Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryp. Morphine + Pak.generic.005


  • This topic is locked This topic is locked
35 replies to this topic

#1 PAH-

PAH-

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 July 2008 - 02:11 PM

Hi,

l was naughty enough to download some bad stuff from bit torrent and needless to say l have all these malwares and spywares now happily resident in both at home and at work.

Over the work computer, the office has installed trend micro office scan.. It senses and isolates the bugs namely the above even though earlier before installing office scan, l've had a couple of the Trojan Vundo and Trojan Mundo bugs as well. This office scan cant remove what l've out in my system. I've run a dss scan in my office desktop and these are the readouts l'm posting. Will appreciate any help in cleaning up my registry. I just dont want to touch that bit without some help. Thanks..

From the main.txt :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:20 AM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\LQF914.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Documents and Settings\paul.hii\lsass.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\cutandcover01\Profiles\paul.hii\Desktop\dss.exe
\cutandcover01\Profiles\paul.hii\Desktop\paul.hii.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cambiecutandcover.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6878149F-B272-48B5-9B97-A87B4493E91a} - C:\WINDOWS\system32\dcwcjgip.dll
O2 - BHO: {eb46da09-6c65-88cb-45a4-7b232162b6a6} - {6a6b2612-32b7-4a54-bc88-56c690ad64be} - C:\WINDOWS\system32\ejdmza.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C212EC00-43E6-444F-97C1-81F5F1F77AF3} - C:\WINDOWS\system32\tuVpOIya.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\paul.hii\lsass.exe
O4 - HKLM\..\Run: [d4797c97] rundll32.exe "C:\WINDOWS\system32\dsyensbw.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor Apache Servers.lnk = Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cambiecutandcover.local
O17 - HKLM\Software\..\Telephony: DomainName = cambiecutandcover.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cambiecutandcover.local
O20 - AppInit_DLLs: knbejlcs.dll
O23 - Service: Apache2 - Apache Software Foundation - c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: OfficeScan Control Manager Agent (OfficeScanCMAgent) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 9274 bytes

-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 08:16:56 49664 --a------ C:\WINDOWS\system32\dcwcjgip.dll
2008-07-10 08:14:11 0 dr-h----- C:\Documents and Settings\paul.hii\Recent
2008-07-10 07:36:09 102912 --a------ C:\WINDOWS\system32\ejdmza.dll
2008-07-10 07:36:06 102912 --a------ C:\WINDOWS\system32\djgggnpm.dll
2008-07-10 07:35:56 78848 --a------ C:\WINDOWS\system32\dsyensbw.dll
2008-07-10 07:35:48 91648 --a------ C:\WINDOWS\system32\ldaixctp.dll
2008-07-09 07:37:00 102912 --a------ C:\WINDOWS\system32\rwucnp.dll
2008-07-09 07:36:59 102912 --a------ C:\WINDOWS\system32\ewyywhik.dll
2008-07-09 07:35:13 49664 --a------ C:\WINDOWS\system32\tlxqwraj.dll
2008-07-09 07:35:10 78848 --a------ C:\WINDOWS\system32\nqlmhrtp.dll
2008-07-09 07:34:46 91136 --a------ C:\WINDOWS\system32\yrfjmybv.dll
2008-07-09 07:04:01 0 d-------- C:\Documents and Settings\paul.hii\Desktop
2008-07-07 11:02:31 103424 --a------ C:\WINDOWS\system32\hdbuen.dll
2008-07-07 11:02:30 103424 --a------ C:\WINDOWS\system32\iriuixhs.dll
2008-07-07 11:02:09 91648 --a------ C:\WINDOWS\system32\myvycixv.dll
2008-07-05 13:22:06 103424 --a------ C:\WINDOWS\system32\aihizc.dll
2008-07-05 13:22:05 103424 --a------ C:\WINDOWS\system32\dnbmeprk.dll
2008-07-05 09:22:18 103424 --a------ C:\WINDOWS\system32\gnquya.dll
2008-07-05 09:22:16 103424 --a------ C:\WINDOWS\system32\ncijrrem.dll
2008-07-02 14:25:47 102912 --a------ C:\WINDOWS\system32\dlwtmz.dll
2008-07-02 14:25:46 102912 --a------ C:\WINDOWS\system32\dojcnoms.dll
2008-07-02 12:54:06 0 d-------- C:\Documents and Settings\paul.hii\Application Data\InstallShield
2008-06-27 10:07:21 90624 --a------ C:\WINDOWS\system32\jvrhproh.dll
2008-06-25 12:37:20 0 d-------- C:\Program Files\InterMute
2008-06-25 09:16:55 0 d-------- C:\Program Files\Trend Micro
2008-06-25 07:40:18 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-06-25 07:40:00 0 d-------- C:\WINDOWS\system32\modtrux18
2008-06-25 07:39:45 15872 --a------ C:\Documents and Settings\paul.hii\services.exe
2008-06-25 07:39:22 52224 ---hs---- C:\Documents and Settings\paul.hii\lsass.exe
2008-06-25 07:18:35 91136 --a------ C:\WINDOWS\system32\yrawtcyb.dll
2008-06-25 06:58:07 0 d-------- C:\VundoFix Backups
2008-06-24 22:43:59 25456 --a------ C:\WINDOWS\system32\pmnmklIA.dll
2008-06-21 09:28:25 90112 --a------ C:\WINDOWS\system32\pksuklyl.dll
2008-06-18 06:51:01 0 d-------- C:\Documents and Settings\paul.hii\Application Data\Apple Computer
2008-06-17 07:36:57 99328 --a------ C:\WINDOWS\system32\quiwwokq.dll
2008-06-17 07:36:49 90112 --a------ C:\WINDOWS\system32\imsckyjv.dll
2008-06-13 13:33:34 25408 --a------ C:\WINDOWS\system32\khfCTMge.dll
2008-06-13 11:45:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 09:02:15 89600 --a------ C:\WINDOWS\system32\eskqcnms.dll
2008-06-12 14:31:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-12 14:30:17 0 d-------- C:\Program Files\CCleaner
2008-06-12 14:11:00 0 d-------- C:\Documents and Settings\paul.hii\Application Data\Autodesk
2008-06-12 14:05:03 0 d-------- C:\Program Files\Autodesk
2008-06-12 14:01:53 40448 --a------ C:\WINDOWS\system32\pmnligHw.dll
2008-06-12 14:01:30 40448 --a------ C:\WINDOWS\system32\ddcyvSKa.dll
2008-06-12 14:01:11 40448 --a------ C:\WINDOWS\system32\pmnoPgfD.dll
2008-06-12 13:08:11 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-12 13:00:01 40448 --a------ C:\WINDOWS\system32\urqRKDUm.dll
2008-06-12 12:59:53 40448 --a------ C:\WINDOWS\system32\awtqnkiI.dll
2008-06-12 12:59:46 40448 --a------ C:\WINDOWS\system32\yayyVpoO.dll
2008-06-12 12:17:00 40448 --a------ C:\WINDOWS\system32\tuvSmjgH.dll
2008-06-12 12:11:31 40448 --a------ C:\WINDOWS\system32\lJAQiIaW.dll
2008-06-12 10:21:41 551030 --ahs---- C:\WINDOWS\system32\ayIOpVut.ini2
2008-06-12 10:21:35 322560 --a------ C:\WINDOWS\system32\tuVpOIya.dll
2008-06-12 10:16:42 0 d-------- C:\WINDOWS\WinRAR
2008-06-12 08:48:03 0 d-------- C:\Program Files\DNA
2008-06-12 08:48:03 0 d-------- C:\Documents and Settings\paul.hii\Application Data\DNA
2008-06-11 11:15:32 0 d-------- C:\Program Files\QuickTime
2008-06-11 11:13:10 0 d-------- C:\Program Files\Apple Software Update

-- Find3M Report ---------------------------------------------------------------

2008-07-03 08:51:53 0 d-------- C:\Documents and Settings\paul.hii\Application Data\Mozilla
2008-07-02 13:15:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-02 13:15:06 0 d-------- C:\Program Files\Symantec
2008-07-02 13:15:03 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-02 13:05:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 15:02:42 0 d-------- C:\Program Files\Common Files
2008-06-16 09:19:09 0 d-------- C:\Program Files\Windows Live
2008-06-13 09:19:31 0 d-------- C:\Program Files\Primavera
2008-06-12 14:30:28 0 d-------- C:\Program Files\Yahoo!
2008-06-12 09:31:44 0 d-------- C:\Program Files\Replay Converter
2008-06-11 11:09:28 0 d-------- C:\Program Files\Java
2008-06-09 07:24:10 0 d-------- C:\Program Files\Microsoft SQL Server
2008-06-09 07:23:46 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-06-07 11:29:28 0 d-------- C:\Program Files\Microsoft Works
2008-06-07 10:49:36 0 d-------- C:\Program Files\Uconeer
2008-06-07 03:01:25 0 d-------- C:\Program Files\MSXML 4.0
2008-06-06 13:25:00 0 d-------- C:\Documents and Settings\paul.hii\Application Data\WinRAR
2008-06-06 09:07:00 0 d-------- C:\Documents and Settings\paul.hii\Application Data\Moyea
2008-06-06 09:05:44 0 d-------- C:\Program Files\WSDOT
2008-05-14 07:50:46 0 d-------- C:\Documents and Settings\paul.hii\Application Data\AdobeUM

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6878149F-B272-48B5-9B97-A87B4493E91a}]
07/10/2008 08:16 AM 49664 --a------ C:\WINDOWS\system32\dcwcjgip.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6a6b2612-32b7-4a54-bc88-56c690ad64be}]
07/10/2008 07:36 AM 102912 --a------ C:\WINDOWS\system32\ejdmza.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C212EC00-43E6-444F-97C1-81F5F1F77AF3}]
06/12/2008 10:21 AM 322560 --a------ C:\WINDOWS\system32\tuVpOIya.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/20/2004 12:51 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM]
"@"="" []
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 12:56 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [04/23/2008 02:08 AM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [05/08/2007 12:43 AM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/20/2004 12:55 AM]
"LSA Shellu"="C:\Documents and Settings\paul.hii\lsass.exe" [06/20/2008 04:27 PM]
"d4797c97"="C:\WINDOWS\system32\dsyensbw.dll" [07/10/2008 07:35 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/06/2008 07:10 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe [4/16/2005 2:26:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
"Intellimenus"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=knbejlcs.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuVpOIya

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMd74a4f0b]
Rundll32.exe "C:\WINDOWS\system32\yrfjmybv.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d4797c97]
rundll32.exe "C:\WINDOWS\system32\nqlmhrtp.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSA Shellu]
C:\Documents and Settings\paul.hii\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d855c9-42be-11dd-bfe2-001558388868}]
Auto\command- D:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{343b8af2-c9fc-11dc-bf8b-001558388868}]
AutoRun\command- D:\
explore\Command- RECYCLER\autorun.exe -ExploreCurDir
open\Command- RECYCLER\autorun.exe -OpenCurDir

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5857411e-8422-11da-a77e-806d6172696f}]
AutoRun\command- E:\setup.exe

-- End of Deckard's System Scanner: finished at 2008-07-10 11:21:27 ---------

And from Hijack this log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:20 AM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\LQF914.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Documents and Settings\paul.hii\lsass.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\cutandcover01\Profiles\paul.hii\Desktop\dss.exe
\cutandcover01\Profiles\paul.hii\Desktop\paul.hii.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cambiecutandcover.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6878149F-B272-48B5-9B97-A87B4493E91a} - C:\WINDOWS\system32\dcwcjgip.dll
O2 - BHO: {eb46da09-6c65-88cb-45a4-7b232162b6a6} - {6a6b2612-32b7-4a54-bc88-56c690ad64be} - C:\WINDOWS\system32\ejdmza.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C212EC00-43E6-444F-97C1-81F5F1F77AF3} - C:\WINDOWS\system32\tuVpOIya.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\paul.hii\lsass.exe
O4 - HKLM\..\Run: [d4797c97] rundll32.exe "C:\WINDOWS\system32\dsyensbw.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor Apache Servers.lnk = Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cambiecutandcover.local
O17 - HKLM\Software\..\Telephony: DomainName = cambiecutandcover.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cambiecutandcover.local
O20 - AppInit_DLLs: knbejlcs.dll
O23 - Service: Apache2 - Apache Software Foundation - c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: OfficeScan Control Manager Agent (OfficeScanCMAgent) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9274 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 PM

Posted 11 July 2008 - 12:33 AM

Hi,

From what I understand here is that this is a computer used for work/at work? Are you aware of the fact that you're also dealing with a flashdrive infection so because of you downloading bad stuff from bittorrent sites, you have infected A LOT of computers at work as well? Are you aware of the fact that you have put the entire company at risk?? This computer is severly infected :thumbsup:

Since you are posting a log from a Company owned computer... There are a few things that need attention first before we proceed with this..

* You must inform your Supervisor immediately.

This because of:
  • Most company machines are connected into a network at some time or other, and your infection may compromise the security of that network.
  • If sensitive material is compromised by an infection, your company could be held liable.
* Your Company must give permission for us to give you assistance.

This because of:
  • We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.
  • There may be sensitive material on your computer that your company would not want revealed in an open forum.
Also, since this is a computer used at work - the first thing I always advise is to back up important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.

Please let me know once you informed the supervisors before to proceed with this, so they can secure their data, change passwords etc. You REALLY should tell them, because it would be totally irresponsible if you didn't.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 PAH-

PAH-
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 11 July 2008 - 09:55 AM

Hi miekiemoes

I'm humbled by your dressing down. I'll promise not to be a repeat offender. I stand guilty of downloading bad stuff at work.

Yes, l am aware l'm on the office network and yes, l did inform the tech personnel whose from a private company the office outsource to. Prior to my mischevious act, all the computers at work were protected by a scaled down version from Symantec which did not pick up these malwares. As a result, we've upgraded the system with trendmicro's office scan. They are fully informed of my action. My act of desparation was when the techie took over a week to come over. This chap as it turned out was on vacation.

But on the bright side late yesterday afternoon, just as the techie showed up l tried Combofix after reading into fixes your ESTEEMED group offered to other poor souls. With Combofix, l managed to undo all those parasites attached or at least ones bothering me. l dont get anymore POP-up porno, anti spyware or games pages. The techie showed up just as l performing some test run and now he's interested in your forum. Some office e-mail attachment that wont open up earlier works now. Google and some other search engines that used to be in limbo (infinity) now works. Anyways, if you're still ok with looking into my registry, here's today's post from dss. P/s spent last nite trying to undo the damage to my homecomputer and l'm partially there now. Might revert to you for assistance.

Oh, there's nothing significantly private in this desktop as l'm only hooked thro the internet to the office server's mail box and this desktop station will be defunct in the next couple months.

