C:\WINDOWS\system32\inseng.dll
----a-w 24,673 2003-08-19 23:41:26 C:\WINDOWS\system32\java.exe
----a-w 28,771 2003-08-19 23:41:28 C:\WINDOWS\system32\javaw.exe
----a-w 450,560 2006-05-18 05:24:25 C:\WINDOWS\system32\jscript.dll
----a-w 16,384 2007-06-14 18:09:19 C:\WINDOWS\system32\jsproxy.dll
----a-w 6,656 2005-01-28 19:44:28 C:\WINDOWS\system32\laprxy.dll
------w 571,184 2006-06-19 21:19:42 C:\WINDOWS\system32\LegitCheckControl.dll
----a-w 22,016 2004-08-04 05:56:44 C:\WINDOWS\system32\licmgr10.dll
----a-w 96,768 2005-01-28 19:44:28 C:\WINDOWS\system32\logagent.exe
----a-w 310,272 2004-08-04 05:56:44 C:\WINDOWS\system32\mp43dmod.dll
----a-w 384,512 2004-08-04 05:56:44 C:\WINDOWS\system32\mp4sdmod.dll
----a-w 240,640 2004-08-04 05:56:44 C:\WINDOWS\system32\mpg4dmod.dll
----a-w 155,648 2003-02-21 00:06:24 C:\WINDOWS\system32\mscoree.dll
----a-w 16,896 2003-02-20 23:43:38 C:\WINDOWS\system32\mscorier.dll
----a-w 106,496 2003-02-21 00:09:14 C:\WINDOWS\system32\mscories.dll
----a-w 29,184 2004-08-04 05:56:54 C:\WINDOWS\system32\mshta.exe
----a-w 3,058,688 2007-06-14 18:09:20 C:\WINDOWS\system32\mshtml.dll
----a-w 449,024 2007-06-14 18:09:19 C:\WINDOWS\system32\mshtmled.dll
----a-w 56,832 2004-08-04 05:56:16 C:\WINDOWS\system32\mshtmler.dll
----a-w 146,432 2003-03-31 12:00:00 C:\WINDOWS\system32\msls31.dll
----a-w 142,336 2005-01-28 19:44:28 C:\WINDOWS\system32\msnetobj.dll
----a-w 25,088 2005-01-28 19:44:28 C:\WINDOWS\system32\MsPMSNSv.dll
----a-w 173,568 2005-01-28 19:44:28 C:\WINDOWS\system32\MsPMSP.dll
----a-w 146,432 2007-06-14 18:09:19 C:\WINDOWS\system32\msrating.dll
----a-w 366,832 2005-06-26 19:13:36 C:\WINDOWS\system32\msscp.dll
----a-w 532,480 2007-06-14 18:09:20 C:\WINDOWS\system32\mstime.dll
----a-w 407,552 2004-08-04 03:59:42 C:\WINDOWS\system32\mstsc.exe
----a-w 655,360 2004-08-04 03:59:44 C:\WINDOWS\system32\mstscax.dll
----a-w 315,904 2005-01-28 19:44:28 C:\WINDOWS\system32\MSWMDM.dll
----a-w 96,256 2004-08-04 05:56:46 C:\WINDOWS\system32\occache.dll
------w 116,224 2004-08-04 05:56:46 C:\WINDOWS\system32\p2p.dll
------w 86,016 2004-08-04 05:56:46 C:\WINDOWS\system32\p2pgasvc.dll
------w 312,320 2004-08-04 05:56:46 C:\WINDOWS\system32\p2pgraph.dll
------w 88,064 2004-08-04 05:56:46 C:\WINDOWS\system32\p2pnetsh.dll
------w 526,848 2004-08-04 05:56:46 C:\WINDOWS\system32\p2psvc.dll
----a-w 54,010 2007-04-12 16:03:02 C:\WINDOWS\system32\perfc009.dat
----a-w 383,822 2007-04-12 16:03:02 C:\WINDOWS\system32\perfh009.dat
----a-w 39,424 2007-06-14 18:09:20 C:\WINDOWS\system32\pngfilt.dll
------w 48,640 2004-08-04 05:56:46 C:\WINDOWS\system32\pnrpnsp.dll
----a-w 221,184 2005-01-28 19:44:28 C:\WINDOWS\system32\qasf.dll
----a-w 1,494,528 2007-06-14 18:09:20 C:\WINDOWS\system32\shdocvw.dll
----a-w 474,112 2007-06-14 18:09:20 C:\WINDOWS\system32\shlwapi.dll
------w 14,048 2007-03-06 01:22:36 C:\WINDOWS\system32\spmsg.dll
----a-w 22,752 2005-06-28 15:21:34 C:\WINDOWS\system32\spupdsvc.exe
----a-w 37,888 2004-08-04 05:56:48 C:\WINDOWS\system32\url.dll
----a-w 615,424 2007-06-14 18:09:20 C:\WINDOWS\system32\urlmon.dll
----a-w 47,104 2005-01-28 19:44:28 C:\WINDOWS\system32\uwdf.exe
----a-w 417,792 2004-08-04 05:56:48 C:\WINDOWS\system32\vbscript.dll
----a-w 15,872 2005-01-28 19:44:28 C:\WINDOWS\system32\wdfapi.dll
----a-w 38,912 2005-01-28 19:44:28 C:\WINDOWS\system32\wdfmgr.exe
----a-w 49,152 2004-08-04 05:56:48 C:\WINDOWS\system32\wdigest.dll
----a-w 276,480 2004-08-04 05:56:48 C:\WINDOWS\system32\webcheck.dll
----a-w 658,944 2007-06-26 14:09:10 C:\WINDOWS\system32\wininet.dll
----a-w 396,528 2005-01-28 19:44:28 C:\WINDOWS\system32\wmadmod.dll
----a-w 716,288 2005-01-28 19:44:28 C:\WINDOWS\system32\wmadmoe.dll
----a-w 224,768 2005-01-28 19:44:28 C:\WINDOWS\system32\wmasf.dll
----a-w 28,160 2005-01-28 19:44:28 C:\WINDOWS\system32\WMDMLOG.dll
----a-w 33,792 2005-01-28 19:44:28 C:\WINDOWS\system32\WMDMPS.dll
----a-w 335,872 2005-01-28 19:44:28 C:\WINDOWS\system32\WMDRMdev.dll
----a-w 290,816 2005-01-28 19:44:28 C:\WINDOWS\system32\WMDRMNet.dll
