Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Hijacked


  • This topic is locked This topic is locked
12 replies to this topic

#1 Velzone

Velzone

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 28 June 2008 - 03:55 PM

Unable to download anything from internet, no updates, slow, something is wrong.

Any help would be greatly appreciated.

Joe



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:38 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129242291\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1904607352-2911765694-2800509490-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1904607352-2911765694-2800509490-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'LENORE SIERRA')
O4 - HKUS\S-1-5-18\..\Run: [MSN Messanger] msnmsng.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [MSN Messanger] msnmsng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSN Messanger] msnmsng.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [MSN Messanger] msnmsng.exe (User 'Default user')
O4 - S-1-5-21-1904607352-2911765694-2800509490-1005 Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User 'LENORE SIERRA')
O4 - S-1-5-21-1904607352-2911765694-2800509490-1005 User Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User 'LENORE SIERRA')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7867 bytes


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deckard's System Scanner v20071014.68
Run by MANUEL SIERRA on 2008-06-28 12:18:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as MANUEL SIERRA.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:18:08 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\LENORE SIERRA\Desktop\dss.exe
C:\admin\MANUEL SIERRA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129242291\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 07:05:57 0 d-------- C:\WINDOWS\LastGood
2008-06-27 01:40:16 68096 --a------ C:\WINDOWS\zip.exe
2008-06-27 01:40:16 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-27 01:40:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-27 01:40:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-27 01:40:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-27 01:40:16 98816 --a------ C:\WINDOWS\sed.exe
2008-06-27 01:40:16 80412 --a------ C:\WINDOWS\grep.exe
2008-06-27 01:40:16 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-27 00:32:24 0 d-------- C:\VundoFix Backups
2008-06-27 00:26:44 2614 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-26 23:12:32 0 d-------- C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Application Data\SUPERAntiSpyware.com
2008-06-26 23:12:32 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-26 23:12:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-26 20:21:56 1712 --a------ C:\Fix_Protocol_zones_ranges.reg
2008-06-15 14:27:14 0 d-------- C:\Documents and Settings\ANDY SIERRA\Application Data\Sun
2008-06-15 14:16:43 0 d-------- C:\Documents and Settings\ANDY SIERRA\Application Data\Yahoo!
2008-06-15 13:24:17 0 d-------- C:\WINDOWS\pss
2008-06-15 13:19:18 0 d-------- C:\Program Files\BHODemon 2
2008-06-15 12:30:38 550 --a------ C:\WINDOWS\mozver.dat
2008-06-15 12:29:48 0 d-------- C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Application Data\Mozilla
2008-06-14 20:38:41 0 d-------- C:\Program Files\EsetOnlineScanner
2008-06-14 15:22:36 0 d-------- C:\Program Files\Panda Security
2008-06-14 13:02:56 0 d-------- C:\Documents and Settings\LENORE SIERRA\.housecall6.6
2008-06-14 13:02:19 0 d-------- C:\Documents and Settings\LENORE SIERRA\Application Data\Sun
2008-06-14 12:57:32 0 d-------- C:\Documents and Settings\LENORE SIERRA\Application Data\Yahoo!
2008-06-14 11:36:30 0 d-------- C:\Documents and Settings\LENORE SIERRA\Application Data\Malwarebytes
2008-06-14 11:31:08 0 d-------- C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Application Data\Malwarebytes
2008-06-14 00:54:10 0 d-------- C:\Documents and Settings\ANDY SIERRA\Application Data\Malwarebytes
2008-06-14 00:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 00:53:54 34296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 00:53:54 15864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 00:53:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 00:53:34 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-12 21:26:05 102664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys <Not Verified; Trend Micro Inc.; ActiveClean>
2008-06-11 23:31:17 0 d-------- C:\Program Files\Lavasoft
2008-06-11 23:31:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-11 23:29:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 23:27:34 35216 --a------ C:\WINDOWS\system32\drivers\TMPassthru.sys <Not Verified; Trend Micro Inc.; Trend Micro RUBotted>
2008-06-11 23:27:34 0 d-------- C:\Program Files\Trend Micro
2008-06-11 23:27:02 0 d-------- C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Application Data\InstallShield
2008-06-09 01:57:35 0 d-------- C:\Documents and Settings\MANUEL SIERRA.VAIO.000\.housecall6.6
2008-06-09 00:33:15 0 d-------- C:\WINDOWS\Offline Web Pages
2008-06-01 10:34:50 0 d--h----- C:\$AVG8.VAULT$
2008-06-01 10:14:49 10520 --a------ C:\WINDOWS\system32\avgrsstx.dll <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-06-01 10:14:48 75272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-06-01 10:14:48 96520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-06-01 10:14:38 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-01 10:14:26 0 d-------- C:\Program Files\AVG
2008-06-01 10:14:26 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-01 03:13:01 0 d-------- C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Application Data\Sun
2008-06-01 02:48:53 0 d-------- C:\WINDOWS\system32\scripting
2008-06-01 02:48:51 0 d-------- C:\WINDOWS\l2schemas
2008-06-01 02:48:50 0 d-------- C:\WINDOWS\system32\en
2008-06-01 02:42:16 0 d-------- C:\WINDOWS\network diagnostic
2008-06-01 02:17:15 1306624 -----n--- C:\WINDOWS\system32\msxml6.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 6.0 SP2>
2008-06-01 02:17:14 712704 -----n--- C:\WINDOWS\system32\windowscodecs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:11 346112 -----n--- C:\WINDOWS\system32\windowscodecsext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:10 650752 -----n--- C:\WINDOWS\system32\dot3ui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:09 276992 -----n--- C:\WINDOWS\system32\wmphoto.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:09 290304 -----n--- C:\WINDOWS\system32\rhttpaa.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:08 397312 -----n--- C:\WINDOWS\system32\mmcex.dll <Not Verified; Microsoft Corporation; Microsoft ® Windows ® Operating System>
2008-06-01 02:17:07 291328 -----n--- C:\WINDOWS\system32\qagentrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:05 412160 -----n--- C:\WINDOWS\system32\photometadatahandler.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:05 233472 -----n--- C:\WINDOWS\system32\azroles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:04 176640 -----n--- C:\WINDOWS\system32\napstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:03 180224 -----n--- C:\WINDOWS\system32\eapphost.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:03 184832 -----n--- C:\WINDOWS\system32\eapp3hst.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:17:03 144384 -----n--- C:\WINDOWS\system32\drivers\hdaudbus.sys <Not Verified; Windows ® Server 2003 DDK provider; Microsoft® Windows® Operating System>
2008-06-01 02:17:00 155136 -----n--- C:\WINDOWS\system32\mssha.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:59 193024 -----n--- C:\WINDOWS\system32\napmontr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:59 132096 -----n--- C:\WINDOWS\system32\dot3svc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:59 136192 -----n--- C:\WINDOWS\system32\aaclient.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:58 150528 -----n--- C:\WINDOWS\system32\qagent.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:57 144384 -----n--- C:\WINDOWS\system32\onex.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:57 126976 -----n--- C:\WINDOWS\system32\eappcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:55 94208 -----n--- C:\WINDOWS\system32\eappgnui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:54 76800 -----n--- C:\WINDOWS\system32\qutil.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:54 106496 -----n--- C:\WINDOWS\system32\mmcfxcommon.dll <Not Verified; Microsoft Corporation; Microsoft ® Windows ® Operating System>
2008-06-01 02:16:53 69120 -----n--- C:\WINDOWS\system32\wlanapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:52 62464 -----n--- C:\WINDOWS\system32\qcliprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:52 61440 -----n--- C:\WINDOWS\system32\kmsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:51 59392 -----n--- C:\WINDOWS\system32\eapqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:49 50688 -----n--- C:\WINDOWS\system32\tspkg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:49 56320 -----n--- C:\WINDOWS\system32\dot3msm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:48 53248 -----n--- C:\WINDOWS\system32\tsgqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:48 48640 -----n--- C:\WINDOWS\system32\dhcpqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:47 39936 -----n--- C:\WINDOWS\system32\dimsroam.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:46 57856 -----n--- C:\WINDOWS\system32\dot3cfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:45 39936 -----n--- C:\WINDOWS\system32\dot3gpclnt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:44 61952 -----n--- C:\WINDOWS\system32\rasqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:44 37376 -----n--- C:\WINDOWS\system32\l2gpstore.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:44 40960 -----n--- C:\WINDOWS\system32\eappprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:43 33792 -----n--- C:\WINDOWS\system32\mmcperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:43 33792 -----n--- C:\WINDOWS\system32\eapsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:42 30208 -----n--- C:\WINDOWS\system32\napipsec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:42 79872 -----n--- C:\WINDOWS\system32\msxml6r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 6.0>
2008-06-01 02:16:42 76800 -----n--- C:\WINDOWS\system32\msshavmsg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:42 30720 -----n--- C:\WINDOWS\system32\eapolqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:40 32768 -----n--- C:\WINDOWS\system32\setupn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2008-06-01 02:16:40 26112 -----n--- C:\WINDOWS\system32\dot3api.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:40 19456 -----n--- C:\WINDOWS\system32\dimsntfy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:35 12800 -----n--- C:\WINDOWS\system32\credssp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:34 10240 -----n--- C:\WINDOWS\system32\drivers\sffp_mmc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:32 9216 -----n--- C:\WINDOWS\system32\dot3dlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:28 6144 -----n--- C:\WINDOWS\system32\kbdpash.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:28 6144 -----n--- C:\WINDOWS\system32\kbdnepr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:28 6144 -----n--- C:\WINDOWS\system32\kbdbhc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:28 7168 -----n--- C:\WINDOWS\system32\bitsprx4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 02:16:27 6144 -----n--- C:\WINDOWS\system32\kbdiultn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 01:55:15 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-31 17:04:54 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-05-31 17:04:54 0 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-05-31 17:04:54 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-05-31 17:04:54 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-05-31 17:04:53 1048576 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-05-31 17:04:50 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings
2008-05-31 17:04:50 0 d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Cookies
2008-05-31 17:04:50 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data
2008-05-31 17:04:50 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Microsoft
2008-05-31 17:04:48 1048576 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT
2008-05-31 17:04:14 0 d--hs---- C:\FOUND.038


