Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Found/computer Slow


  • This topic is locked This topic is locked
8 replies to this topic

#1 cuzinwhitebread

cuzinwhitebread

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gainesville, Tx
  • Local time:06:54 AM

Posted 08 May 2008 - 04:45 PM

I had to switch firewalls because my normal one kept shutting down on me. i switched to zone alarm but when my AVG did a scan this morning, it found a virus and healed it. my computer has been running slow for a week now though.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:32 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Highjackthis\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [System32] C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe
O4 - HKLM\..\Run: [] C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_SA3.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6326 bytes

The coolest thing since sliced bread

Posted Image


BC AdBot (Login to Remove)

 


#2 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:10:54 AM

Posted 15 May 2008 - 06:09 AM

Hi,

You might want to save this page on your favorites, so you can find it again when you return.

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • MySearch
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer


Please re-open HiJackThis and choose Do a system scan only.
Check the boxes next to ONLY the entries listed below,"if still present":
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
Then close all windows except HijackThis and click on Posted Image button.


Please set your system to show all files.
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files and Folders, "if present":

C:\Program Files\MySearch <- this folder

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete



Reconfigure Windows XP to hide hidden files:
  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the "Hide protected operating system files (recommended)" option.
  • Check the "Hide file extensions for known file types" option.
  • Click Yes to confirm. Click OK.

Finally, reboot your computer and please post a new HijackThis log, and a description of any remaining problems.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 cuzinwhitebread

cuzinwhitebread
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gainesville, Tx
  • Local time:06:54 AM

Posted 15 May 2008 - 10:40 AM

the ddl files in the mysearch wouldnt delete so i had to use deleteonreboot.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:51 AM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Highjackthis\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [System32] C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe
O4 - HKLM\..\Run: [] C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_SA3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7044 bytes

The coolest thing since sliced bread

Posted Image


#4 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:10:54 AM

Posted 15 May 2008 - 11:31 AM

Hello,

Nothing wrong with your log now, just a software that you can remove them, but its your choice:

ZoneAlarm Spy Blocker BHO

Read more here: http://securitygarden.blogspot.com/2007/12...-zonealarm.html

Let me know how your computer its running now. :thumbsup:
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#5 cuzinwhitebread

cuzinwhitebread
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gainesville, Tx
  • Local time:06:54 AM

Posted 15 May 2008 - 01:35 PM

its better. but still lagging a lot

The coolest thing since sliced bread

Posted Image


#6 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:10:54 AM

Posted 15 May 2008 - 02:27 PM

Hi,

Please download the ComboFix from the links above and follow all instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • "If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!"
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer


Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#7 cuzinwhitebread

cuzinwhitebread
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gainesville, Tx
  • Local time:06:54 AM