----a-w 189,440 2005-01-28 19:44:28 C:\WINDOWS\system32\wmerror.dll
----a-w 150,016 2005-01-28 19:44:28 C:\WINDOWS\system32\wmidx.dll
----a-w 1,027,072 2005-01-28 19:44:28 C:\WINDOWS\system32\wmnetmgr.dll
------w 5,537,792 2007-04-30 13:20:24 C:\WINDOWS\system32\wmp.dll
----a-w 135,168 2005-01-28 19:44:28 C:\WINDOWS\system32\wmpasf.dll
----a-w 282,624 2005-01-28 19:44:28 C:\WINDOWS\system32\wmpdxm.dll
----a-w 1,594,880 2005-01-28 19:44:28 C:\WINDOWS\system32\wmpencen.dll
----a-w 3,371,008 2005-01-28 19:44:28 C:\WINDOWS\system32\wmploc.dll
----a-w 86,016 2005-01-28 19:44:28 C:\WINDOWS\system32\wmpshell.dll
----a-w 175,104 2005-01-28 19:44:28 C:\WINDOWS\system32\wmpsrcwp.dll
----a-w 774,904 2005-01-28 19:44:28 C:\WINDOWS\system32\wmsdmod.dll
----a-w 1,119,744 2005-01-28 19:44:28 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 413,944 2005-01-28 19:44:28 C:\WINDOWS\system32\wmspdmod.dll
----a-w 940,544 2005-01-28 19:44:28 C:\WINDOWS\system32\wmspdmoe.dll
----a-w 1,218,808 2005-01-28 19:44:28 C:\WINDOWS\system32\wmvadvd.dll
----a-w 1,512,448 2005-01-28 19:44:28 C:\WINDOWS\system32\WMVADVE.DLL
----a-w 2,374,472 2006-12-07 05:29:34 C:\WINDOWS\system32\wmvcore.dll
----a-w 895,736 2005-01-28 19:44:28 C:\WINDOWS\system32\wmvdmod.dll
----a-w 1,003,008 2005-01-28 19:44:28 C:\WINDOWS\system32\wmvdmoe2.dll
----a-w 61,952 2005-01-28 19:44:28 C:\WINDOWS\system32\wpdconns.dll
----a-w 114,176 2005-01-28 19:44:28 C:\WINDOWS\system32\wpdmtp.dll
----a-w 66,560 2005-01-28 19:44:28 C:\WINDOWS\system32\wpdmtpus.dll
----a-w 331,264 2005-01-28 19:44:28 C:\WINDOWS\system32\wpdsp.dll
----a-w 38,912 2005-01-28 19:44:28 C:\WINDOWS\system32\wpd_ci.dll
----a-w 115,712 2007-06-14 13:39:54 C:\WINDOWS\system32\xpsp3res.dll
-c--a-w 8,192 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\asferror.dll
-c--a-w 294,912 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\blackbox.dll
-c----w 1,023,488 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\browseui.dll
-c----w 151,040 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\cdfview.dll
-c--a-w 164,864 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\cewmdm.dll
-c--a-w 28,672 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\custsat.dll
-c----w 1,054,208 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\danim.dll
-c--a-w 502,272 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\drmv2clt.dll
-c----w 357,888 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\dxtmsft.dll
-c----w 205,312 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 55,808 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 18,432 2007-06-14 14:07:24 C:\WINDOWS\system32\dllcache\iedw.exe
-c----w 251,392 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\iepeers.dll
-c----w 96,256 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\inseng.dll
-c----w 450,560 2006-05-18 05:24:25 C:\WINDOWS\system32\dllcache\jscript.dll
-c----w 16,384 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c--a-w 6,656 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\laprxy.dll
-c--a-w 96,768 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\logagent.exe
-c--a-w 352,256 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\mpvis.dll
-c----w 3,058,688 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 449,024 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 142,336 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\msnetobj.dll
-c--a-w 25,088 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\mspmsnsv.dll
-c--a-w 173,568 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\mspmsp.dll
-c----w 146,432 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 366,832 2005-06-26 19:13:36 C:\WINDOWS\system32\dllcache\msscp.dll
-c----w 532,480 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 315,904 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\mswmdm.dll
-c----w 39,424 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\pngfilt.dll