Dss post :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:24, on 2008-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\JO394.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\paul.hii\LOCALS~1\Temp\Rar$EX00.312\RegCleanr.exe
\cutandcover01\Profiles\paul.hii\Desktop\dss.exe
\cutandcover01\Profiles\paul.hii\Desktop\PAULHI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cambiecutandcover.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor Apache Servers.lnk = Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cambiecutandcover.local
O17 - HKLM\Software\..\Telephony: DomainName = cambiecutandcover.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cambiecutandcover.local
O20 - AppInit_DLLs: knbejlcs.dll
O23 - Service: Apache2 - Apache Software Foundation - c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: OfficeScan Control Manager Agent (OfficeScanCMAgent) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 8991 bytes

-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-10 13:43:55 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-10 13:43:54 68096 --a------ C:\WINDOWS\zip.exe
2008-07-10 13:43:54 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-10 13:43:54 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-10 13:43:54 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-10 13:43:54 98816 --a------ C:\WINDOWS\sed.exe
2008-07-10 13:43:54 80412 --a------ C:\WINDOWS\grep.exe
2008-07-10 13:43:54 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-10 08:14:11 0 dr-h----- C:\Documents and Settings\paul.hii\Recent
2008-07-09 07:04:01 0 d-------- C:\Documents and Settings\paul.hii\Desktop
2008-07-02 12:54:06 0 d-------- C:\Documents and Settings\paul.hii\Application Data\InstallShield
2008-06-25 12:37:20 0 d-------- C:\Program Files\InterMute
2008-06-25 09:16:55 0 d-------- C:\Program Files\Trend Micro
2008-06-25 07:40:18 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-06-25 07:40:00 0 d-------- C:\WINDOWS\system32\modtrux18
2008-06-25 07:39:45 15872 --a------ C:\Documents and Settings\paul.hii\services.exe
2008-06-25 07:39:22 52224 ---hs---- C:\Documents and Settings\paul.hii\lsass.exe
2008-06-25 06:58:07 0 d-------- C:\VundoFix Backups
2008-06-18 06:51:01 0 d-------- C:\Documents and Settings\paul.hii\Application Data\Apple Computer
2008-06-13 11:45:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-12 14:31:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-12 14:30:17 0 d-------- C:\Program Files\CCleaner
2008-06-12 14:11:00 0 d-------- C:\Documents and Settings\paul.hii\Application Data\Autodesk
2008-06-12 14:05:03 0 d-------- C:\Program Files\Autodesk
2008-06-12 13:08:11 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-12 10:16:42 0 d-------- C:\WINDOWS\WinRAR
2008-06-12 08:48:03 0 d-------- C:\Program Files\DNA
2008-06-12 08:48:03 0 d-------- C:\Documents and Settings\paul.hii\Application Data\DNA
2008-06-11 11:15:32 0 d-------- C:\Program Files\QuickTime
2008-06-11 11:13:10 0 d-------- C:\Program Files\Apple Software Update

-- Find3M Report ---------------------------------------------------------------
2008-07-03 08:51:53 0 d-------- C:\Documents and Settings\paul.hii\Application Data\Mozilla
2008-07-02 13:15:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-02 13:15:06 0 d-------- C:\Program Files\Symantec
2008-07-02 13:15:03 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-02 13:05:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 15:02:42 0 d-------- C:\Program Files\Common Files
2008-06-16 09:19:09 0 d-------- C:\Program Files\Windows Live
2008-06-13 09:19:31 0 d-------- C:\Program Files\Primavera
2008-06-12 14:30:28 0 d-------- C:\Program Files\Yahoo!
2008-06-12 09:31:44 0 d-------- C:\Program Files\Replay Converter
2008-06-11 11:09:28 0 d-------- C:\Program Files\Java
2008-06-09 07:24:10 0 d-------- C:\Program Files\Microsoft SQL Server
2008-06-09 07:23:46 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-06-07 11:29:28 0 d-------- C:\Program Files\Microsoft Works
2008-06-07 10:49:36 0 d-------- C:\Program Files\Uconeer
2008-06-07 03:01:25 0 d-------- C:\Program Files\MSXML 4.0
2008-06-06 13:25:00 0 d-------- C:\Documents and Settings\paul.hii\Application Data\WinRAR
2008-06-06 09:07:00 0 d-------- C:\Documents and Settings\paul.hii\Application Data\Moyea
2008-06-06 09:05:44 0 d-------- C:\Program Files\WSDOT
2008-05-14 07:50:46 0 d-------- C:\Documents and Settings\paul.hii\Application Data\AdobeUM

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 00:51]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 00:56]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-05-08 00:43]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 00:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 19:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe [2005-04-16 14:26:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
"Intellimenus"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=knbejlcs.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSA Shellu]
C:\Documents and Settings\paul.hii\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d855c9-42be-11dd-bfe2-001558388868}]
Auto\command- D:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

-- End of Deckard's System Scanner: finished at 2008-07-11 07:25:03 ------------

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 PM

Posted 11 July 2008 - 10:10 AM

Hi,

Can you post the log from Combofix.. because you're still severly infected.

Keep in mind that ALL passwords should be changed afterwards, from ALL computers once this one is clean. Also, it may be a good idea to post a log from the other computers as well, because as I already explained, you are dealing with a flashdrive infection as well, so you probably infected every other computer too.

But lets start with this one first. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 PAH-

PAH-
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 11 July 2008 - 11:12 AM

Hi,

Thx for the prompt reply. Yup, l 've just noticed l'm still infected at least thats what office scan's picking up on, namely a CRYP.Morphine virus. here's the text from yesterday's combo scan :

ComboFix 08-07-09.5 - 2008-07-10 13:47:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.430 [GMT -7:00]
Running from: \\cutandcover01\Profiles\paul.hii\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMd74a4f0b.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aihizc.dll
C:\WINDOWS\system32\asjwtumi.ini
C:\WINDOWS\system32\awtqnkiI.dll
C:\WINDOWS\system32\ayIOpVut.ini
C:\WINDOWS\system32\ayIOpVut.ini2
C:\WINDOWS\system32\brfcceav.ini
C:\WINDOWS\system32\cjgbaxty.ini
C:\WINDOWS\system32\dcwcjgip.dll
C:\WINDOWS\system32\ddcyvSKa.dll
C:\WINDOWS\system32\djgggnpm.dll
C:\WINDOWS\system32\dlwtmz.dll
C:\WINDOWS\system32\dnbmeprk.dll
C:\WINDOWS\system32\dojcnoms.dll
C:\WINDOWS\system32\dsnjgqgr.ini
C:\WINDOWS\system32\dsyensbw.dll
C:\WINDOWS\system32\ejdmza.dll
C:\WINDOWS\system32\enwvthch.ini
C:\WINDOWS\system32\eskqcnms.dll
C:\WINDOWS\system32\ewyywhik.dll
C:\WINDOWS\system32\fecjvkmu.ini
C:\WINDOWS\system32\glhmqdnd.ini
C:\WINDOWS\system32\gnquya.dll
C:\WINDOWS\system32\gotuavhq.ini
C:\WINDOWS\system32\hdbuen.dll
C:\WINDOWS\system32\imsckyjv.dll
C:\WINDOWS\system32\iriuixhs.dll
C:\WINDOWS\system32\irswtybr.ini
C:\WINDOWS\system32\jqyrehof.ini
C:\WINDOWS\system32\jvrhproh.dll
C:\WINDOWS\system32\khfCTMge.dll
C:\WINDOWS\system32\kkhnjxdg.ini
C:\WINDOWS\system32\ldaixctp.dll
C:\WINDOWS\system32\lJAQiIaW.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\myvycixv.dll
C:\WINDOWS\system32\ncijrrem.dll
C:\WINDOWS\system32\nqlmhrtp.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pksuklyl.dll
C:\WINDOWS\system32\pmnligHw.dll
C:\WINDOWS\system32\pmnmklIA.dll
C:\WINDOWS\system32\pmnoPgfD.dll
C:\WINDOWS\system32\ptrhmlqn.ini
C:\WINDOWS\system32\qkwdabbi.ini
C:\WINDOWS\system32\quiwwokq.dll
C:\WINDOWS\system32\rtultkbd.ini
C:\WINDOWS\system32\rwucnp.dll
C:\WINDOWS\system32\smhximdn.ini
C:\WINDOWS\system32\tlxqwraj.dll
C:\WINDOWS\system32\tuVpOIya.dll
C:\WINDOWS\system32\tuvSmjgH.dll
C:\WINDOWS\system32\uavymrnq.ini
C:\WINDOWS\system32\uojcgdmn.ini
C:\WINDOWS\system32\urqRKDUm.dll
C:\WINDOWS\system32\vescyqaq.ini
C:\WINDOWS\system32\wbsneysd.ini
C:\WINDOWS\system32\yayyVpoO.dll
C:\WINDOWS\system32\yrawtcyb.dll
C:\WINDOWS\system32\yrfjmybv.dll
C:\WINDOWS\system32\ytuswjhm.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-02 14:45 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-02 13:16 . 2008-07-06 01:31 12,599 --a------ C:\WINDOWS\cfgall.ini
2008-07-02 13:15 . 2008-07-02 13:15 21 --a------ C:\tmuninst.ini
2008-07-02 12:54 . 2008-07-02 12:54 <DIR> d-------- C:\Documents and Settings\paul.hii\Application Data\InstallShield
2008-06-25 12:37 . 2008-06-25 12:37 <DIR> d-------- C:\Program Files\InterMute
2008-06-25 09:16 . 2008-07-02 14:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 09:07 . 2008-06-25 09:07 <DIR> d-------- C:\Deckard
2008-06-25 07:40 . 2008-06-25 07:40 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-06-25 07:40 . 2008-06-25 07:40 <DIR> d-------- C:\TEMP\syschk3
2008-06-25 07:40 . 2008-06-25 07:40 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-06-25 07:39 . 2008-06-20 16:27 52,224 ---hs---- C:\Documents and Settings\paul.hii\lsass.exe
2008-06-25 07:39 . 2008-06-25 07:39 33,792 --a------ C:\WINDOWS\system32\ljJBtroo.dll.vir
2008-06-25 07:39 . 2008-06-25 07:39 15,872 --a------ C:\Documents and Settings\paul.hii\services.exe
2008-06-25 06:58 . 2008-07-02 09:03 <DIR> d-------- C:\VundoFix Backups
2008-06-24 07:17 . 2008-06-24 07:17 48 --a------ C:\WINDOWS\wininit.ini
2008-06-18 06:51 . 2008-06-18 06:51 <DIR> d-------- C:\Documents and Settings\paul.hii\Application Data\Apple Computer
2008-06-13 11:45 . 2008-06-13 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 09:02 . 2008-07-10 07:08 110,387 --a------ C:\WINDOWS\BMd74a4f0b.xml
2008-06-12 14:31 . 2008-06-12 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-12 14:30 . 2008-06-12 14:31 <DIR> d-------- C:\Program Files\CCleaner
2008-06-12 14:11 . 2008-06-12 14:27 <DIR> d-------- C:\Documents and Settings\paul.hii\Application Data\Autodesk
2008-06-12 14:05 . 2008-06-12 14:05 <DIR> d-------- C:\Program Files\Autodesk
2008-06-12 13:08 . 2008-06-27 15:08 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-12 10:16 . 2008-06-12 11:27 <DIR> d-------- C:\WINDOWS\WinRAR
2008-06-12 08:48 . 2008-06-12 08:48 <DIR> d-------- C:\Program Files\DNA
2008-06-12 08:48 . 2008-07-09 11:50 <DIR> d-------- C:\Documents and Settings\paul.hii\Application Data\DNA
2008-06-11 11:15 . 2008-06-11 11:57 <DIR> d-------- C:\Program Files\QuickTime
2008-06-11 11:13 . 2008-06-11 11:13 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 20:15 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-02 20:15 --------- d-----w C:\Program Files\Symantec
2008-07-02 20:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-02 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-02 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-18 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-16 16:19 --------- d-----w C:\Program Files\Windows Live
2008-06-13 16:19 --------- d-----w C:\Program Files\Primavera
2008-06-12 21:30 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 16:31 --------- d-----w C:\Program Files\Replay Converter
2008-06-11 18:09 --------- d-----w C:\Program Files\Java
2008-06-09 14:24 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-09 14:23 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-06-08 10:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-07 18:29 --------- d-----w C:\Program Files\Microsoft Works
2008-06-07 17:49 --------- d-----w C:\Program Files\Uconeer
2008-06-07 10:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-06 16:07 --------- d-----w C:\Documents and Settings\paul.hii\Application Data\Moyea
2008-06-06 16:05 --------- d-----w C:\Program Files\WSDOT
2008-05-14 14:50 --------- d-----w C:\Documents and Settings\paul.hii\Application Data\AdobeUM
2006-01-13 22:49 12,754,672 ----a-w C:\Program Files\WMP10Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 19:10 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 00:51 118784]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-05-08 00:43 702072]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 00:55 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe [2005-04-16 14:26:08 41042]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"Intellimenus"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=knbejlcs.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-06-12 08:48 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSA Shellu]
---hs---- 2008-06-20 16:27 52224 C:\Documents and Settings\paul.hii\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Trend Micro\\OfficeScan\\PCCSRV\\Apache2\\bin\\Apache.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47004:TCP"= 47004:TCP:Trend Micro OfficeScan Listener

R2 WUSB54Gv42SVC;WUSB54Gv42SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe []
S3 OfficeScanCMAgent;OfficeScan Control Manager Agent;C:\Program Files\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe [2007-05-08 00:26]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 13:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d855c9-42be-11dd-bfe2-001558388868}]
\Shell\Auto\command - D:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-08 06:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-d4797c97 - C:\WINDOWS\system32\dsyensbw.dll
Notify-NavLogon - (no file)
MSConfigStartUp-BMd74a4f0b - C:\WINDOWS\system32\yrfjmybv.dll
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-d4797c97 - C:\WINDOWS\system32\nqlmhrtp.dll
MSConfigStartUp-vptray - C:\PROGRA~1\SYMANT~1\VPTray.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 13:56:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\OfcService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Temp\PJ8FE3.EXE
.
**************************************************************************
.
Completion time: 2008-07-10 14:01:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 21:01:01

Pre-Run: 42,221,563,904 bytes free
Post-Run: 42,932,846,592 bytes free

224 --- E O F --- 2008-06-11 10:07:20

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 PM

Posted 11 July 2008 - 12:42 PM

Hi,

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


First of all... not sure where you have read the instructions to use Combofix, but the first step required before you run it is to install the Recovery Console.
Read here how to do this with Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

The reason why Recovery Console is recommended is because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

After you've installed the Recovery Console (Combofix will run again as well then), then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\Documents and Settings\paul.hii\lsass.exe
C:\WINDOWS\system32\ljJBtroo.dll.vir
C:\Documents and Settings\paul.hii\services.exe
C:\WINDOWS\BMd74a4f0b.xml
Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\modtrux18
C:\TEMP\syschk3
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSA Shellu]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d855c9-42be-11dd-bfe2-001558388868}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 PAH-

PAH-
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 11 July 2008 - 01:50 PM

Hi Miekiemoes,

You've been really great with your response. I do thank you earnestly. I do admit l was reckless in executing combofix yesterday without reading notes on the recovery console first. It was only early this morning when l found that web page and tried it on my home computer. Forgive me.

Anyways, here's the latest post :

ComboFix 08-07-09.5 - 2008-07-11 11:33:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383 [GMT -7:00]
Running from: \\cutandcover01\Profiles\paul.hii\Desktop\ComboFix.exe
Command switches used :: \\cutandcover01\Profiles\paul.hii\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\paul.hii\lsass.exe
C:\Documents and Settings\paul.hii\services.exe
C:\WINDOWS\BMd74a4f0b.xml
C:\WINDOWS\system32\ljJBtroo.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\paul.hii\lsass.exe
C:\Documents and Settings\paul.hii\services.exe
C:\TEMP\syschk3
C:\VundoFix Backups
C:\WINDOWS\system32\ljJBtroo.dll.vir
C:\WINDOWS\system32\modtrux18

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-02 14:45 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-02 13:16 . 2008-07-06 01:31 12,599 --a------ C:\WINDOWS\cfgall.ini
2008-07-02 13:15 . 2008-07-02 13:15 21 --a------ C:\tmuninst.ini
2008-07-02 12:54 . 2008-07-02 12:54 <DIR> d-------- C:\Documents and Settings\paul.hii\Application Data\InstallShield
2008-06-25 12:37 . 2008-06-25 12:37 <DIR> d-------- C:\Program Files\InterMute
2008-06-25 09:16 . 2008-07-02 14:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 09:07 . 2008-06-25 09:07 <DIR> d-------- C:\Deckard
2008-06-25 07:40 . 2008-06-25 07:40 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-06-24 07:17 . 2008-06-24 07:17 48 --a------ C:\WINDOWS\wininit.ini
2008-06-18 06:51 . 2008-06-18 06:51 <DIR> d-------- C:\Documents and Settings\paul.hii\Application Data\Apple Computer
2008-06-13 11:45 . 2008-06-13 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-12 14:31 . 2008-06-12 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-12 14:30 . 2008-06-12 14:31 <DIR> d-------- C:\Program Files\CCleaner
2008-06-12 14:11 . 2008-06-12 14:27 <DIR> d-------- C:\Documents and Settings\paul.hii\Application Data\Autodesk
2008-06-12 14:05 . 2008-06-12 14:05 <DIR> d-------- C:\Program Files\Autodesk
2008-06-12 13:08 . 2008-06-27 15:08 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-12 10:16 . 2008-06-12 11:27 <DIR> d-------- C:\WINDOWS\WinRAR
2008-06-12 08:48 . 2008-06-12 08:48 <DIR> d-------- C:\Program Files\DNA
2008-06-12 08:48 . 2008-07-09 11:50 <DIR> d-------- C:\Documents and Settings\paul.hii\Application Data\DNA
2008-06-11 11:15 . 2008-06-11 11:57 <DIR> d-------- C:\Program Files\QuickTime
2008-06-11 11:13 . 2008-06-11 11:13 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 20:15 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-02 20:15 --------- d-----w C:\Program Files\Symantec
2008-07-02 20:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-02 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-02 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-18 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-16 16:19 --------- d-----w C:\Program Files\Windows Live
2008-06-13 16:19 --------- d-----w C:\Program Files\Primavera
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 21:30 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 16:31 --------- d-----w C:\Program Files\Replay Converter
2008-06-11 18:09 --------- d-----w C:\Program Files\Java
2008-06-09 14:24 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-09 14:23 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-06-08 10:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-07 18:29 --------- d-----w C:\Program Files\Microsoft Works
2008-06-07 17:49 --------- d-----w C:\Program Files\Uconeer
2008-06-07 10:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-06 16:07 --------- d-----w C:\Documents and Settings\paul.hii\Application Data\Moyea
2008-06-06 16:05 --------- d-----w C:\Program Files\WSDOT
2008-05-14 14:50 --------- d-----w C:\Documents and Settings\paul.hii\Application Data\AdobeUM
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-01-13 22:49 12,754,672 ----a-w C:\Program Files\WMP10Setup.exe
.

