Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Remove Virtumonde Trojan


  • This topic is locked This topic is locked
7 replies to this topic

#1 Flabby

Flabby

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 17 April 2008 - 06:47 PM

Used Vundofix 7.0.0.3 and VirtumundoBegon 1.5.0.0. SpyBot scans continue to show presence of the Virtumudo spyware and Intenet Explorer continues to be hijacked. Logs follow:

Deckard's System Scanner v20071014.68
Run by User on 2008-04-17 17:27:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-04-17 23:27:46 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-04-16 23:10:44 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:44 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\Documents and Settings\All Users\Application Data\pgdgjole\vijulodg.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\eninqbgp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: (no name) - {075CCE3E-AE0A-4CC5-94B0-191D94F017B5} - C:\WINDOWS\system32\ssqOEWOG.dll (file missing)
O2 - BHO: (no name) - {147CA883-517F-4FE5-8F7F-DC4814D93FD8} - C:\WINDOWS\system32\iifedEXr.dll (file missing)
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: (no name) - {3DF447E2-E7EB-46A4-BE8B-C477DC68027D} - C:\WINDOWS\system32\urqOExvt.dll (file missing)
O2 - BHO: (no name) - {613817C2-1034-4981-AD28-BC5E17E72A51} - C:\WINDOWS\system32\rqRHbyxU.dll (file missing)
O2 - BHO: (no name) - {7A3A9F90-814A-4477-A2C8-459355AC441D} - C:\WINDOWS\system32\ddcArPGa.dll (file missing)
O2 - BHO: DVA Storm - {9A17BFB4-E5BE-4EE1-8ADF-01424F567754} - C:\WINDOWS\nslbvxpgbft.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AD5BB136-9061-43E8-805C-05E725D3CDF7} - C:\WINDOWS\system32\pmnmlKCU.dll (file missing)
O2 - BHO: (no name) - {BCFC46BB-9BB9-482D-A68F-A7FBA6C41A9B} - C:\WINDOWS\system32\cbXOIXND.dll (file missing)
O2 - BHO: (no name) - {D32F4F98-6A5B-4333-9BA3-BDFFF97246FD} - C:\WINDOWS\system32\wvUmKeFu.dll (file missing)
O2 - BHO: (no name) - {DBB1082C-6EE2-4FA5-ABF9-95B775643DAE} - C:\WINDOWS\system32\khfdArSl.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: sgoblxtm - {1F8A048D-9A0B-4565-A3D0-2A2E6B44592A} - C:\WINDOWS\sgoblxtm.dll (file missing)
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VrProxyc] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe
O4 - HKLM\..\Run: [VrProxyd] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [1c402e0e] rundll32.exe "C:\WINDOWS\system32\cjggevby.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA469] command /c del "C:\WINDOWS\system32\cjggevby.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC447] cmd /c del "C:\WINDOWS\system32\cjggevby.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8949] command /c del "C:\WINDOWS\system32\ssqOEWOG.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6679] cmd /c del "C:\WINDOWS\system32\ssqOEWOG.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eaaipqqb] C:\WINDOWS\system32\eninqbgp.exe
O4 - HKCU\..\Run: [rhdbipyj] C:\WINDOWS\system32\ofeladwz.exe
O4 - HKCU\..\Run: [nqevbafg] C:\WINDOWS\system32\jijgpsvq.exe
O4 - HKCU\..\Run: [gevlzxop] C:\WINDOWS\system32\czuxijyj.exe
O4 - HKCU\..\Run: [yrfqywbx] C:\WINDOWS\system32\tohahafi.exe
O4 - HKCU\..\Run: [dccfyryq] C:\WINDOWS\system32\qpgjejcl.exe
O4 - HKCU\..\Run: [xqsqskds] C:\WINDOWS\system32\stkxsdon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8933] command /c del "C:\WINDOWS\system32\cjggevby.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1803] cmd /c del "C:\WINDOWS\system32\cjggevby.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4418] command /c del "C:\WINDOWS\system32\ssqOEWOG.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1443] cmd /c del "C:\WINDOWS\system32\ssqOEWOG.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [oTde8JdbuK] C:\Documents and Settings\All Users\Application Data\pgdgjole\vijulodg.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{631D105D-647A-4567-8161-7C1CF0EAE9AF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{92FF6AFA-2902-483B-B872-17AE3D23F8C2}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3F4C798-7444-4937-9426-85582A9C77A5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC607281-709D-4EBB-837C-A2F5C7A82368}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6818A31-9200-46F5-A0FB-F128CC42ACAC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2179EA8-4045-4417-B078-64C60543AEC1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAB997C1-5BF9-4DA8-91D9-3288ED125C78}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: dsktbwfe - {95BBEE72-51EC-40D6-9A13-604F5AA0222A} - C:\WINDOWS\dsktbwfe.dll (file missing)
O21 - SSODL: ogxtsepr - {225CB8DD-F457-4F0B-98C9-EBC064A01223} - C:\WINDOWS\ogxtsepr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe

--
End of file - 11008 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BIOS - c:\windows\system32\drivers\bios.sys
R1 UBHelper (MRW remapping) - c:\windows\system32\drivers\ubhelper.sys
R3 FarStoneFireWallDrive - c:\windows\system32\drivers\fardrive.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys
R3 VRcore - c:\windows\system32\drivers\vrcore.sys
R3 VRFIL - c:\windows\system32\drivers\vrfil.sys

S0 si3114 - c:\windows\system32\drivers\si3114.sys
S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys
S3 ENTECH - c:\windows\system32\drivers\entech.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
R2 vrmonsvc (ViRobot Expert Monitoring) - c:\program files\pcsecurityshield\shieldantivirus\vrmonsvc.exe

S2 NICSer_WMP11 - c:\program files\linksys\wireless-b pci adapter\nicserv.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-B PCI Adapter
Device ID: PCI\VEN_17FE&DEV_2120&SUBSYS_00201737&REV_00\4&3191A3E6&0&3070
Manufacturer: Cisco-Linksys, LLC.
Name: Wireless-B PCI Adapter #2
PNP Device ID: PCI\VEN_17FE&DEV_2120&SUBSYS_00201737&REV_00\4&3191A3E6&0&3070
Service: IPN2120


-- Scheduled Tasks -------------------------------------------------------------

2008-04-03 18:39:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-17 17:29:20 0 d-------- C:\Program Files\Trend Micro
2008-04-16 19:44:16 0 d-------- C:\Program Files\PC-Cleaner
2008-04-16 17:33:08 216190 --ahs---- C:\WINDOWS\system32\GOWEOqss.ini2
2008-04-16 17:28:19 94208 --a------ C:\WINDOWS\system32\stkxsdon.exe
2008-04-16 08:06:18 204898 --ahs---- C:\WINDOWS\system32\UxybHRqr.ini2
2008-04-15 21:07:49 94208 --a------ C:\WINDOWS\system32\qpgjejcl.exe
2008-04-15 08:13:05 3648 --a------ C:\WINDOWS\system32\qtvrmrki.dll
2008-04-13 16:50:03 3648 --a------ C:\WINDOWS\system32\vmnfnbji.dll
2008-04-13 16:49:18 194969 --ahs---- C:\WINDOWS\system32\lSrAdfhk.ini2
2008-04-13 16:40:44 90112 --a------ C:\WINDOWS\system32\tohahafi.exe
2008-04-13 16:01:03 179259 --ahs---- C:\WINDOWS\system32\UCKlmnmp.ini2
2008-04-13 15:14:15 90112 --a------ C:\WINDOWS\system32\eninqbgp.exe
2008-04-13 06:59:18 3648 --a------ C:\WINDOWS\system32\xdyccsss.dll
2008-04-13 06:58:38 187506 --ahs---- C:\WINDOWS\system32\uFeKmUvw.ini2
2008-04-13 06:53:52 94208 --a------ C:\WINDOWS\system32\jijgpsvq.exe
2008-04-13 06:02:17 94208 --a------ C:\WINDOWS\system32\ofeladwz.exe
2008-04-13 05:19:47 3648 --a------ C:\WINDOWS\system32\tnoqokkr.dll
2008-04-13 05:18:58 179303 --ahs---- C:\WINDOWS\system32\aGPrAcdd.ini2
2008-04-13 05:14:06 94208 --a------ C:\WINDOWS\system32\czuxijyj.exe
2008-04-12 21:01:56 0 d-------- C:\VundoFix Backups
2008-04-12 17:02:02 7015 --ahs---- C:\WINDOWS\system32\rXEdefii.ini2
2008-04-12 16:43:14 3186 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 16:38:20 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-12 16:38:20 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-12 16:38:20 86528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-12 16:38:20 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-12 16:38:20 53248 --a------ C:\WINDOWS\system32\Process.exe http://www.beyondlogic.org; Command Line Process Utility>
2008-04-12 16:38:20 82432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-12 16:38:20 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-12 16:20:12 94208 --a------ C:\WINDOWS\system32\erwjgjcd.exe
2008-04-12 15:39:59 181707 --ahs---- C:\WINDOWS\system32\DNXIOXbc.ini2
2008-04-12 14:07:21 3648 --a------ C:\WINDOWS\system32\eiqkvflj.dll
2008-04-12 14:06:26 234259 --ahs---- C:\WINDOWS\system32\tvxEOqru.ini2
2008-04-12 14:02:02 81920 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-12 14:01:53 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-12 14:01:53 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-12 14:01:53 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-12 14:01:53 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-12 14:01:39 0 d-------- C:\Documents and Settings\All Users\Application Data\pgdgjole
2008-04-12 14:01:38 94208 --a------ C:\WINDOWS\system32\jsruhgzg.exe
2008-04-07 10:11:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-07 10:11:01 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-06 20:25:33 0 dr-h----- C:\Documents and Settings\User\Recent
2008-04-03 19:45:26 0 d-------- C:\Program Files\Safari
2008-04-03 19:44:26 0 d-------- C:\Program Files\iPod
2008-04-03 19:44:11 0 d-------- C:\Program Files\iTunes
2008-03-30 19:33:51 0 d-------- C:\Program Files\Ubisoft
2008-03-30 19:33:34 0 d-------- C:\Documents and Settings\User\Application Data\InstallShield
2008-03-30 16:03:41 0 d-------- C:\Program Files\Download Manager
2008-03-30 16:03:23 0 d-------- C:\Documents and Settings\User\Application Data\IGN_DLM