-c--a-w 221,184 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\qasf.dll
-c--a-w 819,200 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\setup_wm.exe
-c----w 1,494,528 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\shdocvw.dll
-c----w 474,112 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\shlwapi.dll
-c--a-w 192,512 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\unregmp2.exe
-c----w 615,424 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 851,968 2007-06-26 15:13:22 C:\WINDOWS\system32\dllcache\vgx.dll
-c----w 658,944 2007-06-26 14:09:10 C:\WINDOWS\system32\dllcache\wininet.dll
-c--a-w 396,528 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmadmod.dll
-c--a-w 716,288 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmadmoe.dll
-c--a-w 224,768 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmasf.dll
-c--a-w 28,160 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmdmlog.dll
-c--a-w 33,792 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmdmps.dll
-c--a-w 189,440 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmerror.dll
-c--a-w 150,016 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmidx.dll
-c--a-w 1,027,072 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmnetmgr.dll
-c--a-w 5,537,792 2007-04-30 13:20:24 C:\WINDOWS\system32\dllcache\wmp.dll
-c--a-w 135,168 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmpasf.dll
-c--a-w 77,824 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmpband.dll
-c--a-w 282,624 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmpdxm.dll
-c--a-w 73,728 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmplayer.exe
-c--a-w 3,371,008 2004-09-23 00:46:22 C:\WINDOWS\system32\dllcache\wmploc.dll
-c--a-w 86,016 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmpshell.dll
-c--a-w 774,904 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmsdmod.dll
-c--a-w 1,119,744 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
-c--a-w 413,944 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmspdmod.dll
-c--a-w 940,544 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmspdmoe.dll
-c--a-w 2,374,472 2006-12-07 05:29:34 C:\WINDOWS\system32\dllcache\wmvcore.dll
-c--a-w 895,736 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmvdmod.dll
-c--a-w 1,003,008 2005-01-28 19:44:28 C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
----a-w 18,944 2005-01-28 19:44:28 C:\WINDOWS\system32\drivers\wpdusb.sys
----a-w 264,704 2004-08-04 06:56:48 C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
----a-w 197,120 2004-08-04 06:56:48 C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
----a-w 619,520 2004-08-04 06:56:36 C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
----a-w 123,904 2004-08-04 05:56:44 C:\WINDOWS\system32\usmt\guitrn.dll
----a-w 19,968 2004-08-04 05:56:44 C:\WINDOWS\system32\usmt\log.dll
----a-w 201,216 2004-08-04 05:56:44 C:\WINDOWS\system32\usmt\migism.dll
----a-w 103,424 2004-08-04 05:56:52 C:\WINDOWS\system32\usmt\migload.exe
----a-w 240,128 2004-08-04 05:56:52 C:\WINDOWS\system32\usmt\migwiz.exe
----a-w 202,752 2004-08-04 05:56:46 C:\WINDOWS\system32\usmt\script.dll
----a-w 168,960 2004-08-04 05:56:48 C:\WINDOWS\system32\usmt\sysmod.dll
----atw 16,384 2007-08-21 10:56:42 C:\WINDOWS\Temp\Perflib_Perfdata_814.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 20:21]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-27 23:10]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2003-12-12 01:03]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 05:36]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-21 20:42]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-04-13 14:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 10:50]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-05-13 14:06:38]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-12-01 16:06:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atskocm]
C:\WINDOWS\atskocm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=hadjajr.ini