-- Find3M Report ---------------------------------------------------------------

2008-06-01 02:41:48 250048 -rahs---- C:\ntldr
2008-05-16 11:58:04 12632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-04-14 05:42:38 11264 -----n--- C:\WINDOWS\system32\spnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 05:42:06 985088 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 05:41:58 423936 --a------ C:\WINDOWS\system32\licdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:25:26 1804 --a------ C:\WINDOWS\system32\Dcache.bin
2008-04-13 17:16:52 329728 --a------ C:\WINDOWS\system32\netsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:13:22 12168 --a------ C:\WINDOWS\system32\tsddd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:13:22 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:13:22 92424 --a------ C:\WINDOWS\system32\rdpdd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 679936 --a------ C:\WINDOWS\system32\sstext3d.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 14336 --a------ C:\WINDOWS\system32\ssstars.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 610304 --a------ C:\WINDOWS\system32\sspipes.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 18944 --a------ C:\WINDOWS\system32\ssmyst.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 47104 --a------ C:\WINDOWS\system32\ssmypics.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 20992 --a------ C:\WINDOWS\system32\ssmarque.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 393216 --a------ C:\WINDOWS\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 19968 --a------ C:\WINDOWS\system32\ssbezier.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 704512 --a------ C:\WINDOWS\system32\ss3dfo.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 9216 --a------ C:\WINDOWS\system32\scrnsave.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:44 220672 --a------ C:\WINDOWS\system32\logon.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:42 30720 --a------ C:\WINDOWS\system32\xcopy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:42 155648 --a------ C:\WINDOWS\system32\wscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-04-13 17:12:42 11264 --a------ C:\WINDOWS\system32\wpnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:42 12800 --a------ C:\WINDOWS\system32\tree.com <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:42 16896 --a------ C:\WINDOWS\system32\more.com <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:42 29696 --a------ C:\WINDOWS\system32\format.com <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:40 283648 --a------ C:\WINDOWS\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:40 32256 --a------ C:\WINDOWS\system32\wpabaln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:40 5632 --a------ C:\WINDOWS\system32\winver.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:40 433664 --a------ C:\WINDOWS\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:40 65024 --a------ C:\WINDOWS\system32\wextract.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 289792 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 28672 -----n--- C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 50176 --a------ C:\WINDOWS\system32\utilman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 26112 --a------ C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 18432 --a------ C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 16896 --a------ C:\WINDOWS\system32\upnpcont.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 12288 --a------ C:\WINDOWS\system32\tracert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 347136 --a------ C:\WINDOWS\system32\tourstart.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 75776 --a------ C:\WINDOWS\system32\telnet.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 135680 --a------ C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:38 106496 --a------ C:\WINDOWS\system32\sysocmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 14848 --a------ C:\WINDOWS\system32\stimon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 20992 -----n--- C:\WINDOWS\system32\spupdwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 538624 --a------ C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 7680 --a------ C:\WINDOWS\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 24576 --a------ C:\WINDOWS\system32\sort.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 8704 --a------ C:\WINDOWS\system32\snmptrap.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 131584 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 50688 --a------ C:\WINDOWS\system32\smss.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 89600 --a------ C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 8192 -----n--- C:\WINDOWS\system32\smbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 73796 -----n--- C:\WINDOWS\system32\slserv.exe <Not Verified; Smart Link; Soft Modem>
2008-04-13 17:12:36 32866 -----n--- C:\WINDOWS\system32\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2008-04-13 17:12:36 26112 --a------ C:\WINDOWS\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 70144 --a------ C:\WINDOWS\system32\sigverif.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 19456 --a------ C:\WINDOWS\system32\shutdown.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 77824 --a------ C:\WINDOWS\system32\shrpubw.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 45056 --a------ C:\WINDOWS\system32\shmgrate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:36 32866 -----n--- C:\WINDOWS\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2008-04-13 17:12:34 23040 --a------ C:\WINDOWS\system32\setup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 31232 --a------ C:\WINDOWS\system32\sethc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 141312 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 108544 --a------ C:\WINDOWS\system32\services.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 77312 --a------ C:\WINDOWS\system32\sdbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 95744 --a------ C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 13312 --a------ C:\WINDOWS\system32\savedump.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 14336 --a------ C:\WINDOWS\system32\runonce.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 33280 --a------ C:\WINDOWS\system32\rundll32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 77312 --a------ C:\WINDOWS\system32\rtcshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 14848 --a------ C:\WINDOWS\system32\rsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:34 13824 --a------ C:\WINDOWS\system32\rexec.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 11776 -----n--- C:\WINDOWS\system32\regsvr32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 50176 --a------ C:\WINDOWS\system32\reg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 67072 --a------ C:\WINDOWS\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 62976 --a------ C:\WINDOWS\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 21504 --a------ C:\WINDOWS\system32\rcp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 35840 --a------ C:\WINDOWS\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 56832 --a------ C:\WINDOWS\system32\rasphone.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 19968 --a------ C:\WINDOWS\system32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 9216 -----n--- C:\WINDOWS\system32\proxycfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 50176 --a------ C:\WINDOWS\system32\proquota.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 109568 --a------ C:\WINDOWS\system32\progman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 49152 -----n--- C:\WINDOWS\system32\powercfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 17920 --a------ C:\WINDOWS\system32\ping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 15872 --a------ C:\WINDOWS\system32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 58368 --a------ C:\WINDOWS\system32\packager.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 215552 --a------ C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:32 146432 --a------ C:\WINDOWS\regedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 420864 --a------ C:\WINDOWS\system32\ntvdm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 76800 --a------ C:\WINDOWS\system32\nslookup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 69120 --a------ C:\WINDOWS\system32\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 36864 --a------ C:\WINDOWS\system32\netstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 86016 --a------ C:\WINDOWS\system32\netsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 111104 --a------ C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 124928 --a------ C:\WINDOWS\system32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 42496 --a------ C:\WINDOWS\system32\net.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 4096 --a------ C:\WINDOWS\system32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 53760 --a------ C:\WINDOWS\system32\narrator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 12288 --a------ C:\WINDOWS\system32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:30 69120 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:28 343040 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:28 6144 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-13 17:12:28 123392 --a------ C:\WINDOWS\system32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:26 143360 --a------ C:\WINDOWS\system32\mobsync.exe <Not Verified; Microsoft Corporation; Microsoft Synchronization Manager>
2008-04-13 17:12:26 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-13 17:12:26 1414656 --a------ C:\WINDOWS\system32\mmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:26 57344 --a------ C:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:24 677888 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:24 72704 --a------ C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:24 514560 --a------ C:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:24 59392 -----n--- C:\WINDOWS\system32\logman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:24 75264 --a------ C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:24 23552 --a------ C:\WINDOWS\system32\ipxroute.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:24 53248 --a------ C:\WINDOWS\system32\ipv6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:22 55808 --a------ C:\WINDOWS\system32\ipconfig.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:22 150528 --a------ C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:22 114688 --a------ C:\WINDOWS\system32\iexpress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:22 15872 --a------ C:\WINDOWS\system32\help.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:22 39424 --a------ C:\WINDOWS\system32\grpconv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:22 10752 --a------ C:\WINDOWS\hh.exe <Not Verified; Microsoft Corporation; HTML Help>
2008-04-13 17:12:20 42496 --a------ C:\WINDOWS\system32\ftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:20 193024 -----n--- C:\WINDOWS\system32\fsquirt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:20 7680 --a------ C:\WINDOWS\system32\forcedos.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:20 20992 --a------ C:\WINDOWS\system32\fontview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:20 23040 --a------ C:\WINDOWS\system32\fltmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:20 27136 --a------ C:\WINDOWS\system32\findstr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:20 20992 -----n--- C:\WINDOWS\system32\faxpatch.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:20 24064 --a------ C:\WINDOWS\system32\extrac32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:20 92160 --a------ C:\WINDOWS\system32\evntwin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:20 24064 --a------ C:\WINDOWS\system32\evntcmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:20 193024 --a------ C:\WINDOWS\system32\eudcedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:18 1298432 --a------ C:\WINDOWS\system32\dxdiag.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:18 180224 --a------ C:\WINDOWS\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2008-04-13 17:12:18 17920 --a------ C:\WINDOWS\system32\dvdupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:18 10752 --a------ C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:18 83456 --a------ C:\WINDOWS\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:18 17920 --a------ C:\WINDOWS\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:18 29696 --a------ C:\WINDOWS\system32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:18 15872 --a------ C:\WINDOWS\system32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-04-13 17:12:18 224768 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2008-04-13 17:12:18 163840 --a------ C:\WINDOWS\system32\diskpart.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-04-13 17:12:18 87040 --a------ C:\WINDOWS\system32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:16 82944 --a------ C:\WINDOWS\system32\dfrgfat.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-13 17:12:16 25088 --a------ C:\WINDOWS\system32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-13 17:12:16 30208 --a------ C:\WINDOWS\system32\ddeshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:16 6144 --a------ C:\WINDOWS\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:12:16 139264 --a------ C:\WINDOWS\system32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-04-13 17:12:16 63488 --a------ C:\WINDOWS\system32\cmstp.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-13 17:12:16 39936 --a------ C:\WINDOWS\system32\cmmon32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-13 17:12:14 25600 --a------ C:\WINDOWS\system32\cmdl32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-13 17:12:14 389120 --a------ C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:14 33280 --a------ C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:14 102912 --a------ C:\WINDOWS\system32\clipbrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:14 64000 --a------ C:\WINDOWS\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:14 5632 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:14 19968 --a------ C:\WINDOWS\system32\cacls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:14 71680 -----n--- C:\WINDOWS\system32\blastcln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:14 11264 --a------ C:\WINDOWS\system32\autolfn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:14 580608 --a------ C:\WINDOWS\system32\autofmt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 338432 --a------ C:\WINDOWS\system32\zipfldr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 11776 --a------ C:\WINDOWS\system32\xolehlp.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-13 17:12:12 50176 -----n--- C:\WINDOWS\system32\xmlprovi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 129024 -----n--- C:\WINDOWS\system32\xmlprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 91648 --a------ C:\WINDOWS\system32\xactsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 602624 --a------ C:\WINDOWS\system32\autoconv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 588800 --a------ C:\WINDOWS\system32\autochk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 14336 -----n--- C:\WINDOWS\system32\auditusr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 12288 --a------ C:\WINDOWS\system32\attrib.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 11264 --a------ C:\WINDOWS\system32\atmadm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 25088 --a------ C:\WINDOWS\system32\at.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 98304 --a------ C:\WINDOWS\system32\ahui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:12 4096 --a------ C:\WINDOWS\system32\actmovie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-04-13 17:12:12 184320 --a------ C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:10 50688 --a------ C:\WINDOWS\system32\wstdecod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:10 41984 --a------ C:\WINDOWS\system32\wsnmp32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:10 11264 --a------ C:\WINDOWS\system32\WshRm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:10 14336 --a------ C:\WINDOWS\system32\wship6.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:10 90112 --a------ C:\WINDOWS\system32\wshext.dll <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-04-13 17:12:10 36864 --a------ C:\WINDOWS\system32\wshcon.dll <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Controller>
2008-04-13 17:12:10 108032 -----n--- C:\WINDOWS\system32\wshbth.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:10 303616 --a------ C:\WINDOWS\system32\wmstream.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-04-13 17:12:10 115200 --a------ C:\WINDOWS\system32\wmsdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-04-13 17:12:10 132096 --a------ C:\WINDOWS\system32\wkssvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:10 17408 -----n--- C:\WINDOWS\system32\winshfhc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 50688 --a------ C:\WINDOWS\twain_32.dll <Not Verified; Twain Working Group; Twain_32 Source Manager>
2008-04-13 17:12:08 102400 --a------ C:\WINDOWS\system32\win32spl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 111104 --a------ C:\WINDOWS\system32\wiavideo.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 589312 --a------ C:\WINDOWS\system32\wiashext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 75776 --a------ C:\WINDOWS\system32\wiascr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 124416 --a------ C:\WINDOWS\system32\wiadss.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 463360 --a------ C:\WINDOWS\system32\wiadefui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 135680 --a------ C:\WINDOWS\system32\webvw.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 215552 --a------ C:\WINDOWS\system32\wavemsp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 26624 --a------ C:\WINDOWS\system32\verifier.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 51712 --a------ C:\WINDOWS\system32\vdmredir.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 26112 --a------ C:\WINDOWS\system32\vdmdbg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 30749 --a------ C:\WINDOWS\system32\vbajet32.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-13 17:12:08 74240 --a------ C:\WINDOWS\system32\usbui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 185856 --a------ C:\WINDOWS\system32\upnphost.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 316416 --a------ C:\WINDOWS\system32\untfs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 35840 --a------ C:\WINDOWS\system32\umandlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 275456 --a------ C:\WINDOWS\system32\ulib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 26624 --a------ C:\WINDOWS\system32\udhisapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 101376 --a------ C:\WINDOWS\system32\txflog.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:12:08 57856 -----n--- C:\WINDOWS\system32\twext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 358400 --a------ C:\WINDOWS\system32\termmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 45568 --a------ C:\WINDOWS\system32\tcpmonui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 14848 --a------ C:\WINDOWS\system32\tcpmib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 858624 --a------ C:\WINDOWS\system32\tapi3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 117760 --a------ C:\WINDOWS\system32\t2embed.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 990208 --a------ C:\WINDOWS\system32\syssetup.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 191488 --a------ C:\WINDOWS\system32\syncui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 57856 --a------ C:\WINDOWS\system32\synceng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 246814 --a------ C:\WINDOWS\system32\strmdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-04-13 17:12:08 74752 --a------ C:\WINDOWS\system32\storprop.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 136704 --a------ C:\WINDOWS\system32\sti_ci.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 68096 --a------ C:\WINDOWS\system32\sti.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 59392 --a------ C:\WINDOWS\system32\stclient.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:12:08 96768 --a------ C:\WINDOWS\system32\srvsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:08 239104 --a------ C:\WINDOWS\system32\srrstr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 182272 --a------ C:\WINDOWS\system32\snmpsnap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 362496 --a------ C:\WINDOWS\system32\smlogcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 188508 -----n--- C:\WINDOWS\system32\slgen.dll <Not Verified; Smart Link; Soft Modem>
2008-04-13 17:12:06 286792 -----n--- C:\WINDOWS\system32\slextspk.dll <Not Verified; Smart Link; Soft Modem>
2008-04-13 17:12:06 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll <Not Verified; Smart Link; Soft Modem>
2008-04-13 17:12:06 98304 --a------ C:\WINDOWS\system32\slbiop.dll <Not Verified; Schlumberger Technology Corporation; Schlumberger Smart Card Interoperability Provider for Windows 2000(Microsoft Build)>
2008-04-13 17:12:06 25088 --a------ C:\WINDOWS\system32\slayerxp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 13312 --a------ C:\WINDOWS\system32\sigtab.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 27648 --a------ C:\WINDOWS\system32\shscrap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 152064 --a------ C:\WINDOWS\system32\shmedia.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 438272 --a------ C:\WINDOWS\system32\shimgvw.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 68096 --a------ C:\WINDOWS\system32\shgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 1614848 --a------ C:\WINDOWS\system32\sfcfiles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 56320 --a------ C:\WINDOWS\system32\servdeps.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 54784 --a------ C:\WINDOWS\system32\sendmail.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 29184 --a------ C:\WINDOWS\system32\sendcmsg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 5632 --a------ C:\WINDOWS\system32\security.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 29184 -----n--- C:\WINDOWS\system32\sdhcinst.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 172032 --a------ C:\WINDOWS\system32\scrrun.dll <Not Verified; Microsoft Corporation; Microsoft ® Script Runtime>
2008-04-13 17:12:06 180224 --a------ C:\WINDOWS\system32\scrobj.dll <Not Verified; Microsoft Corporation; Microsoft ® Windows ® Script Component Runtime>
2008-04-13 17:12:06 20480 --a------ C:\WINDOWS\system32\sclgntfy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 144384 --a------ C:\WINDOWS\system32\schannel.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:06 171008 --a------ C:\WINDOWS\system32\sccsccp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 69632 --a------ C:\WINDOWS\system32\scarddlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 159232 -----n--- C:\WINDOWS\system32\sbeio.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-04-13 17:12:04 270848 -----n--- C:\WINDOWS\system32\sbe.dll
2008-04-13 17:12:04 415744 --a------ C:\WINDOWS\system32\samsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 45568 --a------ C:\WINDOWS\system32\safrslv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 29696 --a------ C:\WINDOWS\system32\safrdm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll <Not Verified; S3 Graphics, Inc.; S3 ProSavage(DDR) & Twister Display Driver>
2008-04-13 17:12:04 18944 --a------ C:\WINDOWS\system32\rsmps.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 39936 --a------ C:\WINDOWS\system32\rshx32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 60416 --a------ C:\WINDOWS\system32\remotepg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 397824 --a------ C:\WINDOWS\system32\regwizc.dll <Not Verified; Microsoft; RegWizCtrl Module>
2008-04-13 17:12:04 59904 --a------ C:\WINDOWS\system32\regsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 147968 --a------ C:\WINDOWS\system32\rdchost.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 102400 --a------ C:\WINDOWS\system32\rcbdyctl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 58368 --a------ C:\WINDOWS\system32\rastapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 16384 --a------ C:\WINDOWS\system32\rassapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 61440 --a------ C:\WINDOWS\system32\rasman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 658432 --a------ C:\WINDOWS\system32\rasdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 88576 --a------ C:\WINDOWS\system32\rasauto.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 237056 --a------ C:\WINDOWS\system32\rasapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 43520 --a------ C:\WINDOWS\system32\racpldlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 1435648 --a------ C:\WINDOWS\system32\query.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 1288192 --a------ C:\WINDOWS\system32\quartz.dll
2008-04-13 17:12:04 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 409088 --a------ C:\WINDOWS\system32\qmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 562176 --a------ C:\WINDOWS\system32\qedit.dll
2008-04-13 17:12:04 386048 --a------ C:\WINDOWS\system32\qdvd.dll
2008-04-13 17:12:04 279040 --a------ C:\WINDOWS\system32\qdv.dll
2008-04-13 17:12:04 192512 --a------ C:\WINDOWS\system32\qcap.dll
2008-04-13 17:12:04 43520 --a------ C:\WINDOWS\system32\pstorec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:04 560640 --a------ C:\WINDOWS\system32\printui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 105472 --a------ C:\WINDOWS\system32\polstore.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 58880 -----n--- C:\WINDOWS\system32\pnrpnsp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 35328 --a------ C:\WINDOWS\system32\pid.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 176128 --a------ C:\WINDOWS\system32\photowiz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 34816 --a------ C:\WINDOWS\system32\perfproc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 17920 --a------ C:\WINDOWS\system32\perfnet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 26624 --a------ C:\WINDOWS\system32\perfdisk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 39936 --a------ C:\WINDOWS\system32\perfctrs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 284160 --a------ C:\WINDOWS\system32\pdh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 67584 --a------ C:\WINDOWS\system32\pautoenr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 554496 -----n--- C:\WINDOWS\system32\p2psvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 115712 -----n--- C:\WINDOWS\system32\p2pnetsh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 313856 -----n--- C:\WINDOWS\system32\p2pgraph.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 105472 -----n--- C:\WINDOWS\system32\p2pgasvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 153600 -----n--- C:\WINDOWS\system32\p2p.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 67584 --a------ C:\WINDOWS\system32\osuninst.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 713728 --a------ C:\WINDOWS\system32\opengl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 107008 --a------ C:\WINDOWS\system32\oleprn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 37376 --a------ C:\WINDOWS\system32\olecnv32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 551936 -----n--- C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2008-04-13 17:12:02 192000 --a------ C:\WINDOWS\system32\offfilt.dll <Not Verified; Microsoft Corporation; Microsoft Office IFilter>
2008-04-13 17:12:02 20511 --a------ C:\WINDOWS\system32\odtext32.dll <Not Verified; Microsoft Corporation; ODBC (3.0) driver for text files>
2008-04-13 17:12:02 20510 --a------ C:\WINDOWS\system32\odpdx32.dll <Not Verified; Microsoft Corporation; ODBC (3.0) driver for Paradox>
2008-04-13 17:12:02 20510 --a------ C:\WINDOWS\system32\odfox32.dll <Not Verified; Microsoft Corporation; ODBC (3.0) driver for FoxPro>
2008-04-13 17:12:02 20510 --a------ C:\WINDOWS\system32\odexl32.dll <Not Verified; Microsoft Corporation; ODBC (3.0) driver for Excel>
2008-04-13 17:12:02 20511 --a------ C:\WINDOWS\system32\oddbse32.dll <Not Verified; Microsoft Corporation; ODBC (3.0) driver for DBase>
2008-04-13 17:12:02 286208 --a------ C:\WINDOWS\system32\objsel.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 142336 --a------ C:\WINDOWS\system32\nwprovau.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 15360 --a------ C:\WINDOWS\system32\ntvdmd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 91136 --a------ C:\WINDOWS\system32\ntprint.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 435200 --a------ C:\WINDOWS\system32\ntmssvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Whistler® Operating System>
2008-04-13 17:12:02 488448 --a------ C:\WINDOWS\system32\ntmsmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-13 17:12:02 179200 --a------ C:\WINDOWS\system32\ntmsdba.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 40960 --a------ C:\WINDOWS\system32\ntmsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Whistler® Operating System>
2008-04-13 17:12:02 8192 --a------ C:\WINDOWS\system32\ntlsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 54784 --a------ C:\WINDOWS\system32\npptools.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-13 17:12:02 98304 --a------ C:\WINDOWS\system32\nlhtml.dll <Not Verified; Microsoft Corporation; Microsoft® Windows>
2008-04-13 17:12:02 875008 --a------ C:\WINDOWS\system32\netplwiz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 139264 --a------ C:\WINDOWS\system32\netid.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 18944 --a------ C:\WINDOWS\system32\nddenb32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 90624 --a------ C:\WINDOWS\system32\mydocs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll <Not Verified; Matrox Graphics Inc.; Matrox Parhelia Display Driver>
2008-04-13 17:12:02 91648 --a------ C:\WINDOWS\system32\mtxoci.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:12:02 34304 --a------ C:\WINDOWS\system32\mtxlegih.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:12:02 4096 --a------ C:\WINDOWS\system32\mtxex.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:12:02 30720 -----n--- C:\WINDOWS\system32\mtxdm.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:12:02 16896 --a------ C:\WINDOWS\system32\msyuv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 701440 --a------ C:\WINDOWS\system32\msxml2.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 2.0 SP 3>
2008-04-13 17:12:02 506368 --a------ C:\WINDOWS\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-04-13 17:12:02 203776 --a------ C:\WINDOWS\system32\mswebdvd.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-04-13 17:12:02 72704 --a------ C:\WINDOWS\system32\msw3prt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 1428992 --a------ C:\WINDOWS\system32\msvidctl.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-04-13 17:12:02 121344 --a------ C:\WINDOWS\system32\msvfw32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:02 57344 -----n--- C:\WINDOWS\system32\msvcirt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:00 132608 --a------ C:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:00 274944 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:00 134656 -----n--- C:\WINDOWS\system32\mssap.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-13 17:12:00 11264 --a------ C:\WINDOWS\system32\msrle32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:00 105984 --a------ C:\WINDOWS\system32\msoert2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:00 252928 --a------ C:\WINDOWS\system32\msoeacct.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:00 290816 --a------ C:\WINDOWS\system32\msnsspc.dll <Not Verified; Microsoft Corporation; Microsoft® MSN®>
2008-04-13 17:12:00 25088 --a------ C:\WINDOWS\system32\mslbui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:00 151583 --a------ C:\WINDOWS\system32\msjint40.dll <Not Verified; Microsoft Corporation; Microsoft ® Jet>
2008-04-13 17:12:00 248832 --a------ C:\WINDOWS\system32\msieftp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:00 51712 --a------ C:\WINDOWS\system32\msident.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:00 33792 --a------ C:\WINDOWS\system32\msgsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:12:00 161792 --a------ C:\WINDOWS\system32\msdtcuiu.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-13 17:12:00 956928 --a------ C:\WINDOWS\system32\msdtctm.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-13 17:12:00 427008 --a------ C:\WINDOWS\system32\msdtcprx.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-13 17:12:00 58880 --a------ C:\WINDOWS\system32\msdtclog.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-13 17:12:00 14336 --a------ C:\WINDOWS\system32\msdmo.dll
2008-04-13 17:11:58 68608 --a------ C:\WINDOWS\system32\msctfp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:58 69632 --a------ C:\WINDOWS\system32\msconf.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-13 17:11:58 73728 --a------ C:\WINDOWS\system32\mscms.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:58 86016 --a------ C:\WINDOWS\system32\msapsspc.dll <Not Verified; Microsoft Corporation; Microsoft® Internet Services>
2008-04-13 17:11:58 53248 --a------ C:\WINDOWS\system32\mprdim.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:58 240640 --a------ C:\WINDOWS\system32\mpg4dmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-04-13 17:11:58 207360 --a------ C:\WINDOWS\system32\mobsync.dll <Not Verified; Microsoft Corporation; Microsoft Synchronization Manager>
2008-04-13 17:11:58 34560 --a------ C:\WINDOWS\system32\mnmdd.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-13 17:11:58 17408 --a------ C:\WINDOWS\system32\mmfutil.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:58 61440 --a------ C:\WINDOWS\system32\mmcshext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:58 1872896 --a------ C:\WINDOWS\system32\mmcndmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:58 163328 --a------ C:\WINDOWS\system32\mmcbase.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:58 29696 --a------ C:\WINDOWS\system32\mimefilt.dll <Not Verified; Microsoft Corporation; MIME Filter>
2008-04-13 17:11:58 60928 --a------ C:\WINDOWS\system32\miglibnt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 2061824 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 14848 --a------ C:\WINDOWS\system32\mgmtapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 40960 --a------ C:\WINDOWS\system32\mf3216.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll <Not Verified; Conexant; Diagnostic Interface>
2008-04-13 17:11:56 23552 --a------ C:\WINDOWS\system32\mciwave.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 23040 --a------ C:\WINDOWS\system32\mciseq.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 35328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2008-04-13 17:11:56 84480 --a------ C:\WINDOWS\system32\mciavi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 728064 --a------ C:\WINDOWS\system32\lsasrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 22528 --a------ C:\WINDOWS\system32\lpdsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 11776 --a------ C:\WINDOWS\system32\localui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 343040 --a------ C:\WINDOWS\system32\localspl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 221696 --a------ C:\WINDOWS\system32\localsec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 399872 --a------ C:\WINDOWS\system32\lmrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-04-13 17:11:56 13824 --a------ C:\WINDOWS\system32\lmhsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 58880 --a------ C:\WINDOWS\system32\licwmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 4096 --a------ C:\WINDOWS\system32\ksuser.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 150528 --a------ C:\WINDOWS\system32\keymgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 47616 --a------ C:\WINDOWS\system32\iyuv_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 54272 --a------ C:\WINDOWS\system32\ixsso.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 138240 --a------ C:\WINDOWS\system32\itss.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 155136 --a------ C:\WINDOWS\system32\itircl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll <Not Verified; Intel Corporation; ISRDBG32.DLL>
2008-04-13 17:11:56 81920 --a------ C:\WINDOWS\system32\isign32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 183808 --a------ C:\WINDOWS\system32\ir50_qcx.dll <Not Verified; Intel Corporation.; Intel Indeo® video 5.10 Quick Compressor>
2008-04-13 17:11:56 200192 --a------ C:\WINDOWS\system32\ir50_qc.dll <Not Verified; Intel Corporation.; Intel Indeo® video 5.10 Quick Compressor>
2008-04-13 17:11:56 755200 --a------ C:\WINDOWS\system32\ir50_32.dll <Not Verified; Intel Corporation; Intel Indeo® video 5.10>
2008-04-13 17:11:56 338432 --a------ C:\WINDOWS\system32\ir41_qcx.dll <Not Verified; Intel Corporation.; Intel Indeo® Video Interactive Quick Compressor>
2008-04-13 17:11:56 120320 --a------ C:\WINDOWS\system32\ir41_qc.dll <Not Verified; Intel Corporation.; Intel Indeo® Video Interactive Quick Compressor>
2008-04-13 17:11:56 22016 --a------ C:\WINDOWS\system32\ipxwan.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 59904 --a------ C:\WINDOWS\system32\ipv6mon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 384000 --a------ C:\WINDOWS\system32\ipsmsnap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 349696 --a------ C:\WINDOWS\system32\ipsecsnp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 177152 --a------ C:\WINDOWS\system32\iprtrmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 330752 --a------ C:\WINDOWS\system32\ippromon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 161280 --a------ C:\WINDOWS\system32\ipmontr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 123392 --a------ C:\WINDOWS\system32\input.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 147456 --a------ C:\WINDOWS\system32\initpki.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:56 15872 --a------ C:\WINDOWS\system32\inetppui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 691712 --a------ C:\WINDOWS\system32\inetcomm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 274432 --a------ C:\WINDOWS\system32\inetcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 36921 --a------ C:\WINDOWS\system32\imeshare.dll <Not Verified; Microsoft Corporation; Microsoft Office IME Shared property library.>
2008-04-13 17:11:54 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 81920 --a------ C:\WINDOWS\system32\ils.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-13 17:11:54 135680 --a------ C:\WINDOWS\system32\ifmon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 81920 -----n--- C:\WINDOWS\system32\ieencode.dll <Not Verified; Microsoft Corporation; Microsoft Document Converters>
2008-04-13 17:11:54 120832 --a------ C:\WINDOWS\system32\idq.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 65536 --a------ C:\WINDOWS\system32\icwphbk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 73728 --a------ C:\WINDOWS\system32\icwdial.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 254976 --a------ C:\WINDOWS\system32\icm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 80384 --a------ C:\WINDOWS\system32\iccvid.dll <Not Verified; Radius Inc.; Cinepak for Windows 32>
2008-04-13 17:11:54 119808 --a------ C:\WINDOWS\system32\iasrad.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 347136 --a------ C:\WINDOWS\system32\hypertrm.dll <Not Verified; Hilgraeve, Inc.; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 41984 --a------ C:\WINDOWS\system32\htui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll <Not Verified; Conexant Systems, Inc.; SoftK56>
2008-04-13 17:11:54 144896 --a------ C:\WINDOWS\system32\hotplug.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 330752 --a------ C:\WINDOWS\system32\hnetwiz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-13 17:11:54 72704 --a------ C:\WINDOWS\system32\hlink.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 41472 --a------ C:\WINDOWS\system32\hhsetup.dll <Not Verified; Microsoft Corporation; HTML Help>
2008-04-13 17:11:54 7168 -----n--- C:\WINDOWS\system32\hccoin.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 614912 --a------ C:\WINDOWS\system32\h323msp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 122880 --a------ C:\WINDOWS\system32\glu32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 451584 --a------ C:\WINDOWS\system32\fxsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 60416 -----n--- C:\WINDOWS\system32\fwcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 80896 --a------ C:\WINDOWS\system32\fontsub.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 382976 --a------ C:\WINDOWS\system32\fontext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 16896 --a------ C:\WINDOWS\system32\fltlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 87552 --a------ C:\WINDOWS\system32\fldrclnr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 337920 --a------ C:\WINDOWS\system32\filemgmt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 21504 --a------ C:\WINDOWS\system32\feclient.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 80384 --a------ C:\WINDOWS\system32\faultrep.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 125952 --a------ C:\WINDOWS\system32\exts.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 380445 --a------ C:\WINDOWS\system32\expsrv.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-13 17:11:54 186880 -----n--- C:\WINDOWS\system32\encdec.dll
2008-04-13 17:11:54 20480 -----n--- C:\WINDOWS\system32\encapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:54 183296 --a------ C:\WINDOWS\system32\els.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 498742 --a------ C:\WINDOWS\system32\dxmasf.dll
2008-04-13 17:11:52 2113536 -----n--- C:\WINDOWS\system32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 1227264 --a------ C:\WINDOWS\system32\dx8vb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 619008 --a------ C:\WINDOWS\system32\dx7vb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 304128 --a------ C:\WINDOWS\system32\duser.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 19456 --a------ C:\WINDOWS\system32\dswave.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 113152 --a------ C:\WINDOWS\system32\dsuiext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 51200 --a------ C:\WINDOWS\system32\dssec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 239104 --a------ C:\WINDOWS\system32\dsquery.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 142848 --a------ C:\WINDOWS\system32\dsprop.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 1293824 --a------ C:\WINDOWS\system32\dsound3d.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 367616 --a------ C:\WINDOWS\system32\dsound.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 155648 --a------ C:\WINDOWS\system32\dskquoui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 92672 --a------ C:\WINDOWS\system32\dskquota.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 71680 --a------ C:\WINDOWS\system32\dsdmoprp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 181248 --a------ C:\WINDOWS\system32\dsdmo.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 57344 --a------ C:\WINDOWS\system32\dpwsockx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 116736 --a------ C:\WINDOWS\system32\dpvvox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 212480 --a------ C:\WINDOWS\system32\dpvoice.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 21504 --a------ C:\WINDOWS\system32\dpvacm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 60928 --a------ C:\WINDOWS\system32\dpnhupnp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 35328 --a------ C:\WINDOWS\system32\dpnhpast.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 375296 --a------ C:\WINDOWS\system32\dpnet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 23552 --a------ C:\WINDOWS\system32\dpmodemx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 229888 --a------ C:\WINDOWS\system32\dplayx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 48128 --a------ C:\WINDOWS\system32\docprop2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 52224 --a------ C:\WINDOWS\system32\dmutil.dll <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-04-13 17:11:52 104448 --a------ C:\WINDOWS\system32\dmusic.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 103424 --a------ C:\WINDOWS\system32\dmsynth.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 105984 --a------ C:\WINDOWS\system32\dmstyle.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 23552 --a------ C:\WINDOWS\system32\dmserver.dll <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-04-13 17:11:52 82432 --a------ C:\WINDOWS\system32\dmscript.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 35840 --a------ C:\WINDOWS\system32\dmloader.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 181248 --a------ C:\WINDOWS\system32\dmime.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 200704 --a------ C:\WINDOWS\system32\dmdskmgr.dll <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-04-13 17:11:52 285184 --a------ C:\WINDOWS\system32\dmdlgs.dll <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-04-13 17:11:52 61440 --a------ C:\WINDOWS\system32\dmcompos.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 28672 --a------ C:\WINDOWS\system32\dmband.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 32768 --a------ C:\WINDOWS\system32\dispex.dll <Not Verified; Microsoft Corporation; Microsoft ® DispEx>
2008-04-13 17:11:52 1504256 --a------ C:\WINDOWS\system32\diskcopy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 181760 --a------ C:\WINDOWS\system32\dinput8.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 158720 --a------ C:\WINDOWS\system32\dinput.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 68608 --a------ C:\WINDOWS\system32\digest.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 379904 --a------ C:\WINDOWS\system32\dhcpmon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 111104 --a------ C:\WINDOWS\system32\dgnet.dll <Not Verified; Microsoft; Dgnet Module>
2008-04-13 17:11:52 28672 --a------ C:\WINDOWS\system32\dfsshlex.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 124416 --a------ C:\WINDOWS\system32\dfrgui.dll <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-13 17:11:52 39424 --a------ C:\WINDOWS\system32\dfrgsnap.dll <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-13 17:11:52 282624 --a------ C:\WINDOWS\system32\devmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 59904 --a------ C:\WINDOWS\system32\devenum.dll
2008-04-13 17:11:52 640000 --a------ C:\WINDOWS\system32\dbghelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 165376 --a------ C:\WINDOWS\system32\datime.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-04-13 17:11:52 54272 --a------ C:\WINDOWS\system32\dataclen.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 824320 --a------ C:\WINDOWS\system32\d3dim700.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 1689088 -----n--- C:\WINDOWS\system32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 8192 --a------ C:\WINDOWS\system32\d3d8thk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 1179648 --a------ C:\WINDOWS\system32\d3d8.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 32256 --a------ C:\WINDOWS\system32\csrsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 53760 --a------ C:\WINDOWS\system32\cryptext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 74752 --a------ C:\WINDOWS\system32\cryptdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 35328 --a------ C:\WINDOWS\system32\corpol.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 357888 --a------ C:\WINDOWS\system32\confmsp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 539648 --a------ C:\WINDOWS\system32\comuid.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:11:52 167424 --a------ C:\WINDOWS\system32\comsnap.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:11:52 97792 --a------ C:\WINDOWS\system32\comrepl.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:11:52 229376 --a------ C:\WINDOWS\system32\compstui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 252928 --a------ C:\WINDOWS\system32\compatUI.dll <Not Verified; ; CompatUI Module>
2008-04-13 17:11:52 276992 --a------ C:\WINDOWS\system32\comdlg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 617472 --a------ C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:52 28160 --a------ C:\WINDOWS\system32\comaddin.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:11:50 39424 --a------ C:\WINDOWS\system32\cmutil.dll <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-13 17:11:50 13312 -----n--- C:\WINDOWS\system32\cmsetacl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 185344 --a------ C:\WINDOWS\system32\cmprops.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 344064 --a------ C:\WINDOWS\system32\cmdial32.dll <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-13 17:11:50 15872 --a------ C:\WINDOWS\system32\cmcfg32.dll <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-13 17:11:50 110592 --a------ C:\WINDOWS\system32\clbcatex.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:11:50 69120 --a------ C:\WINDOWS\system32\ciodm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 148480 --a------ C:\WINDOWS\system32\cic.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 457728 --a------ C:\WINDOWS\system32\certmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 2091520 --a------ C:\WINDOWS\system32\cdosys.dll <Not Verified; Microsoft Corporation; Microsoft Exchange>
2008-04-13 17:11:50 85504 --a------ C:\WINDOWS\system32\catsrvps.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-13 17:11:50 150016 --a------ C:\WINDOWS\system32\capesnpn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 50688 --a------ C:\WINDOWS\system32\camocx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 84480 --a------ C:\WINDOWS\system32\cabview.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 218112 --a------ C:\WINDOWS\system32\c_g18030.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 50688 -----n--- C:\WINDOWS\system32\btpanui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 30208 -----n--- C:\WINDOWS\system32\bthserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 20992 -----n--- C:\WINDOWS\system32\bthci.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 78336 --a------ C:\WINDOWS\system32\browsewm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 17408 --a------ C:\WINDOWS\system32\bidispl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 8704 --a------ C:\WINDOWS\system32\batt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 84992 --a------ C:\WINDOWS\system32\avifil32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:50 30208 --a------ C:\WINDOWS\system32\atmlib.dll <Not Verified; Adobe Systems; Adobe Type Manager>
2008-04-13 17:11:50 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-04-13 17:11:50 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll <Not Verified; ATI Technologies Inc.; ATI OTM Lib>
2008-04-13 17:11:50 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-04-13 17:11:50 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-04-13 17:11:50 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-04-13 17:11:50 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll <Not Verified; ATI Technologies Inc.; ATI Rage 128 Family>
2008-04-13 17:11:50 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-04-13 17:11:50 65024 --a------ C:\WINDOWS\system32\asycfilt.dll <Not Verified; Microsoft Corporation; >
2008-04-13 17:11:50 70656 --a------ C:\WINDOWS\system32\amstream.dll
2008-04-13 17:11:50 17408 --a------ C:\WINDOWS\system32\alrsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:48 617472 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:48 263680 --a------ C:\WINDOWS\system32\adsnt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:48 68096 --a------ C:\WINDOWS\system32\adsmsext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:48 175616 --a------ C:\WINDOWS\system32\adsldp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:48 115712 --a------ C:\WINDOWS\system32\aclui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:48 100352 --a------ C:\WINDOWS\system32\6to4svc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:24 706048 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:12 756224 --a------ C:\WINDOWS\system32\winntbbu.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:11:02 76288 --a------ C:\WINDOWS\system32\uniime.dll <Not Verified; Microsoft Corporation; MicrosoftR WindowsR Operating System>
2008-04-13 17:10:08 4126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2008-04-13 17:10:06 3584 --a------ C:\WINDOWS\system32\msafd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 7168 -----n--- C:\WINDOWS\system32\kbdukx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 7680 -----n--- C:\WINDOWS\system32\kbdsmsno.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 7680 -----n--- C:\WINDOWS\system32\kbdsmsfi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 7168 -----n--- C:\WINDOWS\system32\kbdno1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 7168 --a------ C:\WINDOWS\system32\kbdnec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6144 -----n--- C:\WINDOWS\system32\kbdmlt48.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6144 -----n--- C:\WINDOWS\system32\kbdmlt47.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 5632 -----n--- C:\WINDOWS\system32\kbdmaori.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6144 --a------ C:\WINDOWS\system32\kbdlk41j.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6656 --a------ C:\WINDOWS\system32\kbdlk41a.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6656 -----n--- C:\WINDOWS\system32\kbdinmal.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6144 -----n--- C:\WINDOWS\system32\kbdinben.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6144 -----n--- C:\WINDOWS\system32\kbdinbe1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 7168 --a------ C:\WINDOWS\system32\kbdibm02.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 7168 -----n--- C:\WINDOWS\system32\kbdfi1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6144 --a------ C:\WINDOWS\system32\kbdax2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6144 --a------ C:\WINDOWS\system32\kbd106n.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6144 --a------ C:\WINDOWS\system32\kbd106.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:56 6144 --a------ C:\WINDOWS\system32\kbd101.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:44 811064 --a------ C:\WINDOWS\system32\imjp81k.dll <Not Verified; Microsoft Corporation; Microsoft IME 2002>
2008-04-13 17:09:40 3584 --a------ C:\WINDOWS\system32\icmp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:34 9344 --a------ C:\WINDOWS\system32\framebuf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:30 7168 --a------ C:\WINDOWS\system32\f3ahvoas.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:20 3072 --a------ C:\WINDOWS\system32\dpnlobby.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:20 3072 --a------ C:\WINDOWS\system32\dpnaddr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:06 16896 --a------ C:\WINDOWS\system32\cfgmgr32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 17:09:02 285696 --a------ C:\WINDOWS\system32\atmfd.dll <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>
2008-04-13 14:00:50 103424 --a------ C:\WINDOWS\system32\dpcdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 12:30:10 1845632 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 11:45:00 17664 --a------ C:\WINDOWS\system32\watchdog.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 11:35:22 24064 --a------ C:\WINDOWS\system32\pidgen.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 11:31:36 7424 --a------ C:\WINDOWS\system32\kd1394.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 11:30:46 61440 -----n--- C:\WINDOWS\system32\msvcrt40.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 10:39:30 438784 -----n--- C:\WINDOWS\system32\xpob2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 10:39:24 2897920 -----n--- C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 10:39:22 187392 -----n--- C:\WINDOWS\system32\xpsp1res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 10:21:32 733696 --a------ C:\WINDOWS\system32\qedwipes.dll
2008-04-13 10:09:30 4096 -----n--- C:\WINDOWS\system32\dsprpres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 09:48:54 1647616 -----n--- C:\WINDOWS\system32\winbrand.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 09:45:30 216064 --a------ C:\WINDOWS\system32\moricons.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 09:22:12 48128 --a------ C:\WINDOWS\system32\inetres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [12/19/2007 12:18 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/30/2007 02:11 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/30/2007 01:49 AM]
"NvCplDaemon"="NvQTwk" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1129242291\ee\AOLSoftware.exe" [09/25/2006 04:52 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/01/2008 10:14 AM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 05:50 AM]
"LexPPS.exe"="C:\WINDOWS\system32\lexpps.exe" [11/06/2003 12:57 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"MSN Messanger"=msnmsng.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSN Messanger"=msnmsng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\d6a913d3-b39b-4e10-8a6d-ba3b5ac01144]
C:\WINDOWS\system32\cmdqror.exe