Posted 15 May 2008 - 09:00 PM

ComboFix 08-05-15.2 - Owner 2008-05-15 19:45:12.4 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Favorites\Online Security Test.url
C:\kmd.exe
C:\Program Files\Spytech Software
C:\WINDOWS\imglib.dll
C:\WINDOWS\SNMPAPI.DLL
C:\WINDOWS\sysk32.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\ijl11pro.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\sinvfct.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-13 12:47 . 2008-05-13 12:47 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-08 21:34 . 2008-05-08 21:34 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-08 21:15 . 2008-05-15 20:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-08 21:15 . 2008-05-08 21:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-08 21:13 . 2008-05-08 21:13 <DIR> d-------- C:\Program Files\iPod
2008-05-08 21:12 . 2008-05-08 21:13 <DIR> d-------- C:\Program Files\iTunes
2008-05-08 21:11 . 2008-05-08 21:11 <DIR> d-------- C:\Program Files\Bonjour
2008-05-08 21:09 . 2008-05-08 21:11 <DIR> d-------- C:\Program Files\QuickTime
2008-05-08 21:06 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-08 21:05 . 2008-05-08 21:05 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-08 21:05 . 2008-05-08 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-08 20:50 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-08 20:50 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-03 21:02 . 2006-11-13 15:36 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-05-03 21:02 . 2007-06-20 14:57 23,680 --a------ C:\WINDOWS\system32\drivers\motport.sys
2008-05-03 21:02 . 2007-06-20 14:57 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-05-03 21:02 . 2007-06-20 14:57 17,920 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2008-05-03 21:02 . 2007-01-23 20:03 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2008-05-03 21:02 . 2006-12-06 18:33 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2008-05-03 20:55 . 2008-05-03 20:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-05-03 15:15 . 2008-05-15 20:08 21,252,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-03 15:15 . 2008-05-15 19:57 250,052 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-03 15:13 . 2008-05-03 15:13 <DIR> d-------- C:\Program Files\Three Rings Design
2008-05-03 15:10 . 2008-05-03 15:10 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-05-03 15:07 . 2008-05-03 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-03 15:06 . 2008-05-03 15:06 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-03 15:05 . 2008-05-15 20:05 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-03 10:29 . 2008-05-03 10:29 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-22 21:18 . 2008-04-22 21:18 2 ---h----- C:\Documents and Settings\All Users\Application Data\sys006.log
2008-04-22 16:49 . 2008-04-22 21:18 46,910 ---h----- C:\Documents and Settings\All Users\Application Data\sys013.log
2008-04-22 16:49 . 2008-04-22 21:18 35,423 ---h----- C:\Documents and Settings\All Users\Application Data\sys011.log
2008-04-22 16:49 . 2008-04-22 21:18 20,778 ---h----- C:\Documents and Settings\All Users\Application Data\sys008.log
2008-04-22 16:49 . 2008-04-22 21:18 10,145 ---h----- C:\Documents and Settings\All Users\Application Data\sys015.log
2008-04-22 16:49 . 2008-04-22 21:18 7,390 ---h----- C:\Documents and Settings\All Users\Application Data\sys005.log
2008-04-22 16:49 . 2008-04-22 21:18 3,679 ---h----- C:\Documents and Settings\All Users\Application Data\sys001.log
2008-04-22 16:49 . 2008-04-22 21:18 1,848 ---h----- C:\Documents and Settings\All Users\Application Data\sys002.log
2008-04-22 16:49 . 2008-04-22 21:18 1,018 ---h----- C:\Documents and Settings\All Users\Application Data\sys004.log
2008-04-22 16:49 . 2008-04-22 21:18 434 ---h----- C:\Documents and Settings\All Users\Application Data\sys012.log
2008-04-22 16:49 . 2008-04-22 21:18 90 ---h----- C:\Documents and Settings\All Users\Application Data\sys003.log
2008-04-22 16:49 . 2008-04-22 21:18 82 ---h----- C:\Documents and Settings\All Users\Application Data\sys007.log
2008-04-22 16:49 . 2008-04-22 21:18 55 ---h----- C:\Documents and Settings\All Users\Application Data\sys014.log
2008-04-22 16:47 . 2008-04-22 21:15 341 ---h----- C:\Documents and Settings\All Users\Application Data\emopts.dat
2008-04-22 16:45 . 2008-04-22 16:49 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\sacache
2008-04-22 16:44 . 2008-04-22 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AgentSS
2008-04-19 21:27 . 2008-04-19 21:27 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-19 21:27 . 2008-04-19 21:27 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-04-19 21:11 . 2008-04-19 21:09 26,737 --a------ C:\WINDOWS\system32\drivers\P2K_Drivers.rar
2008-04-19 20:31 . 2008-04-19 20:31 <DIR> d-------- C:\Program Files\NCH Software
2008-04-19 20:28 . 2008-04-19 20:28 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-04-19 20:28 . 2008-04-19 20:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-04-16 01:17 . 2008-04-16 01:17 <DIR> d-------- C:\Program Files\Motorola
2008-04-16 01:08 . 2008-04-16 01:08 25,600 --a------ C:\Documents and Settings\Owner\usbsermptxp.sys
2008-04-16 01:08 . 2008-04-16 01:08 22,768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 00:41 --------- d-----w C:\Program Files\Downloads
2008-05-15 15:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-05-15 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-13 18:01 --------- d-----w C:\Program Files\MySpace
2008-05-09 16:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-09 03:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-09 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-08 21:41 --------- d-----w C:\Program Files\LimeWire
2008-05-03 20:12 --------- d-----w C:\Program Files\Java
2008-05-03 20:04 --------- d-----w C:\Program Files\Defender Pro
2008-05-03 20:04 --------- d-----w C:\Program Files\Common Files\Defender Pro Firewall
2008-04-22 18:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-04-20 16:14 --------- d-----w C:\Program Files\THQ
2008-04-03 02:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-04-03 02:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-04-02 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeRIP
2008-03-29 03:54 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-29 03:54 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-03-29 03:53 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-03-27 20:44 --------- d-----w C:\Program Files\Maxis
2008-03-27 18:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 00:14 --------- d-----w C:\Program Files\PopCap Games
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-04-17 23:59 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-24_20.43.29.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:08:11 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:08:11 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:08:11 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:08:11 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:08:11 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:08:11 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:08:11 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:08:11 471,552 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-10-10 23:47:27 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
+ 2007-10-10 23:47:27 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
+ 2007-10-10 23:47:27 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
+ 2007-10-10 23:47:27 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
+ 2007-10-10 08:16:47 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
+ 2007-10-10 23:47:27 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
+ 2007-10-10 23:47:27 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
+ 2007-10-10 05:47:20 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
+ 2007-10-10 23:47:27 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
+ 2007-10-10 23:47:27 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
+ 2007-10-10 23:47:27 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
+ 2007-10-10 23:47:27 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
+ 2007-10-10 23:47:27 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
+ 2007-10-10 08:16:47 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
+ 2007-10-10 08:16:56 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
+ 2007-10-10 23:47:28 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
+ 2007-10-10 23:47:28 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
+ 2007-10-10 23:47:28 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
+ 2007-10-30 23:48:49 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
+ 2007-10-10 23:47:28 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
+ 2007-10-10 23:47:28 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
+ 2007-10-10 23:47:28 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
+ 2007-10-10 23:47:28 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
+ 2007-10-10 23:47:28 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
+ 2007-10-10 23:47:29 1,162,240 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
+ 2007-10-10 23:47:29 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
+ 2007-10-10 23:47:29 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 02:01:07 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
+ 2007-12-19 22:57:52 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
+ 2007-12-07 02:01:07 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
+ 2007-12-07 02:01:07 133,120 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