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM


Contents of the 'Scheduled Tasks' folder
"2007-08-24 23:25:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 20:13:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-05 20:14:49
C:\ComboFix-quarantined-files.txt ... 2007-09-05 20:14
C:\ComboFix2.txt ... 2007-09-05 16:51

--- E O F ---

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 06 September 2007 - 06:42 AM

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Please disable Spybot S&Ds protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab
O20 - Winlogon Notify: atskocm - C:\WINDOWS\atskocm.dll (file missing)

Exit Hijackthis.

Find and delete:
C:\WINDOWS\system32\vtr.dll

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#8 GadgetFreek

GadgetFreek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Cat Spring TX
  • Local time:04:42 AM

Posted 06 September 2007 - 09:34 AM

Here is the SAS Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/06/2007 at 09:04 AM

Application Version : 3.9.1008

Core Rules Database Version : 3301
Trace Rules Database Version: 1307

Scan type : Complete Scan
Total Scan Time : 00:42:50

Memory items scanned : 167
Memory threats detected : 0
Registry items scanned : 6504
Registry threats detected : 57
File items scanned : 33468
File threats detected : 195

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}
HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}
HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}\InprocServer32
HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ATKONXNW.DLL
HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}

Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com\www
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com\www#http
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com\www#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\br
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\br#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\de
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\de#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\download
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\download#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\es
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\es#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\fr
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\fr#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\go
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\go#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\hk
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\hk#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\instlog
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\instlog#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\kb
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\kb#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\secure
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\secure#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\support
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\support#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\ulog
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\ulog#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\utils
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\utils#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www#http
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com\www
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com\www#http
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com\www#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com\cdn
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com\cdn#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com\download.cdn
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com\download.cdn#http
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com\download.cdn#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com\trial.updates
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com\trial.updates#*
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com\www
HKU\S-1-5-21-3947159986-1057655780-2182808820-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com\www#*