-- End of Deckard's System Scanner: finished at 2008-06-28 12:19:07 ------------


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 28, 2008 15:38:27
Records in database: 895473
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 66440
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:23:21


File name / Threat name / Threats count
C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfci51nh.default\Cache\63329BDCd01 Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP3\A0000012.scr Infected: Trojan-AOL.Win32.VB.ag 1
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP3\A0000015.scr Infected: Trojan-AOL.Win32.VB.ag 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:58 AM

Posted 20 July 2008 - 06:41 PM

Hello Joe,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:58 AM

Posted 07 August 2008 - 07:32 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:58 AM

Posted 08 August 2008 - 01:00 AM

Reopened at the request of topic owner. :thumbsup: Joe would you please post a new HijackThis log and tell me how it's running?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Velzone

Velzone
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 08 August 2008 - 09:58 AM

Hi Tea,

Tried to post this last night, had it all typed up, and when I pressed "add reply" I recieved a message stating the site was being maintained and would be back shortly. opps :-)

Ok, quick history. The puter is running xp, there are 4 different user logins. All work relatively fine, one doesn't. On that one I can not install anything of significance such as windows updates, anti virus updates, etc. I can not use online scanners, it is like that user account has been hijacked. the rest seem to work fine.

Thanks in advance for your help
here is the latest and greatest HiJackThis log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:31 PM, on 8/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129242291\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MSN Messanger] msnmsng.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [MSN Messanger] msnmsng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSN Messanger] msnmsng.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [MSN Messanger] msnmsng.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7622 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:58 AM

Posted 08 August 2008 - 02:56 PM

Hello,

Make sure this is run from admin account :

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Velzone

Velzone
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 08 August 2008 - 09:45 PM

Hi tea,

As per your instructions, here is the combofix log:

ComboFix 08-08-08.07 - MANUEL SIERRA 08/08/2008 19:34:22.2 - FAT32x86
Running from: C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 02:32 169 ----a-w C:\Start_.cmd
2008-08-05 17:22 8,956,536 ----a-w C:\windows-kb890830-v2.0.exe
2008-08-05 07:33 --------- d-----w C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Application Data\HouseCall 6.6
2008-08-05 07:33 --------- d-----w C:\DOCUME~1\MANUEL~1.000\APPLIC~1\HouseCall 6.6
2008-08-03 19:41 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-03 19:41 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-03 19:41 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-31 03:07 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 03:07 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-27 07:26 2,614 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-27 06:12 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-27 06:12 --------- d-----w C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Application Data\SUPERAntiSpyware.com
2008-06-27 06:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 06:12 --------- d-----w C:\DOCUME~1\MANUEL~1.000\APPLIC~1\SUPERAntiSpyware.com
2008-06-24 06:34 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 21:16 --------- d-----w C:\Documents and Settings\ANDY SIERRA\Application Data\Yahoo!
2008-06-15 03:38 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-06-14 22:22 --------- d-----w C:\Program Files\Panda Security
2008-06-14 19:57 --------- d-----w C:\Documents and Settings\LENORE SIERRA\Application Data\Yahoo!
2008-06-14 18:36 --------- d-----w C:\Documents and Settings\LENORE SIERRA\Application Data\Malwarebytes
2008-06-14 18:31 --------- d-----w C:\Documents and Settings\MANUEL SIERRA.VAIO.000\Application Data\Malwarebytes
2008-06-14 18:31 --------- d-----w C:\DOCUME~1\MANUEL~1.000\APPLIC~1\Malwarebytes
2008-06-14 07:54 --------- d-----w C:\Documents and Settings\ANDY SIERRA\Application Data\Malwarebytes
2008-06-14 07:53 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 07:53 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-06-14 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 06:31 --------- d-----w C:\Program Files\Lavasoft
2008-06-12 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-12 06:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-12 06:27 --------- d-----w C:\Program Files\Trend Micro
2008-06-11 03:21 --------- d-----w C:\Program Files\CleanUp!
2008-06-09 08:57 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-29 16:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-05-24 01:21 81,920 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-05-16 18:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:53 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
.

------- Sigcheck -------

04/13/2008 05:12 PM 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\system32\svchost.exe
04/13/2008 05:12 PM 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
04/13/2008 05:12 PM 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\svchost.exe
08/04/2004 12:56 AM 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

04/13/2008 05:12 PM 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\system32\user32.dll
04/13/2008 05:12 PM 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll
04/13/2008 05:12 PM 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\user32.dll
06/17/2004 10:58 AM 560128 31fb2d788a9aa618452c02e8375b6dcd C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\user32.dll
03/02/2005 11:19 AM 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
03/08/2007 08:48 AM 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
08/18/2001 05:00 AM 561152 be57a5c3abd240514b98f6bca872fb21 C:\WINDOWS\$NtUninstallKB840987$\user32.dll
08/04/2004 12:56 AM 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
03/08/2007 08:36 AM 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
03/02/2005 11:09 AM 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll

04/13/2008 05:12 PM 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\system32\ws2_32.dll
04/13/2008 05:12 PM 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
04/13/2008 05:12 PM 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ws2_32.dll
08/04/2004 12:56 AM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

04/22/2008 09:16 PM 826368 f6589be784647cfdbc22ea51ccb1a57a C:\WINDOWS\system32\wininet.dll
04/22/2008 09:16 PM 826368 f6589be784647cfdbc22ea51ccb1a57a C:\WINDOWS\system32\dllcache\wininet.dll
04/13/2008 05:12 PM 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\ServicePackFiles\i386\wininet.dll
02/16/2008 01:59 AM 659456 0c690e77c0e924c45b4d7045b182fff1 C:\WINDOWS\SoftwareDistribution\Download\4f34fed83363df83031761e8fceb73ae\sp2gdr\wininet.dll
02/16/2008 02:32 AM 666112 bb1eacd6ab47e78ebca02eb781550d55 C:\WINDOWS\SoftwareDistribution\Download\4f34fed83363df83031761e8fceb73ae\sp2qfe\wininet.dll
04/13/2008 05:12 PM 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\wininet.dll
03/01/2008 06:06 AM 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\SoftwareDistribution\Download\ceba12074e2ee6f2478e27a2b926a276\SP2GDR\wininet.dll
03/01/2008 06:03 AM 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\SoftwareDistribution\Download\ceba12074e2ee6f2478e27a2b926a276\SP2QFE\wininet.dll
03/10/2005 12:43 AM 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
05/02/2005 01:57 PM 658944 e1e18136f9dd3df1ad9c82193a5898a6 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
07/02/2005 07:09 PM 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
09/02/2005 04:53 PM 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
10/20/2005 07:38 PM 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
03/03/2006 08:58 PM 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
05/09/2006 10:25 PM 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
06/23/2006 04:25 AM 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
09/14/2006 12:31 AM 664576 d207370287cf769aebebf03837784963 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
10/23/2006 07:34 AM 664576 231ef4179acabe486376b5ca893f1076 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
01/04/2007 06:05 AM 665088 3ffa1573fc274e5aa7467d03941c45ee C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
02/20/2007 02:52 AM 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
04/18/2007 05:46 AM 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
06/26/2007 07:35 AM 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
04/22/2008 08:35 PM 827392 41546b396a526918da7995a02ea04e51 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
08/18/2001 05:00 AM 593920 cf9f1eef71f42ede71b6f4aa05d5ca1a C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll
08/04/2004 12:56 AM 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
03/10/2005 01:02 AM 656896 6f018d6319be4f96426ea829b79e05d5 C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
05/02/2005 01:52 PM 657920 1a078af3f85d10ba56444c23b3a18e74 C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
07/02/2005 07:11 PM 658432 5b5ff992c0fa762ccf8655fc290e6e52 C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
10/20/2005 07:39 PM 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
09/02/2005 04:52 PM 658432 af61ebb1f550175eff406d545d6ab086 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
03/03/2006 08:33 PM 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
06/23/2006 04:02 AM 658944 2b4db890936430c71419037039502752 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
05/09/2006 10:23 PM 658432 38ab7a56f566d9aaad31812494944824 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
08/13/2007 06:54 PM 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
09/14/2006 12:39 AM 658944 621af3f6174a3f60677f5230e28bcc07 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
01/04/2007 05:37 AM 658944 8c393df5234cbcbff1ee31902d6b40ae C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
02/20/2007 02:48 AM 658944 30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
04/18/2007 05:31 AM 658944 b7156cd97e739f3014bc4d61758f868a C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
10/23/2006 07:17 AM 658944 6b2735adff5a5d3b9130ca4a794722f0 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
06/26/2007 07:09 AM 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\ie7\wininet.dll

06/20/2008 04:51 AM 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys
06/20/2008 04:51 AM 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
04/13/2008 12:20 PM 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
05/25/2005 12:04 PM 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
06/20/2008 03:45 AM 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
06/20/2008 04:51 AM 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
06/20/2008 04:59 AM 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
06/20/2008 03:44 AM 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
04/13/2008 12:20 PM 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\tcpip.sys
10/30/2007 10:20 AM 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
10/30/2007 09:53 AM 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
05/25/2005 12:07 PM 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
01/13/2006 09:07 AM 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
04/20/2006 05:18 AM 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
06/20/2008 03:44 AM 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
06/20/2008 04:51 AM 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
06/20/2008 04:59 AM 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
08/03/2004 11:14 PM 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
06/20/2008 03:45 AM 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
01/12/2006 06:28 PM 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
04/13/2008 12:20 PM 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

04/13/2008 05:12 PM 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\system32\winlogon.exe
04/13/2008 05:12 PM 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
04/13/2008 05:12 PM 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\winlogon.exe
05/26/2004 06:38 PM 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\winlogon.exe
05/26/2004 05:38 PM 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\$hf_mig$\KB841533\SP1QFE\winlogon.exe
08/18/2001 05:00 AM 430080 2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
08/04/2004 12:56 AM 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

04/13/2008 12:20 PM 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys
04/13/2008 12:20 PM 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
04/13/2008 12:20 PM 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ndis.sys

04/13/2008 11:53 AM 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys
04/13/2008 11:53 AM 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
04/13/2008 11:53 AM 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ip6fw.sys

04/13/2008 11:31 AM 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\system32\ntkrnlpa.exe
04/13/2008 11:31 AM 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
04/13/2008 11:31 AM 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ntkrnlpa.exe
06/17/2004 01:03 AM 1954688 ed0d7a5f1138ccfd3ecaf8f6ac691f13 C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\ntkrnlpa.exe
03/01/2005 05:36 PM 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
12/19/2006 09:12 AM 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
02/28/2007 02:15 AM 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
08/18/2001 05:00 AM 1896704 46e2e3dcf54b819cfb2ebfe48a22b5c9 C:\WINDOWS\$NtUninstallKB840987$\ntkrnlpa.exe
08/03/2004 10:58 PM 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
03/01/2005 05:34 PM 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
12/19/2006 05:55 AM 2057600 1d659bfb788ed2ba45075624b748d249 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