((((((((((((((((((((((((((((( snapshot_2008-07-11_11.24.07.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 13:47:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 18:27:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 18:28:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_de4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 19:10 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 00:51 118784]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-05-08 00:43 702072]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 00:55 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe [2005-04-16 14:26:08 41042]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"Intellimenus"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-06-12 08:48 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Trend Micro\\OfficeScan\\PCCSRV\\Apache2\\bin\\Apache.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47004:TCP"= 47004:TCP:Trend Micro OfficeScan Listener

R2 WUSB54Gv42SVC;WUSB54Gv42SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe []
S3 OfficeScanCMAgent;OfficeScan Control Manager Agent;C:\Program Files\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe [2007-05-08 00:26]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 13:02]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-08 06:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 11:35:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-11 11:37:17
ComboFix-quarantined-files.txt 2008-07-11 18:36:49
ComboFix2.txt 2008-07-11 18:24:27
ComboFix3.txt 2008-07-10 21:01:08

Pre-Run: 45,309,259,776 bytes free
Post-Run: 45,296,472,064 bytes free

146 --- E O F --- 2008-07-10 22:04:16


AND FROM HIJACK THIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39, on 2008-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
\cutandcover01\Profiles\paul.hii\Desktop\paul.hii.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cambiecutandcover.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor Apache Servers.lnk = Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cambiecutandcover.local
O17 - HKLM\Software\..\Telephony: DomainName = cambiecutandcover.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cambiecutandcover.local
O23 - Service: Apache2 - Apache Software Foundation - c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: OfficeScan Control Manager Agent (OfficeScanCMAgent) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8689 bytes


DO TELL ME I'M CURED !!

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 PM

Posted 11 July 2008 - 02:01 PM

The Recovery Console is still not installed yet - but from what I see here is - no need to install it anymore since we're almost finished. :thumbsup:

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Change ALL Passwords - don't forget that important step!!!

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 PAH-

PAH-
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 11 July 2008 - 04:54 PM

Dear Miekiemoes,


Merci de bien vouloir... You have been so very very kind and helpful.. computer seems to be working normally. I've mentioned this to the tech guy here with special mention of you and your team.

Wonder if l can try the same fix for my home computer now. I had combofix running on that one last night with the windows patch added to it and it felt so much better. For one the computer no longer slows down as much and windows which was acting strangely on me such that l couldnt get most of the programs to work because it refuses to associate the exe with most programs and items in control panel dont work so much even when l reinstall windows XP it not not execute.

Anyways, its working much better even though the pop ups are still there.

Thank you for your time and patience.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 PM

Posted 12 July 2008 - 12:02 AM

Hi,

In that case, post the Combofix log and HijackThislog from your home computer in this thread as well.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 PAH-

PAH-
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 July 2008 - 12:45 AM

Hi,

You're up early.. I installed Norton antivirus after combofix freed up my windows but its still picking up some tracking cookies. Prior to that, it isolated bloodhound.overpacked, spyware.Ardakey, netpumper. I've used CCcleaner to clear some of the useless registry items and regcleaner to disable some of these malware startups such as Stupid Data Dart Wave, TkBellExe and Meet Poke.Exe except the last one keeps one regenerating.

Anyways notes from the home computer :

ComboFix 08-07-10.1 - user 2008-07-10 17:42:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.727 [GMT -7:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\richvideocodec.dll
C:\WINDOWS\system32\UpMedia

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-10 17:46 . 2008-07-10 17:46 <DIR> d-------- C:\Documents and Settings\user\Application Data\NetPumper
2008-07-10 17:28 . 2008-07-10 17:28 2,609,572 --a------ C:\ComboFix(2).exe
2008-07-10 17:27 . 2008-07-10 17:27 2,609,572 --a------ C:\ComboFix.exe
2008-07-07 20:32 . 2004-08-04 05:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-07 20:31 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-07 20:30 . 2004-08-04 05:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-07-07 20:29 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-07-07 20:27 . 2004-08-04 05:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-07-07 20:27 . 2008-07-07 20:27 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-07 20:27 . 2008-07-07 20:27 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-07 20:27 . 2008-07-07 20:27 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-07 20:27 . 2008-07-07 20:27 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-07 20:27 . 2008-07-07 20:27 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-07 20:27 . 2008-07-07 20:27 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-07 18:21 . 2004-08-03 22:59 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-07-06 23:59 . 2008-07-06 23:59 <DIR> d-------- C:\Program Files\NetPumper
2008-07-06 23:59 . 2008-07-06 23:59 <DIR> d-------- C:\Program Files\blue tons log
2008-07-06 23:59 . 2008-07-06 23:59 <DIR> d-------- C:\Documents and Settings\user\Application Data\blue tons log
2008-07-06 23:59 . 2008-07-06 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\flag ace stupid data
2008-07-06 23:50 . 2008-07-06 23:50 <DIR> d-------- C:\WINDOWS\system32\Sys
2008-06-25 20:31 . 2008-06-25 20:31 18,944 --a------ C:\WINDOWS\system32\ksisys.dll
2008-06-25 20:29 . 2008-06-25 20:29 <DIR> d-------- C:\Program Files\RichVideoCodec
2008-06-25 19:34 . 2008-06-25 19:34 18,944 --a------ C:\WINDOWS\system32\ascisys.dll
2008-06-25 19:28 . 2008-06-25 19:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-25 19:28 . 2008-06-25 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 18:44 . 2008-06-25 18:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 18:41 . 2008-06-25 18:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-24 17:45 . 2008-06-24 17:45 <DIR> d-------- C:\VundoFix Backups
2008-06-12 21:48 . 2008-06-12 21:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 21:48 . 2008-06-12 21:48 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 13:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2009-01-15 13:24 --------- d-----w C:\Documents and Settings\user\Application Data\AdobeUM
2009-01-15 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-11 00:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 02:59 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-02 12:54 --------- d-----w C:\Program Files\LimeWire
2008-06-29 17:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-07 03:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 11:32 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-02-01 13:32 374 ----a-w C:\Documents and Settings\user\Application Data\internaldb6334.dat
2008-01-31 13:00 555 ----a-w C:\Documents and Settings\user\Application Data\internaldb8467.dat
2008-01-31 13:00 18,432 ----a-w C:\Documents and Settings\user\Application Data\internaldb41.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Flag Vc"="C:\DOCUME~1\user\APPLIC~1\BLUETO~1\Meet Poke.exe" [2008-07-06 23:58 509440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 15:16 7561216]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-14 14:19 185896]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 18:39 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 14:57 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NetPumper"="C:\Program Files\NetPumper\\NetPumperIEProxy.exe" [2004-07-03 21:06 704000]
"Stupid Data Dart Wave"="C:\Documents and Settings\All Users\Application Data\flag ace stupid data\FORK STORE.exe" [2008-07-10 17:47 2007040]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 15:16 86016]
"nwiz"="nwiz.exe" [2006-03-17 15:16 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-12-15 04:57]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 18:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3748709e-aacf-11dc-adc0-000c765421b7}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

*Newly Created Service* - USNJSVC
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 00:00:00 C:\WINDOWS\Tasks\AA8683159195376D.job"
- c:\docume~1\user\applic~1\blueto~1\Two Title Sect.exe
"2008-07-11 00:21:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-07 00:01:42 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 17:46:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-07-10 17:53:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-11 00:53:09

Pre-Run: 38,532,595,712 bytes free
Post-Run: 40,095,518,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

145 --- E O F --- 2008-07-10 18:11:40

AND FROM HIJACK THIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:47 PM, on 7/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\YouTube Converter\MoyeaCth.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Flag Vc] C:\DOCUME~1\user\APPLIC~1\BLUETO~1\Meet Poke.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11078 bytes

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 PM

Posted 12 July 2008 - 01:13 AM

Hi,

Netpumper is bundled with adware, responsible for the popups you're getting, so as a first step, please uninstall Netpumper via software > add/remove programs.

Reboot your computer after uninstall.

Then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\Tasks\AA8683159195376D.job
C:\Documents and Settings\user\Application Data\internaldb6334.dat
C:\Documents and Settings\user\Application Data\internaldb8467.dat
C:\Documents and Settings\user\Application Data\internaldb41.dat
C:\WINDOWS\system32\ascisys.dll
C:\WINDOWS\system32\ksisys.dll
Folder::
C:\VundoFix Backups
C:\Documents and Settings\All Users\Application Data\flag ace stupid data
C:\Documents and Settings\user\Application Data\blue tons log
C:\Program Files\blue tons log
C:\Program Files\NetPumper
C:\Documents and Settings\user\Application Data\NetPumper
Dirlook::
C:\WINDOWS\system32\Sys
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3748709e-aacf-11dc-adc0-000c765421b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flag Vc"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetPumper"=-
"Stupid Data Dart Wave"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 PAH-

PAH-
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 July 2008 - 01:40 AM

Hi,

I unwillingly downloaded netpumper after some other software download prompted me to do so a couple days ago. I've suspected it to be corrupted and wanted to delete later. Its resident on my desktop and l've not executed it as yet so l cant uninstall it from "add/Remove" in control panel. Here's where its at : "C:\Program Files\NetPumper\NetPumper.exe". But now after running norton, its seem to have change its outlook. Its icon face has moulded to that of a small windows box and l'm guessing l cant uninstall it using its uninstall command in program start up. should l Crtl,Alt, Del it from desktop before l proceed with the other tasks.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 PM

Posted 12 July 2008 - 06:34 AM

Just proceed with the next steps if you can't uninstall it. It will take care of it as well.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 PAH-

PAH-
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 July 2008 - 07:51 AM

Hi Miekiemoes,

Here's the fix results, its pretty long :

ComboFix 08-07-10.1 - user 2008-07-12 5:31:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.506 [GMT -7:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\user\Application Data\internaldb41.dat
C:\Documents and Settings\user\Application Data\internaldb6334.dat
C:\Documents and Settings\user\Application Data\internaldb8467.dat
C:\WINDOWS\system32\ascisys.dll
C:\WINDOWS\system32\ksisys.dll
C:\WINDOWS\Tasks\AA8683159195376D.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\flag ace stupid data
C:\Documents and Settings\All Users\Application Data\flag ace stupid data\FORK STORE.exe
C:\Documents and Settings\user\Application Data\blue tons log
C:\Documents and Settings\user\Application Data\blue tons log\0
C:\Documents and Settings\user\Application Data\blue tons log\Meet Poke.exe
C:\Documents and Settings\user\Application Data\blue tons log\Two Title Sect.exe
C:\Documents and Settings\user\Application Data\blue tons log\txoulusn.exe
C:\Program Files\blue tons log
C:\VundoFix Backups
C:\WINDOWS\Tasks\AA8683159195376D.job

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-11 16:43 . 2008-04-22 21:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-11 16:43 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-11 16:43 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-11 16:43 . 2008-04-22 21:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-11 16:43 . 2008-04-22 21:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-11 16:43 . 2008-04-22 21:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-11 16:43 . 2008-04-22 21:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-11 16:43 . 2008-04-22 21:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-11 16:43 . 2008-04-22 00:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-11 06:33 . 2008-07-11 16:44 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-11 06:06 . 2008-04-13 17:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-07-11 06:05 . 2001-08-18 05:00 381,425 -----c--- C:\WINDOWS\system32\dllcache\copycd.wmv
2008-07-10 23:36 . 2008-07-10 23:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-10 23:20 . 2008-07-10 23:20 <DIR> d-------- C:\Deckard
2008-07-10 22:06 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-10 22:06 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-10 22:06 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-10 19:22 . 2008-07-10 19:22 <DIR> d-------- C:\Program Files\Sun
2008-07-10 18:43 . 2008-07-10 18:51 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-10 18:43 . 2008-07-10 18:51 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-10 18:29 . 2008-07-10 18:29 16 --a------ C:\WINDOWS\system32\coh.cache
2008-07-10 18:04 . 2008-07-10 22:17 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-07-10 18:03 . 2008-07-10 18:51 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-10 18:03 . 2008-07-10 18:51 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-10 17:27 . 2008-07-10 17:27 2,609,572 --a------ C:\ComboFix.exe
2008-07-09 03:16 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-09 03:12 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-07 20:32 . 2004-08-04 05:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-07 20:31 . 2008-04-13 17:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-07 20:30 . 2004-08-04 05:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-07-07 20:29 . 2004-08-04 05:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll
2008-07-07 20:29 . 2004-08-04 05:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-07-07 20:29 . 2004-08-04 05:00 19,968 --a--c--- C:\WINDOWS\system32\dllcache\inetsloc.dll
2008-07-07 20:29 . 2004-08-04 05:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\iisreset.exe
2008-07-07 20:29 . 2004-08-04 05:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-07-07 20:29 . 2004-08-04 05:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-07-07 20:29 . 2004-08-04 05:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\iisrstap.dll
2008-07-07 20:27 . 2004-08-04 05:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-07-07 20:27 . 2008-07-07 20:27 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-07 20:27 . 2008-07-07 20:27 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-07 20:27 . 2008-07-07 20:27 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-07 20:27 . 2008-07-07 20:27 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-07 20:27 . 2008-07-07 20:27 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-07 20:27 . 2008-07-07 20:27 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-07 18:21 . 2008-04-13 11:40 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-07-06 23:50 . 2008-07-10 20:44 <DIR> d--hs---- C:\WINDOWS\system32\Sys
2008-06-25 20:29 . 2008-06-25 20:29 <DIR> d-------- C:\Program Files\RichVideoCodec
2008-06-25 19:28 . 2008-06-25 19:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-25 19:28 . 2008-06-25 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 18:44 . 2008-06-25 18:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 18:41 . 2008-06-25 18:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-20 10:46 . 2008-06-20 10:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 10:46 . 2008-06-20 10:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 04:51 . 2008-06-20 04:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 04:40 . 2008-06-20 04:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 04:08 . 2008-06-20 04:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-12 21:48 . 2008-07-11 21:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 21:48 . 2008-06-12 21:48 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 13:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2009-01-15 13:24 --------- d-----w C:\Documents and Settings\user\Application Data\AdobeUM
2009-01-15 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-12 01:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-11 05:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-11 02:21 --------- d-----w C:\Program Files\Java
2008-07-11 01:51 --------- d-----w C:\Program Files\Symantec
2008-07-11 00:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 02:59 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-02 12:54 --------- d-----w C:\Program Files\LimeWire
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 03:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 11:32 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-05-16 18:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 12:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 12:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 12:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:28 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:23 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-13 17:23 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\Sys ----

2008-07-10 19:05 3810 --a------ C:\WINDOWS\system32\Sys\norton-db.001
2008-07-10 18:59 5054 --a------ C:\WINDOWS\system32\Sys\norton-db.002