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Madi\Cookies\madi@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@67.15.239[1].txt
C:\Documents and Settings\Owner\Cookies\owner@67.15.239[2].txt
C:\Documents and Settings\Owner\Cookies\owner@67.15.239[4].txt
C:\Documents and Settings\Owner\Cookies\owner@67.15.239[5].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.thewheelof[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.uolmg[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.xplusone[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.associatedcontent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.rodnreel[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.sfomedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads2.drivelinemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserving[2].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickwwwsearch[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wak4ggazkho.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wal4apczkaq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wamygmczkcq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4gndpwhp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkicodpcdp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkiqpdpkkq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkisidzeeq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkisoczkfo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoundzafq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkouodpcep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkycgd5maq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkycodpalq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkygiajeco.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkykjcpgdo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyunazegp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliaiazadp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliekazefo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliqpazoep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliqpczkbq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflykodpmlp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiclazakq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiqiazgho.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiwhdpodp.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgk4kgcjwco.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgk4kiazwlo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgk4qhdzccp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgk4qmdzago.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkiamcziep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkiejczacq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkooiajwkq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkyenc5afp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkyujdjwdq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgl4ckajglp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgmielazabq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whk4omdjwao.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whkikkdzodp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whkisoajeep.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whkiwjcpgho.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whl4omdpgfo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whliujczicp.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whloukcpclp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whlyqld5ceo.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whlyuldzaco.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4cjdpcep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4clczafo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4cpc5acq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4eoazaep.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4gncpcbq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4kndpslo.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4koazoeo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4kodpahq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4oiczgdp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4opcpsdo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4sgdzcdq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoagdpwfq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkochdpcap.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoohdzkkq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkookcpmho.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoqgd5wdo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoslcpcko.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkosmc5egp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkospazmkp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoumd5aho.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkycjd5mep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkygjajklq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyokdjolo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyondjico.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyskazwkp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyumc5odq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyumdpgco.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyundzofp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4cpcjwlp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4cpdzwco.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4ghc5ieo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4gncjcbp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4kkcjekq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4qpcjehp.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliaid5skp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliapcpglo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlicmd5wkp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliqhc5gep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlisidpgao.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlislczicp.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlocgd5iho.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloclc5obo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlogjc5ofq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloknd5sap.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloslcjmdq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyqmazilo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmicndpgao.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmywjczkko.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1mazkc.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1ndjid.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1od5ie.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyamczcdo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnychcpgep.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnycjazwap.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyclc5agq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnycmcjccp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyggc5iaq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyggcjcgp.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygkczghq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygkczglp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygmdpgco.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyohdpggq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyolcpsdo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyomcpweo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyonczaap.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyondzwgq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqgcpmeo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqgcpwap.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqndjkcp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnysic5ifo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyujajcco.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@go.drivecleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@indexstats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@indextools[1].txt
C:\Documents and Settings\Owner\Cookies\owner@jenklairkids.sitetracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@klik.klikadvertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@leadgenetwork[2].txt
C:\Documents and Settings\Owner\Cookies\owner@linkstattrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@lynxtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@m1.webstats.motigo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media-offer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.hotels[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media3.sitebrand[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaservices.myspace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nbads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@partners.agamimedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@regalinteractive[2].txt
C:\Documents and Settings\Owner\Cookies\owner@roi.clicklab[2].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[2].txt
C:\Documents and Settings\Owner\Cookies\owner@s.clickability[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server2.bkvtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sexycostumesexpress[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.manticoretechnology[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@teentrendsgirls.everythinggirl[2].txt
C:\Documents and Settings\Owner\Cookies\owner@toseeka[1].txt
C:\Documents and Settings\Owner\Cookies\owner@track.searchignite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracker.myspacemaps[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.mos[1].txt
C:\Documents and Settings\Owner\Cookies\owner@updates.liquiddigitalmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@v7.stats.load[2].txt
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@vhost.oddcast[2].txt
C:\Documents and Settings\Owner\Cookies\owner@vitecmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.everyclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.incentaclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.macromedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ticketsnow[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.xctrk[2].txt