04/13/2008 12:27 PM 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\system32\ntoskrnl.exe
04/13/2008 12:27 PM 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
04/13/2008 12:27 PM 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ntoskrnl.exe
06/17/2004 10:22 AM 2051584 f240dc474f8edb2d95514d831df069e5 C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\ntoskrnl.exe
03/01/2005 06:04 PM 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
12/19/2006 09:51 AM 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
02/28/2007 02:55 AM 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
08/18/2001 05:00 AM 1982208 a29222d5281056e497408fcc9062f749 C:\WINDOWS\$NtUninstallKB840987$\ntoskrnl.exe
08/03/2004 11:20 PM 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
03/01/2005 05:59 PM 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
12/19/2006 07:17 AM 2180352 8f0deab1f81fb83f9c5995853ce48b9f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

04/13/2008 05:12 PM 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\explorer.exe
04/13/2008 05:12 PM 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
04/13/2008 05:12 PM 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\explorer.exe
06/13/2007 04:26 AM 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
06/13/2007 03:23 AM 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
08/04/2004 12:56 AM 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

04/13/2008 05:12 PM 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\system32\services.exe
04/13/2008 05:12 PM 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\ServicePackFiles\i386\services.exe
04/13/2008 05:12 PM 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\services.exe

04/13/2008 05:12 PM 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\system32\lsass.exe
04/13/2008 05:12 PM 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
04/13/2008 05:12 PM 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\lsass.exe
08/04/2004 12:56 AM 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

04/13/2008 05:12 PM 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\system32\ctfmon.exe
04/13/2008 05:12 PM 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
04/13/2008 05:12 PM 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ctfmon.exe
08/04/2004 12:56 AM 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