-- Find3M Report ---------------------------------------------------------------

2008-04-12 17:05:44 0 d-------- C:\Program Files\HyperLobbyPro3
2008-04-07 10:11:15 0 d-------- C:\Program Files\Google
2008-04-04 19:11:59 0 d--h----- C:\Program Files\RAND
2008-04-03 20:05:52 0 d-------- C:\Documents and Settings\User\Application Data\Apple Computer
2008-04-03 19:43:25 0 d-------- C:\Program Files\QuickTime
2008-03-30 19:33:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-30 19:33:15 0 d-------- C:\Program Files\Ubi Soft
2008-02-19 15:09:47 0 d-------- C:\Documents and Settings\User\Application Data\OfficeUpdate12
2008-02-18 16:49:59 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-18 14:43:32 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-02-18 14:40:16 0 d-------- C:\Program Files\UPHClean
2008-02-18 14:17:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-18 13:54:35 0 d-------- C:\Program Files\MSBuild
2008-02-18 13:51:44 0 d-------- C:\Program Files\Reference Assemblies
2008-02-18 13:49:27 0 d-------- C:\Program Files\MSXML 6.0
2008-02-18 13:28:50 0 d-------- C:\Program Files\i40
2008-01-19 13:56:14 11264 --a------ C:\WINDOWS\system32\SPORDER.DLL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{075CCE3E-AE0A-4CC5-94B0-191D94F017B5}]
C:\WINDOWS\system32\ssqOEWOG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{147CA883-517F-4FE5-8F7F-DC4814D93FD8}]
C:\WINDOWS\system32\iifedEXr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DF447E2-E7EB-46A4-BE8B-C477DC68027D}]
C:\WINDOWS\system32\urqOExvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613817C2-1034-4981-AD28-BC5E17E72A51}]
C:\WINDOWS\system32\rqRHbyxU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A3A9F90-814A-4477-A2C8-459355AC441D}]
C:\WINDOWS\system32\ddcArPGa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}]
C:\WINDOWS\nslbvxpgbft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD5BB136-9061-43E8-805C-05E725D3CDF7}]
C:\WINDOWS\system32\pmnmlKCU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCFC46BB-9BB9-482D-A68F-A7FBA6C41A9B}]
C:\WINDOWS\system32\cbXOIXND.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D32F4F98-6A5B-4333-9BA3-BDFFF97246FD}]
C:\WINDOWS\system32\wvUmKeFu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBB1082C-6EE2-4FA5-ABF9-95B775643DAE}]
C:\WINDOWS\system32\khfdArSl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vrmon"="C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe" [01/18/2006 06:07 PM]
"VrSchedule"="C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe" [03/11/2004 12:00 PM]
"dwStart"="C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe" [08/04/2004 08:13 PM]
"nwiz"="nwiz.exe" [02/28/2005 06:00 AM C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [04/09/2007 01:32 PM C:\WINDOWS\system32\CtHelper.exe]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [02/15/2005 05:10 PM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [06/16/2005 07:25 PM]
"VrProxyc"="C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe" [01/06/2005 12:00 PM]
"VrProxyd"="C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe" [06/25/2003 12:00 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"1c402e0e"="C:\WINDOWS\system32\cjggevby.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 07:23 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/07/2008 10:11 AM]
"eaaipqqb"="C:\WINDOWS\system32\eninqbgp.exe" [04/13/2008 03:14 PM]
"rhdbipyj"="C:\WINDOWS\system32\ofeladwz.exe" [04/13/2008 06:02 AM]
"nqevbafg"="C:\WINDOWS\system32\jijgpsvq.exe" [04/13/2008 06:53 AM]
"gevlzxop"="C:\WINDOWS\system32\czuxijyj.exe" [04/13/2008 05:14 AM]
"yrfqywbx"="C:\WINDOWS\system32\tohahafi.exe" [04/13/2008 04:40 PM]
"dccfyryq"="C:\WINDOWS\system32\qpgjejcl.exe" [04/15/2008 09:07 PM]
"xqsqskds"="C:\WINDOWS\system32\stkxsdon.exe" [04/16/2008 05:28 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB8933"=command /c del "C:\WINDOWS\system32\cjggevby.dll_old"
"SpybotDeletingD1803"=cmd /c del "C:\WINDOWS\system32\cjggevby.dll_old"
"SpybotDeletingB4418"=command /c del "C:\WINDOWS\system32\ssqOEWOG.dll_old"
"SpybotDeletingD1443"=cmd /c del "C:\WINDOWS\system32\ssqOEWOG.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA469"=command /c del "C:\WINDOWS\system32\cjggevby.dll_old"
"SpybotDeletingC447"=cmd /c del "C:\WINDOWS\system32\cjggevby.dll_old"
"SpybotDeletingA8949"=command /c del "C:\WINDOWS\system32\ssqOEWOG.dll_old"
"SpybotDeletingC6679"=cmd /c del "C:\WINDOWS\system32\ssqOEWOG.dll_old"

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [7/29/2005 6:12:33 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/7/2005 6:10:52 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [10/1/2006 11:19:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"oTde8JdbuK"=C:\Documents and Settings\All Users\Application Data\pgdgjole\vijulodg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"dsktbwfe"= {95BBEE72-51EC-40D6-9A13-604F5AA0222A} - C:\WINDOWS\dsktbwfe.dll [ ]
"ogxtsepr"= {225CB8DD-F457-4F0B-98C9-EBC064A01223} - C:\WINDOWS\ogxtsepr.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqOEWOG

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
"wakxlyqq"=C:\WINDOWS\system32\jsruhgzg.exe
"izjfyrxk"=C:\WINDOWS\system32\erwjgjcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"SideWinderTrayV4"=C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"1c402e0e"=rundll32.exe "C:\WINDOWS\system32\iiimylmw.dll",b


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55054bc6-1ea7-11db-aa79-00112fbb20de}]
AutoRun\command- I:\setupSNK.exe

*Newly Created Service* - VRFIL



-- End of Deckard's System Scanner: finished at 2008-04-17 17:32:39 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 1023.48 MiB / 312.64 MiB
Pagefile Memory (total/avail): 1693.03 MiB / 1072.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1888.34 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 186.31 GiB total, 130.99 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3200826AS - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.31 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

AV: The Shield AntiVirus 2006 vVERSION (HAURI AntiVirus ViRobot)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FLABBY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\FLABBY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem";C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=FLABBY
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy4\Program\SETUP.EXE" /S /U /W
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55F63529-9E2F-46C0-A22C-8445B670BCFA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55F63529-9E2F-46C0-A22C-8445B670BCFA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Anark Client 4 --> C:\Program Files\Anark\Anark Client 4\AMInstal.exe -uninstall
Ansapoint --> C:\WINDOWS\UnGins.exe "C:\Program Files\Westbay\Ansapoint\install.log"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative DVD Audio Plugin for Audigy Series --> "C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
eN-NWF-800 Coral Reef --> C:\WINDOWS\ss3unstl.exe "eN-NWF-800 Coral Reef"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
Hyper Lobby Pro Client version 3.9.111 --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Hyper Lobby Pro Client version 3.9.111
IL-2 Sturmovik 1946 --> C:\Program Files\InstallShield Installation Information\{7524763B-0D8A-4DF4-984D-6D90A319463D}\setup.exe -runfromtemp -l0x0009 -removeonly
IL-2 Sturmovik: Forgotten Battles --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3} /l1033
IL-2 Sturmovik: Forgotten Battles AEP --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D2BBEABB-A8DF-4451-A7C4-63C87B31E325} /l1033
InterVideo WinDVD 5 --> "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire PRO 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Netscape Navigator (9.0.0.5) --> C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{62868996-04CB-4B98-AF93-72E93124BCCD} /l1033 AnyText
NTI DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NTI DVD Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D31612BB-C6D7-4142-96AE-16DB062354CF}\Setup.exe" -l0x9
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Odyssey Client --> MsiExec.exe /X{99D42EC7-652B-4819-B3E6-6450C815E03F}
PCForrest StartMan 1.3.96 --> MsiExec.exe /I{A85D8CC4-4DB9-11D6-B038-0000B49CEE91}
PF+FB+AEP --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51F24145-A833-4BD5-AA38-AFC5268928E5} /l1033
Photo Loader 2.3E --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst
Photohands 1.0E --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\Setup.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Screen Shot 2.0 --> C:\PROGRA~1\PARSON~1\SCREEN~1.0\Unss.exe C:\PROGRA~1\PARSON~1\SCREEN~1.0\Install.log "Screen Shot 2.0 Uninstall"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SideWinder Force Feedback 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Hardware\Game Controllers\Force Feedback 2\Uninst.isu" -c"C:\Program Files\Microsoft Hardware\Game Controllers\Force Feedback 2\Uninstall.dll"
Sim AQUARIUM 2 --> "C:\Program Files\Sim AQUARIUM 2\unins000.exe"
Sound Blaster Audigy 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}\SETUP.EXE" -l0x9 /remove
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Shield AntiVirus 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A891D097-880A-41BB-8F86-A0D09E8D295F}\setup.exe" -l0x9
ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Virtual Magnifying Glass --> "C:\Program Files\Virtual Magnifying Glass\uninstall.exe"
WebEx --> C:\WINDOWS\Downlo~1\atcliun.exe
Webshots Desktop --> C:\PROGRA~1\Webshots\UNWISE.EXE C:\PROGRA~1\Webshots\INSTALL.LOG
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Essentials Pack v5.34 --> C:\Program Files\Winamp\UninstallWinampEssentials.exe
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Wireless-B PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}\Setup.exe" -l0x9
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type20962 / Warning
Event Submitted/Written: 04/13/2008 04:57:33 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type20929 / Error
Event Submitted/Written: 04/12/2008 02:19:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module urqoexvt.dll, version 0.0.0.0, fault address 0x0002f95c.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type20928 / Error
Event Submitted/Written: 04/12/2008 02:14:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module npswf32.dll, version 9.0.115.0, fault address 0x0010f5e3.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type20927 / Error
Event Submitted/Written: 04/12/2008 01:50:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module npswf32.dll, version 9.0.115.0, fault address 0x0009848f.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type20926 / Error
Event Submitted/Written: 04/12/2008 01:39:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module npswf32.dll, version 9.0.115.0, fault address 0x0010f5e3.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type102834 / Error
Event Submitted/Written: 04/17/2008 08:05:52 AM
Event ID/Source: 54 / Print
Event Description:
Document http://www.bleepingcomputer.com/forums/t/18610/how-to-remove-winfixer-virtumonde-msevents-trojanvundob/ was corrupted and has been deleted. The associated driver is: HP Photosmart C6100 series.

Event Record #/Type102787 / Error
Event Submitted/Written: 04/16/2008 07:54:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type102658 / Warning
Event Submitted/Written: 04/16/2008 03:33:18 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0016EC297F20. The IP address being used is 169.254.180.214.

Event Record #/Type102656 / Warning
Event Submitted/Written: 04/16/2008 03:33:15 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016EC297F20. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type102655 / Warning
Event Submitted/Written: 04/16/2008 03:32:41 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016EC297F20. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-04-17 17:32:39 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:15 PM

Posted 18 April 2008 - 04:04 AM

Hello Flabby and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Flabby

Flabby
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 19 April 2008 - 11:06 AM

Thank you for your assistance. Below are logs from; A) MBAM and :thumbsup: Combofix.
I ran SpyBot afterwards (this is where Virtumonde was showing up) and it appears to be eliminated.
Thank you so much for your help!
Regards,
Flabby

Malwarebytes' Anti-Malware 1.11
Database version: 654

Scan type: Quick Scan
Objects scanned: 33021
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 13
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 23

Memory Processes Infected:
C:\WINDOWS\system32\eninqbgp.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\pgdgjole\vijulodg.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{21c2f302-ae38-4ca6-b979-ffd157cbc4db} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7abb2f2f-8108-4813-bdec-4c82b0d16992} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d2d401c-87ac-42b1-bdd6-3922c35a4df1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{97a248b2-4940-48dc-ac22-99f24749315b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{64ee4e03-a009-4bc6-b289-7b18c049ba75} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sgoblxtm.bsrf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sgoblxtm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eaaipqqb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rhdbipyj (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nqevbafg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gevlzxop (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yrfqywbx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dccfyryq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xqsqskds (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdfkezg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oTde8JdbuK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c3e15dfe-d990-4c3f-9be2-4cf4e3e007ce} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dsktbwfe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ogxtsepr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\eninqbgp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofeladwz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jijgpsvq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\czuxijyj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tohahafi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qpgjejcl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stkxsdon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nclodwzc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\pgdgjole\vijulodg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eiqkvflj.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\erwjgjcd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jsruhgzg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qtvrmrki.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tnoqokkr.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vmnfnbji.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xdyccsss.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\spnkfwad.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

-------------------------------------------- end MBAM log -------------------------------------

ComboFix 08-04-18.3 - User 2008-04-19 9:14:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.440 [GMT -6:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aGPrAcdd.ini
C:\WINDOWS\system32\aGPrAcdd.ini2
C:\WINDOWS\system32\bxkbgoag.ini
C:\WINDOWS\system32\DNXIOXbc.ini
C:\WINDOWS\system32\DNXIOXbc.ini2
C:\WINDOWS\system32\GOWEOqss.ini
C:\WINDOWS\system32\GOWEOqss.ini2
C:\WINDOWS\system32\gyloreit.ini
C:\WINDOWS\system32\lSrAdfhk.ini
C:\WINDOWS\system32\lSrAdfhk.ini2
C:\WINDOWS\system32\lsudrtwt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\rXEdefii.ini
C:\WINDOWS\system32\rXEdefii.ini2
C:\WINDOWS\system32\tikkmjya.ini
C:\WINDOWS\system32\tvxEOqru.ini
C:\WINDOWS\system32\tvxEOqru.ini2
C:\WINDOWS\system32\UCKlmnmp.ini
C:\WINDOWS\system32\UCKlmnmp.ini2
C:\WINDOWS\system32\uFeKmUvw.ini
C:\WINDOWS\system32\uFeKmUvw.ini2
C:\WINDOWS\system32\UxybHRqr.ini
C:\WINDOWS\system32\UxybHRqr.ini2
C:\WINDOWS\system32\wmlymiii.ini
C:\WINDOWS\system32\com7.vah

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.