Adware.VSToolbar
C:\Program Files\VSToolbar

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\HIJACK THIS\BACKUPS\BACKUP-20070906-081919-744.INF

Trojan.Net-AVP/AVT
C:\QOOBOX\QUARANTINE\C\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\AUTORUN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\DOCUME~1\OWNER\STARTM~1\PROGRAMS\STARTUP\SYSTEM.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PRINTER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINAVXX.EXE.VIR

Trojan.Downloader-Gen/Shocker
C:\WINDOWS\SYSTEM32\DTQHEYJY.EXE
C:\WINDOWS\SYSTEM32\GKEHPVTU.EXE
C:\WINDOWS\SYSTEM32\NTVKFBAO.EXE
C:\WINDOWS\SYSTEM32\OKBSVFAQ.EXE

Trojan.Downloader-VSAddIn
C:\WINDOWS\SYSTEM32\TANVIHEP.EXE

Trojan.Downloader-VSToolbar
C:\WINDOWS\SYSTEM32\TEJEHISI.EXE


HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:47 AM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Hijack This\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\8htgspkl.slt\prefs.js)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O20 - AppInit_DLLs: hadjajr.ini
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: atskocm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 11240 bytes

Edited by GadgetFreek, 06 September 2007 - 09:36 AM.


#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 06 September 2007 - 09:58 AM

Download DelDomains.zip and extract/unzip it to your desktop:
Now right click on Deldomains.inf then click on 'Install'.
After right clicking on Deldomains.inf 'Install' it will have appeared nothing happened,this is normal.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-


Please make sure Spybot S&Ds protection is still disabled,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm

Have Hijack This fix the following if present,by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O20 - Winlogon Notify: atskocm - C:\WINDOWS\


Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option 1 Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy and paste the content of that report into your next reply.

*IMPORTANT*
Do NOT run any other options until you are asked to do so!

Also post a new Hijackthis log.
Posted Image
Posted Image

#10 GadgetFreek

GadgetFreek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Cat Spring TX
  • Local time:04:42 AM

Posted 06 September 2007 - 03:57 PM

When I run HJT i do not see the following:
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90


I removed the others.

Here is the SFF Log
SmitFraudFix v2.219

Scan done at 11:07:23.99, Thu 09/06/2007
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Hijack This\HiJackThis.exe
C:\WINDOWS\system32\cmd.exe

hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Owner


C:\Documents and Settings\Owner\Application Data


Start Menu


C:\DOCUME~1\Owner\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: LAN-Express AS IEEE 802.11g miniPCI Adapter - Packet Scheduler Miniport
DNS Server Search Order: 66.82.4.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C6E0D37-7439-409D-AF40-ECC855E02A16}: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C6E0D37-7439-409D-AF40-ECC855E02A16}: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6C6E0D37-7439-409D-AF40-ECC855E02A16}: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=66.82.4.8


Scanning for wininet.dll infection


End

HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:43 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Hijack This\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\8htgspkl.slt\prefs.js)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 10881 bytes

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 07 September 2007 - 03:50 AM

Ok,please uninstall Spybot Search and Destroy via Add/Remove Programs,then restart your pc.
We can reinstall it later when your log is clean.

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Go to:
C:\WINDOWS\System32\drivers\etc\HOSTS.
1) Right-click on the HOSTS file
2) Click Properties
3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.
4) Click Apply/OK.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe


Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Also post a new Hijackthis log.
Posted Image
Posted Image

#12 GadgetFreek

GadgetFreek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Cat Spring TX
  • Local time:04:42 AM