((((((((((((((((((((((((((((( snapshot@2008-07-10_17.52.53.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-27 10:46:15 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP3QFE\tzchange.exe
- 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
- 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
- 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
- 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
- 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
- 2006-05-25 18:29:04 213,216 -c--a-w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2006-05-25 17:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
- 2006-05-25 18:29:04 371,424 -c--a-w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2006-05-25 17:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
- 2006-05-24 20:32:48 213,216 -c--a-w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2006-05-24 19:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
- 2006-05-24 20:32:48 371,424 -c--a-w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2006-05-24 19:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2007-03-06 01:22:34 22,752 -c----w C:\WINDOWS\$NtUninstallKB942763$\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w C:\WINDOWS\$NtUninstallKB942763$\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst.exe
- 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
- 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
- 2007-07-18 12:42:22 60,416 -c--a-w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2008-04-14 00:12:38 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2007-03-06 01:22:59 716,000 -c----w C:\WINDOWS\$NtUninstallKB942763$\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\updspapi.dll
- 2004-08-04 12:00:00 1,852,416 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2004-08-04 12:00:00 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2004-08-04 12:00:00 137,728 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2004-08-04 12:00:00 244,736 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2004-08-04 12:00:00 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2008-07-11 00:46:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-12 12:17:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2004-08-04 12:00:00 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2008-04-14 00:12:19 1,033,728 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-04 12:00:00 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
+ 2008-04-14 00:12:06 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
- 2004-08-04 12:00:00 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
+ 2008-04-14 00:12:07 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
- 2004-08-04 12:00:00 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
+ 2008-04-14 00:12:07 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
- 2004-08-04 12:00:00 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2008-04-14 00:12:21 10,752 ----a-w C:\WINDOWS\hh.exe
- 2004-08-04 08:56:42 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2008-04-14 00:11:48 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
- 2004-08-04 08:56:42 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2008-04-14 00:11:48 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
- 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2008-04-14 00:11:51 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
- 2007-08-22 12:55:30 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-04-14 00:11:52 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
- 2007-08-22 12:55:31 205,824 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-04-14 00:11:52 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
- 2007-08-22 12:55:31 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2008-04-14 00:11:53 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
- 2004-08-04 08:56:44 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2008-04-14 00:11:54 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
- 2004-08-04 08:56:52 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2008-04-14 00:12:22 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
- 2004-08-04 08:56:44 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2008-04-14 00:11:54 143,360 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
- 2004-08-04 08:56:44 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2008-04-14 00:11:54 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
- 2001-08-18 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
- 2004-08-04 08:56:44 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-04-14 00:11:54 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
- 2007-08-21 10:19:39 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2008-04-14 00:12:22 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
- 2007-08-22 12:55:32 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2008-04-14 00:11:54 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
- 2004-08-04 08:56:44 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2008-04-14 00:11:54 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
- 2004-08-04 08:56:44 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2008-04-14 00:11:54 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
- 2004-08-04 08:56:52 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2008-04-14 00:12:22 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
- 2004-08-04 08:56:44 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-04-14 00:11:54 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
- 2007-08-22 12:55:32 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2008-04-14 00:11:55 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
- 2007-08-22 12:55:32 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2008-04-14 00:11:56 15,872 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
- 2004-08-04 08:56:44 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2008-04-14 00:11:56 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
- 2004-08-04 08:56:54 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-04-14 00:12:27 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
- 2007-08-22 12:55:36 3,064,832 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-04-21 06:44:29 3,066,880 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-04-21 06:44:29 3,066,880 -c--a-w C:\WINDOWS\ie7\mshtml.dll.000
- 2007-08-22 12:55:37 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2008-04-14 00:11:59 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
- 2004-08-04 08:56:16 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2008-04-13 16:26:26 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
- 2001-08-18 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
- 2007-08-22 12:55:37 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-04-14 00:12:00 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
- 2007-08-22 12:55:38 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2008-04-14 00:12:00 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
- 2004-08-04 08:56:46 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-04-14 00:12:02 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
- 2007-08-22 12:55:38 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2008-04-14 00:12:02 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
- 2007-08-14 02:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-14 01:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
- 2007-08-14 02:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2007-08-14 01:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
- 2006-09-07 01:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-07 00:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
- 2006-09-07 01:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2006-09-07 00:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
- 2004-08-04 08:56:48 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-04-14 00:12:08 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
- 2007-08-22 12:55:43 617,984 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2008-04-14 00:12:08 619,520 -c--a-w C:\WINDOWS\ie7\urlmon.dll
- 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2008-04-14 00:12:08 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
- 2004-08-04 08:56:48 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-04-14 00:12:08 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
- 2007-08-22 12:55:44 665,600 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2008-04-21 06:44:29 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2008-04-21 06:44:29 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll.000
- 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-14 01:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-14 01:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll.000
- 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-14 01:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-14 01:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll.000
- 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-14 01:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-14 01:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll.000
- 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-14 01:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-14 01:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll.000
- 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-14 01:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-14 01:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe.000
- 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-14 01:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-14 01:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll.000
- 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-14 01:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-14 01:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll.000
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-08-14 00:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
- 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-14 01:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-14 01:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll.000
- 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-14 01:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-14 01:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll.000
- 2008-02-22 10:00:51 13,824 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-14 01:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-14 01:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-14 01:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe.000
- 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-14 01:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-14 01:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll.000
- 2008-03-02 01:36:30 3,591,680 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-14 01:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-14 01:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll.000
- 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-14 01:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-14 01:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll.000
- 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-14 01:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-14 01:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll.000
- 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-14 01:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-14 01:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll.000
- 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-14 01:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-14 01:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll.000
- 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-08-14 01:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-08-14 01:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:31 22,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spcustom.dll
+ 2007-03-06 01:22:33 14,048 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst.exe
+ 2007-03-06 01:22:56 716,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\updspapi.dll
- 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-14 01:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-14 01:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll.000
- 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-14 01:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-14 01:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll.000
- 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-14 01:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-14 01:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll.000
- 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2007-08-14 01:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2007-08-14 01:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll.000
- 2004-08-04 12:00:00 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
+ 2008-04-14 00:11:58 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2004-08-04 12:00:00 130,048 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2008-04-14 00:12:06 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
- 2004-08-04 12:00:00 62,976 ----a-w C:\WINDOWS\ime\SPGRMR.dll
+ 2008-04-13 16:43:18 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
- 2004-08-04 12:00:00 250,880 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2008-04-14 00:12:06 250,368 ----a-w C:\WINDOWS\ime\sptip.dll
- 2004-08-04 12:00:00 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2008-04-14 00:12:38 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2008-06-04 22:50:13 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-07-11 15:14:07 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
- 2004-08-04 12:00:00 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
+ 2008-04-14 00:11:48 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
- 2004-08-04 12:00:00 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
+ 2008-04-14 00:11:48 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
- 2004-08-04 12:00:00 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2008-04-14 00:11:48 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2004-08-04 12:00:00 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2008-04-14 00:11:48 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 12:00:00 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
+ 2008-04-14 00:11:48 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
- 2004-08-04 12:00:00 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
+ 2008-04-14 00:11:48 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
- 2004-08-04 12:00:00 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
+ 2008-04-14 00:11:48 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
- 2004-08-04 12:00:00 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-04-14 00:12:12 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2004-08-04 12:00:00 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
+ 2008-04-14 00:11:49 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
- 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
- 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
- 2004-08-04 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
- 2004-08-04 12:00:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
- 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
- 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
- 2004-08-04 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
- 2004-08-04 12:00:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
- 2004-08-04 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
- 2004-08-04 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
- 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
- 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
- 2004-08-04 12:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
- 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
- 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
- 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
- 2004-08-04 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
- 2004-08-04 12:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
- 2004-08-04 12:00:00 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2008-04-14 00:12:00 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
- 2004-08-04 12:00:00 90,624 ----a-w C:\WINDOWS\mui\muisetup.exe
+ 2008-04-14 00:12:29 90,624 ----a-w C:\WINDOWS\mui\muisetup.exe
- 2004-08-04 12:00:00 69,120 ----a-w C:\WINDOWS\notepad.exe
+ 2008-04-14 00:12:29 69,120 ----a-w C:\WINDOWS\notepad.exe
- 2004-08-04 12:00:00 768,512 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
+ 2008-04-14 00:12:21 769,024 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
- 2004-08-04 12:00:00 743,936 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpSvc.exe
+ 2008-04-14 00:12:21 744,448 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
- 2004-08-04 12:00:00 18,944 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HscUpd.exe
+ 2008-04-14 00:12:21 18,432 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\hscupd.exe
- 2004-08-04 12:00:00 158,208 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
+ 2008-04-14 00:12:27 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
- 2004-08-04 12:00:00 376,320 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msinfo.dll
+ 2008-04-14 00:11:59 376,832 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msinfo.dll
- 2004-08-04 12:00:00 102,400 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchshell.dll
+ 2008-04-14 00:12:02 102,912 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchshell.dll
- 2004-08-04 12:00:00 38,912 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
+ 2008-04-14 00:12:02 38,400 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
- 2004-08-04 12:00:00 150,528 ----a-w C:\WINDOWS\PCHEALTH\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 00:12:38 150,528 ----a-w C:\WINDOWS\PCHEALTH\UploadLB\Binaries\uploadm.exe
- 2004-08-04 12:00:00 151,552 ----a-w C:\WINDOWS\peernet\sqldb20.dll
+ 2008-04-14 00:12:06 151,552 ----a-w C:\WINDOWS\peernet\sqldb20.dll
- 2004-08-04 12:00:00 462,848 ----a-w C:\WINDOWS\peernet\sqlqp20.dll
+ 2008-04-14 00:12:06 462,848 ----a-w C:\WINDOWS\peernet\sqlqp20.dll
- 2004-08-04 12:00:00 110,592 ----a-w C:\WINDOWS\peernet\sqlse20.dll
+ 2008-04-14 00:12:06 110,592 ----a-w C:\WINDOWS\peernet\sqlse20.dll
- 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-14 00:12:32 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2008-04-14 00:11:48 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 00:11:48 136,192 ------w C:\WINDOWS\ServicePackFiles\i386\aaclient.dll
+ 2004-08-04 05:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-04 05:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 00:11:48 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 00:12:11 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 00:11:48 1,852,928 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 00:11:48 451,072 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 00:11:48 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 00:11:48 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2008-04-13 18:36:35 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 00:11:48 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 00:11:48 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 00:12:12 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 00:11:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 00:11:48 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 00:11:48 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\admexs.dll