2008-04-19 08:38 . 2008-04-19 08:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-19 08:38 . 2008-04-19 08:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-04-19 08:38 . 2008-04-19 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-17 17:29 . 2008-04-17 17:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 17:27 . 2008-04-17 17:27 <DIR> d-------- C:\Deckard
2008-04-16 19:24 . 2008-04-17 17:41 1,529,722 --ahs---- C:\WINDOWS\system32\ybveggjc.ini
2008-04-16 08:12 . 2008-04-16 17:05 1,524,304 --ahs---- C:\WINDOWS\system32\mqlojekn.ini
2008-04-12 21:01 . 2008-04-12 21:01 <DIR> d-------- C:\VundoFix Backups
2008-04-12 16:43 . 2008-04-12 16:43 3,186 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 16:38 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-12 16:38 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-12 16:38 . 2008-04-12 17:34 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-12 16:38 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-12 16:38 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-12 16:38 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-12 16:38 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-12 14:01 . 2008-04-19 08:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pgdgjole
2008-04-12 14:01 . 2008-04-12 14:01 37,888 --a------ C:\WINDOWS\system32\qoMdDvUL.dll.vir
2008-04-07 10:11 . 2008-04-07 10:11 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-03 19:45 . 2008-04-03 19:45 <DIR> d-------- C:\Program Files\Safari
2008-04-03 19:44 . 2008-04-03 19:44 <DIR> d-------- C:\Program Files\iTunes
2008-04-03 19:44 . 2008-04-03 19:44 <DIR> d-------- C:\Program Files\iPod
2008-04-03 19:44 . 2008-04-19 08:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 19:44 . 2008-04-03 19:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 19:33 . 2008-03-30 19:33 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-30 19:33 . 2008-03-30 19:33 <DIR> d-------- C:\Documents and Settings\User\Application Data\InstallShield
2008-03-30 16:03 . 2008-03-30 16:03 <DIR> d-------- C:\Program Files\Download Manager
2008-03-30 16:03 . 2008-03-30 16:47 <DIR> d-------- C:\Documents and Settings\User\Application Data\IGN_DLM
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 23:05 --------- d-----w C:\Program Files\HyperLobbyPro3
2008-04-09 13:54 4,542,944 ----a-w C:\WINDOWS\system32\drivers\vrcore.sys
2008-04-07 16:11 --------- d-----w C:\Program Files\Google
2008-04-05 01:11 --------- d--h--w C:\Program Files\RAND
2008-04-04 02:05 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-04-04 01:43 --------- d-----w C:\Program Files\QuickTime
2008-03-31 01:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 01:33 --------- d-----w C:\Program Files\Ubi Soft
2008-02-19 21:09 --------- d-----w C:\Documents and Settings\User\Application Data\OfficeUpdate12
2007-12-12 02:41 26,520 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2007-12-05 02:30 9,728 --sha-w C:\Program Files\Thumbs.db
2006-07-20 22:07 18,801 ----a-w C:\Program Files\IE70BlockerHelp.htm
2006-05-09 00:07 28,142 ----a-w C:\Program Files\IE70BlockerHelp-GPFilteringDialog.jpg
2006-05-08 23:13 3,730 ----a-w C:\Program Files\IE70Blocker.adm
2006-05-08 23:13 1,809 ----a-w C:\Program Files\IE70Blocker.cmd
2007-08-17 01:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-18_17.26.16.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-14 08:48:18 180,736 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
+ 2006-06-22 10:36:52 180,736 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
- 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
- 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
- 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
- 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
- 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
+ 2006-10-12 13:54:18 42,496 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll
+ 2006-10-12 13:54:18 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll
+ 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
+ 2006-10-16 10:29:15 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll
+ 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll
+ 2007-03-09 11:28:00 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-03-01 13:03:00 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
+ 2008-03-01 13:03:00 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
+ 2008-03-01 13:03:00 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
+ 2008-03-01 13:03:00 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
+ 2008-03-01 13:03:00 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
+ 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-03-01 13:03:00 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
+ 2008-03-01 13:03:00 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
+ 2008-03-01 13:03:00 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
+ 2008-03-01 13:03:00 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
+ 2008-03-01 13:03:01 6,067,712 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
+ 2008-03-01 13:03:01 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
+ 2008-03-01 13:03:01 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
+ 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:40:22 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-03-01 13:03:01 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
+ 2008-03-01 13:03:01 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
+ 2008-03-01 13:03:01 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
+ 2008-03-01 13:03:01 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
+ 2008-03-01 13:03:01 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
+ 2008-03-01 13:03:01 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
+ 2008-03-01 13:03:01 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
+ 2008-03-01 13:03:01 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
+ 2008-03-01 13:03:01 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
+ 2008-03-01 13:03:02 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
+ 2008-03-01 13:03:02 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
+ 2008-03-01 13:03:02 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
+ 2008-03-01 13:03:02 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2004-11-18 17:44:50 209,632 -c----w C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe
+ 2004-11-18 17:45:18 371,936 -c----w C:\WINDOWS\$NtUninstallKB891122$\spuninst\updspapi.dll
+ 2005-02-28 12:00:00 123,904 -c----w C:\WINDOWS\$NtUninstallKB896344$\guitrn.dll
+ 2005-02-28 12:00:00 4,096 -c----w C:\WINDOWS\$NtUninstallKB896344$\iconlib.dll
+ 2005-02-28 12:00:00 19,968 -c----w C:\WINDOWS\$NtUninstallKB896344$\log.dll
+ 2005-02-28 12:00:00 201,216 -c----w C:\WINDOWS\$NtUninstallKB896344$\migism.dll
+ 2005-02-28 12:00:00 103,424 -c----w C:\WINDOWS\$NtUninstallKB896344$\migload.exe
+ 2005-02-28 12:00:00 240,128 -c----w C:\WINDOWS\$NtUninstallKB896344$\migwiz.exe
+ 2005-02-28 12:00:00 202,752 -c----w C:\WINDOWS\$NtUninstallKB896344$\script.dll
+ 2005-02-25 03:35:05 209,632 -c----w C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe
+ 2005-02-25 03:35:06 371,936 -c----w C:\WINDOWS\$NtUninstallKB896344$\spuninst\updspapi.dll
+ 2005-02-28 12:00:00 168,960 -c----w C:\WINDOWS\$NtUninstallKB896344$\sysmod.dll
+ 2005-02-28 12:00:00 116,224 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2p.dll
+ 2005-02-28 12:00:00 86,016 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pgasvc.dll
+ 2005-02-28 12:00:00 312,320 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pgraph.dll
+ 2005-02-28 12:00:00 88,064 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pnetsh.dll
+ 2005-02-28 12:00:00 526,848 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2psvc.dll
+ 2005-02-28 12:00:00 48,640 -c----w C:\WINDOWS\$NtUninstallKB920342$\pnrpnsp.dll
+ 2005-10-12 23:12:25 22,752 -c----w C:\WINDOWS\$NtUninstallKB920342$\spcustom.dll
+ 2005-10-12 23:12:25 14,048 -c----w C:\WINDOWS\$NtUninstallKB920342$\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst.exe
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst\updspapi.dll
+ 2005-10-12 23:12:29 716,000 -c----w C:\WINDOWS\$NtUninstallKB920342$\update.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB920342$\updspapi.dll
+ 2005-02-28 12:00:00 407,552 -c----w C:\WINDOWS\$NtUninstallKB925876$\mstsc.exe
+ 2005-02-28 12:00:00 655,360 -c----w C:\WINDOWS\$NtUninstallKB925876$\mstscax.dll
+ 2005-10-12 23:12:25 22,752 -c----w C:\WINDOWS\$NtUninstallKB925876$\spcustom.dll
+ 2005-10-12 23:12:25 14,048 -c----w C:\WINDOWS\$NtUninstallKB925876$\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst.exe
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst\updspapi.dll
+ 2005-10-12 23:12:28 716,000 -c----w C:\WINDOWS\$NtUninstallKB925876$\update.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB925876$\updspapi.dll
+ 2004-08-04 12:00:00 553,472 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:34 22,752 -c----w C:\WINDOWS\$NtUninstallKB943055$\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w C:\WINDOWS\$NtUninstallKB943055$\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst.exe
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2007-03-06 01:22:59 716,000 -c----w C:\WINDOWS\$NtUninstallKB943055$\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\updspapi.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-10-11 05:57:29 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-10-11 05:57:29 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-10-11 05:57:30 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-10-11 05:57:39 1,498,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-10-11 05:57:40 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-10-29 10:26:53 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2004-08-04 12:00:00 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:34 22,752 -c----w C:\WINDOWS\$NtUninstallKB946026$\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w C:\WINDOWS\$NtUninstallKB946026$\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst.exe
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-03-06 01:22:59 716,000 -c----w C:\WINDOWS\$NtUninstallKB946026$\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\updspapi.dll
- 2008-01-27 19:16:22 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-01-19 21:03:13 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-04-19 15:23:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 01:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2007-02-28 09:08:48 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
- 2000-08-31 15:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2004-08-04 12:00:00 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
+ 2000-08-31 14:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 14:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
- 2004-08-04 12:00:00 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
- 2005-02-28 12:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2004-08-04 12:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
- 2007-12-07 00:44:33 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-10-11 05:57:30 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
- 2007-12-07 00:44:33 205,824 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-10-11 05:57:30 205,824 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
- 2007-12-07 00:44:33 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2007-10-11 05:57:30 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
- 2007-12-06 10:05:52 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2007-10-10 10:48:23 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
- 2007-12-07 00:44:33 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2007-10-11 05:57:31 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
- 2007-12-07 00:44:33 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2007-10-11 05:57:31 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
- 2007-12-07 00:44:33 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2007-10-11 05:57:31 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
- 2007-12-07 00:44:35 3,066,368 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2007-10-30 09:55:21 3,065,856 -c--a-w C:\WINDOWS\ie7\mshtml.dll
- 2007-12-07 00:44:36 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2007-10-11 05:57:36 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
- 2007-12-07 00:44:36 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2007-10-11 05:57:36 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
- 2007-12-07 00:44:36 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2007-10-11 05:57:37 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
- 2007-12-07 00:44:36 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-10-11 05:57:37 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
- 2007-12-07 00:44:39 617,984 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2007-10-11 05:57:40 617,984 -c--a-w C:\WINDOWS\ie7\urlmon.dll
- 2007-12-07 00:44:39 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-10-11 05:57:41 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:34 22,752 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:59 716,000 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\updspapi.dll
+ 2007-03-06 01:22:31 22,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spcustom.dll
+ 2007-03-06 01:22:33 14,048 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst.exe
+ 2007-03-06 01:22:56 716,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\update.exe
+ 2007-06-30 20:22:56 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\updspapi.dll
+ 2007-03-06 01:22:31 22,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spcustom.dll
+ 2007-03-06 01:22:33 14,048 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst.exe
+ 2007-03-06 01:22:56 716,000 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\updspapi.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 17:51:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2004-09-23 01:46:10 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-05-24 21:51:34 2,238 ----a-r C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut2.exe
+ 2006-05-24 21:51:34 2,238 ----a-r C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut3.exe
+ 2006-05-24 21:51:34 2,238 ----a-r C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut4.exe
+ 2006-05-24 21:51:34 2,238 ----a-r C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut8.exe
+ 2006-05-24 21:51:34 2,238 ----a-r C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut9.EXE
+ 2008-04-04 01:44:51 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
- 2008-02-13 19:20:47 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-02-19 21:10:20 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-02-19 21:10:20 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-02-13 19:20:47 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-02-19 21:10:20 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-02-13 19:20:47 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-02-19 21:10:20 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-02-13 19:20:47 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-02-19 21:10:20 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-02-13 19:20:47 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-02-19 21:10:20 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-02-13 19:20:47 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-02-19 21:10:20 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-02-13 19:20:47 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-02-19 21:10:20 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-02-13 19:20:47 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-02-19 21:10:20 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-02-13 19:20:47 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-02-19 21:10:20 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-02-13 19:20:47 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-02-19 21:10:20 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-02-13 19:20:47 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-02-19 21:10:20 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-02-19 00:12:34 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-01-19 16:48:40 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
- 2008-02-19 00:12:34 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-01-19 16:48:40 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
- 2008-02-19 00:12:34 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-01-19 16:48:40 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
- 2008-02-19 00:12:34 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2008-01-19 16:48:40 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2008-04-04 01:45:35 307,200 ----a-r C:\WINDOWS\Installer\{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}\SafariIco.exe
- 2004-08-04 12:00:00 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2004-08-04 12:00:00 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 12:00:00 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2006-07-06 08:49:52 557,568 ----a-w C:\WINDOWS\network diagnostic\xpnetdiag.exe
+ 2006-10-10 12:44:50 557,568 ----a-w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2000-08-31 15:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 14:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
+ 2007-10-22 17:57:52 524,288 ----a-w C:\WINDOWS\opuc.dll
+ 2002-01-06 08:57:41 2,378 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-09-23 01:45:38 161,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2005-01-28 20:44:28 164,864 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
- 2004-09-23 01:45:54 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2005-01-28 20:44:28 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
- 2004-09-23 01:45:54 169,472 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2005-01-28 20:44:28 173,568 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
- 2004-09-23 01:45:56 360,176 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2005-01-28 20:44:28 364,784 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
- 2004-09-23 01:45:56 311,296 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2005-01-28 20:44:28 315,904 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
- 2004-09-23 01:46:12 30,208 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2005-01-28 20:44:28 28,160 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
- 2004-09-23 01:46:12 34,304 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2005-01-28 20:44:28 33,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2004-09-23 01:46:10 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\uwdf.exe
+ 2004-09-23 01:46:10 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wdfapi.dll
+ 2004-09-23 01:46:10 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wdfmgr.exe
+ 2004-09-23 01:46:38 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpd_ci.dll
+ 2004-09-23 01:46:36 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdconns.dll
+ 2004-09-23 01:46:36 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdmtp.dll
+ 2004-09-23 01:46:36 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdmtpdr.dll
+ 2004-09-23 01:46:36 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdmtpus.dll