04/13/2008 05:12 PM 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\system32\spoolsv.exe
04/13/2008 05:12 PM 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
04/13/2008 05:12 PM 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\spoolsv.exe
06/10/2005 05:17 PM 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
08/04/2004 12:56 AM 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
06/10/2005 04:53 PM 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-28_ 7.24.50.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-08 13:58:18 203,136 ------w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ------w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ------w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ------w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ------w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-06-13 11:27:44 272,128 ------w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:52 17,272 ------w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:52 231,288 ------w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:52 26,488 ------w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:52 755,576 ------w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:52 382,840 ------w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-05-07 05:04:16 1,288,192 ------w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:52 17,272 ------w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:52 231,288 ------w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:52 26,488 ------w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ------w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ------w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ------w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ------w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:12 147,968 ------w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:12 245,248 ------w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ------w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:40 225,920 ------w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ------w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:58 147,968 ------w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:58 245,248 ------w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ------w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:28 225,856 ------w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:04 138,496 ------w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:06 147,968 ------w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:06 245,248 ------w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ------w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ------w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ------w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ------w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ------w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:20 382,840 ------w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-07 09:07:24 135,168 ------w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:16 512,000 ------w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ------w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ------w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ------w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ------w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:18 90,112 ------w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ------w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ------w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ------w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:20 382,840 ------w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-04-14 00:11:48 39,424 ------w C:\WINDOWS\$NtServicePackUninstall$\acadproc.dll
- 2004-08-04 06:14:14 138,496 ------w C:\WINDOWS\$NtServicePackUninstall$\afd.sys
+ 2008-06-20 10:44:38 138,368 ------w C:\WINDOWS\$NtServicePackUninstall$\afd.sys
- 2004-08-04 07:56:42 35,328 ------w C:\WINDOWS\$NtServicePackUninstall$\corpol.dll
+ 2007-08-14 01:42:54 17,408 ------w C:\WINDOWS\$NtServicePackUninstall$\corpol.dll
- 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ------w C:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll
- 2004-08-04 07:56:42 45,568 ------w C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
+ 2008-02-20 05:32:44 45,568 ------w C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
- 2007-06-19 13:31:20 282,112 ------w C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll
+ 2008-02-20 06:51:06 282,624 ------w C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll
- 2004-08-04 07:56:42 81,920 ------w C:\WINDOWS\$NtServicePackUninstall$\ieencode.dll
+ 2007-08-14 01:45:18 78,336 ------w C:\WINDOWS\$NtServicePackUninstall$\ieencode.dll
- 2006-05-18 05:24:26 450,560 ------w C:\WINDOWS\$NtServicePackUninstall$\jscript.dll
+ 2007-08-14 01:38:04 491,520 ------w C:\WINDOWS\$NtServicePackUninstall$\jscript.dll
- 2004-08-04 07:56:42 294,400 ------w C:\WINDOWS\$NtServicePackUninstall$\msctf.dll
+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\$NtServicePackUninstall$\msctf.dll
- 2004-08-04 07:56:44 245,248 ------w C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ------w C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
- 2006-04-20 11:51:50 359,808 ------w C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
+ 2008-06-20 10:45:14 360,320 ------w C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
- 2006-08-16 09:37:30 225,664 ------w C:\WINDOWS\$NtServicePackUninstall$\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ------w C:\WINDOWS\$NtServicePackUninstall$\tcpip6.sys
- 2004-08-04 07:56:46 417,792 ------w C:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
+ 2007-08-14 01:54:10 413,696 ------w C:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
+ 2008-04-13 18:55:08 202,624 ------w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 ------w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 ------w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll
+ 2008-04-13 18:46:32 273,024 ------w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2007-11-30 11:18:52 231,288 ------w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2007-11-30 11:18:52 382,840 ------w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
+ 2008-04-14 00:12:04 1,288,192 ------w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-11-30 11:18:52 231,288 ------w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 ------w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll
+ 2008-04-13 19:19:24 138,112 ------w C:\WINDOWS\$NtUninstallKB951748$\afd.sys
+ 2008-04-14 00:11:52 147,968 ------w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
+ 2008-04-14 00:12:02 245,248 ------w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
+ 2007-11-30 12:39:22 231,288 ------w C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe
+ 2007-11-30 12:39:20 382,840 ------w C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll
+ 2008-04-13 19:20:16 361,344 ------w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
+ 2008-04-13 19:00:02 225,664 ------w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys
+ 2008-02-20 05:32:44 148,992 ------w C:\WINDOWS\$NtUninstallKB951748_0$\dnsapi.dll
+ 2004-08-04 07:56:44 245,248 ------w C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
+ 2007-11-30 12:39:22 231,288 ------w C:\WINDOWS\$NtUninstallKB951748_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:20 382,840 ------w C:\WINDOWS\$NtUninstallKB951748_0$\spuninst\updspapi.dll
+ 2008-04-14 00:12:16 139,264 ------w C:\WINDOWS\$NtUninstallKB951978$\cscript.exe
+ 2008-04-14 00:11:56 512,000 ------w C:\WINDOWS\$NtUninstallKB951978$\jscript.dll
+ 2008-04-14 00:12:06 180,224 ------w C:\WINDOWS\$NtUninstallKB951978$\scrobj.dll
+ 2008-04-14 00:12:06 172,032 ------w C:\WINDOWS\$NtUninstallKB951978$\scrrun.dll
+ 2007-11-30 12:39:22 231,288 ------w C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe
+ 2007-11-30 12:39:20 382,840 ------w C:\WINDOWS\$NtUninstallKB951978$\spuninst\updspapi.dll
+ 2008-04-14 00:12:08 434,176 ------w C:\WINDOWS\$NtUninstallKB951978$\vbscript.dll
+ 2008-04-14 00:12:42 155,648 ------w C:\WINDOWS\$NtUninstallKB951978$\wscript.exe
+ 2008-04-14 00:12:10 90,112 ------w C:\WINDOWS\$NtUninstallKB951978$\wshext.dll
- 2004-08-04 07:56:42 1,852,416 ------w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
- 2004-08-04 07:56:42 450,048 ------w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48 451,072 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
- 2004-08-04 07:56:42 137,728 ------w C:\WINDOWS\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
- 2004-08-04 07:56:42 244,736 ------w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48 245,248 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
- 2004-08-04 07:56:42 116,224 ------w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2008-02-27 22:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 22:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 23:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 22:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
+ 2008-06-13 11:05:52 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2004-08-04 07:56:44 38,912 ------w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
+ 2008-04-14 00:12:02 38,400 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
- 2005-05-13 06:58:12 3,312 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2008-08-05 05:57:16 3,682 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
- 2004-08-04 07:56:42 194,048 ------w C:\WINDOWS\system32\activeds.dll
+ 2008-04-14 00:11:48 193,536 ----a-w C:\WINDOWS\system32\activeds.dll
- 2004-08-04 07:56:42 101,888 ------w C:\WINDOWS\system32\actxprxy.dll
+ 2008-04-14 00:11:48 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
- 2004-08-04 07:56:42 143,360 ------w C:\WINDOWS\system32\adsldpc.dll
+ 2008-04-14 00:11:48 143,360 ----a-w C:\WINDOWS\system32\adsldpc.dll
- 2004-08-04 07:56:48 44,544 ------w C:\WINDOWS\system32\alg.exe
+ 2008-04-14 00:12:12 44,544 ----a-w C:\WINDOWS\system32\alg.exe
- 2004-08-04 07:56:42 126,976 ------w C:\WINDOWS\system32\apphelp.dll
+ 2008-04-14 00:11:50 125,952 ----a-w C:\WINDOWS\system32\apphelp.dll
- 2004-08-04 07:56:42 58,880 ------w C:\WINDOWS\system32\atl.dll
+ 2008-04-14 00:11:50 58,880 ----a-w C:\WINDOWS\system32\atl.dll
- 2004-08-04 07:56:42 42,496 ------w C:\WINDOWS\system32\audiosrv.dll
+ 2008-04-14 00:11:50 42,496 ----a-w C:\WINDOWS\system32\audiosrv.dll
- 2005-03-02 18:09:30 56,832 ------w C:\WINDOWS\system32\authz.dll
+ 2008-04-14 00:11:50 62,464 ----a-w C:\WINDOWS\system32\authz.dll
- 2004-08-04 07:56:42 52,736 ------w C:\WINDOWS\system32\basesrv.dll
+ 2008-04-14 00:11:50 52,736 ----a-w C:\WINDOWS\system32\basesrv.dll
- 2004-08-04 07:56:42 28,672 ------w C:\WINDOWS\system32\batmeter.dll
+ 2008-04-14 00:11:50 29,184 ----a-w C:\WINDOWS\system32\batmeter.dll
- 2004-08-04 07:56:00 63,488 ------w C:\WINDOWS\system32\browselc.dll
+ 2008-04-13 17:03:24 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
- 2004-08-04 07:56:42 77,312 ------w C:\WINDOWS\system32\browser.dll
+ 2008-04-14 00:11:50 77,824 ----a-w C:\WINDOWS\system32\browser.dll
- 2007-06-14 18:09:18 1,023,488 ------w C:\WINDOWS\system32\browseui.dll
+ 2008-04-14 00:11:50 1,025,024 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 07:56:42 59,904 ------w C:\WINDOWS\system32\cabinet.dll
+ 2008-04-14 00:11:50 60,416 ----a-w C:\WINDOWS\system32\cabinet.dll
- 2005-07-26 04:39:42 225,792 ------w C:\WINDOWS\system32\catsrv.dll
+ 2008-04-14 00:11:50 226,304 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2005-07-26 04:39:44 625,152 ------w C:\WINDOWS\system32\catsrvut.dll
+ 2008-04-14 00:11:50 625,664 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2004-08-04 07:56:42 194,560 ------w C:\WINDOWS\system32\certcli.dll
+ 2008-04-14 00:11:50 194,560 ----a-w C:\WINDOWS\system32\certcli.dll
- 2005-07-26 04:39:44 498,688 ------w C:\WINDOWS\system32\clbcatq.dll
+ 2008-04-14 00:11:50 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2004-08-04 07:56:42 57,856 ------w C:\WINDOWS\system32\clusapi.dll
+ 2008-04-14 00:11:50 58,368 ----a-w C:\WINDOWS\system32\clusapi.dll
- 2004-08-04 07:56:42 47,104 ------w C:\WINDOWS\system32\cnbjmon.dll
+ 2008-04-14 00:11:50 47,104 ----a-w C:\WINDOWS\system32\cnbjmon.dll
- 2005-07-26 04:39:44 60,416 ------w C:\WINDOWS\system32\colbact.dll
+ 2008-04-14 00:11:52 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
- 2004-08-04 07:56:42 792,064 ------w C:\WINDOWS\system32\comres.dll
+ 2008-04-14 00:11:52 792,064 ----a-w C:\WINDOWS\system32\comres.dll
- 2005-07-26 04:39:44 1,267,200 ------w C:\WINDOWS\system32\comsvcs.dll
+ 2008-04-14 00:11:52 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2004-08-04 07:56:48 27,648 ------w C:\WINDOWS\system32\conime.exe
+ 2008-04-14 00:12:16 27,648 ----a-w C:\WINDOWS\system32\conime.exe
- 2004-08-04 07:56:42 163,840 ------w C:\WINDOWS\system32\credui.dll
+ 2008-04-14 00:11:52 163,840 ----a-w C:\WINDOWS\system32\credui.dll
- 2004-08-04 07:56:42 597,504 ------w C:\WINDOWS\system32\crypt32.dll
+ 2008-04-14 00:11:52 599,040 ----a-w C:\WINDOWS\system32\crypt32.dll
- 2004-08-04 07:56:42 33,280 ------w C:\WINDOWS\system32\cryptdll.dll
+ 2008-04-14 00:11:52 33,280 ----a-w C:\WINDOWS\system32\cryptdll.dll
- 2004-08-04 07:56:42 63,488 ------w C:\WINDOWS\system32\cryptnet.dll
+ 2008-04-14 00:11:52 64,512 ------w C:\WINDOWS\system32\cryptnet.dll
- 2004-08-04 07:56:42 60,416 ------w C:\WINDOWS\system32\cryptsvc.dll
+ 2008-04-14 00:11:52 62,464 ----a-w C:\WINDOWS\system32\cryptsvc.dll
- 2004-08-04 07:56:42 512,512 ------w C:\WINDOWS\system32\cryptui.dll
+ 2008-04-14 00:11:52 512,512 ----a-w C:\WINDOWS\system32\cryptui.dll
- 2004-08-04 07:56:42 101,888 ------w C:\WINDOWS\system32\cscdll.dll
+ 2008-04-14 00:11:52 101,888 ----a-w C:\WINDOWS\system32\cscdll.dll
- 2008-04-14 00:12:16 139,264 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:24 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
- 2004-08-04 07:56:42 326,656 ------w C:\WINDOWS\system32\cscui.dll
+ 2008-04-14 00:11:52 326,656 ----a-w C:\WINDOWS\system32\cscui.dll
- 2004-08-04 07:56:48 6,144 ------w C:\WINDOWS\system32\csrss.exe
+ 2008-04-14 00:12:16 6,144 ----a-w C:\WINDOWS\system32\csrss.exe
- 2004-08-04 07:56:42 24,576 ------w C:\WINDOWS\system32\davclnt.dll
+ 2008-04-14 00:11:52 25,088 ----a-w C:\WINDOWS\system32\davclnt.dll
- 2004-08-04 07:56:42 8,704 ------w C:\WINDOWS\system32\dciman32.dll
+ 2008-04-14 00:11:52 8,704 ----a-w C:\WINDOWS\system32\dciman32.dll
- 2004-08-04 07:56:42 266,240 ------w C:\WINDOWS\system32\ddraw.dll
+ 2008-04-14 00:11:52 279,552 ----a-w C:\WINDOWS\system32\ddraw.dll
- 2004-08-04 07:56:42 27,136 ------w C:\WINDOWS\system32\ddrawex.dll
+ 2008-04-14 00:11:52 27,136 ------w C:\WINDOWS\system32\ddrawex.dll
+ 2008-05-07 09:07:24 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2008-05-07 05:12:40 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-08 14:02:52 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 11:24:44 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
- 2008-02-20 05:32:44 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:46:58 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-02-20 05:32:44 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-04-14 00:11:52 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2008-06-01 17:14:48 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-08-03 19:41:06 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-04-13 18:55:08 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
- 2004-08-04 07:56:42 14,336 ------w C:\WINDOWS\system32\drprov.dll
+ 2008-04-14 00:11:52 14,336 ----a-w C:\WINDOWS\system32\drprov.dll
- 2004-08-04 05:31:44 137,216 ------w C:\WINDOWS\system32\dssenh.dll
+ 2008-04-13 17:37:58 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
+ 2004-08-01 01:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
- 2004-08-04 07:56:42 23,040 ------w C:\WINDOWS\system32\ersvc.dll
+ 2008-04-14 00:11:54 23,040 ----a-w C:\WINDOWS\system32\ersvc.dll
- 2005-07-26 04:39:46 243,200 ------w C:\WINDOWS\system32\es.dll
+ 2008-04-14 00:11:54 246,272 ----a-w C:\WINDOWS\system32\es.dll