+ 2007-12-07 02:01:07 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
+ 2007-12-06 08:34:28 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
+ 2007-12-07 02:01:08 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
+ 2007-12-07 02:01:08 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
+ 2007-12-06 05:00:02 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
+ 2007-12-07 02:01:08 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
+ 2007-12-07 02:01:08 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
+ 2007-12-07 02:01:10 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
+ 2007-12-07 02:01:10 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
+ 2007-12-07 02:01:11 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
+ 2007-12-06 08:34:29 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
+ 2007-12-06 08:34:45 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
+ 2007-12-07 02:01:11 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
+ 2007-12-07 02:01:11 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
+ 2007-12-07 02:01:11 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
+ 2007-12-07 02:01:12 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
+ 2007-12-07 02:01:12 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
+ 2007-12-07 02:01:13 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
+ 2007-12-07 02:01:13 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
+ 2007-12-07 02:01:13 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
+ 2008-01-11 05:57:26 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
+ 2007-12-07 02:01:13 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
+ 2007-12-07 02:01:13 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
+ 2007-12-07 02:01:13 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
+ 2007-12-07 02:01:13 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-03-01 13:03:00 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
+ 2008-03-01 13:03:00 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
+ 2008-03-01 13:03:00 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
+ 2008-03-01 13:03:00 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
+ 2008-03-01 13:03:00 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
+ 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-03-01 13:03:00 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
+ 2008-03-01 13:03:00 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
+ 2008-03-01 13:03:00 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
+ 2008-03-01 13:03:00 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
+ 2008-03-01 13:03:01 6,067,712 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
+ 2008-03-01 13:03:01 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
+ 2008-03-01 13:03:01 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
+ 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:40:22 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-03-01 13:03:01 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
+ 2008-03-01 13:03:01 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
+ 2008-03-01 13:03:01 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
+ 2008-03-01 13:03:01 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
+ 2008-03-01 13:03:01 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
+ 2008-03-01 13:03:01 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
+ 2008-03-01 13:03:01 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
+ 2008-03-01 13:03:01 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
+ 2008-03-01 13:03:01 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
+ 2008-03-01 13:03:02 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
+ 2008-03-01 13:03:02 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
+ 2008-03-01 13:03:02 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
+ 2008-03-01 13:03:02 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2004-08-10 19:00:00 72,960 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqac.sys
+ 2004-08-10 19:00:00 138,240 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqad.dll
+ 2004-08-10 19:00:00 47,104 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqdscli.dll
+ 2004-08-10 19:00:00 16,896 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqise.dll
+ 2004-08-10 19:00:00 660,992 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqqm.dll
+ 2004-08-10 19:00:00 177,152 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqrt.dll
+ 2004-08-10 19:00:00 95,744 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqsec.dll
+ 2004-08-10 19:00:00 48,640 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqupgrd.dll
+ 2004-08-10 19:00:00 471,552 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqutil.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB937894$\spuninst\updspapi.dll
+ 2005-08-30 04:13:42 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-27 22:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-27 22:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2006-10-19 03:47:18 222,208 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll
+ 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2004-08-10 19:00:00 27,440 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-10 19:00:00 45,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll
+ 2004-08-10 19:00:00 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll
+ 2006-11-02 12:22:52 51,680 -c----w C:\WINDOWS\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll
+ 2006-10-09 02:51:14 221,488 -c----w C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2006-10-09 02:51:14 379,184 -c----w C:\WINDOWS\$NtUninstallWdf01005$\spuninst\updspapi.dll
+ 2008-03-24 00:57:41 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-03-24 00:57:41 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-03-24 00:57:42 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-03-24 00:57:28 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-24 00:57:29 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-24 00:57:29 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-24 00:57:30 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-24 00:57:30 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-24 00:57:31 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-24 00:57:31 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-24 00:57:31 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-24 00:57:32 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-24 00:57:42 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-24 00:57:42 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-03-24 00:57:43 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-03-24 00:57:43 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-03-24 00:57:43 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-03-24 00:57:41 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2004-11-17 01:20:03 20,480 ----a-w C:\WINDOWS\Base64.dll
+ 2008-05-16 01:00:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 13:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 13:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2004-08-10 19:00:00 2,589 ------w C:\WINDOWS\I386\RUNW32.BAT
+ 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 10:04:41 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2007-10-10 23:55:51 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2006-10-17 17:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-10-10 23:55:51 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-10-10 23:55:51 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-10-10 23:55:51 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-10-10 10:59:40 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-10-10 23:55:51 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-10-10 23:55:51 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-10-10 23:55:52 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-10-10 23:55:52 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-10-10 23:55:54 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-10-10 23:55:55 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-10-10 23:55:55 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-10-10 10:59:52 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-10-10 23:55:56 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-10-10 23:55:56 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-10-10 23:55:56 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-10-30 23:42:28 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-10-10 23:55:58 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-10-10 23:55:58 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-10-10 23:55:59 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-10-10 23:55:59 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2006-10-17 17:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-10-10 23:55:59 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-10-10 23:56:00 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-10-10 23:56:00 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-10-10 23:56:00 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2008-05-13 17:48:18 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-04-16 06:17:23 22,486 ----a-r C:\WINDOWS\Installer\{3D13B5F1-8FE4-4829-AA6E-6461D4B0B7E8}\_6C98467D6EA348BEB5229F.exe
+ 2008-04-16 06:17:23 22,486 ----a-r C:\WINDOWS\Installer\{3D13B5F1-8FE4-4829-AA6E-6461D4B0B7E8}\_6FEFF9B68218417F98F549.exe
+ 2008-04-16 06:17:23 22,486 ----a-r C:\WINDOWS\Installer\{3D13B5F1-8FE4-4829-AA6E-6461D4B0B7E8}\_DEACE5CB801FBC94C1788F.exe