+ 2004-09-23 01:46:36 327,680 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdsp.dll
+ 2004-09-23 01:46:38 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdtrace.dll
+ 2004-09-23 01:46:38 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdusb.sys
- 2004-09-23 01:46:10 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2005-01-28 20:44:28 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
- 2004-09-23 01:46:10 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2005-01-28 20:44:28 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
- 2004-09-23 01:46:10 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2005-01-28 20:44:28 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
- 2004-09-23 01:46:38 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2005-01-28 20:44:28 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
- 2004-09-23 01:46:36 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2005-01-28 20:44:28 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
- 2004-09-23 01:46:36 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2005-01-28 20:44:28 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
- 2004-09-23 01:46:36 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2005-01-28 20:44:28 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
- 2004-09-23 01:46:36 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2005-01-28 20:44:28 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
- 2004-09-23 01:46:36 327,680 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2005-01-28 20:44:28 331,264 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
- 2004-09-23 01:46:38 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2005-01-28 20:44:28 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
- 2004-09-23 01:46:38 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2005-01-28 20:44:28 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2004-09-23 01:46:32 1,181,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvadvd.dll
- 2004-09-23 01:46:10 380,144 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2005-01-28 20:44:28 396,528 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
- 2004-09-23 01:46:26 773,368 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2005-01-28 20:44:28 774,904 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2004-09-23 01:46:30 531,192 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2005-01-28 20:44:28 413,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
- 2004-09-23 01:46:32 1,181,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2005-01-28 20:44:28 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
- 2004-09-23 01:46:34 871,160 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2005-01-28 20:44:28 895,736 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2004-09-23 01:46:12 344,064 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\WMDRMdev.dll
+ 2004-09-23 01:46:14 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\WMDRMNet.dll
+ 2004-09-23 01:46:32 1,509,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\WMVADVE.DLL
- 2004-09-23 01:45:44 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2005-01-28 20:44:28 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
- 2004-09-23 01:45:44 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-01-28 20:44:28 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
- 2004-09-23 01:46:02 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2005-01-28 20:44:28 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
- 2004-09-23 01:46:10 712,704 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2005-01-28 20:44:28 716,288 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
- 2004-09-23 01:46:12 229,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2005-01-28 20:44:28 224,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
- 2004-09-23 01:46:12 344,064 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2005-01-28 20:44:28 335,872 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
- 2004-09-23 01:46:14 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2005-01-28 20:44:28 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
- 2004-09-23 01:46:14 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2005-01-28 20:44:28 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
- 2004-09-23 01:46:16 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2005-01-28 20:44:28 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
- 2004-09-23 01:46:26 1,116,160 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2005-01-28 20:44:28 1,119,744 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
- 2004-09-23 01:46:30 936,960 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2005-01-28 20:44:28 940,544 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
- 2004-09-23 01:46:32 1,509,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2005-01-28 20:44:28 1,512,448 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
- 2004-09-23 01:46:32 2,362,104 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2005-01-28 20:44:28 2,370,296 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
- 2004-09-23 01:46:34 999,424 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2005-01-28 20:44:28 1,003,008 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
- 2004-09-23 01:45:38 233,472 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2005-01-28 20:44:28 294,912 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
- 2004-09-23 01:45:42 253,688 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2005-01-28 20:44:28 258,296 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
- 2004-09-23 01:45:42 95,232 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2005-01-28 20:44:28 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
- 2004-09-23 01:45:42 527,360 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2005-01-28 20:44:28 502,272 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
- 2004-09-23 01:45:52 141,312 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2005-01-28 20:44:28 142,336 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2000-08-31 14:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 14:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 14:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2005-02-28 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-04 12:00:00 73,376 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2004-08-04 12:00:00 25,264 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2004-08-04 12:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2005-02-28 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2005-02-28 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2005-02-28 12:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2005-02-28 12:00:00 4,048 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2005-02-28 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2005-02-28 12:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2005-02-28 12:00:00 146,432 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
- 2004-08-04 12:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2005-06-18 06:04:56 33,792 ----a-w C:\WINDOWS\system32\a3d.dll
+ 2007-04-09 19:32:58 34,816 ----a-w C:\WINDOWS\system32\a3d.dll
- 2005-06-18 06:03:20 26,624 ----a-w C:\WINDOWS\system32\AC3API.DLL
+ 2007-04-09 19:32:46 27,648 ----a-w C:\WINDOWS\system32\ac3api.dll
- 2005-02-28 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-14 01:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2008-03-20 01:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-03-20 01:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-03-20 01:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-03-20 00:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-20 01:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-20 00:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-03-20 00:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-03-20 00:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-03-20 00:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-20 01:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-20 01:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-20 01:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-20 01:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-20 01:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-03-20 00:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 16:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2005-02-28 12:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2004-08-04 06:56:42 167,936 ----a-w C:\WINDOWS\system32\appmgmts.dll
- 2004-09-23 01:45:36 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-09-23 01:45:36 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-19 04:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2004-08-04 12:00:00 56,832 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\system32\authz.dll
- 2005-02-28 12:00:00 8,192 ----a-w C:\WINDOWS\system32\bdco1.dll
+ 2004-01-29 08:45:18 8,192 ----a-w C:\WINDOWS\system32\bdco1.dll
- 2004-09-23 01:45:38 233,472 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 04:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 12:00:00 229,888 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2004-08-04 12:00:00 628,224 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-12-07 01:07:12 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-04 12:00:00 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2004-09-23 01:45:38 161,792 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 04:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2004-08-04 12:00:00 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:06:29 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2004-08-04 12:00:00 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2004-08-04 12:00:00 501,248 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2004-08-04 12:00:00 62,464 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
- 2004-08-04 12:00:00 195,584 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2005-07-26 04:39:44 195,072 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2004-08-04 12:00:00 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2004-08-04 12:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
- 2005-06-18 05:55:44 87,040 ----a-w C:\WINDOWS\system32\commonfx.dll
+ 2007-04-18 15:59:40 98,600 ----a-w C:\WINDOWS\system32\COMMONFX.DLL
- 2004-08-04 12:00:00 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll
+ 2005-07-26 04:39:44 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
- 2004-08-04 12:00:00 1,251,840 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2004-08-04 12:00:00 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2005-07-26 04:39:45 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
- 2005-06-18 05:53:24 119,808 ----a-w C:\WINDOWS\system32\CT_OAL.DLL
+ 2007-04-09 19:22:04 205,312 ----a-w C:\WINDOWS\system32\ct_oal.dll
- 2005-06-18 06:01:40 7,168 ----a-w C:\WINDOWS\system32\CTAGENT.DLL
+ 2007-04-09 19:32:30 8,704 ----a-w C:\WINDOWS\system32\ctagent.dll
- 2005-06-18 05:53:24 73,728 ----a-w C:\WINDOWS\system32\CTASIO.DLL
+ 2007-04-09 19:22:02 79,872 ----a-w C:\WINDOWS\system32\ctasio.dll
- 2005-06-18 05:55:48 536,576 ----a-w C:\WINDOWS\system32\ctaudfx.dll
+ 2007-04-12 15:10:16 546,048 ----a-w C:\WINDOWS\system32\CTAUDFX.DLL
- 2005-07-11 04:44:12 38,400 ----a-w C:\WINDOWS\system32\CTBURST.DLL
+ 2007-04-09 19:33:50 43,520 ----a-w C:\WINDOWS\system32\CTBurst.dll
- 2005-06-18 06:08:36 81,920 ----a-w C:\WINDOWS\system32\ctcoinst.dll
+ 2007-04-09 19:33:36 86,016 ----a-w C:\WINDOWS\system32\ctcoinst.dll
- 2005-06-18 06:01:22 190,976 ----a-w C:\WINDOWS\system32\CTDC0000.DLL
+ 2007-04-09 19:32:20 227,840 ----a-w C:\WINDOWS\system32\ctdc0000.dll
- 2005-06-18 06:01:24 286,208 ----a-w C:\WINDOWS\system32\CTDC0001.DLL
+ 2007-04-09 19:32:22 335,872 ----a-w C:\WINDOWS\system32\ctdc0001.dll
- 2005-06-18 06:01:24 129,536 ----a-w C:\WINDOWS\system32\CTDCIFCE.DLL
+ 2007-04-09 19:32:22 131,072 ----a-w C:\WINDOWS\system32\ctdcifce.dll
- 2005-06-18 05:53:22 71,168 ----a-w C:\WINDOWS\system32\ctdproxy.dll
+ 2007-04-09 19:22:00 76,800 ----a-w C:\WINDOWS\system32\ctdproxy.dll
- 2005-06-18 06:08:36 134,656 ----a-w C:\WINDOWS\system32\ctdvinst.dll
+ 2007-04-09 19:33:36 163,328 ----a-w C:\WINDOWS\system32\ctdvinst.dll
- 2005-06-18 05:56:02 157,696 ----a-w C:\WINDOWS\system32\cteapsfx.dll
+ 2007-04-12 15:10:18 168,192 ----a-w C:\WINDOWS\system32\CTEAPSFX.DLL
- 2005-06-18 05:53:26 47,616 ----a-w C:\WINDOWS\system32\CTEDASIO.DLL
+ 2007-04-09 19:22:04 50,176 ----a-w C:\WINDOWS\system32\ctedasio.dll
- 2005-06-18 05:53:30 269,824 ----a-w C:\WINDOWS\system32\CTEDSPFX.DLL
+ 2007-04-12 15:10:20 280,320 ----a-w C:\WINDOWS\system32\CTEDSPFX.DLL
- 2005-06-18 05:53:36 115,200 ----a-w C:\WINDOWS\system32\CTEDSPIO.DLL
+ 2007-04-12 15:10:22 128,768 ----a-w C:\WINDOWS\system32\CTEDSPIO.DLL
- 2005-06-18 05:55:44 317,952 ----a-w C:\WINDOWS\system32\CTEDSPSY.DLL
+ 2007-04-12 15:10:22 323,328 ----a-w C:\WINDOWS\system32\CTEDSPSY.DLL
- 2005-06-18 05:56:24 106,496 ----a-w C:\WINDOWS\system32\ctemupia.dll
+ 2007-04-09 19:24:06 110,080 ----a-w C:\WINDOWS\system32\ctemupia.dll
- 2005-06-07 13:10:50 70,656 ----a-w C:\WINDOWS\system32\CTMMACTL.DLL
+ 2005-06-16 17:17:16 71,680 ----a-w C:\WINDOWS\system32\ctmmactl.dll
- 2005-06-18 06:01:36 11,776 ----a-w C:\WINDOWS\system32\CTMMEP.DLL
+ 2007-04-09 19:32:28 12,800 ----a-w C:\WINDOWS\system32\ctmmep.dll
- 2005-06-18 05:53:12 129,024 ----a-w C:\WINDOWS\system32\CTOSUSER.DLL
+ 2007-04-09 19:21:50 137,728 ----a-w C:\WINDOWS\system32\ctosuser.dll
- 2005-06-18 06:01:38 30,208 ----a-w C:\WINDOWS\system32\CTPCMCIA.DLL
+ 2007-04-09 19:32:30 56,832 ----a-w C:\WINDOWS\system32\CTpcmcia.dll
- 2005-06-18 06:01:28 9,216 ----a-w C:\WINDOWS\system32\CTPRES.DLL
+ 2007-04-09 19:32:24 9,216 ----a-w C:\WINDOWS\system32\ctpres.dll
- 2005-06-18 05:56:06 548,352 ----a-w C:\WINDOWS\system32\ctsblfx.dll
+ 2007-04-12 15:10:16 560,384 ----a-w C:\WINDOWS\system32\CTSBLFX.DLL
- 2005-06-18 06:01:26 75,264 ----a-w C:\WINDOWS\system32\CTSCAL.DLL
+ 2007-04-09 19:32:22 78,336 ----a-w C:\WINDOWS\system32\ctscal.dll
- 2005-06-18 06:01:40 23,552 ----a-w C:\WINDOWS\system32\CTSPKHLP.DLL
+ 2007-04-09 19:32:30 45,568 ----a-w C:\WINDOWS\system32\ctspkhlp.dll
- 2005-06-18 06:01:26 64,000 ----a-w C:\WINDOWS\system32\CTTHXCAL.DLL
+ 2007-04-09 19:32:24 69,632 ----a-w C:\WINDOWS\system32\ctthxcal.dll
- 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-12-07 01:07:12 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-04-09 19:19:20 2,091 ----a-w C:\WINDOWS\system32\DATA\cts20x.dat
+ 2004-08-04 12:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
- 2005-06-18 05:50:48 47,104 ----a-w C:\WINDOWS\system32\DEVREG.DLL
+ 2007-04-09 19:19:02 48,640 ----a-w C:\WINDOWS\system32\devreg.dll
- 2004-08-04 12:00:00 111,104 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
- 2004-08-04 12:00:00 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2005-06-18 06:04:56 33,792 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2007-04-09 19:32:58 34,816 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
- 2005-02-28 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-14 01:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2005-02-28 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-04 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
- 2004-08-04 12:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2004-08-04 12:00:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2004-09-23 01:45:36 8,192 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 04:47:08 7,168 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2005-03-02 18:09:29 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
- 2004-09-23 01:45:38 233,472 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 04:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2007-10-11 05:57:29 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 12:00:00 229,888 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
+ 2005-07-26 04:39:42 225,792 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
- 2004-08-04 12:00:00 628,224 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
- 2007-10-11 05:57:29 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-12-07 01:07:12 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2004-08-04 12:00:00 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
- 2004-09-23 01:45:38 161,792 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 04:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-08-04 12:00:00 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2006-06-22 05:06:29 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
- 2004-08-04 12:00:00 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
- 2004-08-04 12:00:00 501,248 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2004-08-04 12:00:00 62,464 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2005-07-26 04:39:43 60,416 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
- 2004-08-04 12:00:00 195,584 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2005-07-26 04:39:44 195,072 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
- 2004-08-04 12:00:00 611,328 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
+ 2006-08-25 15:45:58 617,472 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
- 2004-08-04 12:00:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2005-07-26 04:39:44 97,792 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
- 2004-08-04 12:00:00 1,251,840 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
- 2004-08-04 12:00:00 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2005-07-26 04:39:45 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
- 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-14 01:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-10-11 05:57:30 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-12-07 01:07:12 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 12:00:00 111,104 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
- 2004-08-04 12:00:00 81,408 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:12:00 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2004-08-04 12:00:00 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2004-09-23 01:45:42 253,688 -c--a-w C:\WINDOWS\system32\dllcache\drmclien.dll
+ 2005-01-28 20:44:28 258,296 -c--a-w C:\WINDOWS\system32\dllcache\drmclien.dll
- 2004-09-23 01:45:42 95,232 -c--a-w C:\WINDOWS\system32\dllcache\drmstor.dll
+ 2005-01-28 20:44:28 96,768 -c--a-w C:\WINDOWS\system32\dllcache\drmstor.dll
- 2004-09-23 01:45:42 527,360 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 04:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2004-08-04 12:00:00 498,205 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2006-08-22 11:05:26 498,742 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
- 2007-10-11 05:57:30 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-10-11 05:57:30 205,824 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00:00 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2005-07-26 04:39:45 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2004-08-04 12:00:00 1,082,368 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2005-10-20 22:20:03 1,082,368 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
- 2004-08-04 12:00:00 1,032,192 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2007-10-11 05:57:30 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-10-14 23:43:18 27,648 -c--a-w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