- 2005-10-20 21:20:04 1,082,368 ------w C:\WINDOWS\system32\esent.dll
+ 2008-04-14 00:11:54 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
- 2004-08-04 07:56:42 55,808 ------w C:\WINDOWS\system32\eventlog.dll
+ 2008-04-14 00:11:54 56,320 ----a-w C:\WINDOWS\system32\eventlog.dll
- 2004-08-04 07:56:42 101,888 ------w C:\WINDOWS\system32\evntagnt.dll
+ 2008-04-14 00:11:54 101,888 ----a-w C:\WINDOWS\system32\evntagnt.dll
- 2008-06-02 04:45:36 267,800 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-05 06:47:58 267,800 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-20 06:51:06 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-04-14 00:11:54 285,184 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2004-08-04 07:56:42 344,064 ------w C:\WINDOWS\system32\hnetcfg.dll
+ 2008-04-14 00:11:54 344,064 ----a-w C:\WINDOWS\system32\hnetcfg.dll
- 2004-08-04 07:56:42 39,936 ------w C:\WINDOWS\system32\hostmib.dll
+ 2008-04-14 00:11:54 39,936 ----a-w C:\WINDOWS\system32\hostmib.dll
- 2004-08-04 07:56:42 24,576 ------w C:\WINDOWS\system32\httpapi.dll
+ 2008-04-14 00:11:54 24,576 ----a-w C:\WINDOWS\system32\httpapi.dll
- 2004-08-04 07:56:42 11,264 ------w C:\WINDOWS\system32\icaapi.dll
+ 2008-04-14 00:11:54 11,264 ----a-w C:\WINDOWS\system32\icaapi.dll
- 2004-08-04 07:56:42 8,192 ------w C:\WINDOWS\system32\igmpagnt.dll
+ 2008-04-14 00:11:54 8,192 ----a-w C:\WINDOWS\system32\igmpagnt.dll
- 2004-08-04 07:56:42 110,080 ------w C:\WINDOWS\system32\imm32.dll
+ 2008-04-14 00:11:54 110,080 ----a-w C:\WINDOWS\system32\imm32.dll
- 2004-08-04 07:56:42 33,280 ------w C:\WINDOWS\system32\inetmib1.dll
+ 2008-04-14 00:11:56 32,768 ----a-w C:\WINDOWS\system32\inetmib1.dll
- 2004-08-04 07:56:42 75,264 ------w C:\WINDOWS\system32\inetpp.dll
+ 2008-04-14 00:11:56 75,264 ----a-w C:\WINDOWS\system32\inetpp.dll
- 2006-05-19 12:59:42 94,720 ------w C:\WINDOWS\system32\iphlpapi.dll
+ 2008-04-14 00:11:56 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2004-08-04 07:56:42 331,264 ------w C:\WINDOWS\system32\ipnathlp.dll
+ 2008-04-14 00:11:56 331,264 ----a-w C:\WINDOWS\system32\ipnathlp.dll
- 2004-08-04 07:56:42 35,328 ------w C:\WINDOWS\system32\iprip.dll
+ 2008-04-14 00:11:56 35,328 ------w C:\WINDOWS\system32\iprip.dll
- 2004-08-04 07:56:42 182,784 ------w C:\WINDOWS\system32\ipsecsvc.dll
+ 2008-04-14 00:11:56 183,808 ----a-w C:\WINDOWS\system32\ipsecsvc.dll
- 2007-08-14 01:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:40 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
- 2005-06-15 17:49:30 295,936 ------w C:\WINDOWS\system32\kerberos.dll
+ 2008-04-14 00:11:56 299,520 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2005-09-01 01:41:54 19,968 ------w C:\WINDOWS\system32\linkinfo.dll
+ 2008-04-14 00:11:56 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2004-08-04 07:56:42 33,792 ------w C:\WINDOWS\system32\lmmib2.dll
+ 2008-04-14 00:11:56 33,792 ----a-w C:\WINDOWS\system32\lmmib2.dll
- 2004-08-04 07:56:42 97,280 ------w C:\WINDOWS\system32\loadperf.dll
+ 2008-04-14 00:11:56 97,280 ----a-w C:\WINDOWS\system32\loadperf.dll
- 2004-08-04 07:56:42 22,016 ------w C:\WINDOWS\system32\lpk.dll
+ 2008-04-14 00:11:56 22,016 ------w C:\WINDOWS\system32\lpk.dll
- 2004-08-04 07:56:42 10,240 ------w C:\WINDOWS\system32\lprhelp.dll
+ 2008-04-14 00:11:56 10,240 ----a-w C:\WINDOWS\system32\lprhelp.dll
- 2004-08-04 07:56:42 18,944 ------w C:\WINDOWS\system32\lprmon.dll
+ 2008-04-14 00:11:56 18,944 ----a-w C:\WINDOWS\system32\lprmon.dll
- 2004-08-04 07:56:42 14,848 ------w C:\WINDOWS\system32\mcastmib.dll
+ 2008-04-14 00:11:56 14,336 ----a-w C:\WINDOWS\system32\mcastmib.dll
- 2004-08-04 07:56:42 118,272 ------w C:\WINDOWS\system32\mdminst.dll
+ 2008-04-14 00:11:56 118,272 ----a-w C:\WINDOWS\system32\mdminst.dll
- 2004-08-04 07:56:42 1,028,096 ------w C:\WINDOWS\system32\mfc42.dll
+ 2008-04-14 00:11:56 1,028,096 ------w C:\WINDOWS\system32\mfc42.dll
- 2004-08-04 07:56:42 22,528 ------w C:\WINDOWS\system32\mfcsubs.dll
+ 2008-04-14 00:11:56 22,528 ----a-w C:\WINDOWS\system32\mfcsubs.dll
- 2004-08-04 07:56:42 18,944 ------w C:\WINDOWS\system32\midimap.dll
+ 2008-04-14 00:11:58 18,944 ----a-w C:\WINDOWS\system32\midimap.dll
- 2004-08-04 07:56:42 586,240 ------w C:\WINDOWS\system32\mlang.dll
+ 2008-04-14 00:11:58 586,240 ----a-w C:\WINDOWS\system32\mlang.dll
- 2004-08-04 07:56:42 153,600 ------w C:\WINDOWS\system32\modemui.dll
+ 2008-04-14 00:11:58 153,600 ----a-w C:\WINDOWS\system32\modemui.dll
- 2004-08-04 07:56:42 59,904 ------w C:\WINDOWS\system32\mpr.dll
+ 2008-04-14 00:11:58 59,904 ----a-w C:\WINDOWS\system32\mpr.dll
- 2004-08-04 07:56:42 87,040 ------w C:\WINDOWS\system32\mprapi.dll
+ 2008-04-14 00:11:58 87,040 ----a-w C:\WINDOWS\system32\mprapi.dll
- 2008-05-29 23:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:48 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 07:56:42 71,680 ------w C:\WINDOWS\system32\msacm32.dll
+ 2008-04-14 00:11:58 71,680 ----a-w C:\WINDOWS\system32\msacm32.dll
- 2004-08-04 07:56:42 57,344 ------w C:\WINDOWS\system32\msasn1.dll
+ 2008-04-14 00:11:58 57,344 ----a-w C:\WINDOWS\system32\msasn1.dll
- 2004-08-04 07:56:12 12,288 ------w C:\WINDOWS\system32\mscpx32r.dLL
+ 2008-04-13 17:26:08 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dLL
- 2004-08-04 07:56:42 36,864 ------w C:\WINDOWS\system32\mscpxl32.dLL
+ 2008-04-14 00:11:58 36,864 ----a-w C:\WINDOWS\system32\mscpxl32.dLL
- 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\msctf.dll
+ 2008-04-14 00:11:58 297,984 ----a-w C:\WINDOWS\system32\msctf.dll
- 2004-08-04 07:56:44 151,552 ------w C:\WINDOWS\system32\msdart.dll
+ 2008-04-14 00:12:00 151,552 ----a-w C:\WINDOWS\system32\msdart.dll
- 2004-08-04 07:56:44 994,304 ------w C:\WINDOWS\system32\msgina.dll
+ 2008-04-14 00:12:00 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
- 2007-04-18 16:12:24 2,854,400 ------w C:\WINDOWS\system32\msi.dll
+ 2008-04-14 00:12:00 2,843,136 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 07:56:44 6,656 ------w C:\WINDOWS\system32\msidle.dll
+ 2008-04-14 00:12:00 6,656 ----a-w C:\WINDOWS\system32\msidle.dll
- 2005-05-04 21:45:36 78,848 ------w C:\WINDOWS\system32\msiexec.exe
+ 2008-04-14 00:12:28 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2005-05-04 21:45:36 271,360 ------w C:\WINDOWS\system32\msihnd.dll
+ 2008-04-14 00:12:00 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 07:56:44 4,608 ------w C:\WINDOWS\system32\msimg32.dll
+ 2008-04-14 00:12:00 4,608 ----a-w C:\WINDOWS\system32\msimg32.dll
- 2005-05-04 21:45:36 884,736 ------w C:\WINDOWS\system32\msimsg.dll
+ 2008-04-13 15:39:44 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 07:56:44 159,232 ------w C:\WINDOWS\system32\msimtf.dll
+ 2008-04-14 00:12:00 159,232 ----a-w C:\WINDOWS\system32\msimtf.dll
- 2005-05-04 21:45:36 15,360 ------w C:\WINDOWS\system32\msisip.dll
+ 2008-04-14 00:12:00 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2004-08-04 07:56:18 20,480 ------w C:\WINDOWS\system32\msorc32r.dll
+ 2008-04-13 17:24:14 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
- 2004-08-04 07:56:44 143,360 ------w C:\WINDOWS\system32\msorcl32.dll
+ 2008-04-14 00:12:00 143,360 ----a-w C:\WINDOWS\system32\msorcl32.dll
- 2004-08-04 07:56:44 30,208 ------w C:\WINDOWS\system32\mspatcha.dll
+ 2008-04-14 00:12:00 29,696 ----a-w C:\WINDOWS\system32\mspatcha.dll
- 2004-08-04 07:56:18 48,128 ------w C:\WINDOWS\system32\msprivs.dll
+ 2008-04-13 16:23:32 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
- 2004-08-04 07:56:44 115,712 ------w C:\WINDOWS\system32\mstlsapi.dll
+ 2008-04-14 00:12:00 116,224 ----a-w C:\WINDOWS\system32\mstlsapi.dll
- 2004-08-04 07:56:44 195,072 ------w C:\WINDOWS\system32\msutb.dll
+ 2008-04-14 00:12:00 195,072 ----a-w C:\WINDOWS\system32\msutb.dll
- 2004-08-04 07:56:44 413,696 ------w C:\WINDOWS\system32\msvcp60.dll
+ 2008-04-14 00:12:02 413,696 ----a-w C:\WINDOWS\system32\msvcp60.dll
- 2004-08-04 07:56:44 343,040 ------w C:\WINDOWS\system32\msvcrt.dll
+ 2008-04-14 00:12:02 343,040 ----a-w C:\WINDOWS\system32\msvcrt.dll
- 2007-06-26 06:08:16 1,104,896 ------w C:\WINDOWS\system32\msxml3.dll
+ 2008-04-14 00:12:02 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2006-03-01 19:42:42 66,560 ------w C:\WINDOWS\system32\mtxclu.dll
+ 2008-04-14 00:12:02 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-04 07:56:44 36,352 ------w C:\WINDOWS\system32\ncobjapi.dll
+ 2008-04-14 00:12:02 36,352 ----a-w C:\WINDOWS\system32\ncobjapi.dll
- 2004-08-04 07:56:44 17,920 ------w C:\WINDOWS\system32\nddeapi.dll
+ 2008-04-14 00:12:02 17,920 ----a-w C:\WINDOWS\system32\nddeapi.dll
- 2006-08-17 11:28:28 332,288 ------w C:\WINDOWS\system32\netapi32.dll
+ 2008-04-14 00:12:02 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-04 07:56:44 622,080 ------w C:\WINDOWS\system32\netcfgx.dll
+ 2008-04-14 00:12:02 622,592 ----a-w C:\WINDOWS\system32\netcfgx.dll
- 2004-08-04 07:56:44 407,040 ------w C:\WINDOWS\system32\netlogon.dll
+ 2008-04-14 00:12:02 407,040 ----a-w C:\WINDOWS\system32\netlogon.dll
- 2005-08-22 18:29:46 197,632 ------w C:\WINDOWS\system32\netman.dll
+ 2008-04-14 00:12:02 198,144 ----a-w C:\WINDOWS\system32\netman.dll
- 2004-08-04 07:56:44 12,288 ------w C:\WINDOWS\system32\netrap.dll
+ 2008-04-14 00:12:02 11,776 ----a-w C:\WINDOWS\system32\netrap.dll
- 2004-08-04 07:56:44 1,708,032 ------w C:\WINDOWS\system32\netshell.dll
+ 2008-04-14 00:12:02 1,703,936 ----a-w C:\WINDOWS\system32\netshell.dll
- 2004-08-04 07:56:44 80,896 ------w C:\WINDOWS\system32\netui0.dll
+ 2008-04-14 00:12:02 80,896 ----a-w C:\WINDOWS\system32\netui0.dll
- 2004-08-04 07:56:44 245,760 ------w C:\WINDOWS\system32\netui1.dll
+ 2008-04-14 00:12:02 245,760 ----a-w C:\WINDOWS\system32\netui1.dll
- 2004-08-04 07:56:44 248,832 ------w C:\WINDOWS\system32\newdev.dll
+ 2008-04-14 00:12:02 247,808 ----a-w C:\WINDOWS\system32\newdev.dll
- 2004-08-04 07:56:44 67,072 ------w C:\WINDOWS\system32\ntdsapi.dll
+ 2008-04-14 00:12:02 67,072 ----a-w C:\WINDOWS\system32\ntdsapi.dll
- 2004-08-04 07:56:44 43,520 ------w C:\WINDOWS\system32\ntlanman.dll
+ 2008-04-14 00:12:02 44,032 ----a-w C:\WINDOWS\system32\ntlanman.dll
- 2004-08-04 07:56:44 118,784 ------w C:\WINDOWS\system32\ntmarta.dll
+ 2008-04-14 00:12:02 118,784 ----a-w C:\WINDOWS\system32\ntmarta.dll
- 2004-08-04 07:56:44 143,872 ------w C:\WINDOWS\system32\ntshrui.dll
+ 2008-04-14 00:12:02 143,360 ----a-w C:\WINDOWS\system32\ntshrui.dll
- 2004-08-04 07:56:44 266,752 ------w C:\WINDOWS\system32\oakley.dll
+ 2008-04-14 00:12:02 270,336 ----a-w C:\WINDOWS\system32\oakley.dll
- 2001-08-18 12:00:00 60,928 ------w C:\WINDOWS\system32\ocmanage.dll
+ 2008-04-14 00:12:02 67,584 ----a-w C:\WINDOWS\system32\ocmanage.dll
- 2004-08-04 07:56:44 249,856 ------w C:\WINDOWS\system32\odbc32.dll
+ 2008-04-14 00:12:02 249,856 ----a-w C:\WINDOWS\system32\odbc32.dll
- 2004-08-04 07:56:44 16,384 ------w C:\WINDOWS\system32\odbc32gt.dll
+ 2008-04-14 00:12:02 16,384 ----a-w C:\WINDOWS\system32\odbc32gt.dll
- 2004-08-04 07:56:44 24,576 ------w C:\WINDOWS\system32\odbcbcp.dll
+ 2008-04-14 00:12:02 24,576 ----a-w C:\WINDOWS\system32\odbcbcp.dll
- 2004-08-04 07:56:44 135,168 ------w C:\WINDOWS\system32\odbcconf.dll
+ 2008-04-14 00:12:02 135,168 ----a-w C:\WINDOWS\system32\odbcconf.dll
- 2004-08-04 07:56:54 69,632 ------w C:\WINDOWS\system32\odbcconf.exe
+ 2008-04-14 00:12:30 69,632 ----a-w C:\WINDOWS\system32\odbcconf.exe
- 2004-08-04 07:56:44 106,496 ------w C:\WINDOWS\system32\odbccp32.dll
+ 2008-04-14 00:12:02 106,496 ----a-w C:\WINDOWS\system32\odbccp32.dll
- 2004-08-04 07:56:44 65,536 ------w C:\WINDOWS\system32\odbccr32.dll
+ 2008-04-14 00:12:02 65,536 ----a-w C:\WINDOWS\system32\odbccr32.dll
- 2004-08-04 07:56:44 65,536 ------w C:\WINDOWS\system32\odbccu32.dll
+ 2008-04-14 00:12:02 65,536 ----a-w C:\WINDOWS\system32\odbccu32.dll
- 2004-08-04 07:56:22 94,208 ------w C:\WINDOWS\system32\odbcint.dll
+ 2008-04-13 17:26:06 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
- 2004-08-04 07:56:22 12,288 ------w C:\WINDOWS\system32\odbcp32r.dll
+ 2008-04-13 17:26:06 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
- 2004-08-04 07:56:44 147,456 ------w C:\WINDOWS\system32\odbctrac.dll
+ 2008-04-14 00:12:02 147,456 ----a-w C:\WINDOWS\system32\odbctrac.dll
- 2005-07-26 04:39:48 1,285,120 ------w C:\WINDOWS\system32\ole32.dll
+ 2008-04-14 00:12:02 1,287,168 ----a-w C:\WINDOWS\system32\ole32.dll
- 2005-07-26 04:39:48 74,752 ------w C:\WINDOWS\system32\olecli32.dll
+ 2008-04-14 00:12:02 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2004-08-04 07:56:44 83,456 ------w C:\WINDOWS\system32\olepro32.dll
+ 2008-04-14 00:12:02 84,992 ----a-w C:\WINDOWS\system32\olepro32.dll
- 2004-08-04 07:56:44 25,088 ------w C:\WINDOWS\system32\perfos.dll
+ 2008-04-14 00:12:02 25,088 ----a-w C:\WINDOWS\system32\perfos.dll
- 2004-08-04 07:56:44 15,360 ------w C:\WINDOWS\system32\pjlmon.dll
+ 2008-04-14 00:12:02 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll
- 2004-08-04 07:56:44 17,408 ------w C:\WINDOWS\system32\powrprof.dll
+ 2008-04-14 00:12:04 17,408 ----a-w C:\WINDOWS\system32\powrprof.dll
+ 2003-06-06 04:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
- 2004-08-04 07:56:44 27,648 ------w C:\WINDOWS\system32\profmap.dll
+ 2008-04-14 00:12:04 27,648 ----a-w C:\WINDOWS\system32\profmap.dll
- 2004-08-04 07:56:44 23,040 ------w C:\WINDOWS\system32\psapi.dll
+ 2008-04-14 00:12:04 23,040 ----a-w C:\WINDOWS\system32\psapi.dll
- 2004-08-04 07:56:44 96,768 ------w C:\WINDOWS\system32\psbase.dll
+ 2008-04-14 00:12:04 96,768 ----a-w C:\WINDOWS\system32\psbase.dll
- 2004-08-04 07:56:44 34,304 ------w C:\WINDOWS\system32\pstorsvc.dll
+ 2008-04-14 00:12:04 34,304 ----a-w C:\WINDOWS\system32\pstorsvc.dll
- 2008-04-14 00:12:04 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
- 2006-06-26 17:37:10 8,192 ------w C:\WINDOWS\system32\rasadhlp.dll
+ 2008-04-14 00:12:04 7,680 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-04 07:56:44 69,632 ------w C:\WINDOWS\system32\raschap.dll
+ 2008-04-14 00:12:04 79,872 ----a-w C:\WINDOWS\system32\raschap.dll
- 2006-05-14 08:44:08 181,248 ------w C:\WINDOWS\system32\rasmans.dll
+ 2008-04-14 00:12:04 186,368 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2004-08-04 07:56:44 206,336 ------w C:\WINDOWS\system32\rasppp.dll
+ 2008-04-14 00:12:04 210,944 ----a-w C:\WINDOWS\system32\rasppp.dll
- 2004-08-04 07:56:44 112,128 ------w C:\WINDOWS\system32\rastls.dll
+ 2008-04-14 00:12:04 150,016 ----a-w C:\WINDOWS\system32\rastls.dll
- 2004-08-04 07:56:44 49,664 ------w C:\WINDOWS\system32\regapi.dll
+ 2008-04-14 00:12:04 49,664 ----a-w C:\WINDOWS\system32\regapi.dll
+ 2008-04-13 18:31:32 36,352 ----a-w C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\intelppm.sys
+ 2008-04-13 18:31:30 35,840 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\processr.sys
- 2004-08-04 07:56:44 58,880 ------w C:\WINDOWS\system32\resutils.dll
+ 2008-04-14 00:12:04 58,880 ----a-w C:\WINDOWS\system32\resutils.dll
- 2006-11-27 13:54:06 433,152 ------w C:\WINDOWS\system32\riched20.dll
+ 2008-04-14 00:12:04 433,664 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-04 07:56:44 581,120 ------w C:\WINDOWS\system32\rpcrt4.dll
+ 2008-04-14 00:12:04 584,704 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2005-07-26 04:39:50 397,824 ------w C:\WINDOWS\system32\rpcss.dll
+ 2008-04-14 00:12:04 399,360 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-08-04 05:31:44 152,576 ------w C:\WINDOWS\system32\rsaenh.dll
+ 2008-04-13 17:37:58 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
- 2001-08-18 12:00:00 90,112 ------w C:\WINDOWS\system32\rsvpsp.dll
+ 2008-04-14 00:12:04 92,672 ------w C:\WINDOWS\system32\rsvpsp.dll
- 2004-08-04 07:56:44 31,744 ------w C:\WINDOWS\system32\rtipxmib.dll
+ 2008-04-14 00:12:04 31,744 ----a-w C:\WINDOWS\system32\rtipxmib.dll
- 2004-08-04 07:56:44 44,032 ------w C:\WINDOWS\system32\rtutils.dll
+ 2008-04-14 00:12:04 44,032 ----a-w C:\WINDOWS\system32\rtutils.dll
- 2004-08-04 07:56:44 180,224 ------w C:\WINDOWS\system32\scecli.dll
+ 2008-04-14 00:12:06 181,248 ----a-w C:\WINDOWS\system32\scecli.dll
- 2004-08-04 07:56:44 313,856 ------w C:\WINDOWS\system32\scesrv.dll
+ 2008-04-14 00:12:06 314,880 ----a-w C:\WINDOWS\system32\scesrv.dll
- 2004-08-04 07:56:44 190,976 ------w C:\WINDOWS\system32\schedsvc.dll