+ 2008-05-09 02:12:02 86,016 ----a-r C:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe
+ 2008-05-09 02:15:22 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2008-03-28 18:47:00 65,536 ----a-r C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\ARPPRODUCTICON.exe
+ 2008-03-28 18:47:01 65,536 ----a-r C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\NewShortcut1_E3A4979EE8C048379F3D271B50BA9E7C.exe
+ 2008-03-28 18:47:01 65,536 ----a-r C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\NewShortcut2_E3A4979EE8C048379F3D271B50BA9E7C.exe
+ 2008-03-28 18:47:00 65,536 ----a-r C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\NewShortcut4_E3A4979EE8C048379F3D271B50BA9E7C.exe
+ 2008-02-09 15:52:27 14,336 ----a-r C:\WINDOWS\Installer\{9F185C48-595B-401A-A1D6-AAB324890DC4}\IconCBE855212.exe
+ 2007-01-13 04:13:23 2,678 ----a-w C:\WINDOWS\java\Packages\Data\06ARJ1BJ.DAT
+ 2007-01-13 04:13:32 2,678 ----a-w C:\WINDOWS\java\Packages\Data\4GLJ797B.DAT
+ 2007-01-13 04:13:23 2,678 ----a-w C:\WINDOWS\java\Packages\Data\6ZDFLJBV.DAT
+ 2007-01-13 04:13:25 2,678 ----a-w C:\WINDOWS\java\Packages\Data\ATZZ9JPJ.DAT
+ 2007-01-10 04:52:12 2,232 ----a-w C:\WINDOWS\java\Packages\Data\PFBVPZZ1.DAT
+ 2007-01-13 04:13:23 2,678 ----a-w C:\WINDOWS\java\Packages\Data\RHBBRLZ5.DAT
+ 2005-03-18 21:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 21:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 21:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 17:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 21:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 21:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 21:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 21:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 21:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 20:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-06 00:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 22:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 20:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 22:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 19:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 22:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 12:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 16:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2007-09-10 16:17:06 2,194 ----a-w C:\WINDOWS\mozver.dat
- 2007-06-17 06:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 1995-08-01 10:44:46 212,480 ----a-w C:\WINDOWS\PCDLIB32.DLL
+ 2005-01-10 01:33:43 2,970 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2000-08-31 13:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 13:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 13:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2004-08-10 19:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-10 19:00:00 73,376 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2004-08-10 19:00:00 25,264 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2004-08-10 19:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2004-08-10 19:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-10 19:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2004-08-10 19:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2004-08-10 19:00:00 4,048 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2004-08-10 19:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2004-08-10 19:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-10 19:00:00 146,432 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
- 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2004-08-10 19:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
+ 2007-03-12 21:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
+ 2007-05-16 21:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-07-19 23:14:42 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll
+ 2007-10-12 20:14:00 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
+ 2007-03-15 21:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
+ 2007-05-16 21:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
+ 2007-07-19 23:14:42 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll
+ 2007-10-02 14:56:34 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
+ 2008-02-06 04:07:36 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
+ 2005-02-06 00:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-18 22:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
+ 2005-05-26 20:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
+ 2005-07-23 00:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2005-12-05 23:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
+ 2006-02-03 13:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-03-31 17:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
+ 2006-09-28 21:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 18:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
+ 2007-03-12 21:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
+ 2007-05-16 21:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
+ 2007-07-19 23:14:42 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
+ 2007-10-12 20:14:00 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
+ 2004-08-10 19:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
- 2007-08-20 10:04:34 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2001-08-17 19:12:12 2,944 -c--a-w C:\WINDOWS\system32\dllcache\brfilt.sys
- 2004-08-10 19:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-10 19:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2004-08-04 07:07:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
- 2006-10-17 17:58:06 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-20 10:04:34 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-20 10:04:34 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2001-08-17 20:02:50 2,688 -c--a-w C:\WINDOWS\system32\dllcache\hidswvd.sys
- 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-08-17 10:20:54 63,488 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04:34 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-20 10:04:35 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-17 07:34:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-08-20 10:04:35 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-20 10:04:38 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-08-17 10:21:21 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-20 10:04:39 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2004-08-10 19:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
- 2006-08-17 12:28:27 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2004-08-10 19:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2004-08-10 19:00:00 73,376 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2004-08-10 19:00:00 25,264 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2004-08-10 19:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2004-08-10 19:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
- 2004-08-10 19:00:00 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-10 19:00:00 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-10 19:00:00 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-10 19:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-10 19:00:00 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-10 19:00:00 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
- 2004-08-10 19:00:00 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-10 19:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
- 2004-08-10 19:00:00 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
- 2004-08-10 19:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2004-08-10 19:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-10 19:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-20 10:04:41 3,584,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-20 10:04:41 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-10 19:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-10 19:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-10 19:00:00 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-10 19:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-10 19:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-10 19:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2001-08-17 20:00:04 2,944 -c--a-w C:\WINDOWS\system32\dllcache\msmpu401.sys
- 2004-08-10 19:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2007-08-20 10:04:41 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-10 19:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-10 19:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-10 19:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-10 19:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-08-20 10:04:42 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-10 19:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-10 19:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-10 19:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2004-08-10 19:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
- 2007-08-20 10:04:42 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-05-17 11:28:05 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2006-10-17 17:58:08 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2005-08-30 04:13:42 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:35:13 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2004-08-10 19:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2004-08-10 19:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
- 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2004-08-10 19:00:00 4,048 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