+ 2007-03-23 03:24:58 28,160 -c--a-w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
- 2004-08-04 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
+ 2006-08-21 12:21:06 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
- 2004-08-04 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
+ 2006-08-21 09:14:58 23,040 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
- 2004-08-04 12:00:00 124,800 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
+ 2006-08-21 09:14:58 128,896 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
- 2004-08-04 12:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:14:45 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
- 2004-08-04 12:00:00 278,016 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2005-02-28 12:00:00 123,904 -c--a-w C:\WINDOWS\system32\dllcache\guitrn.dll
+ 2005-04-28 19:16:29 133,120 -c--a-w C:\WINDOWS\system32\dllcache\guitrn.dll
- 2004-08-04 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
+ 2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
- 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
+ 2005-05-27 02:04:27 41,472 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
- 2004-08-04 12:00:00 77,850 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2006-07-21 08:24:43 72,704 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
- 2005-02-28 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-14 01:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2004-08-04 12:00:00 253,952 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
+ 2005-06-29 01:46:00 254,976 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
- 2005-02-28 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2005-02-28 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2005-02-28 12:00:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2005-02-28 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2005-02-28 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-10-10 10:48:23 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-14 01:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2005-02-28 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-14 01:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-10-11 05:57:31 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-14 01:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2005-02-28 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2005-02-28 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-14 01:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2005-02-28 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2005-02-28 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-14 01:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2004-08-04 12:00:00 678,400 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-10-11 05:57:31 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-14 01:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2004-08-04 12:00:00 94,720 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
+ 2006-05-19 12:59:41 94,720 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
- 2004-08-04 12:00:00 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
+ 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
- 2004-08-04 12:00:00 143,872 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
+ 2005-05-27 02:04:27 155,136 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
- 2004-08-04 12:00:00 134,144 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2005-05-27 02:04:27 137,216 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2006-06-01 18:47:07 163,840 -c----w C:\WINDOWS\system32\dllcache\jgdw400.dll
+ 2006-06-01 18:47:07 27,648 -c----w C:\WINDOWS\system32\dllcache\jgpl400.dll
- 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-14 01:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-10-11 05:57:31 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
+ 2005-06-15 17:49:30 295,936 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
- 2004-08-04 12:00:00 983,552 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:52:53 984,576 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2004-08-04 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2006-06-14 08:47:45 172,416 -c----w C:\WINDOWS\system32\dllcache\kmixer.sys
- 2004-09-23 01:45:44 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 04:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2005-02-28 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-14 01:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2005-09-01 01:41:53 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
- 2005-02-28 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\log.dll
+ 2005-04-28 19:16:29 19,968 -c--a-w C:\WINDOWS\system32\dllcache\log.dll
- 2004-09-23 01:45:44 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 03:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-04 12:00:00 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2004-08-04 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2004-08-04 12:00:00 73,376 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2004-08-04 12:00:00 25,264 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2004-08-04 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
- 2004-08-04 12:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2007-03-08 15:36:28 40,960 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2004-08-04 12:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
- 2004-08-04 12:00:00 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
- 2005-02-28 12:00:00 201,216 -c--a-w C:\WINDOWS\system32\dllcache\migism.dll
+ 2005-04-28 19:16:29 274,432 -c--a-w C:\WINDOWS\system32\dllcache\migism.dll
- 2005-02-28 12:00:00 103,424 -c--a-w C:\WINDOWS\system32\dllcache\migload.exe
+ 2005-04-28 00:12:58 103,424 -c--a-w C:\WINDOWS\system32\dllcache\migload.exe
- 2004-08-04 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2005-07-25 23:46:57 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
- 2005-02-28 12:00:00 240,128 -c--a-w C:\WINDOWS\system32\dllcache\migwiz.exe
+ 2005-04-28 00:12:57 245,248 -c--a-w C:\WINDOWS\system32\dllcache\migwiz.exe
+ 2004-08-04 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
- 2004-08-04 12:00:00 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-19 04:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-04 12:00:00 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 04:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 12:00:00 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 04:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-09-23 01:45:52 344,064 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 04:47:14 243,712 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2005-02-28 12:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2004-08-04 12:00:00 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
+ 2006-03-23 05:44:21 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
- 2004-08-04 12:00:00 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:07:23 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
- 2004-08-04 12:00:00 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:07:23 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
- 2004-08-04 12:00:00 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-12-26 13:07:23 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
- 2004-08-04 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2005-06-29 01:46:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2004-08-04 12:00:00 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2006-03-01 19:42:42 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2004-08-04 12:00:00 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2006-03-01 19:42:42 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2004-08-04 12:00:00 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:42:42 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2004-08-04 12:00:00 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-11-27 14:54:06 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2005-02-28 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-14 01:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-10-30 09:55:21 3,065,856 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-02 00:36:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-10-11 05:57:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2005-02-28 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-14 01:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2005-05-04 21:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-04 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2006-12-26 13:07:23 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
- 2005-02-28 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-14 01:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2004-09-23 01:45:52 141,312 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 04:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-08-04 12:00:00 1,311,232 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-05-16 15:12:08 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2004-09-23 01:45:54 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 04:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-09-23 01:45:54 169,472 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 04:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2007-10-11 05:57:36 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-09-23 01:45:56 360,176 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 23:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2007-10-11 05:57:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-09-23 01:45:56 311,296 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 04:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2004-08-04 12:00:00 1,236,480 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2004-08-04 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
+ 2006-03-01 19:42:42 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
- 2004-08-04 12:00:00 90,112 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2006-03-01 19:42:42 91,136 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
- 2004-08-04 12:00:00 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2006-08-17 12:28:27 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2004-08-04 12:00:00 198,144 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
+ 2005-08-22 18:29:46 197,632 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
- 2004-08-04 12:00:00 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
+ 2005-11-29 23:27:06 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
- 2004-08-04 12:00:00 574,592 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-28 09:08:48 2,136,064 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2004-08-04 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
- 2004-08-04 12:00:00 144,384 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
- 2005-02-28 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2004-08-04 12:00:00 1,281,536 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
- 2007-05-17 11:28:05 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2004-08-04 12:00:00 68,608 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-07-26 04:39:48 74,752 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
- 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
- 2004-08-04 12:00:00 117,760 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2006-10-16 16:15:00 122,880 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
- 2005-02-28 12:00:00 116,224 -c--a-w C:\WINDOWS\system32\dllcache\p2p.dll
+ 2006-10-11 16:24:45 153,088 -c--a-w C:\WINDOWS\system32\dllcache\p2p.dll
- 2005-02-28 12:00:00 86,016 -c--a-w C:\WINDOWS\system32\dllcache\p2pgasvc.dll
+ 2006-10-11 16:24:45 104,960 -c--a-w C:\WINDOWS\system32\dllcache\p2pgasvc.dll
- 2005-02-28 12:00:00 312,320 -c--a-w C:\WINDOWS\system32\dllcache\p2pgraph.dll
+ 2006-10-11 16:24:45 313,344 -c--a-w C:\WINDOWS\system32\dllcache\p2pgraph.dll
- 2005-02-28 12:00:00 88,064 -c--a-w C:\WINDOWS\system32\dllcache\p2pnetsh.dll
+ 2006-10-11 16:24:45 116,224 -c--a-w C:\WINDOWS\system32\dllcache\p2pnetsh.dll
- 2005-02-28 12:00:00 526,848 -c--a-w C:\WINDOWS\system32\dllcache\p2psvc.dll
+ 2006-10-11 16:24:45 553,984 -c--a-w C:\WINDOWS\system32\dllcache\p2psvc.dll
- 2007-10-11 05:57:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2005-02-28 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\pnrpnsp.dll
+ 2006-10-11 16:24:45 58,880 -c--a-w C:\WINDOWS\system32\dllcache\pnrpnsp.dll
- 2006-10-14 23:44:44 671,744 -c--a-w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
+ 2007-03-23 03:25:42 677,376 -c--a-w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
- 2004-09-23 01:46:02 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 04:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-08-04 12:00:00 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-04 12:00:00 1,435,648 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
+ 2006-06-22 05:06:30 1,435,648 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
- 2004-08-04 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
- 2004-08-04 12:00:00 174,080 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
+ 2006-06-22 10:47:18 181,248 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
- 2004-08-04 12:00:00 176,512 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
+ 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
- 2004-08-04 12:00:00 139,400 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
+ 2005-06-10 04:09:46 139,528 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
- 2004-08-04 12:00:00 431,616 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2006-11-27 14:54:06 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
- 2004-08-04 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2004-08-04 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2004-08-04 12:00:00 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2005-07-26 04:39:49 397,824 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
- 2004-08-04 12:00:00 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2007-04-25 14:21:15 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
- 2005-02-28 12:00:00 202,752 -c--a-w C:\WINDOWS\system32\dllcache\script.dll
+ 2005-04-28 19:16:29 215,552 -c--a-w C:\WINDOWS\system32\dllcache\script.dll
- 2004-09-23 01:46:04 819,200 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-02 01:31:38 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2007-10-11 05:57:39 1,498,112 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2004-08-04 12:00:00 8,384,000 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-10-11 05:57:40 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-04 12:00:00 134,656 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2004-08-04 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2006-06-14 08:47:46 6,400 -c----w C:\WINDOWS\system32\dllcache\splitter.sys
- 2004-08-04 12:00:00 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
- 2004-08-04 12:00:00 336,256 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2004-08-04 12:00:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
+ 2004-12-07 19:32:34 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
- 2004-08-04 12:00:00 246,302 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2006-08-21 16:52:08 246,814 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
- 2004-08-04 12:00:00 713,216 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
+ 2006-10-19 13:56:32 713,216 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
- 2005-02-28 12:00:00 168,960 -c--a-w C:\WINDOWS\system32\dllcache\sysmod.dll
+ 2005-04-28 19:16:29 193,024 -c--a-w C:\WINDOWS\system32\dllcache\sysmod.dll
+ 2004-08-04 12:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
- 2004-08-04 12:00:00 210,432 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
+ 2005-10-17 21:14:46 118,272 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
- 2004-08-04 12:00:00 246,272 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
- 2004-08-04 12:00:00 359,040 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2004-08-04 12:00:00 223,616 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2004-08-04 12:00:00 75,264 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2005-05-10 23:45:48 75,776 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2004-08-04 12:00:00 4,048 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
- 2004-08-04 12:00:00 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
+ 2005-07-26 04:39:49 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
- 2004-08-04 12:00:00 118,272 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
+ 2005-08-23 03:35:42 123,392 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
- 2004-09-23 01:46:10 192,512 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-08-04 12:00:00 185,344 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
+ 2007-02-05 20:17:02 185,344 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
- 2005-02-28 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-10-11 05:57:40 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-04 12:00:00 577,024 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-03-08 15:36:28 577,536 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
- 2005-02-28 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-14 01:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
- 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2004-08-04 12:00:00 504,832 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:12:12 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2004-08-04 12:00:00 84,992 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2007-05-16 15:12:15 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2004-08-04 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
+ 2006-03-24 04:37:50 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
+ 2006-06-14 09:00:45 82,944 -c----w C:\WINDOWS\system32\dllcache\wdmaud.sys
- 2005-02-28 12:00:00 276,480 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2004-08-04 12:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
+ 2006-01-04 03:35:05 68,096 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
+ 2004-08-04 12:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
- 2004-08-04 12:00:00 333,312 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
- 2004-08-04 12:00:00 1,835,904 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-10-11 05:57:41 666,112 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2004-08-04 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
+ 2004-08-04 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
- 2004-08-04 12:00:00 290,816 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2007-03-17 13:43:01 292,864 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
- 2004-08-04 12:00:00 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