+ 2008-04-14 00:11:48 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2008-04-14 00:12:12 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2004-08-04 05:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 00:11:48 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 00:11:48 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\admwprox.dll
+ 2008-04-14 00:11:48 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsiis51.dll
+ 2008-04-14 00:11:48 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 00:11:48 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 00:11:48 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 00:11:48 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 00:11:48 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\adsnw.dll
+ 2007-04-02 13:10:44 85,813 ------w C:\WINDOWS\ServicePackFiles\i386\adsutil.vbs
+ 2008-04-14 00:11:48 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 00:11:48 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 00:11:48 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 00:11:48 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 00:11:48 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 00:11:48 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 00:11:48 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 00:11:48 617,472 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 00:11:48 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2008-04-14 00:11:48 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 00:11:48 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 00:11:48 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 00:11:48 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 00:11:48 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 00:11:48 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 00:11:48 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 00:12:12 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 00:11:49 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 00:12:12 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 00:12:12 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 00:11:49 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2008-04-13 18:31:32 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2008-04-13 18:31:33 37,760 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 00:11:49 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2004-08-04 05:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2008-04-14 00:11:49 108,544 ------w C:\WINDOWS\ServicePackFiles\i386\appconf.dll
+ 2008-04-14 00:11:49 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 00:11:49 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
+ 2008-04-14 00:11:49 295,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgr.dll
+ 2008-04-14 00:11:49 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 00:11:49 369,664 ------w C:\WINDOWS\ServicePackFiles\i386\asp51.dll
+ 2008-04-13 16:09:58 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_filter.dll
+ 2008-04-13 16:09:59 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_isapi.dll
+ 2008-04-13 16:10:01 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe
+ 2008-04-13 16:10:01 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_state.exe
+ 2008-04-13 16:10:01 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe
+ 2008-04-14 00:12:12 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe
+ 2008-04-14 00:12:12 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe
+ 2008-04-14 00:11:49 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 00:12:12 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 06:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 06:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 06:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 06:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 06:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 06:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 06:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 06:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 06:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 06:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 00:11:49 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 00:11:49 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 00:11:49 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-04 06:29:28 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-04 06:29:28 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 00:11:49 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 00:11:49 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 00:11:50 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 06:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 06:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 06:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 06:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 06:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 06:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 06:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 06:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 06:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 06:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 00:11:50 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 00:11:50 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 00:11:50 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2008-04-14 00:12:12 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 00:09:01 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 00:11:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 00:12:12 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 00:11:50 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 00:11:50 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 00:11:50 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 00:11:50 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 00:11:50 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 00:11:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 00:12:12 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 00:11:50 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2008-04-14 00:12:12 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2008-04-14 00:11:50 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2008-04-14 00:12:12 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 00:12:12 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 00:12:13 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 00:12:13 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 00:11:50 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 00:11:50 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 00:11:50 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 00:11:50 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 00:11:50 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 00:11:50 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 00:11:50 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 00:11:50 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 00:11:50 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 00:12:13 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2008-04-14 00:12:13 142,848 ------w C:\WINDOWS\ServicePackFiles\i386\bootcfg.exe
+ 2008-04-13 18:53:23 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2008-04-13 17:03:24 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 00:11:50 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2008-04-14 00:11:50 1,025,024 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 00:11:50 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 00:11:50 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2008-04-13 18:46:32 273,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 00:11:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 00:11:50 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 00:11:50 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 00:11:50 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 00:11:50 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 00:12:13 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 00:11:50 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 00:11:50 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 00:11:50 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 00:11:50 150,016 ------w C:\WINDOWS\ServicePackFiles\i386\capesnpn.dll
+ 2007-06-27 12:53:18 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe
+ 2008-04-14 00:11:50 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 00:11:50 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 00:11:50 625,664 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 18:46:23 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-13 19:14:21 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 00:11:50 151,040 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 00:11:50 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 00:11:50 2,091,520 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
+ 2008-04-13 18:40:46 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 00:11:50 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 00:11:50 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
+ 2008-04-14 00:11:50 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 00:09:05 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 00:12:14 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 00:11:50 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-13 18:40:58 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
+ 2008-04-14 00:11:50 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\cic.dll
+ 2008-04-14 00:11:50 1,358,848 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 00:11:50 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 00:12:14 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe
+ 2008-04-14 00:12:14 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
+ 2008-04-13 19:16:22 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 00:11:50 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 00:11:50 498,688 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 00:12:14 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 00:11:50 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 00:12:14 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 00:12:14 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 00:12:14 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 00:11:50 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2008-04-13 18:36:37 13,952 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 00:11:50 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 00:12:14 389,120 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 00:11:50 344,064 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 00:12:14 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 00:12:15 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 00:11:50 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 00:11:50 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 00:12:15 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 00:11:50 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 00:11:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 00:11:50 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-14 00:11:51 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\coadmin.dll
+ 2008-04-13 16:44:16 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 00:11:51 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 00:11:51 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 00:11:51 195,072 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 00:11:51 617,472 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 00:11:51 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 00:11:51 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2008-04-13 18:36:37 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 00:11:51 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\compfilt.dll
+ 2008-04-14 00:11:51 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 00:11:51 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 00:12:15 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 00:12:15 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 00:11:51 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll
+ 2008-04-13 18:43:32 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comsdupd.exe
+ 2008-04-14 00:11:51 274,944 ------w C:\WINDOWS\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 00:11:51 167,424 ------w C:\WINDOWS\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 00:11:51 1,267,200 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 00:11:51 539,648 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 00:12:15 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2008-04-14 00:11:51 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 00:11:51 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 00:12:15 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2008-04-13 16:10:05 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\corperfmonext.dll
+ 2008-04-14 00:11:51 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 00:11:51 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 00:11:51 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2008-04-13 18:31:32 36,736 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 00:11:51 599,040 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 00:11:51 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 00:11:51 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 00:11:51 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll
+ 2008-04-14 00:11:51 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll
+ 2008-04-14 00:11:51 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2008-04-14 00:11:51 512,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2008-04-13 16:10:13 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\csc.exe
+ 2008-04-14 00:11:51 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll
+ 2007-06-27 12:53:47 589,824 ------w C:\WINDOWS\ServicePackFiles\i386\cscomp.dll
+ 2008-04-14 00:12:15 139,264 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
+ 2008-04-14 00:11:51 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2008-04-14 00:11:51 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2008-04-14 00:12:15 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe
+ 2008-04-14 00:12:16 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 00:11:51 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll
+ 2008-04-14 00:11:51 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll
+ 2004-08-04 05:32:26 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys
+ 2008-04-14 00:11:51 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2008-04-14 00:11:51 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll
+ 2008-04-14 00:11:51 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
+ 2008-04-14 00:11:51 824,320 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll
+ 2008-04-14 00:11:51 1,054,208 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2008-01-23 04:56:21 554,008 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll
+ 2008-04-14 00:11:51 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll
+ 2008-04-14 00:11:51 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\datime.dll
+ 2008-04-14 00:12:16 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\davcdata.exe
+ 2008-04-14 00:11:51 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll
+ 2008-04-14 00:11:51 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2008-04-14 00:11:51 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2008-04-14 00:11:51 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2008-04-14 00:11:51 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2008-04-14 00:25:26 1,804 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 00:11:51 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2008-04-14 00:11:51 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll
+ 2008-04-14 00:12:16 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\dcomcnfg.exe
+ 2008-04-14 00:12:16 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 00:11:51 279,552 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2008-04-14 00:11:51 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll
+ 2008-04-14 00:12:16 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 00:11:51 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll
+ 2008-04-14 00:11:51 282,624 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2008-04-14 00:12:16 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 00:12:16 105,472 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 00:11:51 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll
+ 2008-04-14 00:11:51 124,416 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll
+ 2008-04-14 00:11:51 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll
+ 2008-04-14 00:11:51 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll
+ 2008-04-14 00:11:51 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
+ 2008-04-14 00:11:52 379,904 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpmon.dll
+ 2008-04-14 00:11:52 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpqec.dll
+ 2008-04-14 00:12:17 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe
+ 2008-04-14 00:12:17 87,040 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe
+ 2007-04-02 18:34:11 884,712 ------w C:\WINDOWS\ServicePackFiles\i386\digcore.exe
+ 2008-04-14 00:11:52 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll
+ 2008-04-14 00:11:52 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\dimsntfy.dll
+ 2008-04-14 00:11:52 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\dimsroam.dll
+ 2008-04-14 00:11:52 158,720 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll
+ 2008-04-14 00:11:52 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll
+ 2008-04-14 00:11:52 86,528 ------w C:\WINDOWS\ServicePackFiles\i386\directdb.dll
+ 2008-04-13 18:40:47 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys
+ 2008-04-14 00:11:52 1,504,256 ------w C:\WINDOWS\ServicePackFiles\i386\diskcopy.dll
+ 2008-04-13 18:40:44 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys
+ 2008-04-14 00:12:17 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe
+ 2008-04-14 00:11:52 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\dispex.dll
+ 2008-04-14 00:12:17 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
+ 2008-04-13 18:40:51 8,320 ------w C:\WINDOWS\ServicePackFiles\i386\dlttape.sys
+ 2008-04-14 00:12:17 224,768 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
+ 2008-04-14 00:11:52 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll
+ 2008-04-13 18:44:48 799,744 ------w C:\WINDOWS\ServicePackFiles\i386\dmboot.sys
+ 2008-04-14 00:11:52 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll
+ 2008-04-14 00:11:52 285,184 ------w C:\WINDOWS\ServicePackFiles\i386\dmdlgs.dll
+ 2008-04-14 00:11:52 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\dmdskmgr.dll
+ 2008-04-14 00:11:52 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll
+ 2008-04-13 18:44:46 153,344 ------w C:\WINDOWS\ServicePackFiles\i386\dmio.sys
+ 2008-04-14 00:11:52 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll
+ 2008-04-14 00:12:17 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe
+ 2008-04-14 00:11:52 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll
+ 2008-04-14 00:11:52 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dmserver.dll
+ 2008-04-14 00:11:52 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll
+ 2008-04-14 00:11:52 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dmsynth.dll
+ 2008-04-14 00:11:52 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll
+ 2008-04-13 18:45:01 52,864 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.sys
+ 2008-04-14 00:11:52 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\dmutil.dll
+ 2008-04-14 00:11:52 147,968 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll
+ 2008-04-14 00:11:52 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
+ 2008-04-14 00:11:52 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll
+ 2004-08-04 12:00:00 53,840 ------w C:\WINDOWS\ServicePackFiles\i386\dosx.exe
+ 2008-04-14 00:11:52 26,112 ------w C:\WINDOWS\ServicePackFiles\i386\dot3api.dll
+ 2008-04-14 00:11:52 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\dot3cfg.dll
+ 2008-04-14 00:11:52 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\dot3clnt.dll
+ 2008-04-14 00:11:52 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\dot3dlg.dll
+ 2008-04-14 00:11:52 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\dot3msm.dll
+ 2008-04-14 00:11:52 132,096 ------w C:\WINDOWS\ServicePackFiles\i386\dot3svc.dll
+ 2008-04-14 00:11:52 650,752 ------w C:\WINDOWS\ServicePackFiles\i386\dot3ui.dll
+ 2008-04-13 18:39:46 206,976 ------w C:\WINDOWS\ServicePackFiles\i386\dot4.sys
+ 2008-04-14 00:11:52 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll
+ 2008-04-14 00:12:17 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe
+ 2008-04-14 00:11:52 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\dplayx.dll
+ 2008-04-14 00:11:52 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dpmodemx.dll
+ 2008-04-14 00:09:19 3,072 ------w C:\WINDOWS\ServicePackFiles\i386\dpnaddr.dll
+ 2008-04-14 00:11:52 375,296 ------w C:\WINDOWS\ServicePackFiles\i386\dpnet.dll
+ 2008-04-14 00:11:52 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhpast.dll
+ 2008-04-14 00:11:52 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhupnp.dll
+ 2008-04-14 00:09:20 3,072 ------w C:\WINDOWS\ServicePackFiles\i386\dpnlobby.dll
+ 2008-04-14 00:12:17 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe
+ 2008-04-14 00:11:52 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\dpvacm.dll
+ 2008-04-14 00:11:52 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\dpvoice.dll
+ 2008-04-14 00:12:18 83,456 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe
+ 2008-04-14 00:11:52 116,736 ------w C:\WINDOWS\ServicePackFiles\i386\dpvvox.dll
+ 2008-04-14 00:11:52 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\dpwsockx.dll
+ 2008-04-13 18:45:14 60,160 ------w C:\WINDOWS\ServicePackFiles\i386\drmk.sys
+ 2008-04-13 18:45:13 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2008-04-14 00:11:52 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\drprov.dll
+ 2008-04-14 00:12:18 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\drvqry.exe
+ 2004-08-04 12:00:00 4,656 ------w C:\WINDOWS\ServicePackFiles\i386\ds16gt.dll
+ 2008-04-14 00:11:52 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ds32gt.dll
+ 2008-04-14 00:11:52 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmo.dll
+ 2008-04-14 00:11:52 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmoprp.dll
+ 2008-04-14 00:11:52 92,672 ------w C:\WINDOWS\ServicePackFiles\i386\dskquota.dll
+ 2008-04-14 00:11:52 155,648 ------w C:\WINDOWS\ServicePackFiles\i386\dskquoui.dll
+ 2008-04-14 00:11:52 367,616 ------w C:\WINDOWS\ServicePackFiles\i386\dsound.dll
+ 2008-04-14 00:11:52 1,293,824 ------w C:\WINDOWS\ServicePackFiles\i386\dsound3d.dll
+ 2008-04-14 00:11:52 142,848 ------w C:\WINDOWS\ServicePackFiles\i386\dsprop.dll
+ 2008-04-13 17:09:30 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\dsprpres.dll
+ 2008-04-14 00:11:52 239,104 ------w C:\WINDOWS\ServicePackFiles\i386\dsquery.dll
+ 2008-04-14 00:11:52 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\dssec.dll
+ 2008-04-13 17:37:57 138,752 ------w C:\WINDOWS\ServicePackFiles\i386\dssenh.dll
+ 2008-04-14 00:11:52 113,152 ------w C:\WINDOWS\ServicePackFiles\i386\dsuiext.dll
+ 2008-04-14 00:11:52 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\dswave.dll
+ 2008-04-14 00:12:18 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
+ 2008-04-14 00:11:52 304,128 ------w C:\WINDOWS\ServicePackFiles\i386\duser.dll
+ 2008-04-14 00:12:18 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe
+ 2008-04-14 00:12:18 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\dwwin.exe
+ 2008-04-14 00:11:52 619,008 ------w C:\WINDOWS\ServicePackFiles\i386\dx7vb.dll
+ 2008-04-14 00:11:52 1,227,264 ------w C:\WINDOWS\ServicePackFiles\i386\dx8vb.dll
+ 2008-04-14 00:12:18 1,298,432 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe
+ 2008-04-14 00:11:52 2,113,536 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiagn.dll
+ 2008-04-13 18:38:29 71,168 ------w C:\WINDOWS\ServicePackFiles\i386\dxg.sys
+ 2008-04-14 00:11:52 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\dxtmsft.dll
+ 2008-04-14 00:11:52 205,312 ------w C:\WINDOWS\ServicePackFiles\i386\dxtrans.dll
+ 2008-04-14 00:11:52 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\eapolqec.dll
+ 2008-04-14 00:11:52 184,832 ------w C:\WINDOWS\ServicePackFiles\i386\eapp3hst.dll
+ 2008-04-14 00:11:52 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\eappcfg.dll
+ 2008-04-14 00:11:52 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\eappgnui.dll
+ 2008-04-14 00:11:52 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\eapphost.dll
+ 2008-04-14 00:11:52 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\eappprxy.dll
+ 2008-04-14 00:11:52 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\eapqec.dll
+ 2008-04-14 00:11:52 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\eapsvc.dll
+ 2008-04-14 00:11:52 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\efsadu.dll
+ 2008-04-14 00:11:53 183,296 ------w C:\WINDOWS\ServicePackFiles\i386\els.dll
+ 2008-04-14 00:11:53 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\encapi.dll
+ 2008-04-14 00:11:53 186,880 ------w C:\WINDOWS\ServicePackFiles\i386\encdec.dll
+ 2008-04-13 16:26:02 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ep9res.dll
+ 2004-07-17 18:39:36 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\epcl5res.dll
+ 2008-04-14 00:11:53 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\ersvc.dll
+ 2008-04-14 00:11:53 246,272 ------w C:\WINDOWS\ServicePackFiles\i386\es.dll
+ 2008-04-14 00:11:53 1,082,368 ------w C:\WINDOWS\ServicePackFiles\i386\esent.dll
+ 2008-04-14 00:11:53 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\esscli.dll
+ 2004-08-04 05:32:28 137,088 ------w C:\WINDOWS\ServicePackFiles\i386\essm2e.sys
+ 2008-04-14 00:12:19 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe
+ 2008-04-14 00:12:19 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\evcreate.exe
+ 2008-04-14 00:11:53 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
+ 2007-06-27 12:54:17 798,720 ------w C:\WINDOWS\ServicePackFiles\i386\eventlogmessages.dll
+ 2008-04-14 00:11:53 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\evntagnt.dll
+ 2008-04-14 00:12:19 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe
+ 2008-04-14 00:11:53 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\evntrprv.dll
+ 2008-04-14 00:12:19 92,160 ------w C:\WINDOWS\ServicePackFiles\i386\evntwin.exe
+ 2008-04-14 00:11:53 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\evtgprov.dll
+ 2008-04-14 00:12:19 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\evtrig.exe
+ 2008-04-14 00:12:19 1,033,728 ------w C:\WINDOWS\ServicePackFiles\i386\explorer.exe
+ 2008-04-14 00:11:53 380,445 ------w C:\WINDOWS\ServicePackFiles\i386\expsrv.dll
+ 2008-04-14 00:11:53 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\exstrace.dll
+ 2008-04-14 00:11:53 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\extmgr.dll
+ 2008-04-14 00:12:19 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\extrac32.exe
+ 2008-04-14 00:11:53 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\exts.dll
+ 2008-04-14 00:09:30 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\f3ahvoas.dll
+ 2008-04-13 19:14:29 143,744 ------w C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
+ 2008-04-14 00:11:53 472,064 ------w C:\WINDOWS\ServicePackFiles\i386\fastprox.dll
+ 2008-04-14 00:11:53 80,384 ------w C:\WINDOWS\ServicePackFiles\i386\faultrep.dll
+ 2008-04-14 00:12:20 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe
+ 2008-04-13 18:40:25 27,392 ------w C:\WINDOWS\ServicePackFiles\i386\fdc.sys
+ 2008-04-14 00:11:53 124,928 ------w C:\WINDOWS\ServicePackFiles\i386\fde.dll
+ 2008-04-14 00:11:53 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\fdeploy.dll
+ 2008-04-14 00:11:53 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\feclient.dll
+ 2008-04-14 00:11:53 337,920 ------w C:\WINDOWS\ServicePackFiles\i386\filemgmt.dll
+ 2008-04-14 00:12:20 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\findstr.exe
+ 2008-04-13 18:33:28 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\fips.sys
+ 2008-04-14 00:11:53 87,552 ------w C:\WINDOWS\ServicePackFiles\i386\fldrclnr.dll
+ 2008-04-13 18:40:25 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys
+ 2008-04-14 00:11:53 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\fltlib.dll
+ 2008-04-14 00:12:20 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\fltmc.exe
+ 2008-04-13 18:32:59 129,792 ------w C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys
+ 2008-04-14 00:11:53 382,976 ------w C:\WINDOWS\ServicePackFiles\i386\fontext.dll
+ 2008-04-14 00:11:53 80,896 ------w C:\WINDOWS\ServicePackFiles\i386\fontsub.dll
+ 2008-04-14 00:12:20 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\fontview.exe
+ 2008-04-14 00:12:20 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\forcedos.exe
+ 2004-08-04 05:31:24 34,173 ------w C:\WINDOWS\ServicePackFiles\i386\forehe.sys
+ 2008-04-14 00:12:42 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\format.com
+ 2008-04-14 00:11:53 32,828 ------w C:\WINDOWS\ServicePackFiles\i386\fp40ext.dll
+ 2008-04-14 00:11:53 184,435 ------w C:\WINDOWS\ServicePackFiles\i386\fp4amsft.dll
+ 2008-04-14 00:11:53 82,035 ------w C:\WINDOWS\ServicePackFiles\i386\fp4anscp.dll
+ 2008-04-14 00:11:53 147,513 ------w C:\WINDOWS\ServicePackFiles\i386\fp4apws.dll
+ 2008-04-14 00:11:53 49,210 ------w C:\WINDOWS\ServicePackFiles\i386\fp4areg.dll
+ 2008-04-14 00:11:53 102,509 ------w C:\WINDOWS\ServicePackFiles\i386\fp4atxt.dll
+ 2008-04-14 00:11:53 618,605 ------w C:\WINDOWS\ServicePackFiles\i386\fp4autl.dll
+ 2008-04-14 00:11:53 41,020 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avnb.dll
+ 2008-04-14 00:11:53 32,826 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avss.dll
+ 2008-04-14 00:11:53 49,212 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awebs.dll
+ 2008-04-14 00:11:53 876,653 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awel.dll
+ 2008-04-14 00:12:20 15,120 ------w C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe
+ 2008-04-14 00:12:20 109,840 ------w C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe
+ 2008-04-14 00:12:20 24,632 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe
+ 2008-04-14 00:11:53 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmdll.dll
+ 2008-04-14 00:12:20 188,494 ------w C:\WINDOWS\ServicePackFiles\i386\fpcount.exe
+ 2008-04-14 00:11:53 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\fpencode.dll
+ 2008-04-14 00:11:53 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpexedll.dll
+ 2008-04-14 00:11:53 598,071 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmc.dll
+ 2007-04-02 16:36:04 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmcsat.dll
+ 2008-04-14 00:12:20 20,538 ------w C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe
+ 2008-04-14 00:12:20 28,728 ------w C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe
+ 2008-04-14 00:09:33 9,344 ------w C:\WINDOWS\ServicePackFiles\i386\framebuf.dll
+ 2008-04-14 00:11:53 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\framedyn.dll
+ 2008-04-14 00:12:20 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe
+ 2008-04-14 00:12:20 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\ftp.exe
+ 2008-04-14 00:11:53 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\ftpmib.dll
+ 2008-04-14 00:11:53 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\ftpsv251.dll
+ 2007-06-27 12:54:17 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\fusion.dll
+ 2008-04-14 00:11:53 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\fwcfg.dll
+ 2008-04-14 00:11:53 451,584 ------w C:\WINDOWS\ServicePackFiles\i386\fxsapi.dll
+ 2008-04-14 00:12:21 142,848 ------w C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe
+ 2008-04-14 00:11:54 72,192 ------w C:\WINDOWS\ServicePackFiles\i386\fxscom.dll
+ 2008-04-14 00:11:54 285,184 ------w C:\WINDOWS\ServicePackFiles\i386\fxscomex.dll
+ 2008-04-14 00:12:21 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\fxscover.exe
+ 2008-04-14 00:11:54 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\fxsdrv.dll
+ 2008-04-14 00:11:54 55,296 ------w C:\WINDOWS\ServicePackFiles\i386\fxsevent.dll
+ 2008-04-14 00:11:54 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\fxsext32.dll
+ 2008-04-14 00:11:54 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\fxsmon.dll
+ 2008-04-14 00:11:54 132,608 ------w C:\WINDOWS\ServicePackFiles\i386\fxsocm.dll
+ 2008-04-14 00:11:54 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\fxsperf.dll
+ 2008-04-14 00:09:33 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\fxsres.dll
+ 2008-04-14 00:11:54 562,176 ------w C:\WINDOWS\ServicePackFiles\i386\fxsst.dll
+ 2008-04-14 00:12:21 267,776 ------w C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe
+ 2008-04-14 00:11:54 246,272 ------w C:\WINDOWS\ServicePackFiles\i386\fxst30.dll
+ 2008-04-14 00:11:54 397,312 ------w C:\WINDOWS\ServicePackFiles\i386\fxstiff.dll
+ 2008-04-14 00:11:54 154,112 ------w C:\WINDOWS\ServicePackFiles\i386\fxsui.dll
+ 2008-04-14 00:11:54 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\fxswzrd.dll
+ 2008-04-14 00:11:54 400,384 ------w C:\WINDOWS\ServicePackFiles\i386\fxsxp32.dll
+ 2008-04-13 18:36:40 46,464 ------w C:\WINDOWS\ServicePackFiles\i386\gagp30kx.sys
+ 2008-04-13 18:45:29 10,624 ------w C:\WINDOWS\ServicePackFiles\i386\gameenum.sys
+ 2008-04-13 18:45:32 59,136 ------w C:\WINDOWS\ServicePackFiles\i386\gckernel.sys
+ 2008-04-14 00:11:54 285,184 ------w C:\WINDOWS\ServicePackFiles\i386\gdi32.dll
+ 2008-04-14 00:12:21 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\getmac.exe
+ 2008-04-14 00:11:54 122,880 ------w C:\WINDOWS\ServicePackFiles\i386\glu32.dll
+ 2008-04-14 00:09:35 566,784 ------w C:\WINDOWS\ServicePackFiles\i386\gpedit.dll
+ 2004-08-04 12:00:00 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\gpkcsp.dll
+ 2006-12-31 01:26:44 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\gpkrsrc.dll
+ 2008-04-14 00:12:21 120,832 ------w C:\WINDOWS\ServicePackFiles\i386\gprslt.exe
+ 2008-04-14 00:11:54 199,680 ------w C:\WINDOWS\ServicePackFiles\i386\gptext.dll
+ 2008-04-14 00:12:21 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\grpconv.exe
+ 2008-04-13 18:40:21 28,288 ------w C:\WINDOWS\ServicePackFiles\i386\grserial.sys
+ 2008-04-14 00:11:54 133,120 ------w C:\WINDOWS\ServicePackFiles\i386\guitrn.dll
+ 2008-04-14 00:11:54 115,200 ------w C:\WINDOWS\ServicePackFiles\i386\guitrna.dll
+ 2008-04-14 00:11:54 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\gzip.dll
+ 2008-04-14 00:11:54 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\h323cc.dll
+ 2008-04-14 00:11:54 614,912 ------w C:\WINDOWS\ServicePackFiles\i386\h323msp.dll
+ 2008-04-13 18:31:32 105,344 ------w C:\WINDOWS\ServicePackFiles\i386\hal.dll
+ 2008-04-13 18:31:28 131,840 ------w C:\WINDOWS\ServicePackFiles\i386\halaacpi.dll
+ 2008-04-13 18:31:27 81,152 ------w C:\WINDOWS\ServicePackFiles\i386\halacpi.dll
+ 2008-04-13 18:31:28 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\halapic.dll
+ 2008-04-13 18:31:28 134,400 ------w C:\WINDOWS\ServicePackFiles\i386\halmacpi.dll
+ 2008-04-13 18:31:32 152,576 ------w C:\WINDOWS\ServicePackFiles\i386\halmps.dll
+ 2008-04-13 18:31:31 77,696 ------w C:\WINDOWS\ServicePackFiles\i386\halsp.dll
+ 2008-04-14 00:11:54 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\hccoin.dll
+ 2008-04-13 16:36:05 144,384 ------w C:\WINDOWS\ServicePackFiles\i386\hdaudbus.sys
+ 2008-04-14 00:12:21 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\help.exe
+ 2008-04-14 00:12:21 769,024 ------w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
+ 2008-04-14 00:12:21 744,448 ------w C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe
+ 2008-04-14 00:12:21 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\hh.exe
+ 2008-04-14 00:11:54 41,472 ------w C:\WINDOWS\ServicePackFiles\i386\hhsetup.dll
+ 2008-04-14 00:11:54 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\hid.dll
+ 2008-04-13 18:36:38 20,352 ------w C:\WINDOWS\ServicePackFiles\i386\hidbatt.sys
+ 2008-04-13 18:46:30 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\hidbth.sys
+ 2008-04-13 18:45:26 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\hidclass.sys
+ 2008-04-13 18:45:26 19,200 ------w C:\WINDOWS\ServicePackFiles\i386\hidir.sys
+ 2008-04-13 18:45:22 24,960 ------w C:\WINDOWS\ServicePackFiles\i386\hidparse.sys
+ 2008-04-14 00:11:54 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\hidserv.dll
+ 2008-04-13 18:45:27 10,368 ------w C:\WINDOWS\ServicePackFiles\i386\hidusb.sys
+ 2008-04-14 00:11:54 72,704 ------w C:\WINDOWS\ServicePackFiles\i386\hlink.dll
+ 2008-04-14 00:11:54 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\hmmapi.dll
+ 2008-04-14 00:11:54 344,064 ------w C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
+ 2008-04-14 00:11:54 330,752 ------w C:\WINDOWS\ServicePackFiles\i386\hnetwiz.dll
+ 2008-04-14 00:11:54 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\hostmib.dll
+ 2008-04-14 00:11:54 144,896 ------w C:\WINDOWS\ServicePackFiles\i386\hotplug.dll
+ 2008-04-14 00:11:54 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\hpcjrr.dll
+ 2008-04-14 00:11:54 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\hpcjrrps.dll
+ 2008-04-14 00:11:54 87,552 ------w C:\WINDOWS\ServicePackFiles\i386\hpfud50.dll
+ 2008-04-14 00:12:21 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\hscupd.exe
+ 2004-08-04 06:41:48 220,032 ------w C:\WINDOWS\ServicePackFiles\i386\hsfbs2s2.sys
+ 2008-04-14 00:11:54 32,285 ------w C:\WINDOWS\ServicePackFiles\i386\hsfcisp2.dll
+ 2004-08-04 06:41:50 685,056 ------w C:\WINDOWS\ServicePackFiles\i386\hsfcxts2.sys
+ 2004-08-04 06:41:56 1,041,536 ------w C:\WINDOWS\ServicePackFiles\i386\hsfdpsp2.sys
+ 2008-04-13 18:53:53 264,832 ------w C:\WINDOWS\ServicePackFiles\i386\http.sys
+ 2008-04-14 00:11:54 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\httpapi.dll
+ 2008-04-14 00:11:54 268,288 ------w C:\WINDOWS\ServicePackFiles\i386\httpext.dll
+ 2008-04-14 00:11:54 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\httpmb51.dll
+ 2008-04-14 00:11:54 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\httpod51.dll
+ 2008-04-14 00:11:54 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\htui.dll
+ 2008-04-14 00:11:54 347,136 ------w C:\WINDOWS\ServicePackFiles\i386\hypertrm.dll
+ 2008-04-13 18:41:22 8,576 ------w C:\WINDOWS\ServicePackFiles\i386\i2omgmt.sys
+ 2008-04-13 18:41:22 18,560 ------w C:\WINDOWS\ServicePackFiles\i386\i2omp.sys