Posted 07 September 2007 - 11:07 AM

DrWeb Log:
upnpframework.exe;c:\program files\sony\vaio media integrated server\platform;Probably BACKDOOR.Trojan;Incurable.Deleted.;
Process.exe;C:\Program Files\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\Program Files\SmitfraudFix;Tool.ShutDown.11;Moved.;
A0021085.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP208;Trojan.Fakealert.305 - read error;Deleted.;
A0021090.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP208;Trojan.Fakealert.305 - read error;Deleted.;
A0021092.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP208;Trojan.Fakealert.305 - read error;Deleted.;
A0021093.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP208;Trojan.Fakealert.305 - read error;Deleted.;
A0021107.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP209;Trojan.Fakealert.305 - read error;Deleted.;
A0021132.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP209;Trojan.Fakealert.305 - read error;Deleted.;
A0021133.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP209;Trojan.Fakealert.305 - read error;Deleted.;
A0021134.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP209;Trojan.Fakealert.305 - read error;Deleted.;
A0021142.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP209;Trojan.Fakealert.305 - read error;Deleted.;
A0021143.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP209;Trojan.Fakealert.305 - read error;Deleted.;
A0021144.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP209;Trojan.Fakealert.305 - read error;Deleted.;
A0021167.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP209;Trojan.Fakealert.305 - read error;Deleted.;
A0021168.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP209;Trojan.Fakealert.305 - read error;Deleted.;
A0021169.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP209;Trojan.Fakealert.305 - read error;Deleted.;
A0021464.EXE;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Adware.DSSAgent;Moved.;
A0021469.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021470.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021471.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021481.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021482.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021483.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021496.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021497.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021498.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021507.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021508.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021509.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021519.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021520.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021521.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021531.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021532.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021533.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.Fakealert.305 - read error;Deleted.;
A0021537.reg;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP210;Trojan.StartPage.1505;Deleted.;
A0021560.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP211;Trojan.Fakealert.305 - read error;Deleted.;
A0021562.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP211;Trojan.Fakealert.305 - read error;Deleted.;
A0021563.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP211;Trojan.Fakealert.305 - read error;Deleted.;
A0021564.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP211;Trojan.Fakealert.305 - read error;Deleted.;
A0022223.reg;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP216;Trojan.StartPage.1505;Deleted.;
A0022618.dll;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP217;Trojan.Fakealert.305 - read error;Deleted.;
A0022619.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP217;Adware.SearchColours;Moved.;
A0022620.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP217;Adware.SearchColours;Moved.;
A0022621.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP217;Adware.SearchColours;Moved.;
A0022622.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP217;Adware.SearchColours;Moved.;
A0022623.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP217;Adware.SearchColours;Moved.;
A0022624.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP217;Adware.SearchColours;Moved.;
A0022675.reg;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP217;Trojan.StartPage.1505;Deleted.;
A0022736.reg;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP217;Trojan.StartPage.1505;Deleted.;
A0022756.exe;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP217;Tool.Prockill;Moved.;
A0022872.reg;C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP218;Trojan.StartPage.1505;Deleted.;


HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:50 AM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Hijack This\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\8htgspkl.slt\prefs.js)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

--
End of file - 10013 bytes

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 07 September 2007 - 02:42 PM

Your log is clean,hows it going now please.
Posted Image
Posted Image

#14 GadgetFreek

GadgetFreek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Cat Spring TX
  • Local time:04:42 AM

Posted 07 September 2007 - 03:10 PM

Runs good now! Thanks so much for all your help.

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 07 September 2007 - 03:56 PM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
DelDomains.zip
Deldomains.inf
fix.reg

C:\Qoobox
C:\Documents and Settings\userprofile\DoctorWeb\Quarantine<-Delete everything inside this folder.

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Download and install CCleaner:
http://www.ccleaner.com/download/builds/downloading-slim

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
*Note*
Do not use the Issues block to clean anything with this program.
It is for experts only and it is risky.

Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked.
In the Advanced section,have a check only on Old PreFetch Data.

Click on the Options block on the left.
Select Advanced.
Uncheck "Only delete files in Windows Temp folders older than 48 hours".

Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.

Run Cleaning Scan.
Click on the Cleaner block on the left.
Choose the Windows tab.
Click the Run Cleaner button.
This process could take a while.
When CCleaner shows how much has been removed,cleaning is finished.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

Download and reinstall Spybot S&D:
http://www.safer-networking.org/en/index.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users