- 2007-08-20 10:04:42 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-20 10:04:42 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-04 05:08:44 25,600 -c--a-w C:\WINDOWS\system32\dllcache\usbser.sys
+ 2004-08-04 04:08:44 25,600 -c--a-w C:\WINDOWS\system32\dllcache\usbser.sys
+ 2004-08-10 19:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2004-08-04 08:56:58 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.drv
- 2007-08-20 10:04:42 232,960 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2004-08-10 19:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
- 2007-03-08 13:47:48 1,843,584 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-08-20 10:04:43 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2004-08-10 19:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2004-08-10 19:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
+ 2004-08-10 19:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
- 2006-10-19 03:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 23:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2004-08-10 19:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2007-07-24 20:17:08 81,920 ----a-w C:\WINDOWS\system32\dns-sd.exe
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2007-07-24 20:17:08 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
+ 2005-02-23 20:58:56 11,776 ----a-w C:\WINDOWS\system32\drivers\afc.sys
- 2007-01-14 18:16:25 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2007-12-21 06:31:02 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
- 2007-06-26 05:31:08 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-12-21 06:30:55 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2004-08-04 07:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2006-09-19 20:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 17:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2005-10-03 14:59:40 129,808 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-07-19 21:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2004-08-10 19:00:00 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-10 19:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2004-08-10 19:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2004-04-01 21:30:46 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
- 2004-08-10 19:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-04 05:08:44 25,600 ----a-w C:\WINDOWS\system32\drivers\usbser.sys
+ 2004-08-04 04:08:44 25,600 ----a-w C:\WINDOWS\system32\drivers\usbser.sys
+ 2006-11-02 12:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-02 12:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2007-06-20 19:57:24 17,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\motccgp_85D0BED61659FA5BE0272A8416F16124B86FC6B2\motccgp.sys
+ 2007-01-24 01:03:44 7,680 -c--a-w C:\WINDOWS\system32\DRVSTORE\motccgp_85D0BED61659FA5BE0272A8416F16124B86FC6B2\motccgpfl.sys
+ 2006-12-06 23:33:54 6,400 -c--a-w C:\WINDOWS\system32\DRVSTORE\motccgp_85D0BED61659FA5BE0272A8416F16124B86FC6B2\motswch.sys
+ 2006-11-13 20:36:28 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\motccgp_85D0BED61659FA5BE0272A8416F16124B86FC6B2\wdfcoinstaller01005.dll
+ 2007-06-20 19:57:46 23,680 -c--a-w C:\WINDOWS\system32\DRVSTORE\motmodem_4EA0886A0B5307F72C0B13955E5524BDE1EA31E3\motmodem.sys
+ 2006-11-13 20:36:28 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\motmodem_4EA0886A0B5307F72C0B13955E5524BDE1EA31E3\wdfcoinstaller01005.dll
+ 2006-07-28 13:10:08 6,144 -c--a-w C:\WINDOWS\system32\DRVSTORE\motodrv_EAF4B930DC93ECCBC0411CD79E9C6368BE7C7AEA\mot_ci.dll
+ 2007-05-07 20:11:22 42,112 -c--a-w C:\WINDOWS\system32\DRVSTORE\motodrv_EAF4B930DC93ECCBC0411CD79E9C6368BE7C7AEA\motodrv.sys
+ 2007-01-24 03:36:20 6,016 -c--a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_ABB6512ACA55A7A4E2FA3DE425ED10A6DA3518DB\motfilt.sys
+ 2007-01-24 03:36:28 22,016 -c--a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_ABB6512ACA55A7A4E2FA3DE425ED10A6DA3518DB\Motousbnet.sys
+ 2006-12-06 23:33:54 6,400 -c--a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_ABB6512ACA55A7A4E2FA3DE425ED10A6DA3518DB\motswch.sys
+ 2006-11-13 20:36:28 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_ABB6512ACA55A7A4E2FA3DE425ED10A6DA3518DB\wdfcoinstaller01005.dll
+ 2007-06-20 19:57:50 23,680 -c--a-w C:\WINDOWS\system32\DRVSTORE\motport_09937D7D4BB1D9B47DC8F3F64AF6F8DC977B9A24\motport.sys
+ 2006-11-13 20:36:28 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\motport_09937D7D4BB1D9B47DC8F3F64AF6F8DC977B9A24\wdfcoinstaller01005.dll
- 2007-10-31 20:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
+ 2008-02-18 16:16:24 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2006-10-17 17:58:06 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2006-04-19 08:00:00 62,976 ----a-w C:\WINDOWS\system32\E_FD4BCEA.DLL
+ 2006-12-08 08:04:00 76,800 ----a-w C:\WINDOWS\system32\E_FLBCEA.DLL
+ 2006-10-31 06:10:00 51,360 ----a-w C:\WINDOWS\system32\EpPicMgr.dll
+ 2004-03-03 12:10:00 29,114 ----a-w C:\WINDOWS\system32\EPPICPattern1.dat
+ 2004-03-03 12:10:00 27,417 ----a-w C:\WINDOWS\system32\EPPICPattern121.dat
+ 2004-03-03 12:10:00 31,053 ----a-w C:\WINDOWS\system32\EPPICPattern131.dat
+ 2004-03-03 12:10:00 13,280 ----a-w C:\WINDOWS\system32\EPPICPattern2.dat
+ 2004-03-03 12:10:00 21,021 ----a-w C:\WINDOWS\system32\EPPICPattern3.dat
+ 2004-03-03 12:10:00 10,673 ----a-w C:\WINDOWS\system32\EPPICPattern4.dat
+ 2004-03-03 12:10:00 15,670 ----a-w C:\WINDOWS\system32\EPPICPattern5.dat
+ 2004-03-03 12:10:00 4,943 ----a-w C:\WINDOWS\system32\EPPICPattern6.dat
+ 2004-03-03 12:10:00 73,220 ----a-w C:\WINDOWS\system32\EPPICPrinterDB.dat
+ 2006-10-31 06:10:00 51,360 ----a-w C:\WINDOWS\system32\EpPicPrt.dll
+ 2007-04-18 06:00:00 67,072 ----a-w C:\WINDOWS\system32\escwiad.dll
- 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-07-08 14:43:02 162,728 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-28 23:14:02 162,728 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-10-04 01:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-01-29 17:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2005-03-04 10:06:58 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 06:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-03-04 10:07:06 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 06:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-03-04 11:36:48 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 07:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2004-08-10 19:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2004-08-10 19:00:00 221,600 ----a-w C:\WINDOWS\system32\lanman.drv
+ 2008-04-03 02:07:36 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-08-10 19:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
- 2006-09-04 05:10:30 54,960 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
+ 2008-01-07 17:26:46 181,672 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
- 2006-11-09 21:20:00 2,111,096 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2006-11-09 21:20:00 190,072 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-02-09 06:20:54 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-02-05 13:14:44 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-01-04 00:19:34 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
- 2006-09-03 19:11:18 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
+ 2008-01-04 00:01:46 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
- 2006-09-03 19:13:02 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-01-04 00:20:14 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
- 2007-02-05 13:49:34 1,089,536 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
+ 2008-01-04 00:39:06 1,113,600 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
- 2006-09-19 03:33:22 45,056 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
+ 2008-01-03 23:46:46 52,288 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
- 2007-02-05 13:14:28 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
+ 2008-01-03 23:59:14 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
- 2006-11-10 21:49:32 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-01-04 00:18:56 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
- 2006-11-10 21:49:40 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-01-04 00:19:06 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
- 2006-11-10 21:49:56 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-01-04 00:11:48 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-01-07 17:26:28 390,568 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1030024.exe
- 2006-11-10 21:49:28 73,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-01-04 00:22:06 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
- 2006-11-10 21:49:22 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2008-01-04 00:18:50 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
- 2006-11-10 21:49:24 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-01-04 00:22:08 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-01-03 23:46:44 50,808 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
+ 2004-08-10 19:00:00 73,376 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2004-08-10 19:00:00 25,264 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2004-08-10 19:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
+ 2006-07-28 13:10:08 6,144 ----a-w C:\WINDOWS\system32\mot_ci.dll
+ 2004-08-10 19:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