- 2004-09-23 01:46:10 380,144 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 04:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-09-23 01:46:10 712,704 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 04:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2004-09-23 01:46:12 229,376 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-28 00:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-09-23 01:46:12 30,208 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 04:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-09-23 01:46:12 34,304 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 04:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-23 01:46:14 189,440 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 04:47:20 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-09-23 01:46:14 150,016 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 04:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-09-23 01:46:16 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 04:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2004-09-23 01:46:16 5,550,080 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-09-23 01:46:20 135,168 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-09-23 01:46:20 77,824 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 04:47:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-09-23 01:46:20 282,624 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-09-23 01:46:22 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 04:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-09-23 01:46:22 3,371,008 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-09-23 01:46:24 86,016 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-09-23 01:46:26 773,368 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-09-23 01:46:26 1,116,160 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-09-23 01:46:30 531,192 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 04:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-09-23 01:46:30 936,960 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 04:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2004-09-23 01:46:32 2,362,104 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 04:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-09-23 01:46:34 871,160 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-09-23 01:46:34 999,424 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2004-08-04 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
- 2007-04-17 05:47:36 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-31 02:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2004-08-04 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
+ 2006-03-01 19:42:42 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
- 2006-10-15 03:21:58 580,352 -c--a-w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
+ 2007-03-23 13:07:54 583,504 -c--a-w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
- 2006-10-15 03:22:00 1,698,048 -c--a-w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
+ 2007-03-23 13:07:56 1,683,280 -c--a-w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
- 2004-08-04 12:00:00 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 12:00:00 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2004-08-04 12:00:00 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2005-08-19 10:00:00 2,432 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2005-08-19 10:00:00 2,560 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
- 2005-06-18 05:53:04 501,760 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
+ 2007-04-10 11:19:30 511,272 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
- 2005-06-18 05:53:28 438,784 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
+ 2007-04-10 11:20:38 520,488 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
- 2005-06-07 13:00:16 340,176 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
+ 2007-04-10 11:21:06 347,128 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
- 2005-06-18 05:53:14 114,688 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
+ 2007-04-10 12:59:04 126,760 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
- 2005-06-18 05:53:28 7,168 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
+ 2007-04-10 11:25:46 14,632 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
- 2005-06-18 05:53:08 142,336 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
+ 2007-04-10 13:00:24 157,480 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
+ 2004-08-04 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2005-06-18 05:53:08 77,824 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
+ 2007-04-10 11:28:36 92,968 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
- 2004-08-04 12:00:00 124,800 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
- 2006-09-19 22:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 18:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2005-06-18 05:53:16 751,104 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
+ 2007-04-10 11:29:10 797,992 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
- 2005-06-18 05:53:16 153,088 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
+ 2007-04-10 11:31:18 163,112 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
- 2005-06-18 05:53:16 178,688 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
+ 2007-04-10 11:32:06 189,736 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
+ 2001-08-17 21:02:50 2,688 ----a-w C:\WINDOWS\system32\drivers\HIDSwvd.sys
- 2004-08-04 12:00:00 263,040 ----a-w C:\WINDOWS\system32\drivers\http.sys
+ 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
- 2004-08-04 12:00:00 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2004-08-04 12:00:00 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2004-08-04 12:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2004-08-04 12:00:00 451,456 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2001-08-17 14:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys
- 2004-08-04 12:00:00 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2004-08-04 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2005-02-28 12:00:00 21,120 ----a-w C:\WINDOWS\system32\drivers\nv_agp.SYS
+ 2003-10-29 20:02:00 21,120 ----a-w C:\WINDOWS\system32\drivers\nv_agp.SYS
- 2005-02-28 12:00:00 79,360 ----a-w C:\WINDOWS\system32\drivers\nvatabus.sys
+ 2004-01-13 19:36:00 63,744 ----a-w C:\WINDOWS\system32\drivers\nvatabus.sys
- 2005-02-28 12:00:00 12,928 ----a-w C:\WINDOWS\system32\drivers\nvnetbus.sys
+ 2004-01-29 08:55:42 12,928 ----a-w C:\WINDOWS\system32\drivers\nvnetbus.sys
- 2005-02-28 12:00:00 56,960 ----a-w C:\WINDOWS\system32\drivers\nvnrm.sys
+ 2004-01-29 08:55:34 56,320 ----a-w C:\WINDOWS\system32\drivers\nvnrm.sys
- 2005-02-28 12:00:00 191,232 ----a-w C:\WINDOWS\system32\drivers\nvsnpu.sys
+ 2004-01-29 08:55:24 190,848 ----a-w C:\WINDOWS\system32\drivers\nvsnpu.sys
- 2005-06-18 06:06:28 9,216 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
+ 2007-04-10 11:32:34 16,168 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
- 2004-08-04 12:00:00 176,512 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2004-08-04 12:00:00 139,400 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2005-06-10 04:09:46 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2004-08-04 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2004-08-04 12:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2004-08-04 06:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2004-08-04 12:00:00 336,256 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2004-08-04 12:00:00 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-04 12:00:00 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-04 12:00:00 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2004-09-23 01:46:38 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 03:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
- 2004-09-23 01:45:42 253,688 ----a-w C:\WINDOWS\system32\drmclien.dll
+ 2005-01-28 20:44:28 258,296 ----a-w C:\WINDOWS\system32\drmclien.dll
- 2004-09-23 01:45:42 95,232 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2005-01-28 20:44:28 96,768 ----a-w C:\WINDOWS\system32\drmstor.dll
- 2004-09-23 01:45:42 527,360 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 04:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2004-08-04 12:00:00 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2006-08-22 11:05:26 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2007-10-11 05:57:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-10-11 05:57:30 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2001-07-11 02:51:00 77,824 ----a-w C:\WINDOWS\system32\EAXAC3.DLL
+ 2001-07-11 09:51:00 77,824 ----a-w C:\WINDOWS\system32\eaxac3.dll
- 2004-08-04 12:00:00 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
- 2004-08-04 12:00:00 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
+ 2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
- 2007-10-11 05:57:30 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2005-03-02 20:56:12 251,420 ----a-w C:\WINDOWS\system32\FarLsp.dll
+ 2005-03-02 21:56:12 251,420 ----a-w C:\WINDOWS\system32\FarLsp.dll
- 2004-08-04 12:00:00 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
+ 2006-08-21 12:21:06 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
- 2004-08-04 12:00:00 22,528 ----a-w C:\WINDOWS\system32\fltMc.exe
+ 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
- 2008-02-18 23:58:44 140,440 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-09 13:47:55 140,440 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-04 12:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:14:45 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2004-08-04 12:00:00 278,016 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2006-10-04 02:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-01-29 18:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2004-08-04 12:00:00 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 02:04:27 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2004-08-04 12:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:24:43 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2004-08-04 12:00:00 345,088 ----a-w C:\WINDOWS\system32\hypertrm.dll
+ 2004-11-17 17:41:24 347,136 ----a-w C:\WINDOWS\system32\hypertrm.dll
- 2007-08-14 01:36:26 61,952 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2004-08-04 12:00:00 253,952 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2005-06-29 01:46:00 254,976 ----a-w C:\WINDOWS\system32\icm32.dll
- 2005-02-28 12:00:00 294,400 ----a-w C:\WINDOWS\system32\idecoi.dll
+ 2004-01-13 19:36:00 291,328 ----a-w C:\WINDOWS\system32\idecoi.dll
- 2005-02-28 12:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2005-02-28 12:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2005-02-28 12:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2005-02-28 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-07-11 19:27:48 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2005-02-28 12:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2005-02-28 12:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-14 01:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
- 2007-08-14 01:54:10 6,049,280 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-10-11 05:57:31 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-14 01:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2005-02-28 12:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-14 01:34:04 266,752 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2005-02-28 12:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-14 01:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2006-08-23 06:13:34 11,776 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2005-02-28 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-14 01:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2004-08-04 12:00:00 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-10-11 05:57:31 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-14 01:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-04 12:00:00 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2006-05-19 12:59:41 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2004-08-04 12:00:00 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 02:04:27 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
- 2004-08-04 12:00:00 134,144 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 02:04:27 137,216 ----a-w C:\WINDOWS\system32\itss.dll
- 2004-08-04 12:00:00 144,896 ----a-w C:\WINDOWS\system32\jgdw400.dll
+ 2006-06-01 18:47:07 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
- 2004-08-04 12:00:00 42,496 ----a-w C:\WINDOWS\system32\jgpl400.dll
+ 2006-06-01 18:47:07 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
- 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-14 01:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-10-11 05:57:31 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 12:00:00 294,400 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2004-08-04 12:00:00 983,552 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2004-08-04 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
- 2005-06-18 05:50:56 9,216 ----a-w C:\WINDOWS\system32\KILLAPPS.EXE
+ 2007-04-09 19:19:16 10,240 ----a-w C:\WINDOWS\system32\killapps.exe
+ 2004-08-04 12:00:00 221,600 ----a-w C:\WINDOWS\system32\lanman.drv
- 2004-09-23 01:45:44 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 04:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2005-02-28 12:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-14 01:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2004-08-04 12:00:00 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2004-09-23 01:45:44 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 03:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2004-08-04 12:00:00 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-08-04 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2007-11-03 21:34:58 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-04-18 01:08:30 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-04 12:00:00 73,376 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2004-08-04 12:00:00 25,264 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2004-08-04 12:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
- 2004-08-04 12:00:00 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2004-08-04 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2004-08-04 12:00:00 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2004-08-04 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
- 2004-08-04 12:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
- 2004-08-04 12:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
- 2004-08-04 12:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2004-08-04 12:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
- 2004-08-04 12:00:00 73,728 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2004-08-04 12:00:00 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:42:42 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2004-08-04 12:00:00 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:42:42 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2004-08-04 12:00:00 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:42:42 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2007-08-14 01:54:10 458,752 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-14 01:54:10 50,688 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2004-08-04 12:00:00 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:54:06 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2005-02-28 12:00:00 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-04 12:00:00 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2005-02-28 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-14 01:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-10-30 09:55:21 3,065,856 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-02 00:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-10-11 05:57:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2005-02-28 12:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-14 01:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2005-05-04 21:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2005-02-28 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-14 01:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2004-09-23 01:45:52 141,312 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 04:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-09-23 01:45:54 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 04:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-09-23 01:45:54 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 04:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2007-10-11 05:57:36 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-09-23 01:45:56 360,176 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 23:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2007-10-11 05:57:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2005-02-28 12:00:00 407,552 ----a-w C:\WINDOWS\system32\mstsc.exe
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\system32\mstsc.exe
- 2005-02-28 12:00:00 655,360 ----a-w C:\WINDOWS\system32\mstscax.dll
+ 2006-11-13 06:02:58 1,866,240 ----a-w C:\WINDOWS\system32\mstscax.dll
- 2004-09-23 01:45:56 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 04:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2004-08-04 12:00:00 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-04 12:00:00 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-04 12:00:00 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:42:42 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
- 2004-08-04 12:00:00 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-04 12:00:00 198,144 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman.dll
- 2004-08-04 12:00:00 2,056,832 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 08:38:55 2,057,600 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2004-08-04 12:00:00 2,180,992 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 09:10:57 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2005-02-28 12:00:00 32,256 ----a-w C:\WINDOWS\system32\nvconrm.dll
+ 2004-01-29 09:22:48 31,744 ----a-w C:\WINDOWS\system32\nvconrm.dll
- 2004-08-04 12:00:00 144,384 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2005-03-24 02:23:48 339,968 ----a-w C:\WINDOWS\system32\OALINST.EXE
+ 2006-11-23 07:55:48 782,336 ----a-w C:\WINDOWS\system32\OALInst.exe
- 2005-02-28 12:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-02-05 01:23:10 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
- 2004-08-04 12:00:00 1,281,536 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-08-04 12:00:00 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2004-08-04 12:00:00 68,608 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2004-08-04 12:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2004-08-04 12:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:15:00 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2005-02-28 12:00:00 116,224 ----a-w C:\WINDOWS\system32\p2p.dll
+ 2006-10-11 16:24:45 153,088 ----a-w C:\WINDOWS\system32\p2p.dll
- 2005-02-28 12:00:00 86,016 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
+ 2006-10-11 16:24:45 104,960 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
- 2005-02-28 12:00:00 312,320 ----a-w C:\WINDOWS\system32\p2pgraph.dll
+ 2006-10-11 16:24:45 313,344 ----a-w C:\WINDOWS\system32\p2pgraph.dll
- 2005-02-28 12:00:00 88,064 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
+ 2006-10-11 16:24:45 116,224 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
- 2005-02-28 12:00:00 526,848 ----a-w C:\WINDOWS\system32\p2psvc.dll