+ 2008-04-13 19:18:00 52,480 ------w C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
+ 2008-04-14 00:11:54 702,845 ------w C:\WINDOWS\ServicePackFiles\i386\i81xdnt5.dll
+ 2004-08-04 05:29:38 161,020 ------w C:\WINDOWS\ServicePackFiles\i386\i81xnt5.sys
+ 2008-04-14 00:11:54 119,808 ------w C:\WINDOWS\ServicePackFiles\i386\iasrad.dll
+ 2008-04-14 00:11:54 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\icaapi.dll
+ 2008-04-14 00:11:54 80,384 ------w C:\WINDOWS\ServicePackFiles\i386\iccvid.dll
+ 2008-04-14 00:11:54 254,976 ------w C:\WINDOWS\ServicePackFiles\i386\icm32.dll
+ 2008-04-14 00:09:40 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\icmp.dll
+ 2008-04-13 16:44:29 2,560 ------w C:\WINDOWS\ServicePackFiles\i386\iconlib.dll
+ 2008-04-14 00:11:54 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn.dll
+ 2008-04-14 00:12:22 214,528 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe
+ 2008-04-14 00:12:22 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn2.exe
+ 2008-04-14 00:11:54 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\icwdial.dll
+ 2008-04-14 00:11:54 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\icwdl.dll
+ 2008-04-14 00:11:54 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\icwhelp.dll
+ 2008-04-14 00:11:54 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\icwphbk.dll
+ 2008-04-14 00:12:22 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\icwrmind.exe
+ 2008-04-14 00:11:54 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\icwutil.dll
+ 2008-04-14 00:11:54 120,832 ------w C:\WINDOWS\ServicePackFiles\i386\idq.dll
+ 2008-04-14 00:12:22 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\ie4uinit.exe
+ 2008-04-14 00:11:54 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\ieakeng.dll
+ 2008-04-14 00:11:54 216,576 ------w C:\WINDOWS\ServicePackFiles\i386\ieaksie.dll
+ 2008-04-14 00:11:54 323,584 ------w C:\WINDOWS\ServicePackFiles\i386\iedkcs32.dll
+ 2008-04-14 00:12:22 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\iedw.exe
+ 2008-04-14 00:11:54 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\ieencode.dll
+ 2007-12-17 11:58:35 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\ieexec.exe
+ 2007-06-27 12:54:23 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\ieexecremote.dll
+ 2007-06-27 12:54:23 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\iehost.dll
+ 2008-04-14 00:11:54 251,904 ------w C:\WINDOWS\ServicePackFiles\i386\iepeers.dll
+ 2008-04-14 00:11:54 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\iernonce.dll
+ 2008-04-14 00:11:54 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\iesetup.dll
+ 2008-04-14 00:12:22 93,184 ------w C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
+ 2008-04-14 00:12:22 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\iexpress.exe
+ 2008-04-14 00:11:54 135,680 ------w C:\WINDOWS\ServicePackFiles\i386\ifmon.dll
+ 2008-04-14 00:11:54 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\igmpagnt.dll
+ 2008-04-14 00:11:54 505,344 ------w C:\WINDOWS\ServicePackFiles\i386\iis.dll
+ 2008-04-14 00:11:54 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\iisadmin.dll
+ 2008-04-14 00:11:54 145,408 ------w C:\WINDOWS\ServicePackFiles\i386\iische51.dll
+ 2008-04-14 00:11:54 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\iisext51.dll
+ 2008-04-14 00:11:54 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\iisfecnv.dll
+ 2008-04-14 00:11:54 79,872 ------w C:\WINDOWS\ServicePackFiles\i386\iislog51.dll
+ 2008-04-14 00:11:54 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\iismap.dll
+ 2008-04-14 00:12:22 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\iisrstas.exe
+ 2008-04-14 00:11:54 133,632 ------w C:\WINDOWS\ServicePackFiles\i386\iisrtl.dll
+ 2008-04-13 16:10:32 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\ilasm.exe
+ 2008-04-14 00:11:54 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\ils.dll
+ 2008-04-14 00:11:54 144,384 ------w C:\WINDOWS\ServicePackFiles\i386\imagehlp.dll
+ 2008-04-14 00:12:22 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.exe
+ 2008-04-13 18:40:58 42,112 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.sys
+ 2008-04-14 00:11:54 36,921 ------w C:\WINDOWS\ServicePackFiles\i386\imeshare.dll
+ 2008-04-14 00:11:54 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\imgutil.dll
+ 2008-04-14 00:11:54 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\imm32.dll
+ 2008-04-14 00:11:54 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\imsinsnt.dll
+ 2008-04-14 00:11:54 274,432 ------w C:\WINDOWS\ServicePackFiles\i386\inetcfg.dll
+ 2008-04-14 00:11:54 691,712 ------w C:\WINDOWS\ServicePackFiles\i386\inetcomm.dll
+ 2008-04-14 00:12:22 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\inetin51.exe
+ 2008-04-14 00:11:55 829,440 ------w C:\WINDOWS\ServicePackFiles\i386\inetmgr.dll
+ 2008-04-14 00:11:55 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\inetmib1.dll
+ 2008-04-14 00:11:55 75,264 ------w C:\WINDOWS\ServicePackFiles\i386\inetpp.dll
+ 2008-04-14 00:11:55 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\inetppui.dll
+ 2008-04-13 16:22:12 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\inetres.dll
+ 2008-04-14 00:12:22 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\inetwiz.exe
+ 2008-04-14 00:11:55 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\infoadmn.dll
+ 2008-04-14 00:11:55 257,024 ------w C:\WINDOWS\ServicePackFiles\i386\infocomm.dll
+ 2008-04-14 00:11:55 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\initpki.dll
+ 2008-04-14 00:11:55 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\input.dll
+ 2008-04-14 00:11:55 96,256 ------w C:\WINDOWS\ServicePackFiles\i386\inseng.dll
+ 2007-06-27 12:54:28 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\installutil.exe
+ 2008-04-13 18:40:29 5,504 ------w C:\WINDOWS\ServicePackFiles\i386\intelide.sys
+ 2008-04-13 18:31:32 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\intelppm.sys
+ 2008-04-13 18:53:34 36,608 ------w C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
+ 2008-04-14 00:12:22 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe
+ 2008-04-14 00:09:30 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\ipevldpc.dll
+ 2008-04-14 00:09:23 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\ipevlpid.dll
+ 2008-04-14 00:11:55 94,720 ------w C:\WINDOWS\ServicePackFiles\i386\iphlpapi.dll
+ 2008-04-13 18:57:07 20,864 ------w C:\WINDOWS\ServicePackFiles\i386\ipinip.sys
+ 2008-04-14 00:11:55 161,280 ------w C:\WINDOWS\ServicePackFiles\i386\ipmontr.dll
+ 2008-04-13 18:57:15 152,832 ------w C:\WINDOWS\ServicePackFiles\i386\ipnat.sys
+ 2008-04-14 00:11:55 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
+ 2008-04-14 00:11:55 330,752 ------w C:\WINDOWS\ServicePackFiles\i386\ippromon.dll
+ 2008-04-14 00:11:55 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\iprip.dll
+ 2008-04-14 00:11:55 177,152 ------w C:\WINDOWS\ServicePackFiles\i386\iprtrmgr.dll
+ 2008-04-13 19:19:42 75,264 ------w C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
+ 2008-04-14 00:11:55 349,696 ------w C:\WINDOWS\ServicePackFiles\i386\ipsecsnp.dll
+ 2008-04-14 00:11:55 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\ipsecsvc.dll
+ 2008-04-14 00:10:45 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\ipseldpc.dll
+ 2008-04-14 00:09:24 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\ipselpid.dll
+ 2008-04-14 00:11:55 384,000 ------w C:\WINDOWS\ServicePackFiles\i386\ipsmsnap.dll
+ 2008-04-14 00:12:23 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\ipv6.exe
+ 2008-04-14 00:11:55 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\ipv6mon.dll
+ 2008-04-14 00:12:23 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\ipxroute.exe
+ 2008-04-14 00:11:55 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\ipxwan.dll
+ 2008-04-14 00:11:55 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\ir41_qc.dll
+ 2008-04-14 00:11:55 338,432 ------w C:\WINDOWS\ServicePackFiles\i386\ir41_qcx.dll
+ 2008-04-14 00:11:55 755,200 ------w C:\WINDOWS\ServicePackFiles\i386\ir50_32.dll
+ 2008-04-14 00:11:55 200,192 ------w C:\WINDOWS\ServicePackFiles\i386\ir50_qc.dll
+ 2008-04-14 00:11:55 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\ir50_qcx.dll
+ 2008-04-13 18:45:34 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\irbus.sys
+ 2008-04-13 18:54:36 88,192 ------w C:\WINDOWS\ServicePackFiles\i386\irda.sys
+ 2008-04-13 18:54:28 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\irenum.sys
+ 2008-04-14 00:12:23 151,552 ------w C:\WINDOWS\ServicePackFiles\i386\irftp.exe
+ 2008-04-14 00:11:55 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\irmon.dll
+ 2008-04-13 18:36:41 37,248 ------w C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
+ 2008-04-14 00:11:55 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\isatq.dll
+ 2008-04-14 00:11:55 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\iscomlog.dll
+ 2008-04-14 00:10:32 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\isdpc.dll
+ 2008-04-14 00:10:55 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\isendpc.dll
+ 2008-04-14 00:10:55 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\isenpid.dll
+ 2008-04-14 00:11:55 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\isign32.dll
+ 2008-04-14 00:10:32 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\ispid.dll
+ 2008-04-14 00:11:55 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\isrdbg32.dll
+ 2008-04-14 00:11:55 155,136 ------w C:\WINDOWS\ServicePackFiles\i386\itircl.dll
+ 2008-04-14 00:11:55 138,240 ------w C:\WINDOWS\ServicePackFiles\i386\itss.dll
+ 2008-04-14 00:11:55 191,488 ------w C:\WINDOWS\ServicePackFiles\i386\iuengine.dll
+ 2008-04-14 00:11:55 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\ixsso.dll
+ 2008-04-14 00:11:55 47,616 ------w C:\WINDOWS\ServicePackFiles\i386\iyuv_32.dll
+ 2008-04-14 00:11:55 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\jgdw400.dll
+ 2008-04-14 00:11:55 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\jgpl400.dll
+ 2007-06-27 12:54:35 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\jsc.exe
+ 2008-04-14 00:11:56 512,000 ------w C:\WINDOWS\ServicePackFiles\i386\jscript.dll
+ 2008-04-14 00:11:56 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\jsproxy.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbd101.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbd106.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbd106n.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdax2.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdbhc.dll
+ 2008-04-13 18:39:47 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
+ 2008-04-14 00:09:55 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\kbdfi1.dll
+ 2008-04-13 18:39:48 14,592 ------w C:\WINDOWS\ServicePackFiles\i386\kbdhid.sys
+ 2008-04-14 00:09:55 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\kbdibm02.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdinbe1.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdinben.dll
+ 2008-04-14 00:09:55 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\kbdinmal.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdiultn.dll
+ 2008-04-14 00:09:55 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\kbdlk41a.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdlk41j.dll
+ 2008-04-14 00:09:55 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\kbdmaori.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdmlt47.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdmlt48.dll
+ 2008-04-14 00:09:55 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\kbdnec.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdnepr.dll
+ 2008-04-14 00:09:55 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\kbdno1.dll
+ 2008-04-14 00:09:55 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdpash.dll
+ 2008-04-14 00:09:55 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\kbdsmsfi.dll
+ 2008-04-14 00:09:55 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\kbdsmsno.dll
+ 2008-04-14 00:09:55 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\kbdukx.dll
+ 2008-04-13 18:31:35 7,424 ------w C:\WINDOWS\ServicePackFiles\i386\kd1394.dll
+ 2008-04-14 00:11:56 184,832 ------w C:\WINDOWS\ServicePackFiles\i386\kdcsvc.dll
+ 2008-04-14 00:11:56 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\kdsui.dll
+ 2008-04-14 00:11:56 253,952 ------w C:\WINDOWS\ServicePackFiles\i386\kdsusd.dll
+ 2008-04-14 00:11:56 299,520 ------w C:\WINDOWS\ServicePackFiles\i386\kerberos.dll
+ 2008-04-14 00:11:56 989,696 ------w C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
+ 2004-08-04 12:00:00 42,537 ------w C:\WINDOWS\ServicePackFiles\i386\keyboard.sys
+ 2008-04-14 00:11:56 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\keymgr.dll
+ 2008-04-13 18:45:09 172,416 ------w C:\WINDOWS\ServicePackFiles\i386\kmixer.sys
+ 2008-04-14 00:11:56 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\kmsvc.dll
+ 2008-04-14 00:09:56 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\knperdpc.dll
+ 2008-04-14 00:09:56 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\knperpid.dll
+ 2008-04-14 00:09:56 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\knprodpc.dll
+ 2008-04-14 00:09:56 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\knpropid.dll
+ 2008-04-14 00:11:56 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\koc.dll
+ 2008-04-14 00:09:56 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\kperdpc.dll
+ 2008-04-14 00:09:56 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\kperpid.dll
+ 2008-04-14 00:09:56 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\kprodpc.dll
+ 2008-04-14 00:09:56 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\kpropid.dll
+ 2004-08-04 12:00:00 92,224 ------w C:\WINDOWS\ServicePackFiles\i386\krnl386.exe
+ 2008-04-14 00:11:56 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\krnlprov.dll
+ 2008-04-13 19:16:36 141,056 ------w C:\WINDOWS\ServicePackFiles\i386\ks.sys
+ 2008-04-13 18:31:43 92,288 ------w C:\WINDOWS\ServicePackFiles\i386\ksecdd.sys
+ 2008-04-14 00:11:56 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\ksuser.dll
+ 2008-04-14 00:11:56 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\l2store.dll
+ 2008-04-14 00:09:05 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtmbx.dll
+ 2008-04-14 00:09:05 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtskdic.dll
+ 2008-04-14 00:09:05 173,568 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtskf.dll
+ 2008-04-14 00:09:06 198,656 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cintime.dll
+ 2004-08-04 12:00:00 480,256 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe
+ 2004-08-04 12:00:00 57,399 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cplexe.exe
+ 2008-04-14 00:09:39 13,463,552 ------w C:\WINDOWS\ServicePackFiles\i386\lang\hwxjpn.dll
+ 2008-04-14 00:09:43 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imekrcic.dll
+ 2008-04-14 00:09:43 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imekrmbx.dll
+ 2008-04-14 00:09:44 811,064 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjp81k.dll
+ 2008-04-14 00:09:45 368,696 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpcic.dll
+ 2008-04-14 00:09:45 716,856 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpcus.dll
+ 2008-04-14 00:09:45 81,976 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.dll
+ 2004-08-04 12:00:00 307,257 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe
+ 2004-08-04 12:00:00 155,705 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2004-08-04 12:00:00 196,665 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe
+ 2004-08-04 12:00:00 208,952 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe
+ 2004-08-04 12:00:00 233,527 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe
+ 2004-08-04 12:00:00 262,200 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe
+ 2008-04-14 00:09:46 274,489 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjputyc.dll
+ 2008-04-14 00:09:46 102,456 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imlang.dll
+ 2004-08-04 12:00:00 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imscinst.exe
+ 2008-04-14 00:09:47 315,455 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imskf.dll
+ 2008-04-14 00:10:33 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\lang\padrs404.dll
+ 2008-04-14 00:10:33 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\lang\padrs804.dll
+ 2008-04-14 00:10:34 175,104 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlcsa.dll
+ 2008-04-14 00:10:34 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlcsd.dll
+ 2008-04-13 16:43:36 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlphr.exe
+ 2008-04-14 00:10:34 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pmigrate.dll
+ 2004-08-04 12:00:00 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintlphr.exe
+ 2004-08-04 12:00:00 455,168 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe
+ 2008-04-14 00:10:59 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tmigrate.dll
+ 2008-04-14 00:11:01 76,288 ------w C:\WINDOWS\ServicePackFiles\i386\lang\uniime.dll
+ 2008-04-14 00:11:04 426,041 ------w C:\WINDOWS\ServicePackFiles\i386\lang\voicepad.dll
+ 2008-04-14 00:11:04 86,073 ------w C:\WINDOWS\ServicePackFiles\i386\lang\voicesub.dll
+ 2008-04-13 18:40:26 34,688 ------w C:\WINDOWS\ServicePackFiles\i386\lbrtfdc.sys
+ 2008-04-14 00:12:23 677,888 ------w C:\WINDOWS\ServicePackFiles\i386\lhmstsc.exe
+ 2008-04-14 00:11:56 2,061,824 ------w C:\WINDOWS\ServicePackFiles\i386\lhmstscx.dll
+ 2008-04-14 12:41:58 423,936 ------w C:\WINDOWS\ServicePackFiles\i386\licdll.dll
+ 2008-04-14 00:11:56 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\licmgr10.dll
+ 2008-04-14 00:11:56 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\licwmi.dll
+ 2008-04-14 00:11:56 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
+ 2008-04-14 00:11:56 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\lmhsvc.dll
+ 2008-04-14 00:11:56 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\lmmib2.dll
+ 2008-04-14 00:11:56 399,872 ------w C:\WINDOWS\ServicePackFiles\i386\lmrt.dll
+ 2008-04-14 00:11:56 97,280 ------w C:\WINDOWS\ServicePackFiles\i386\loadperf.dll
+ 2008-04-14 00:11:56 221,696 ------w C:\WINDOWS\ServicePackFiles\i386\localsec.dll
+ 2008-04-14 00:11:56 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\localspl.dll
+ 2008-04-14 00:11:56 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\localui.dll
+ 2008-04-14 00:12:24 75,264 ------w C:\WINDOWS\ServicePackFiles\i386\locator.exe
+ 2008-04-14 00:11:56 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\log.dll
+ 2008-04-14 00:12:24 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\logman.exe
+ 2008-04-14 00:12:43 220,672 ------w C:\WINDOWS\ServicePackFiles\i386\logon.scr
+ 2008-04-14 00:12:24 514,560 ------w C:\WINDOWS\ServicePackFiles\i386\logonui.exe
+ 2008-04-14 00:11:56 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\lonsint.dll
+ 2008-04-14 00:11:56 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\lpdsvc.dll
+ 2008-04-14 00:11:56 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\lpk.dll
+ 2008-04-14 00:11:56 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\lprhelp.dll
+ 2008-04-14 00:11:56 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\lprmon.dll
+ 2008-04-14 00:11:56 728,064 ------w C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll
+ 2008-04-14 00:12:24 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\lsass.exe