- 2004-08-10 19:00:00 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-10 19:00:00 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-10 19:00:00 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-10 19:00:00 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-10 19:00:00 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-10 19:00:00 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-10 19:00:00 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-10 19:00:00 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2004-08-10 19:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
- 2004-08-10 19:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-10 19:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2004-08-10 19:00:00 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-04 00:56:58 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-10 19:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-10 19:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-10 19:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-10 19:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-10 19:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-10 19:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-10 19:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-10 19:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-10 19:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-10 19:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-10 19:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-10 19:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-10 19:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2004-08-10 19:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
- 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
- 2007-11-06 08:32:07 52,968 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-10 01:49:40 52,968 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-06 08:32:07 380,680 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-10 01:49:40 380,680 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-20 22:11:04 126,976 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow.scr
+ 2004-04-09 23:19:18 294,912 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\ArtistTitle.dll
+ 2003-06-26 19:54:10 24,576 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\ArtistTitleRes.dll
+ 2006-02-10 17:27:10 167,936 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\dtype32.dll
+ 2006-02-10 17:27:10 155,648 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\dtype32x.dll
+ 2005-12-19 22:09:00 819,200 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\EzDll.dll
+ 2004-12-14 18:00:00 430,080 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\fpxlib.dll
+ 2006-01-24 16:20:00 1,645,320 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\gdiplus.dll
+ 2006-09-18 16:51:00 73,835 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\ImgCtrl.dll
+ 2006-05-30 16:46:44 245,760 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\kgl.dll
+ 2006-11-02 20:35:30 35,584 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagCore.dll
+ 2006-09-30 16:40:24 340,044 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\magengin.dll
+ 2006-09-18 16:43:00 28,672 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\magFileIO.dll
+ 2006-09-18 17:27:00 430,080 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\magFpxio.dll
+ 2005-06-20 20:38:32 98,304 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\maghelpr.dll
+ 2006-11-02 20:34:40 56,064 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagicFrame.dll
+ 2006-11-02 20:28:42 60,160 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagPCMac.dll
+ 2006-09-29 20:55:16 118,784 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\magPltfm.dll
+ 2006-09-18 16:51:00 233,472 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\magTools.dll
+ 2006-11-02 20:29:22 158,464 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagUIEngine.dll
+ 2006-11-02 20:34:54 150,272 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagUIImage.dll
+ 2006-11-02 20:30:26 88,832 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagUIInter.dll
+ 2005-05-27 21:09:00 1,024,082 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MFC42LU.DLL
+ 2005-05-27 20:58:00 69,632 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MSLUIRT.dll
+ 2005-05-27 20:58:00 393,216 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MSLUP60.dll
+ 2005-05-27 20:58:00 249,856 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MSLURT.dll
+ 2003-11-12 19:52:10 499,712 ----a-r C:\WINDOWS\system32\PhotoImpression Slideshow\msvcp71.dll
+ 2003-02-21 11:42:22 348,160 ----a-r C:\WINDOWS\system32\PhotoImpression Slideshow\msvcr71.dll
+ 2002-08-30 01:41:08 323,072 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\msvcrt.dll
+ 2006-07-12 15:49:16 614,481 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\RawEngine.dll
+ 2006-09-30 16:34:40 622,592 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\ToolsCtrl.dll
+ 2005-12-07 17:37:00 45,056 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uaswmf.dll
+ 2006-09-11 14:38:28 1,146,880 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uDXPubTool.dll
+ 2006-02-23 21:44:00 888,832 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uEzDll.dll
+ 2004-12-14 23:43:00 245,408 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\unicows.dll
+ 2006-10-20 16:01:44 36,864 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uScreenPlayer.dll
+ 2006-04-20 22:42:08 622,592 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uSlideShow.dll
+ 2006-08-22 22:56:12 1,785,856 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uVDibTool.dll
+ 2006-01-24 19:55:38 372,736 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uVideoLib.dll
+ 2005-03-30 21:25:00 155,648 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uWMVDLL.dll
+ 2006-10-20 06:10:00 108,704 ----a-w C:\WINDOWS\system32\PICEntry.dll
+ 2006-10-20 06:10:00 80,024 ----a-w C:\WINDOWS\system32\PICSDK.dll
+ 2006-10-20 06:10:00 501,912 ----a-w C:\WINDOWS\system32\PICSDK2.dll
- 2006-10-17 17:58:08 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 04:13:42 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2004-08-10 19:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
- 2006-11-17 21:14:30 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-09 02:51:14 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-02-03 00:57:42 202,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA20.EXE
+ 2007-01-22 08:00:02 6,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA2E.DLL
+ 2007-02-26 12:00:00 397,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FABRCEA.DLL
+ 2007-02-15 12:00:00 3,289 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIFCEA.DAT
+ 2007-01-22 07:02:00 138,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIRCEA.DLL
+ 2007-03-09 11:01:00 173,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTCEA.EXE
+ 2007-03-12 12:00:00 673,792 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAPRCEA.DLL
+ 2007-03-12 11:01:00 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FARNCEA.EXE
+ 2006-11-13 11:00:00 129,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASKCEA.DLL
+ 2007-03-06 07:01:00 454,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASOCEA.DLL
+ 2007-03-26 12:00:00 65,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASRCEA.DLL
+ 2007-02-15 12:00:00 179,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICEA.EXE
+ 2006-11-13 07:00:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAUDCEA.DLL
+ 2007-02-21 12:01:00 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBA6CEA.DLL
+ 2006-11-30 11:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBAPCEA.DLL
+ 2006-11-16 07:01:00 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBCSCEA.EXE
+ 2007-01-30 12:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBL6CEA.DLL
+ 2006-11-13 10:00:00 458,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FCONCEA.DLL
+ 2007-04-10 11:00:00 71,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FDSPCEA.DLL
+ 2007-02-26 07:01:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FGEPCEA.DLL
+ 2006-09-21 09:04:00 18,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FGRCCEA.DLL
+ 2007-03-30 07:00:00 504,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHBRCEA.DLL
+ 2007-01-18 10:20:00 328,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHM0CEA.DLL
+ 2007-03-30 07:00:00 34,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHSRCEA.DLL
+ 2007-02-13 10:20:00 104,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHT0CEA.DLL
+ 2007-03-30 16:06:00 218,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTCEA.DLL
+ 2007-03-30 16:06:00 105,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTCEA.EXE
+ 2007-04-05 10:00:00 561,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FJBCCEA.DLL
+ 2007-01-22 11:00:00 119,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FMAICEA.DLL
+ 2007-03-23 10:20:00 48,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FMW0CEA.DLL
+ 2006-12-13 20:55:34 536,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FOKACEA.DLL
+ 2006-10-31 10:00:00 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRECEA.EXE
+ 2007-01-23 10:00:00 626,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRUCEA.DLL
+ 2007-03-30 10:20:00 1,480,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FSR0CEA.DLL
+ 2007-01-22 13:01:00 740,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUI1CEA.DLL
+ 2007-03-15 12:00:00 1,187,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUICCEA.DLL
+ 2007-01-22 12:01:00 7,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUIPCEA.DLL