+ 2006-10-11 16:24:45 553,984 ----a-w C:\WINDOWS\system32\p2psvc.dll
- 2008-02-19 00:01:37 71,628 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-09 15:35:25 71,628 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-02-19 00:01:37 442,262 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-09 15:35:25 442,262 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2005-06-18 05:53:06 73,728 ----a-w C:\WINDOWS\system32\piaproxy.dll
+ 2007-04-09 19:21:42 81,920 ----a-w C:\WINDOWS\system32\piaproxy.dll
- 2007-10-11 05:57:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-02-28 12:00:00 48,640 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
+ 2006-10-11 16:24:45 58,880 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
- 2006-10-14 23:43:38 124,416 ----a-w C:\WINDOWS\system32\prntvpt.dll
+ 2007-03-23 03:25:02 124,928 ----a-w C:\WINDOWS\system32\prntvpt.dll
- 2004-09-23 01:46:02 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 04:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2004-08-04 12:00:00 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 12:00:00 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:06:30 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
- 2004-08-04 12:00:00 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-04 12:00:00 174,080 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2005-06-18 05:53:08 33,792 ----a-w C:\WINDOWS\system32\REGPLIB.EXE
+ 2007-04-09 19:21:44 48,128 ----a-w C:\WINDOWS\system32\regplib.exe
+ 2005-02-28 12:00:00 21,120 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nv_agp.SYS
+ 2005-02-28 12:00:00 29,696 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\NVCOG.DLL
+ 2005-02-28 12:00:00 8,192 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\bdco1.dll
+ 2005-02-28 12:00:00 32,256 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\nvconrm.dll
+ 2005-02-28 12:00:00 12,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\nvnetbus.sys
+ 2005-02-28 12:00:00 56,960 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\nvnrm.sys
+ 2005-02-28 12:00:00 191,232 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\nvsnpu.sys
+ 2005-02-28 12:00:00 294,400 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\idecoi.dll
+ 2005-02-28 12:00:00 79,360 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvatabus.sys
+ 2005-02-28 12:00:00 294,400 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\idecoi.dll
+ 2004-01-13 19:36:00 63,744 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvatabus.sys
+ 2005-06-18 06:04:56 33,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Common\i386\a3d.dll
+ 2005-06-18 05:55:44 87,040 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Common\i386\commonfx.dll
+ 2005-06-18 05:55:48 536,576 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Common\i386\ctaudfx.dll
+ 2005-06-18 05:53:22 71,168 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Common\i386\ctdproxy.dll
+ 2005-06-18 05:56:02 157,696 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Common\i386\cteapsfx.dll
+ 2005-06-18 05:56:24 106,496 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Common\i386\ctemupia.dll
+ 2005-06-18 05:56:06 548,352 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Common\i386\ctsblfx.dll
+ 2005-06-18 05:53:06 73,728 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Common\i386\piaproxy.dll
+ 2005-06-18 05:53:10 21,504 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Common\i386\sfman32.dll
+ 2004-08-04 06:08:00 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\drmk.sys
+ 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\ks.sys
+ 2004-08-04 07:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\ksuser.dll
+ 2004-08-04 06:15:50 145,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\portcls.sys
+ 2004-08-04 06:08:04 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\stream.sys
+ 2004-08-04 07:56:58 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\wdmaud.drv
+ 2007-04-09 19:21:28 149,838 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\ctbas2w.dat
+ 2007-04-09 19:19:20 53,932 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\ctdaught.dat
+ 2005-06-18 05:56:58 293,446 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\ctdlang.dat
+ 2007-04-09 19:19:44 274,587 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\ctsbas2w.dat
+ 2007-04-09 19:19:20 313,207 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\ctstatic.dat
+ 2005-06-18 05:53:04 501,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\ctac32k.sys
+ 2005-06-18 05:53:28 438,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\ctaud2k.sys
+ 2005-06-18 06:08:36 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\ctcoinst.dll
+ 2005-06-07 13:00:16 340,176 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\ctdvda2k.sys
+ 2005-06-18 06:08:36 134,656 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\ctdvinst.dll
+ 2005-06-18 05:53:14 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\ctoss2k.sys
+ 2005-06-18 05:53:28 7,168 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\ctprxy2k.sys
+ 2005-06-18 05:53:08 142,336 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\ctsfm2k.sys
+ 2005-06-18 05:53:08 77,824 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\emupia2k.sys
+ 2005-06-18 05:53:16 751,104 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\ha10kx2k.sys
+ 2005-06-18 05:53:16 153,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\haP16v2k.sys
+ 2005-06-18 05:53:16 178,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\haP17v2k.sys
+ 2005-06-18 06:06:28 9,216 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\Win2K_XP\i386\pfmodnt.sys
- 2004-08-04 12:00:00 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:54:06 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-04 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-04 12:00:00 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-08-04 12:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2005-06-18 05:53:10 21,504 ----a-w C:\WINDOWS\system32\sfman32.dll
+ 2007-04-09 19:21:48 22,528 ----a-w C:\WINDOWS\system32\sfman32.dll
- 2005-06-18 05:53:10 120,832 ----a-w C:\WINDOWS\system32\SFMS32.DLL
+ 2007-04-09 19:21:46 130,048 ----a-w C:\WINDOWS\system32\sfms32.dll
- 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-04 12:00:00 8,384,000 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-04 12:00:00 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2004-08-04 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
- 2006-10-16 23:10:58 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-26 00:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
- 2006-10-14 23:44:44 671,744 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2007-03-23 03:25:42 677,376 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
- 2006-10-15 00:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2007-03-23 03:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
- 2006-10-15 03:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-23 03:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
- 2006-10-15 00:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2007-03-23 03:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
- 2006-10-15 03:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2007-03-23 03:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
- 2006-10-14 23:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2007-03-23 03:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
- 2006-10-15 03:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2007-03-23 13:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
- 2006-10-14 23:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2007-03-23 03:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
- 2006-10-15 03:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2007-03-23 13:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
- 2004-08-04 12:00:00 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2006-09-12 00:15:43 11,264 ----a-w C:\WINDOWS\system32\SPORDER.DLL
+ 2008-01-19 19:56:14 11,264 ----a-w C:\WINDOWS\system32\SPORDER.DLL
- 2006-09-25 23:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-26 00:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-08-04 12:00:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-12-07 19:32:34 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2004-08-04 12:00:00 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2006-08-21 16:52:08 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
- 2004-08-04 12:00:00 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2004-08-04 12:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
- 2004-08-04 12:00:00 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:14:46 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2004-08-04 12:00:00 246,272 ----a-w C:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-04 12:00:00 75,264 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-10 23:45:48 75,776 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2004-08-04 12:00:00 4,048 ----a-w C:\WINDOWS\system32\timer.drv
- 2004-08-04 12:00:00 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2005-07-26 04:39:49 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
- 2004-08-04 12:00:00 118,272 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-04 12:00:00 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2005-02-28 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-10-11 05:57:40 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 12:00:00 577,024 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
- 2005-02-28 12:00:00 123,904 ----a-w C:\WINDOWS\system32\usmt\guitrn.dll
+ 2005-04-28 19:16:29 133,120 ----a-w C:\WINDOWS\system32\usmt\guitrn.dll
- 2005-02-28 12:00:00 4,096 ----a-w C:\WINDOWS\system32\usmt\iconlib.dll
+ 2005-04-27 23:15:45 2,560 ----a-w C:\WINDOWS\system32\usmt\iconlib.dll
- 2005-02-28 12:00:00 19,968 ----a-w C:\WINDOWS\system32\usmt\log.dll
+ 2005-04-28 19:16:29 19,968 ----a-w C:\WINDOWS\system32\usmt\log.dll
- 2005-02-28 12:00:00 201,216 ----a-w C:\WINDOWS\system32\usmt\migism.dll
+ 2005-04-28 19:16:29 274,432 ----a-w C:\WINDOWS\system32\usmt\migism.dll
- 2005-02-28 12:00:00 103,424 ----a-w C:\WINDOWS\system32\usmt\migload.exe
+ 2005-04-28 00:12:58 103,424 ----a-w C:\WINDOWS\system32\usmt\migload.exe
- 2005-02-28 12:00:00 240,128 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2005-04-28 00:12:57 245,248 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2005-02-28 12:00:00 202,752 ----a-w C:\WINDOWS\system32\usmt\script.dll
+ 2005-04-28 19:16:29 215,552 ----a-w C:\WINDOWS\system32\usmt\script.dll
- 2005-02-28 12:00:00 168,960 ----a-w C:\WINDOWS\system32\usmt\sysmod.dll
+ 2005-04-28 19:16:29 193,024 ----a-w C:\WINDOWS\system32\usmt\sysmod.dll
- 2004-09-23 01:46:10 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 04:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2005-02-28 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-14 01:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2004-08-04 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
- 2004-09-23 01:46:10 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 04:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-09-23 01:46:10 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 04:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2004-08-04 12:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2004-08-04 07:56:58 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
- 2005-02-28 12:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2004-08-04 12:00:00 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2004-08-04 12:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
- 2004-08-04 12:00:00 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2004-08-04 12:00:00 1,835,904 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
- 2007-10-11 05:57:41 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2004-08-04 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2004-08-04 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
- 2004-08-04 12:00:00 290,816 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-04 12:00:00 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2004-09-23 01:46:10 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 04:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-09-23 01:46:10 712,704 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 04:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2004-09-23 01:46:12 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-28 00:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-09-23 01:46:12 30,208 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 04:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-09-23 01:46:12 34,304 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 04:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-09-23 01:46:12 344,064 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 04:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-09-23 01:46:14 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 04:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
- 2004-09-23 01:46:14 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-09-23 01:46:14 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 04:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-09-23 01:46:16 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 04:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2004-09-23 01:46:16 5,550,080 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-23 01:46:20 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-09-23 01:46:20 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
- 2004-09-23 01:46:20 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 04:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2004-09-23 01:46:22 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
- 2004-09-23 01:46:24 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-09-23 01:46:24 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 04:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-09-23 01:46:26 773,368 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-09-23 01:46:26 1,116,160 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-09-23 01:46:30 531,192 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 04:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-09-23 01:46:30 936,960 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 04:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-09-23 01:46:32 1,181,944 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-09-23 01:46:32 1,509,376 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2004-09-23 01:46:32 2,362,104 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 04:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2004-09-23 01:46:34 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-09-23 01:46:34 999,424 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2004-08-04 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
- 2004-09-23 01:46:38 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 04:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-09-23 01:46:36 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 04:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-09-23 01:46:36 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 04:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-09-23 01:46:36 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
+ 2005-01-28 20:44:28 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
- 2004-09-23 01:46:36 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 04:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
- 2006-10-19 03:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 04:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dll
- 2004-09-23 01:46:36 327,680 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 04:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
- 2004-09-23 01:46:38 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
+ 2005-01-28 20:44:28 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
- 2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2004-08-04 12:00:00 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:42:42 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
- 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
- 2006-10-15 03:21:58 580,352 ----a-w C:\WINDOWS\system32\XPSSHHDR.dll
+ 2007-03-23 13:07:54 583,504 ----a-w C:\WINDOWS\system32\XPSSHHDR.dll
- 2006-10-15 03:22:00 1,698,048 ----a-w C:\WINDOWS\system32\XpsSvcs.dll
+ 2007-03-23 13:07:56 1,683,280 ----a-w C:\WINDOWS\system32\XpsSvcs.dll
+ 2000-08-31 14:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2006-08-25 15:45:55 1,054,208 ----a-w C:\WINDOWS\WinSxS\InstallTemp\3874522\comctl32.dll
+ 2000-08-31 14:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{075CCE3E-AE0A-4CC5-94B0-191D94F017B5}]
C:\WINDOWS\system32\ssqOEWOG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{147CA883-517F-4FE5-8F7F-DC4814D93FD8}]
C:\WINDOWS\system32\iifedEXr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DF447E2-E7EB-46A4-BE8B-C477DC68027D}]
C:\WINDOWS\system32\urqOExvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613817C2-1034-4981-AD28-BC5E17E72A51}]
C:\WINDOWS\system32\rqRHbyxU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A3A9F90-814A-4477-A2C8-459355AC441D}]
C:\WINDOWS\system32\ddcArPGa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}]
C:\WINDOWS\nslbvxpgbft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD5BB136-9061-43E8-805C-05E725D3CDF7}]
C:\WINDOWS\system32\pmnmlKCU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCFC46BB-9BB9-482D-A68F-A7FBA6C41A9B}]
C:\WINDOWS\system32\cbXOIXND.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D32F4F98-6A5B-4333-9BA3-BDFFF97246FD}]
C:\WINDOWS\system32\wvUmKeFu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBB1082C-6EE2-4FA5-ABF9-95B775643DAE}]
C:\WINDOWS\system32\khfdArSl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}"= "C:\WINDOWS\sgoblxtm.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{1f8a048d-9a0b-4565-a3d0-2a2e6b44592a}]
[HKEY_CLASSES_ROOT\sgoblxtm.1]
[HKEY_CLASSES_ROOT\TypeLib\{7ABB2F2F-8108-4813-BDEC-4C82B0D16992}]
[HKEY_CLASSES_ROOT\sgoblxtm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-18 08:23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vrmon"="C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe" [2006-01-18 18:07 249916]
"VrSchedule"="C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe" [2004-03-11 12:00 266304]
"dwStart"="C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe" [2004-08-04 20:13 405504]
"nwiz"="nwiz.exe" [2005-02-28 06:00 921600 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2007-04-09 13:32 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10 57344]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152]
"VrProxyc"="C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe" [2005-01-06 12:00 150528]
"VrProxyd"="C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe" [2003-06-25 12:00 233531]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"1c402e0e"="C:\WINDOWS\system32\cjggevby.dll" [ ]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-07-29 18:12:33 45056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-07-07 18:10:52 598016]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2006-10-01 11:19:56 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=\\?\C:\WINDOWS\system32\com7.vah