+ 2008-04-14 00:12:06 192,512 ----a-w C:\WINDOWS\system32\schedsvc.dll
- 2004-08-04 07:56:44 18,944 ------w C:\WINDOWS\system32\seclogon.dll
+ 2008-04-14 00:12:06 18,944 ----a-w C:\WINDOWS\system32\seclogon.dll
- 2004-08-04 07:56:44 55,808 ------w C:\WINDOWS\system32\secur32.dll
+ 2008-04-14 00:12:06 56,320 ----a-w C:\WINDOWS\system32\secur32.dll
- 2004-08-04 07:56:44 38,912 ------w C:\WINDOWS\system32\sens.dll
+ 2008-04-14 00:12:06 39,424 ----a-w C:\WINDOWS\system32\sens.dll
- 2004-08-04 07:56:44 6,656 ------w C:\WINDOWS\system32\sensapi.dll
+ 2008-04-14 00:12:06 7,168 ----a-w C:\WINDOWS\system32\sensapi.dll
- 2001-08-18 12:00:00 259,584 ------w C:\WINDOWS\system32\Setup\comsetup.dll
+ 2008-04-14 00:11:52 274,944 ----a-w C:\WINDOWS\system32\Setup\comsetup.dll
- 2004-08-04 07:56:42 32,828 ------w C:\WINDOWS\system32\Setup\fp40ext.dll
+ 2008-04-14 00:11:54 32,828 ----a-w C:\WINDOWS\system32\Setup\fp40ext.dll
- 2004-08-04 07:56:42 132,608 ------w C:\WINDOWS\system32\Setup\fxsocm.dll
+ 2008-04-14 00:11:54 132,608 ----a-w C:\WINDOWS\system32\Setup\fxsocm.dll
- 2004-08-04 07:56:42 505,344 ------w C:\WINDOWS\system32\Setup\iis.dll
+ 2008-04-14 00:11:54 505,344 ----a-w C:\WINDOWS\system32\Setup\iis.dll
- 2001-08-18 12:00:00 115,712 ------w C:\WINDOWS\system32\Setup\imsinsnt.dll
+ 2008-04-14 00:11:54 123,392 ----a-w C:\WINDOWS\system32\Setup\imsinsnt.dll
- 2001-08-18 12:00:00 82,432 ------w C:\WINDOWS\system32\Setup\msdtcstp.dll
+ 2008-04-14 00:12:00 90,112 ----a-w C:\WINDOWS\system32\Setup\msdtcstp.dll
- 2004-08-04 07:56:44 15,360 ------w C:\WINDOWS\system32\Setup\msgrocm.dll
+ 2008-04-14 00:12:00 15,360 ----a-w C:\WINDOWS\system32\Setup\msgrocm.dll
- 2004-08-04 07:56:44 77,312 ------w C:\WINDOWS\system32\Setup\netoc.dll
+ 2008-04-14 00:12:02 77,312 ----a-w C:\WINDOWS\system32\Setup\netoc.dll
- 2004-08-04 07:56:44 62,976 ------w C:\WINDOWS\system32\Setup\ntoc.dll
+ 2008-04-14 00:12:02 62,976 ----a-w C:\WINDOWS\system32\Setup\ntoc.dll
- 2004-08-04 07:56:44 15,872 ------w C:\WINDOWS\system32\Setup\ocgen.dll
+ 2008-04-14 00:12:02 15,360 ----a-w C:\WINDOWS\system32\Setup\ocgen.dll
- 2004-08-04 07:56:44 17,408 ------w C:\WINDOWS\system32\Setup\ocmsn.dll
+ 2008-04-14 00:12:02 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
- 2004-08-04 07:56:44 101,376 ------w C:\WINDOWS\system32\Setup\setupqry.dll
+ 2008-04-14 00:12:06 101,376 ----a-w C:\WINDOWS\system32\Setup\setupqry.dll
- 2004-08-04 07:56:46 22,016 ------w C:\WINDOWS\system32\Setup\startoc.dll
+ 2008-04-14 00:12:08 26,624 ------w C:\WINDOWS\system32\Setup\startoc.dll
- 2004-08-04 07:56:46 121,856 ------w C:\WINDOWS\system32\Setup\tsoc.dll
+ 2008-04-14 00:12:08 130,048 ----a-w C:\WINDOWS\system32\Setup\tsoc.dll
- 2004-08-04 07:56:44 5,120 ------w C:\WINDOWS\system32\sfc.dll
+ 2008-04-14 00:12:06 5,120 ----a-w C:\WINDOWS\system32\sfc.dll
- 2004-08-04 07:56:44 140,288 ------w C:\WINDOWS\system32\sfc_os.dll
+ 2008-04-14 00:12:06 140,288 ----a-w C:\WINDOWS\system32\sfc_os.dll
- 2004-08-04 07:56:28 549,376 ------w C:\WINDOWS\system32\shdoclc.dll
+ 2008-04-13 17:03:20 549,376 ------w C:\WINDOWS\system32\shdoclc.dll
- 2007-06-14 18:09:20 1,494,528 ------w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-14 00:12:06 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ------w C:\WINDOWS\system32\shell32.dll
+ 2008-04-14 00:12:06 8,461,312 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-04 07:56:46 25,088 ------w C:\WINDOWS\system32\shfolder.dll
+ 2008-04-14 00:12:06 25,088 ----a-w C:\WINDOWS\system32\shfolder.dll
- 2004-08-04 07:56:46 65,536 ------w C:\WINDOWS\system32\shimeng.dll
+ 2008-04-14 00:12:06 65,024 ----a-w C:\WINDOWS\system32\shimeng.dll
- 2007-06-14 18:09:20 474,112 ------w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-14 00:12:06 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-12-19 21:52:18 134,656 ------w C:\WINDOWS\system32\shsvcs.dll
+ 2008-04-14 00:12:06 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2006-11-20 07:42:46 33,280 ------w C:\WINDOWS\system32\snmp.exe
+ 2008-04-14 00:12:36 33,280 ----a-w C:\WINDOWS\system32\snmp.exe
- 2004-08-04 07:56:46 18,944 ------w C:\WINDOWS\system32\snmpapi.dll
+ 2008-04-14 00:12:06 18,944 ----a-w C:\WINDOWS\system32\snmpapi.dll
- 2004-08-04 07:56:46 6,144 ------w C:\WINDOWS\system32\snmpmib.dll
+ 2008-04-14 00:12:06 6,144 ----a-w C:\WINDOWS\system32\snmpmib.dll
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:52 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-08-04 07:56:46 74,752 ------w C:\WINDOWS\system32\spoolss.dll
+ 2008-04-14 00:12:06 75,264 ----a-w C:\WINDOWS\system32\spoolss.dll
- 2004-08-04 07:56:46 442,368 ------w C:\WINDOWS\system32\sqlsrv32.dll
+ 2008-04-14 00:12:06 442,368 ----a-w C:\WINDOWS\system32\sqlsrv32.dll
- 2004-08-04 07:56:46 180,800 ------w C:\WINDOWS\system32\sqlunirl.dll
+ 2008-04-14 00:12:06 180,800 ----a-w C:\WINDOWS\system32\sqlunirl.dll
+ 2006-04-28 00:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
- 2004-08-04 07:56:46 67,584 ------w C:\WINDOWS\system32\srclient.dll
+ 2008-04-14 00:12:08 67,584 ----a-w C:\WINDOWS\system32\srclient.dll
- 2004-08-04 07:56:46 170,496 ------w C:\WINDOWS\system32\srsvc.dll
+ 2008-04-14 00:12:08 171,008 ----a-w C:\WINDOWS\system32\srsvc.dll
- 2004-08-04 07:56:46 34,816 ------w C:\WINDOWS\system32\ssdpapi.dll
+ 2008-04-14 00:12:08 34,816 ----a-w C:\WINDOWS\system32\ssdpapi.dll
- 2004-08-04 07:56:46 71,680 ------w C:\WINDOWS\system32\ssdpsrv.dll
+ 2008-04-14 00:12:08 71,680 ----a-w C:\WINDOWS\system32\ssdpsrv.dll
- 2004-08-04 07:56:46 121,856 ------w C:\WINDOWS\system32\stobject.dll
+ 2008-04-14 00:12:08 121,856 ----a-w C:\WINDOWS\system32\stobject.dll
- 2004-08-04 07:56:46 75,776 ------w C:\WINDOWS\system32\strmfilt.dll
+ 2008-04-14 00:12:08 75,776 ----a-w C:\WINDOWS\system32\strmfilt.dll
- 2006-10-19 12:56:32 713,216 ------w C:\WINDOWS\system32\sxs.dll
+ 2008-04-14 00:12:08 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
- 2004-08-04 07:56:46 181,760 ------w C:\WINDOWS\system32\tapi32.dll
+ 2008-04-14 00:12:08 181,760 ----a-w C:\WINDOWS\system32\tapi32.dll
- 2005-07-08 16:27:56 249,344 ------w C:\WINDOWS\system32\tapisrv.dll
+ 2008-04-14 00:12:08 249,856 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-04 07:56:46 45,568 ------w C:\WINDOWS\system32\tcpmon.dll
+ 2008-04-14 00:12:08 45,568 ----a-w C:\WINDOWS\system32\tcpmon.dll
- 2004-08-04 07:56:46 295,424 ------w C:\WINDOWS\system32\termsrv.dll
+ 2008-04-14 00:12:08 295,424 ----a-w C:\WINDOWS\system32\termsrv.dll
- 2004-08-04 07:56:46 385,536 ------w C:\WINDOWS\system32\themeui.dll
+ 2008-04-14 00:12:08 385,536 ----a-w C:\WINDOWS\system32\themeui.dll
- 2004-08-04 07:56:46 90,624 ------w C:\WINDOWS\system32\trkwks.dll
+ 2008-04-14 00:12:08 90,112 ----a-w C:\WINDOWS\system32\trkwks.dll
- 2005-08-23 03:35:42 123,392 ------w C:\WINDOWS\system32\umpnpmgr.dll
+ 2008-04-14 00:12:08 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-04 07:56:46 74,240 ------w C:\WINDOWS\system32\unimdmat.dll
+ 2008-04-14 00:12:08 74,240 ----a-w C:\WINDOWS\system32\unimdmat.dll
- 2004-08-04 07:56:46 13,824 ------w C:\WINDOWS\system32\uniplat.dll
+ 2008-04-14 00:12:08 13,824 ----a-w C:\WINDOWS\system32\uniplat.dll
- 2004-08-04 07:56:46 132,608 ------w C:\WINDOWS\system32\upnp.dll
+ 2008-04-14 00:12:08 133,632 ----a-w C:\WINDOWS\system32\upnp.dll
- 2004-08-04 07:56:46 239,616 ------w C:\WINDOWS\system32\upnpui.dll
+ 2008-04-14 00:12:08 239,616 ----a-w C:\WINDOWS\system32\upnpui.dll
- 2004-08-04 07:56:46 16,896 ------w C:\WINDOWS\system32\usbmon.dll
+ 2008-04-14 00:12:08 16,896 ----a-w C:\WINDOWS\system32\usbmon.dll
- 2004-08-04 07:56:46 723,456 ------w C:\WINDOWS\system32\userenv.dll
+ 2008-04-14 00:12:08 727,040 ----a-w C:\WINDOWS\system32\userenv.dll
- 2004-08-04 07:56:46 406,528 ------w C:\WINDOWS\system32\usp10.dll
+ 2008-04-14 00:12:08 406,016 ------w C:\WINDOWS\system32\usp10.dll
- 2004-08-04 07:56:46 218,624 ------w C:\WINDOWS\system32\uxtheme.dll
+ 2008-04-14 00:12:08 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
+ 2007-09-06 07:22:24 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
- 2004-08-04 07:56:46 18,944 ------w C:\WINDOWS\system32\version.dll
+ 2008-04-14 00:12:08 18,944 ----a-w C:\WINDOWS\system32\version.dll
- 2004-08-04 07:56:46 430,592 ------w C:\WINDOWS\system32\vssapi.dll
+ 2008-04-14 00:12:08 430,592 ----a-w C:\WINDOWS\system32\vssapi.dll
- 2004-08-04 07:56:46 174,592 ------w C:\WINDOWS\system32\w32time.dll
+ 2008-04-14 00:12:08 175,104 ----a-w C:\WINDOWS\system32\w32time.dll
- 2004-08-04 07:56:46 15,872 ------w C:\WINDOWS\system32\w3ssl.dll
+ 2008-04-14 00:12:08 15,872 ----a-w C:\WINDOWS\system32\w3ssl.dll
- 2004-08-04 07:56:42 247,808 ------w C:\WINDOWS\system32\wbem\esscli.dll
+ 2008-04-14 00:11:54 247,808 ----a-w C:\WINDOWS\system32\wbem\esscli.dll
- 2004-08-04 07:56:42 472,064 ------w C:\WINDOWS\system32\wbem\fastprox.dll
+ 2008-04-14 00:11:54 472,064 ----a-w C:\WINDOWS\system32\wbem\fastprox.dll
- 2004-08-04 07:56:42 185,856 ------w C:\WINDOWS\system32\wbem\framedyn.dll
+ 2008-04-14 00:11:54 185,344 ----a-w C:\WINDOWS\system32\wbem\framedyn.dll
- 2004-08-04 07:56:52 16,384 ------w C:\WINDOWS\system32\wbem\mofcomp.exe
+ 2008-04-14 00:12:26 16,384 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
- 2004-08-04 07:56:42 123,904 ------w C:\WINDOWS\system32\wbem\mofd.dll
+ 2008-04-14 00:11:58 123,904 ----a-w C:\WINDOWS\system32\wbem\mofd.dll
- 2004-08-04 07:56:44 47,104 ------w C:\WINDOWS\system32\wbem\ncprov.dll
+ 2008-04-14 00:12:02 47,104 ----a-w C:\WINDOWS\system32\wbem\ncprov.dll
- 2004-08-04 07:56:44 177,152 ------w C:\WINDOWS\system32\wbem\repdrvfs.dll
+ 2008-04-14 00:12:04 178,176 ----a-w C:\WINDOWS\system32\wbem\repdrvfs.dll
- 2004-08-04 07:56:46 214,528 ------w C:\WINDOWS\system32\wbem\wbemcomn.dll
+ 2008-04-14 00:12:08 214,528 ----a-w C:\WINDOWS\system32\wbem\wbemcomn.dll
- 2004-08-04 07:56:46 530,944 ------w C:\WINDOWS\system32\wbem\wbemcore.dll
+ 2008-04-14 00:12:08 531,456 ----a-w C:\WINDOWS\system32\wbem\wbemcore.dll
- 2004-08-04 07:56:46 273,920 ------w C:\WINDOWS\system32\wbem\wbemess.dll
+ 2008-04-14 00:12:08 273,920 ----a-w C:\WINDOWS\system32\wbem\wbemess.dll
- 2004-08-04 07:56:46 18,944 ------w C:\WINDOWS\system32\wbem\wbemprox.dll
+ 2008-04-14 00:12:08 18,944 ----a-w C:\WINDOWS\system32\wbem\wbemprox.dll
- 2004-08-04 07:56:46 43,520 ------w C:\WINDOWS\system32\wbem\wbemsvc.dll
+ 2008-04-14 00:12:08 43,520 ----a-w C:\WINDOWS\system32\wbem\wbemsvc.dll
- 2004-08-04 07:56:46 144,896 ------w C:\WINDOWS\system32\wbem\wmiprov.dll
+ 2008-04-14 00:12:10 144,896 ----a-w C:\WINDOWS\system32\wbem\wmiprov.dll
- 2004-08-04 07:56:46 437,248 ------w C:\WINDOWS\system32\wbem\wmiprvsd.dll
+ 2008-04-14 00:12:10 437,248 ----a-w C:\WINDOWS\system32\wbem\wmiprvsd.dll
- 2004-08-04 07:56:58 218,112 ------w C:\WINDOWS\system32\wbem\wmiprvse.exe
+ 2008-04-14 00:12:40 218,112 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe
- 2004-08-04 07:56:46 144,896 ------w C:\WINDOWS\system32\wbem\wmisvc.dll
+ 2008-04-14 00:12:10 144,896 ----a-w C:\WINDOWS\system32\wbem\wmisvc.dll
- 2004-08-04 07:56:46 95,232 ------w C:\WINDOWS\system32\wbem\wmiutils.dll
+ 2008-04-14 00:12:10 95,232 ----a-w C:\WINDOWS\system32\wbem\wmiutils.dll
- 2004-08-04 07:56:46 49,152 ------w C:\WINDOWS\system32\wdigest.dll
+ 2008-04-14 00:12:08 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2006-01-04 02:35:06 68,096 ------w C:\WINDOWS\system32\webclnt.dll
+ 2008-04-14 00:12:08 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2004-08-04 07:56:46 351,232 ------w C:\WINDOWS\system32\winhttp.dll
+ 2008-04-14 00:12:08 354,304 ----a-w C:\WINDOWS\system32\winhttp.dll
- 2004-08-04 07:56:46 32,768 ------w C:\WINDOWS\system32\winipsec.dll
+ 2008-04-14 00:12:10 32,256 ----a-w C:\WINDOWS\system32\winipsec.dll
- 2004-08-04 07:56:46 176,128 ------w C:\WINDOWS\system32\winmm.dll
+ 2008-04-14 00:12:10 176,128 ----a-w C:\WINDOWS\system32\winmm.dll
- 2004-08-04 07:56:46 16,896 ------w C:\WINDOWS\system32\winrnr.dll
+ 2008-04-14 00:12:10 16,896 ----a-w C:\WINDOWS\system32\winrnr.dll
- 2004-08-04 07:56:46 99,328 ------w C:\WINDOWS\system32\winscard.dll
+ 2008-04-14 00:12:10 99,328 ----a-w C:\WINDOWS\system32\winscard.dll
- 2007-03-17 13:43:02 292,864 ------w C:\WINDOWS\system32\winsrv.dll
+ 2008-04-14 00:12:10 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-04 07:56:46 53,760 ------w C:\WINDOWS\system32\winsta.dll
+ 2008-04-14 00:12:10 53,760 ----a-w C:\WINDOWS\system32\winsta.dll
- 2004-08-04 07:56:46 176,640 ------w C:\WINDOWS\system32\wintrust.dll
+ 2008-04-14 00:12:10 176,640 ----a-w C:\WINDOWS\system32\wintrust.dll
- 2004-08-04 07:56:46 172,032 ------w C:\WINDOWS\system32\wldap32.dll
+ 2008-04-14 00:12:10 172,032 ----a-w C:\WINDOWS\system32\wldap32.dll
- 2004-08-04 07:56:46 92,672 ------w C:\WINDOWS\system32\wlnotify.dll
+ 2008-04-14 00:12:10 92,672 ----a-w C:\WINDOWS\system32\wlnotify.dll
- 2004-08-04 07:56:36 5,632 ------w C:\WINDOWS\system32\wmi.dll
+ 2008-04-14 00:11:16 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
- 2004-08-04 07:56:46 264,192 ------w C:\WINDOWS\system32\wow32.dll
+ 2008-04-14 00:12:10 264,192 ----a-w C:\WINDOWS\system32\wow32.dll
+ 2007-10-04 07:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
- 2004-08-04 07:56:46 19,968 ------w C:\WINDOWS\system32\ws2help.dll
+ 2008-04-14 00:12:10 19,968 ----a-w C:\WINDOWS\system32\ws2help.dll
- 2004-08-04 07:56:58 13,824 ------w C:\WINDOWS\system32\wscntfy.exe
+ 2008-04-14 00:12:42 13,824 ------w C:\WINDOWS\system32\wscntfy.exe
- 2008-04-14 00:12:42 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
- 2004-08-04 07:56:46 81,408 ------w C:\WINDOWS\system32\wscsvc.dll
+ 2008-04-14 00:12:10 80,896 ----a-w C:\WINDOWS\system32\wscsvc.dll
- 2004-08-04 07:56:46 19,968 ------w C:\WINDOWS\system32\wshtcpip.dll
+ 2008-04-14 00:12:10 19,456 ----a-w C:\WINDOWS\system32\wshtcpip.dll
- 2004-08-04 07:56:46 22,528 ------w C:\WINDOWS\system32\wsock32.dll
+ 2008-04-14 00:12:10 22,528 ----a-w C:\WINDOWS\system32\wsock32.dll
- 2004-08-04 07:56:46 18,432 ------w C:\WINDOWS\system32\wtsapi32.dll
+ 2008-04-14 00:12:10 18,432 ----a-w C:\WINDOWS\system32\wtsapi32.dll
- 2004-08-04 07:56:46 6,656 ------w C:\WINDOWS\system32\wuauserv.dll
+ 2008-04-14 00:12:12 6,656 ----a-w C:\WINDOWS\system32\wuauserv.dll
- 2004-08-04 07:56:46 378,368 ------w C:\WINDOWS\system32\wzcdlg.dll
+ 2008-04-14 00:12:12 383,488 ----a-w C:\WINDOWS\system32\wzcdlg.dll
- 2004-08-04 07:56:46 51,712 ------w C:\WINDOWS\system32\wzcsapi.dll
+ 2008-04-14 00:12:12 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
- 2004-08-04 07:56:46 359,936 ------w C:\WINDOWS\system32\wzcsvc.dll
+ 2008-04-14 00:12:12 483,840 ----a-w C:\WINDOWS\system32\wzcsvc.dll
+ 2008-08-05 07:03:30 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_17c.dat
+ 2008-04-14 00:12:52 1,054,208 ----a-w C:\WINDOWS\WinSxS\InstallTemp\2568572\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/30/2007 02:11 AM 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/30/2007 01:49 AM 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM 270648]
"HostManager"="C:\Program Files\Common Files\AOL\1129242291\ee\AOLSoftware.exe" [09/25/2006 04:52 PM 50736]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [08/03/2008 12:41 PM 1232152]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 05:50 AM 71216]
"LexPPS.exe"="C:\WINDOWS\system32\lexpps.exe" [11/06/2003 12:57 AM 174592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= sonymjpg.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\LEXPPS.EXE"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0c\\waol.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Common Files\\AOL\\1129242291\\EE\\aolsoftware.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [08/17/2001 12:11 PM]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\System32\Drivers\avgldx86.sys [08/03/2008 12:41 PM]
S1 SonyFanC;FAN Control Device Service;C:\WINDOWS\system32\Drivers\SonyFanC.sys [09/06/2001 04:21 PM]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [08/03/2008 12:41 PM]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [08/03/2008 12:41 PM]
S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\System32\Drivers\avgtdix.sys [08/03/2008 12:41 PM]
S2 V7;V7;C:\WINDOWS\system32\DRIVERS\V7.syS [03/09/2000 11:24 AM]