+ 2007-03-12 13:01:00 199,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUIRCEA.DLL
+ 2007-01-11 10:02:00 113,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S40RP7.EXE
+ 2006-11-30 11:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBAPI4.DLL
+ 2007-01-30 12:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBPBIDI.DLL
+ 2007-03-06 09:09:00 296,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPSET32.DLL
+ 2004-04-21 06:00:00 5,729 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.DAT
+ 2007-02-26 12:18:00 723,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
+ 2007-02-03 00:57:42 202,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_DUPA20.EXE
+ 2007-01-22 08:00:02 6,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_DUPA2E.DLL
+ 2007-02-26 12:00:00 397,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FABRCEA.DLL
+ 2007-02-15 12:00:00 3,289 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FAIFCEA.DAT
+ 2007-01-22 07:02:00 138,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FAIRCEA.DLL
+ 2007-03-09 11:01:00 173,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FAMTCEA.EXE
+ 2007-03-12 12:00:00 673,792 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FAPRCEA.DLL
+ 2007-03-12 11:01:00 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FARNCEA.EXE
+ 2006-11-13 11:00:00 129,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FASKCEA.DLL
+ 2007-03-06 07:01:00 454,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FASOCEA.DLL
+ 2007-03-26 12:00:00 65,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FASRCEA.DLL
+ 2007-02-15 12:00:00 179,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FATICEA.EXE
+ 2006-11-13 07:00:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FAUDCEA.DLL
+ 2007-02-21 12:01:00 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FBA6CEA.DLL
+ 2006-11-30 11:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FBAPCEA.DLL
+ 2006-11-16 07:01:00 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FBCSCEA.EXE
+ 2007-01-30 12:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FBL6CEA.DLL
+ 2006-11-13 10:00:00 458,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FCONCEA.DLL
+ 2007-04-10 11:00:00 71,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FDSPCEA.DLL
+ 2007-02-26 07:01:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FGEPCEA.DLL
+ 2006-09-21 09:04:00 18,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FGRCCEA.DLL
+ 2007-03-30 07:00:00 504,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FHBRCEA.DLL
+ 2007-01-18 10:20:00 328,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FHM0CEA.DLL
+ 2007-03-30 07:00:00 34,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FHSRCEA.DLL
+ 2007-02-13 10:20:00 104,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FHT0CEA.DLL
+ 2007-03-30 16:06:00 218,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FHUTCEA.DLL
+ 2007-03-30 16:06:00 105,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FHUTCEA.EXE
+ 2007-04-05 10:00:00 561,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FJBCCEA.DLL
+ 2007-01-22 11:00:00 119,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FMAICEA.DLL
+ 2007-03-23 10:20:00 48,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FMW0CEA.DLL
+ 2006-12-13 20:55:34 536,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FOKACEA.DLL
+ 2006-10-31 10:00:00 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FPRECEA.EXE
+ 2007-01-23 10:00:00 626,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FPRUCEA.DLL
+ 2007-03-30 10:20:00 1,480,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FSR0CEA.DLL
+ 2007-01-22 13:01:00 740,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FUI1CEA.DLL
+ 2007-03-15 12:00:00 1,187,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FUICCEA.DLL
+ 2007-01-22 12:01:00 7,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FUIPCEA.DLL
+ 2007-03-12 13:01:00 199,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_FUIRCEA.DLL
+ 2007-01-11 10:02:00 113,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\E_S40RP7.EXE
+ 2006-11-30 11:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\EBAPI4.DLL
+ 2007-01-30 12:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\EBPBIDI.DLL
+ 2007-03-06 09:09:00 296,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\EPSET32.DLL
+ 2004-04-21 06:00:00 5,729 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\EPUPDATE.DAT
+ 2007-02-26 12:18:00 723,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx8400a57d\EPUPDATE.EXE
+ 2004-04-21 06:00:00 5,729 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.DAT
+ 2007-02-26 12:18:00 723,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.EXE
- 2006-09-25 23:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-09 02:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2004-08-10 19:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2004-08-10 19:00:00 4,048 ----a-w C:\WINDOWS\system32\timer.drv
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2004-12-07 16:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
- 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2004-08-10 19:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2008-04-03 02:07:40 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2008-04-03 02:08:00 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-04-03 02:07:40 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2008-04-03 02:07:40 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2008-04-03 02:07:40 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2008-04-03 02:07:42 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2008-04-03 02:07:42 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2008-04-03 02:07:42 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-04-03 02:07:42 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2004-08-04 08:56:58 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
- 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2004-08-10 19:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
+ 2001-06-07 16:49:26 6,736 ----a-w C:\WINDOWS\system32\WINGDIB.DRV
+ 2004-08-10 19:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-10 19:00:00 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2004-08-10 19:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
- 2006-10-19 03:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 23:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2004-08-10 19:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2006-02-03 13:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2007-03-05 17:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-10-22 08:37:16 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
+ 2006-02-03 13:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 17:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2007-10-22 08:39:54 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
+ 2006-05-31 12:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 14:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-28 21:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 17:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2007-01-24 20:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
+ 2007-04-04 23:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
+ 2007-06-21 01:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
+ 2007-07-20 05:57:12 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll
+ 2006-03-31 17:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 14:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2007-04-04 23:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2005-12-05 23:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
+ 2008-04-03 02:07:44 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2008-04-03 02:07:44 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-05-03 20:10:37 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-04-03 02:07:32 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-31 06:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 20:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 06:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-31 06:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 06:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 06:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 06:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-20 05:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-12-03 20:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-20 00:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 06:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 06:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 06:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 06:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-12-03 20:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-20 00:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2008-04-03 02:07:32 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 18:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2008-04-03 02:07:34 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2008-04-03 02:07:34 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2008-04-03 02:07:34 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2008-04-03 02:08:02 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-05-15 15:49:21 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-04-03 02:08:02 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-04-03 02:08:02 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-04-03 02:08:02 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-04-03 02:09:10 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-04-03 