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
"wakxlyqq"=C:\WINDOWS\system32\jsruhgzg.exe
"izjfyrxk"=C:\WINDOWS\system32\erwjgjcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"SideWinderTrayV4"=C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"1c402e0e"=rundll32.exe "C:\WINDOWS\system32\iiimylmw.dll",b

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
R3 FarStoneFireWallDrive;FarStoneFireWallDrive;C:\WINDOWS\system32\Drivers\FarDrive.sys [2004-05-19 23:53]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 17:01]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 15:02]
S0 si3114;si3114;C:\WINDOWS\system32\drivers\si3114.sys [2005-02-28 06:00]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 23:28]
S3 IPN2120;Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys [2003-08-26 02:28]
S3 tgiul50;tgiul50;C:\WINDOWS\system32\DRIVERS\tgiulnt5.sys [2001-08-17 13:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55054bc6-1ea7-11db-aa79-00112fbb20de}]
\Shell\AutoRun\command - I:\setupSNK.exe

*Newly Created Service* - VRFIL
.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 00:39:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 09:30:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\FarLsp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2008-04-19 9:35:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-19 15:35:00

Pre-Run: 140,722,249,728 bytes free
Post-Run: 140,634,009,600 bytes free

1826 --- E O F --- 2008-04-09 02:40:17

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:15 PM

Posted 20 April 2008 - 08:52 AM

Hello Flabby,

Somehow you apparently managed to overlook this part of the ComboFix tutorial :

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.

For safety reasons, I"d advise you to do this before proceeding with the next step :thumbsup:

Then, let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
C:\WINDOWS\system32\ybveggjc.ini
C:\WINDOWS\system32\mqlojekn.ini
C:\WINDOWS\system32\qoMdDvUL.dll.vir
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{075CCE3E-AE0A-4CC5-94B0-191D94F017B5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{147CA883-517F-4FE5-8F7F-DC4814D93FD8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DF447E2-E7EB-46A4-BE8B-C477DC68027D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613817C2-1034-4981-AD28-BC5E17E72A51}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A3A9F90-814A-4477-A2C8-459355AC441D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD5BB136-9061-43E8-805C-05E725D3CDF7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCFC46BB-9BB9-482D-A68F-A7FBA6C41A9B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D32F4F98-6A5B-4333-9BA3-BDFFF97246FD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBB1082C-6EE2-4FA5-ABF9-95B775643DAE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}"=-
[-HKEY_CLASSES_ROOT\clsid\{1f8a048d-9a0b-4565-a3d0-2a2e6b44592a}]
[-HKEY_CLASSES_ROOT\sgoblxtm.1]
[-HKEY_CLASSES_ROOT\TypeLib\{7ABB2F2F-8108-4813-BDEC-4C82B0D16992}]
[-HKEY_CLASSES_ROOT\sgoblxtm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1c402e0e"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"wakxlyqq"=-
"izjfyrxk"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"1c402e0e"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Are you still having problems ?

Greetings,
Thunder

Edited by Thunder, 20 April 2008 - 08:52 AM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Flabby

Flabby
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 20 April 2008 - 10:41 AM

Thunder, I was unable to install the Recovery Console, it contacts the Microsoft site but never downloads the console. Could it be because I am running XP Home edition? ANyway, I inserted the .txt file you provided into ComboFix. The log is below as well as a fresh Hijack This log.
Regards,
Flabby
----------------------------------------------
ComboFix 08-04-18.3 - User 2008-04-20 9:03:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.669 [GMT -6:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\mqlojekn.ini
C:\WINDOWS\system32\qoMdDvUL.dll.vir
C:\WINDOWS\system32\ybveggjc.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\system32\mqlojekn.ini
C:\WINDOWS\system32\qoMdDvUL.dll.vir
C:\WINDOWS\system32\ybveggjc.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2008-04-19 08:38 . 2008-04-19 08:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-19 08:38 . 2008-04-19 08:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-04-19 08:38 . 2008-04-19 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-17 17:29 . 2008-04-17 17:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 17:27 . 2008-04-17 17:27 <DIR> d-------- C:\Deckard
2008-04-12 16:43 . 2008-04-12 16:43 3,186 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 16:38 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-12 16:38 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-12 16:38 . 2008-04-12 17:34 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-12 16:38 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-12 16:38 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-12 16:38 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-12 16:38 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-12 14:01 . 2008-04-19 08:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pgdgjole
2008-04-07 10:11 . 2008-04-07 10:11 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-03 19:45 . 2008-04-03 19:45 <DIR> d-------- C:\Program Files\Safari
2008-04-03 19:44 . 2008-04-03 19:44 <DIR> d-------- C:\Program Files\iTunes
2008-04-03 19:44 . 2008-04-03 19:44 <DIR> d-------- C:\Program Files\iPod
2008-04-03 19:44 . 2008-04-20 09:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 19:44 . 2008-04-03 19:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 19:33 . 2008-03-30 19:33 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-30 19:33 . 2008-03-30 19:33 <DIR> d-------- C:\Documents and Settings\User\Application Data\InstallShield
2008-03-30 16:03 . 2008-03-30 16:03 <DIR> d-------- C:\Program Files\Download Manager
2008-03-30 16:03 . 2008-03-30 16:47 <DIR> d-------- C:\Documents and Settings\User\Application Data\IGN_DLM
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 03:00 --------- d-----w C:\Program Files\Sim AQUARIUM 2
2008-04-19 16:10 4,560,480 ----a-w C:\WINDOWS\system32\drivers\vrcore.sys
2008-04-12 23:05 --------- d-----w C:\Program Files\HyperLobbyPro3
2008-04-07 16:11 --------- d-----w C:\Program Files\Google
2008-04-05 01:11 --------- d--h--w C:\Program Files\RAND
2008-04-04 02:05 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-04-04 01:43 --------- d-----w C:\Program Files\QuickTime
2008-03-31 01:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 01:33 --------- d-----w C:\Program Files\Ubi Soft
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-05 01:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-01-29 18:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-12-12 02:41 26,520 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2007-12-05 02:30 9,728 --sha-w C:\Program Files\Thumbs.db
2006-07-20 22:07 18,801 ----a-w C:\Program Files\IE70BlockerHelp.htm
2006-05-09 00:07 28,142 ----a-w C:\Program Files\IE70BlockerHelp-GPFilteringDialog.jpg
2006-05-08 23:13 3,730 ----a-w C:\Program Files\IE70Blocker.adm
2006-05-08 23:13 1,809 ----a-w C:\Program Files\IE70Blocker.cmd
2007-08-17 01:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-04-19_ 9.34.48.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:23:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 15:08:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-18 08:23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vrmon"="C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe" [2006-01-18 18:07 249916]
"VrSchedule"="C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe" [2004-03-11 12:00 266304]
"dwStart"="C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe" [2004-08-04 20:13 405504]
"nwiz"="nwiz.exe" [2005-02-28 06:00 921600 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2007-04-09 13:32 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10 57344]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152]
"VrProxyc"="C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe" [2005-01-06 12:00 150528]
"VrProxyd"="C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe" [2003-06-25 12:00 233531]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-07-29 18:12:33 45056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-07-07 18:10:52 598016]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2006-10-01 11:19:56 229376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"SideWinderTrayV4"=C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"UpdReg"=C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
R3 FarStoneFireWallDrive;FarStoneFireWallDrive;C:\WINDOWS\system32\Drivers\FarDrive.sys [2004-05-19 23:53]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 17:01]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 15:02]
S0 si3114;si3114;C:\WINDOWS\system32\drivers\si3114.sys [2005-02-28 06:00]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 23:28]
S3 IPN2120;Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys [2003-08-26 02:28]
S3 tgiul50;tgiul50;C:\WINDOWS\system32\DRIVERS\tgiulnt5.sys [2001-08-17 13:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55054bc6-1ea7-11db-aa79-00112fbb20de}]
\Shell\AutoRun\command - I:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 00:39:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 09:26:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\FarLsp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\PCSecurityShield\The Shield Firewall\GetNetTime.exe
.
**************************************************************************
.
Completion time: 2008-04-20 9:29:40 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2008-04-20 15:29:36
ComboFix2.txt 2008-04-19 15:35:07

Pre-Run: 140,233,019,392 bytes free
Post-Run: 140,329,508,864 bytes free

171 --- E O F --- 2008-04-09 02:40:17
--------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:37 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\PCSecurityShield\The Shield Firewall\GetNetTime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VrProxyc] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe
O4 - HKLM\..\Run: [VrProxyd] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{631D105D-647A-4567-8161-7C1CF0EAE9AF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{92FF6AFA-2902-483B-B872-17AE3D23F8C2}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3F4C798-7444-4937-9426-85582A9C77A5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC607281-709D-4EBB-837C-A2F5C7A82368}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6818A31-9200-46F5-A0FB-F128CC42ACAC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2179EA8-4045-4417-B078-64C60543AEC1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAB997C1-5BF9-4DA8-91D9-3288ED125C78}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe

--
End of file - 8522 bytes

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:15 PM

Posted 20 April 2008 - 04:10 PM

Hello Flabby,

No need to install RC any longer, since we're done with ComboFix now. :thumbsup:

No apparent malware present anymore.

Are you still having problems ?

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 Flabby

Flabby
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 21 April 2008 - 08:27 PM

Thunder,
I just want to say how much I appreciate how much you've helped me to get rid of this (and more) spyware on my computer. You were very responsive and knowledgeable about the problems, how to diagnose my particular issues and I frankly don't know what I would have done without you. You are an ACE and a WIZARD!
Best regards to you and your team of experts.
Gary Columb
(Flabby)

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:15 PM

Posted 22 April 2008 - 08:26 AM

Glad we could help, Gary :thumbsup:

You can remove all tools we used and folder that were created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users