*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\d6a913d3-b39b-4e10-8a6d-ba3b5ac01144]
C:\WINDOWS\system32\cmdqror.exe
.
Contents of the 'Scheduled Tasks' folder

2001-12-26 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [04/13/2008 05:12 PM]

2008-07-31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [06/03/2007 01:42 PM]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-MSN Messanger - msnmsng.exe
HKU-Default-RunServices-MSN Messanger - msnmsng.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\DOCUME~1\MANUEL~1.000\APPLIC~1\Mozilla\Firefox\Profiles\vfci51nh.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 19:38:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 08/08/2008 19:40:31
ComboFix-quarantined-files.txt 2008-08-09 02:40:14
ComboFix2.txt 2008-06-28 14:26:18

Pre-Run: 2,522,468,352 bytes free
Post-Run: 2,711,805,952 bytes free

955 --- E O F --- 2008-08-05 06:43:03





And a current HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:35 PM, on 8/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129242291\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1904607352-2911765694-2800509490-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7442 bytes


Thanks!!!!!!!!!!!!!!!

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:58 AM

Posted 08 August 2008 - 11:23 PM

Hi Joe,

I forgot to mention earlier that I couldn't get here either, so no worry. :thumbsup:

Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal. Reboot your computer.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer, and post a new HijackThis log.

How is it running please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Velzone

Velzone
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 09 August 2008 - 12:00 AM

tea,

While, I did as instructed, and I still can not use internet explorer, it gives the following error:

Your security setting level puts your computer at risk

We recommend that you do not browse the web with your current security settings.
To fix this, click on the Information Bar above, and choose Fix Settings for Me.

To continue browsing in the current state, click the Home button (not recommended).

Also, when you hit the "Start" button and you have those quick links on the left side of the pop up, it is empty on this login (does that make sense?

I am posting the HJT log, I did as instructed yet the items seem to have come back :-(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:24 PM, on 8/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129242291\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NETWORK SERVICE')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7164 bytes

Thanks :-)

Joe

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:58 AM

Posted 12 August 2008 - 02:23 AM

Hello,

Try this: Download and run Fix-Protocol-zones-ranges.reg
http://downloads.subratam.org/Fix-Pr...nes-ranges.reg
download and double click, answer yes to the prompts.

In your reply, please post a new HijackThis log and let me know if that helped. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Velzone

Velzone
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 18 August 2008 - 09:24 PM

Hi Tea,

Actually what I did was delete the user that was having the issues from the user list, and then recreated the user, all seems to be fine. For whatever reason all of the other users seemed to be fixed but maybe the settings got so messed up on the one user it would have taken a lot of registry changes to fix. The delete recreate trick seeme dto work.

Thanks for your time and effort!

Joe

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:58 AM

Posted 18 August 2008 - 09:30 PM

Hi Joe,

Thank you so much for letting me know. :) Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

I'll leave this thread open a few days, just in case. :thumbsup:

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:58 AM

Posted 11 September 2008 - 05:24 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users