02:09:12 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-02-27 09:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 09:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2008-04-03 02:07:38 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2008-01-21 14:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-02-27 09:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2008-02-27 09:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2008-04-03 02:07:38 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2008-04-03 02:09:12 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-04-03 02:09:14 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 02:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-10-11 22:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2008-04-03 02:07:54 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 23:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2008-04-03 02:07:40 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2008-04-03 02:07:40 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2008-04-03 02:07:54 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2008-04-03 02:07:40 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2008-04-03 02:07:42 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2008-04-03 02:07:42 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2008-01-21 14:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2008-04-03 02:07:44 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2008-04-03 02:07:44 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2008-04-03 02:07:46 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2008-04-03 02:07:46 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2004-07-02 22:02:56 409,600 ----a-w C:\WINDOWS\twain_32\escndv\encm.dll
+ 2004-07-02 22:02:56 180,224 ----a-w C:\WINDOWS\twain_32\escndv\encmutil.dll
+ 2004-07-02 22:02:56 184,320 ----a-w C:\WINDOWS\twain_32\escndv\enll.dll
+ 2004-07-02 22:02:56 167,936 ----a-w C:\WINDOWS\twain_32\escndv\enludp.dll
+ 2007-04-10 06:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ade.dll
+ 2004-07-02 22:02:56 409,600 ----a-w C:\WINDOWS\twain_32\escndv\es0080\encm.dll
+ 2004-07-02 22:02:56 180,224 ----a-w C:\WINDOWS\twain_32\escndv\es0080\encmutil.dll
+ 2004-07-02 22:02:56 184,320 ----a-w C:\WINDOWS\twain_32\escndv\es0080\enll.dll
+ 2004-07-02 22:02:56 167,936 ----a-w C:\WINDOWS\twain_32\escndv\es0080\enludp.dll
+ 2007-03-08 06:00:00 3,518,464 ----a-w C:\WINDOWS\twain_32\escndv\es0080\escires.dll
+ 2006-11-02 06:00:00 90,112 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esddc.dll
+ 2007-03-30 06:00:00 188,416 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esdevcl.dll
+ 2007-03-08 06:00:00 131,072 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esdevif.dll
+ 2007-03-08 06:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esdscl.dll
+ 2006-12-12 06:00:00 425,984 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esdtr.dll
+ 2007-01-29 06:00:00 454,656 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esdtr2.dll
+ 2007-02-07 06:00:00 188,416 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esfit.dll
+ 2005-09-27 06:00:00 53,248 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esicm.dll
+ 2006-11-02 06:00:00 561,152 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esimfl.dll
+ 2007-03-08 06:00:00 229,376 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esimgctl.dll
+ 2006-08-01 06:00:00 1,658,880 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esimgdet.dll
+ 2007-03-30 06:00:00 348,287 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esmps.dll
+ 2007-03-08 06:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esmpsres.dll
+ 2005-04-25 06:00:00 126,976 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esnetbg.dll
+ 2007-03-08 06:00:00 139,264 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esres.dll
+ 2007-03-30 06:00:00 348,160 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esscncl.dll
+ 2007-03-08 06:00:00 40,960 ----a-w C:\WINDOWS\twain_32\escndv\es0080\estwm.exe
+ 2007-03-08 06:00:00 249,856 ----a-w C:\WINDOWS\twain_32\escndv\es0080\estwpmg.dll
+ 2007-03-30 06:00:00 1,028,096 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esui.dll
+ 2007-03-08 06:00:00 126,976 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esutwb.dll
+ 2007-03-30 06:00:00 73,728 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epbmp.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epbmpres.dll
+ 2007-03-30 06:00:00 151,552 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epjpg.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epjpgres.dll
+ 2007-03-30 06:00:00 98,304 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epmtf.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epmtfres.dll
+ 2007-04-05 06:00:00 114,688 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppdf.dll
+ 2007-03-08 06:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppdfres.dll
+ 2007-03-30 06:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppij.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppijres.dll
+ 2007-03-30 06:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppit.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppitres.dll
+ 2007-03-30 06:00:00 102,400 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eptif.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eptifres.dll
+ 2005-08-29 06:00:00 143,360 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\esexf.dll
+ 2005-08-29 06:00:00 98,304 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\espimtif.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\epbmpres.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\epjpgres.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\epmtfres.dll
+ 2007-03-08 06:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\eppdfres.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\eppijres.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\eppitres.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\eptifres.dll
+ 2007-03-20 06:00:00 520,192 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\pdflib.dll
+ 2007-03-08 06:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0080\local\esmpsres.dll
+ 2007-03-08 06:00:00 139,264 ----a-w C:\WINDOWS\twain_32\escndv\es0080\local\esres.dll
+ 2007-02-09 06:00:00 176,128 ----a-w C:\WINDOWS\twain_32\escndv\escfg.exe
+ 2007-03-08 06:00:00 118,784 ----a-w C:\WINDOWS\twain_32\escndv\escndv.exe
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\escndvrs.dll
+ 2005-04-25 06:00:00 126,976 ----a-w C:\WINDOWS\twain_32\escndv\esnetbg.dll
+ 2007-03-08 06:00:00 40,960 ----a-w C:\WINDOWS\twain_32\escndv\estwm.exe
+ 2007-03-08 06:00:00 77,824 ----a-w C:\WINDOWS\twain_32\escndv\local\escfgres.dll
+ 2007-03-08 06:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\local\escndvrs.dll
+ 1999-05-29 08:08:54 45,568 ----a-w C:\WINDOWS\UniFish3.exe
+ 2000-08-31 13:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2008-04-16 06:17:16 1,230,336 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
- 2007-01-10 06:18:51 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2008-04-16 06:17:16 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
- 2006-12-02 04:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 03:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-02 04:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 03:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 04:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 03:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2000-08-31 13:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-05-03 15:10 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 02:38 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51 715888]
"EPSON Stylus CX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.exe" [2007-02-15 07:00 179200]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 18:27 9117696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 20:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-20 03:52 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 00:31 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 18:27 9117696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 23:51:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 20:03:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-05-15 20:21:13 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-05-16 01:20:48
ComboFix2.txt 2007-11-26 02:01:59
ComboFix3.txt 2007-11-25 02:46:00

Pre-Run: 138,011,144,192 bytes free
Post-Run: 138,209,234,944 bytes free

1350 --- E O F --- 2008-05-15 08:01:35



















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:32 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Highjackthis\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_SA3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7003 bytes

The coolest thing since sliced bread

Posted Image


#8 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:10:54 AM

Posted 16 May 2008 - 04:28 AM

Hello,

One of the identified infections is Rootkit:
http://www.sophos.com/security/analyses/vi...ojntrootki.html

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and killed, but because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#9 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:10:54 AM

Posted 28 May 2008 - 07:35 AM

Due to inactivity this thread has been closed to prevent others with similar problems posting to it.
If you need it re-opened please PM a member of the moderating team with a link to your thread.

Thanks
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users