+ 2004-08-04 05:41:36 606,684 ------w C:\WINDOWS\ServicePackFiles\i386\ltmdmnt.sys
+ 2004-08-04 05:41:38 420,992 ------w C:\WINDOWS\ServicePackFiles\i386\ltmdmntt.sys
+ 2008-04-13 18:40:52 7,040 ------w C:\WINDOWS\ServicePackFiles\i386\ltotape.sys
+ 2004-08-04 05:39:32 20,864 ------w C:\WINDOWS\ServicePackFiles\i386\lwadihid.sys
+ 2008-04-14 00:12:24 72,704 ------w C:\WINDOWS\ServicePackFiles\i386\magnify.exe
+ 2008-04-14 00:12:25 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\makecab.exe
+ 2008-04-14 00:11:56 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\mcastmib.dll
+ 2008-04-14 00:11:56 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\mciavi32.dll
+ 2008-04-14 00:11:56 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\mciqtz32.dll
+ 2008-04-14 00:11:56 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\mciseq.dll
+ 2008-04-14 00:11:56 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\mciwave.dll
+ 2008-04-14 00:11:56 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\md5filt.dll
+ 2008-04-14 00:11:56 118,272 ------w C:\WINDOWS\ServicePackFiles\i386\mdminst.dll
+ 2008-04-14 00:11:56 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\mdmxsdk.dll
+ 2004-08-04 06:41:56 11,868 ------w C:\WINDOWS\ServicePackFiles\i386\mdmxsdk.sys
+ 2008-04-14 00:11:56 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\medctroc.dll
+ 2008-04-13 18:41:21 26,112 ------w C:\WINDOWS\ServicePackFiles\i386\memstpci.sys
+ 2008-04-14 00:11:56 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\metada51.dll
+ 2008-04-13 18:36:41 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\mf.sys
+ 2008-04-14 00:11:56 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\mf3216.dll
+ 2008-04-14 00:11:56 927,504 ------w C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll
+ 2008-04-14 00:11:56 1,028,096 ------w C:\WINDOWS\ServicePackFiles\i386\mfc42.dll
+ 2006-10-14 08:13:25 981,760 ------w C:\WINDOWS\ServicePackFiles\i386\mfc42u.dll
+ 2008-04-14 00:11:56 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\mfcsubs.dll
+ 2008-04-14 00:11:56 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\mgmtapi.dll
+ 2007-06-27 12:54:42 712,704 ------w C:\WINDOWS\ServicePackFiles\i386\microsoft.jscript.dll
+ 2007-06-27 12:54:48 286,720 ------w C:\WINDOWS\ServicePackFiles\i386\microsoft.visualbasic.dll
+ 2008-04-14 00:11:57 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\midimap.dll
+ 2008-04-14 00:11:57 274,432 ------w C:\WINDOWS\ServicePackFiles\i386\migism.dll
+ 2008-04-14 00:11:57 261,120 ------w C:\WINDOWS\ServicePackFiles\i386\migisma.dll
+ 2008-04-14 00:11:57 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\miglibnt.dll
+ 2008-04-14 00:12:25 103,936 ------w C:\WINDOWS\ServicePackFiles\i386\migload.exe
+ 2008-04-14 00:12:25 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\migregdb.exe
+ 2008-04-14 00:12:25 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
+ 2008-04-14 00:12:25 241,152 ------w C:\WINDOWS\ServicePackFiles\i386\migwiza.exe
+ 2008-04-14 00:11:57 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\mimefilt.dll
+ 2008-04-14 00:11:57 586,240 ------w C:\WINDOWS\ServicePackFiles\i386\mlang.dll
+ 2008-04-14 00:12:25 1,414,656 ------w C:\WINDOWS\ServicePackFiles\i386\mmc.exe
+ 2008-04-14 00:11:57 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\mmc30.dll
+ 2008-04-14 00:11:57 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\mmc30r.dll
+ 2008-04-14 00:11:57 163,328 ------w C:\WINDOWS\ServicePackFiles\i386\mmcbase.dll
+ 2008-04-14 00:11:57 397,312 ------w C:\WINDOWS\ServicePackFiles\i386\mmcex.dll
+ 2008-04-14 00:11:57 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\mmcexr.dll
+ 2008-04-14 00:11:57 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\mmcfxc.dll
+ 2008-04-14 00:11:57 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\mmcfxcr.dll
+ 2008-04-14 00:11:57 1,872,896 ------w C:\WINDOWS\ServicePackFiles\i386\mmcndmgr.dll
+ 2008-04-14 00:12:25 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\mmcperf.exe
+ 2008-04-14 00:11:57 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\mmcshext.dll
+ 2008-04-14 00:11:57 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\mmfutil.dll
+ 2004-08-04 12:00:00 68,768 ------w C:\WINDOWS\ServicePackFiles\i386\mmsystem.dll
+ 2008-04-14 00:11:57 34,560 ------w C:\WINDOWS\ServicePackFiles\i386\mnmdd.dll
+ 2008-04-14 00:12:25 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe
+ 2008-04-14 00:11:57 207,360 ------w C:\WINDOWS\ServicePackFiles\i386\mobsync.dll
+ 2008-04-14 00:12:26 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mobsync.exe
+ 2008-04-13 19:00:19 30,080 ------w C:\WINDOWS\ServicePackFiles\i386\modem.sys
+ 2008-04-14 00:11:57 153,600 ------w C:\WINDOWS\ServicePackFiles\i386\modemui.dll
+ 2008-04-14 00:12:26 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\mofcomp.exe
+ 2008-04-14 00:11:57 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\mofd.dll
+ 2008-04-14 00:12:42 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\more.com
+ 2008-04-13 16:45:30 216,064 ------w C:\WINDOWS\ServicePackFiles\i386\moricons.dll
+ 2008-04-13 18:39:47 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\mouclass.sys
+ 2008-04-13 18:39:46 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys
+ 2008-04-14 00:12:27 3,558,912 ------w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
+ 2008-04-13 18:46:22 15,232 ------w C:\WINDOWS\ServicePackFiles\i386\mpe.sys
+ 2008-04-14 00:12:27 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\mplay32.exe
+ 2008-04-14 00:11:57 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\mpr.dll
+ 2008-04-14 00:11:57 87,040 ------w C:\WINDOWS\ServicePackFiles\i386\mprapi.dll
+ 2008-04-14 00:11:57 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\mprdim.dll
+ 2008-04-13 18:39:44 92,544 ------w C:\WINDOWS\ServicePackFiles\i386\mqac.sys
+ 2008-04-14 00:11:57 138,240 ------w C:\WINDOWS\ServicePackFiles\i386\mqad.dll
+ 2008-04-14 00:12:27 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\mqbkup.exe
+ 2008-04-14 00:11:57 47,616 ------w C:\WINDOWS\ServicePackFiles\i386\mqdscli.dll
+ 2008-04-14 00:11:57 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\mqise.dll
+ 2008-04-14 00:11:57 89,088 ------w C:\WINDOWS\ServicePackFiles\i386\mqlogmgr.dll
+ 2008-04-14 00:11:57 225,280 ------w C:\WINDOWS\ServicePackFiles\i386\mqoa.dll
+ 2008-04-14 00:11:57 663,040 ------w C:\WINDOWS\ServicePackFiles\i386\mqqm.dll
+ 2008-04-14 00:11:57 177,152 ------w C:\WINDOWS\ServicePackFiles\i386\mqrt.dll
+ 2008-04-14 00:11:57 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\mqrtdep.dll
+ 2008-04-14 00:11:57 95,744 ------w C:\WINDOWS\ServicePackFiles\i386\mqsec.dll
+ 2008-04-14 00:11:58 517,632 ------w C:\WINDOWS\ServicePackFiles\i386\mqsnap.dll
+ 2008-04-14 00:12:27 4,608 ------w C:\WINDOWS\ServicePackFiles\i386\mqsvc.exe
+ 2008-04-14 00:12:27 117,248 ------w C:\WINDOWS\ServicePackFiles\i386\mqtgsvc.exe
+ 2008-04-14 00:11:58 187,392 ------w C:\WINDOWS\ServicePackFiles\i386\mqtrig.dll
+ 2008-04-14 00:11:58 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\mqupgrd.dll
+ 2008-04-14 00:11:58 471,552 ------w C:\WINDOWS\ServicePackFiles\i386\mqutil.dll
+ 2008-04-13 18:32:44 180,608 ------w C:\WINDOWS\ServicePackFiles\i386\mrxdav.sys
+ 2008-04-13 19:17:01 456,576 ------w C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
+ 2008-04-14 00:11:58 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\msacm32.dll
+ 2008-04-14 00:11:58 331,776 ------w C:\WINDOWS\ServicePackFiles\i386\msadce.dll
+ 2008-04-13 17:25:57 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\msadcer.dll
+ 2008-04-14 00:11:58 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\msadcf.dll
+ 2008-04-13 17:25:57 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msadcfr.dll
+ 2008-04-14 00:11:58 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\msadco.dll
+ 2008-04-13 17:25:57 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msadcor.dll
+ 2008-04-14 00:11:58 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\msadcs.dll
+ 2008-04-14 00:11:58 155,648 ------w C:\WINDOWS\ServicePackFiles\i386\msadds.dll
+ 2008-04-13 17:25:58 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\msaddsr.dll
+ 2008-04-13 17:26:17 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\msader15.dll
+ 2008-04-14 00:11:58 536,576 ------w C:\WINDOWS\ServicePackFiles\i386\msado15.dll
+ 2008-04-14 00:11:58 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\msadomd.dll
+ 2008-04-14 00:11:58 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msador15.dll
+ 2008-04-14 00:11:58 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\msadox.dll
+ 2008-04-14 00:11:58 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msadrh15.dll
+ 2008-04-14 00:10:06 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\msafd.dll
+ 2008-04-14 00:11:58 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\msapsspc.dll
+ 2008-04-14 00:11:58 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msasn1.dll
+ 2008-04-14 00:11:58 220,160 ------w C:\WINDOWS\ServicePackFiles\i386\mscandui.dll
+ 2008-04-14 00:11:58 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\mscms.dll
+ 2008-04-14 00:11:58 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\msconf.dll
+ 2008-04-14 00:12:27 169,984 ------w C:\WINDOWS\ServicePackFiles\i386\msconfig.exe
+ 2004-08-04 12:00:00 116,288 ------w C:\WINDOWS\ServicePackFiles\i386\msconv97.dll
+ 2007-06-27 12:54:57 1,564,672 ------w C:\WINDOWS\ServicePackFiles\i386\mscorcfg.dll
+ 2008-04-13 16:10:41 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\mscordbc.dll
+ 2008-04-13 16:10:42 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\mscordbi.dll
+ 2007-06-27 12:55:10 131,072 ------w C:\WINDOWS\ServicePackFiles\i386\mscoree.dll
+ 2008-04-13 16:10:45 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\mscorie.dll
+ 2007-06-27 12:55:20 303,104 ------w C:\WINDOWS\ServicePackFiles\i386\mscorjit.dll
+ 2008-04-13 16:10:49 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\mscorld.dll
+ 2007-12-17 11:58:42 1,998,848 ------w C:\WINDOWS\ServicePackFiles\i386\mscorlib.dll
+ 2008-04-13 16:10:53 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\mscorpe.dll
+ 2008-04-13 16:10:53 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.chs.dll
+ 2008-04-13 16:10:54 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.cht.dll
+ 2008-04-13 16:10:54 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.dll
+ 2008-04-13 16:10:54 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.es.dll
+ 2008-04-13 16:10:54 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.fr.dll
+ 2008-04-13 16:10:55 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.ger.dll
+ 2008-04-13 16:10:55 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.it.dll
+ 2008-04-13 16:10:55 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.ja.dll
+ 2008-04-13 16:10:55 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.kor.dll
+ 2008-04-13 16:10:55 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\mscorsec.dll
+ 2008-04-13 16:10:55 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\mscorsn.dll
+ 2007-12-17 11:58:53 2,273,280 ------w C:\WINDOWS\ServicePackFiles\i386\mscorsvr.dll
+ 2008-04-13 16:10:58 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\mscortim.dll
+ 2007-12-17 11:59:26 2,281,472 ------w C:\WINDOWS\ServicePackFiles\i386\mscorwks.dll
+ 2008-04-13 17:26:07 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\mscpx32r.dll
+ 2008-04-14 00:11:58 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\mscpxl32.dll
+ 2008-04-14 00:11:58 297,984 ------w C:\WINDOWS\ServicePackFiles\i386\msctf.dll
+ 2008-04-14 00:11:58 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\msctfp.dll
+ 2008-04-14 00:11:58 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdadc.dll
+ 2008-04-14 00:11:58 118,784 ------w C:\WINDOWS\ServicePackFiles\i386\msdadiag.dll
+ 2008-04-14 00:11:58 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaenum.dll
+ 2008-04-14 00:11:58 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaer.dll
+ 2008-04-14 00:11:58 532,480 ------w C:\WINDOWS\ServicePackFiles\i386\msdaipp.dll
+ 2008-04-14 00:11:58 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\msdaora.dll
+ 2008-04-13 17:24:14 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msdaorar.dll
+ 2008-04-14 00:11:58 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\msdaosp.dll
+ 2008-04-13 17:25:58 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msdaprsr.dll
+ 2008-04-14 00:11:58 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\msdaprst.dll
+ 2008-04-14 00:11:59 204,800 ------w C:\WINDOWS\ServicePackFiles\i386\msdaps.dll
+ 2008-04-14 00:11:59 118,784 ------w C:\WINDOWS\ServicePackFiles\i386\msdarem.dll
+ 2008-04-13 17:25:58 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msdaremr.dll
+ 2008-04-14 00:11:59 151,552 ------w C:\WINDOWS\ServicePackFiles\i386\msdart.dll
+ 2008-04-14 00:11:59 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdasc.dll
+ 2008-04-14 00:11:59 315,392 ------w C:\WINDOWS\ServicePackFiles\i386\msdasql.dll
+ 2008-04-13 17:26:07 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msdasqlr.dll
+ 2008-04-14 00:11:59 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\msdatl3.dll
+ 2008-04-14 00:11:59 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\msdatt.dll
+ 2008-04-14 00:11:59 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaurl.dll
+ 2008-04-14 00:11:59 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\msdfmap.dll
+ 2008-04-14 00:11:59 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\msdmo.dll
+ 2008-04-14 00:12:27 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\msdtc.exe
+ 2008-04-14 00:11:59 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\msdtclog.dll
+ 2008-04-14 00:11:59 427,008 ------w C:\WINDOWS\ServicePackFiles\i386\msdtcprx.dll
+ 2008-04-14 00:11:59 90,112 ------w C:\WINDOWS\ServicePackFiles\i386\msdtcstp.dll
+ 2008-04-14 00:11:59 956,928 ------w C:\WINDOWS\ServicePackFiles\i386\msdtctm.dll
+ 2008-04-14 00:11:59 161,792 ------w C:\WINDOWS\ServicePackFiles\i386\msdtcuiu.dll
+ 2008-04-13 18:46:09 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\msdv.sys
+ 2007-12-10 12:41:11 518,944 ------w C:\WINDOWS\ServicePackFiles\i386\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ------w C:\WINDOWS\ServicePackFiles\i386\msexcl40.dll
+ 2008-04-13 18:32:39 19,072 ------w C:\WINDOWS\ServicePackFiles\i386\msfs.sys
+ 2008-04-14 00:11:59 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\msftedit.dll
+ 2008-04-14 00:11:59 997,376 ------w C:\WINDOWS\ServicePackFiles\i386\msgina.dll
+ 2008-04-13 18:56:32 35,072 ------w C:\WINDOWS\ServicePackFiles\i386\msgpc.sys
+ 2008-04-14 00:11:59 3,166,208 ------w C:\WINDOWS\ServicePackFiles\i386\msgr3en.dll
+ 2008-04-14 00:11:59 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\msgrocm.dll
+ 2008-04-14 00:11:59 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\msgsc.dll
+ 2008-04-13 17:30:28 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\msgslang.dll
+ 2008-04-14 00:11:59 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
+ 2008-04-14 00:12:45 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2008-04-14 00:12:45 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2008-04-14 00:12:27 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\mshta.exe
+ 2008-04-14 00:11:59 3,066,880 ------w C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
+ 2008-04-14 00:11:59 449,024 ------w C:\WINDOWS\ServicePackFiles\i386\mshtmled.dll
+ 2008-04-13 16:26:26 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\mshtmler.dll
+ 2008-04-14 00:11:59 2,843,136 ------w C:\WINDOWS\ServicePackFiles\i386\msi.dll
+ 2008-04-14 00:11:59 51,712 ------w C:\WINDOWS\ServicePackFiles\i386\msident.dll
+ 2008-04-14 00:11:59 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\msidle.dll
+ 2008-04-14 00:11:59 248,832 ------w C:\WINDOWS\ServicePackFiles\i386\msieftp.dll
+ 2008-04-14 00:12:28 78,848 ------w C:\WINDOWS\ServicePackFiles\i386\msiexec.exe
+ 2008-04-14 00:11:59 271,360 ------w C:\WINDOWS\ServicePackFiles\i386\msihnd.dll
+ 2008-04-14 00:11:59 4,608 ------w C:\WINDOWS\ServicePackFiles\i386\msimg32.dll
+ 2008-04-14 00:12:28 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
+ 2008-04-13 15:39:43 884,736 ------w C:\WINDOWS\ServicePackFiles\i386\msimsg.dll
+ 2008-04-14 00:11:59 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\msimtf.dll
+ 2008-04-14 00:11:59 376,832 ------w C:\WINDOWS\ServicePackFiles\i386\msinfo.dll
+ 2008-04-13 18:54:28 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\msircomm.sys
+ 2008-04-14 00:12:28 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\msiregmv.exe
+ 2008-04-14 00:11:59 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\msisip.dll
+ 2007-12-10 12:41:11 1,516,568 ------w C:\WINDOWS\ServicePackFiles\i386\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ------w C:\WINDOWS\ServicePackFiles\i386\msjetol1.dll
+ 2008-04-14 00:12:00 151,583 ------w C:\WINDOWS\ServicePackFiles\i386\msjint40.dll
+ 2008-04-14 00:12:00 102,400 ------w C:\WINDOWS\ServicePackFiles\i386\msjro.dll
+ 2007-12-10 12:41:12 60,192 ------w C:\WINDOWS\ServicePackFiles\i386\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ------w C:\WINDOWS\ServicePackFiles\i386\msjtes40.dll
+ 2008-04-13 18:39:52 7,552 ------w C:\WINDOWS\ServicePackFiles\i386\mskssrv.sys
+ 2008-04-14 00:12:00 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\mslbui.dll
+ 2007-12-10 12:41:12 219,936 ------w C:\WINDOWS\ServicePackFiles\i386\msltus40.dll
+ 2008-04-14 00:12:00 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\mslwvtts.dll
+ 2008-04-14 00:12:00 170,496 ------w C:\WINDOWS\ServicePackFiles\i386\msmqocm.dll
+ 2008-04-14 00:12:28 1,695,232 ------w C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
+ 2007-04-02 18:39:43 11,053,008 ------w C:\WINDOWS\ServicePackFiles\i386\msncli.exe
+ 2008-04-14 00:12:00 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\msnsspc.dll
+ 2007-04-02 18:42:37 1,327,320 ------w C:\WINDOWS\ServicePackFiles\i386\msnsusii.exe
+ 2008-04-14 00:12:00 122,368 ------w C:\WINDOWS\ServicePackFiles\i386\msobcomm.dll
+ 2008-04-14 00:12:00 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msobdl.dll
+ 2008-04-14 00:12:00 565,248 ------w C:\WINDOWS\ServicePackFiles\i386\msobmain.dll
+ 2008-04-14 00:12:00 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\msobshel.dll
+ 2008-04-14 00:12:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\msobweb.dll
+ 2008-04-14 00:12:00 1,314,816 ------w C:\WINDOWS\ServicePackFiles\i386\msoe.dll
+ 2008-04-14 00:12:00 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\msoeacct.dll
+ 2008-04-13 16:23:54 2,479,616 ------w C:\WINDOWS\ServicePackFiles\i386\msoeres.dll
+ 2008-04-14 00:12:00 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\msoert2.dll
+ 2008-04-14 00:12:28 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\msoobe.exe
+ 2008-04-13 17:24:14 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\msorc32r.dll
+ 2008-04-14 00:12:00 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\msorcl32.dll
+ 2008-04-14 00:12:28 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
+ 2008-04-14 00:12:00 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\mspatcha.dll
+ 2007-12-10 12:41:12 355,104 ------w C:\WINDOWS\ServicePackFiles\i386\mspbde40.dll
+ 2008-04-13 18:39:50 5,376 ------w C:\WINDOWS\ServicePackFiles\i386\mspclock.sys
+ 2008-04-13 18:39:51 4,992 ------w C:\WINDOWS\ServicePackFiles\i386\mspqm.sys
+ 2008-04-13 16:23:31 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\msprivs.dll
+ 2008-04-14 00:12:00 146,432 ------w C:\WINDOWS\ServicePackFiles\i386\msrating.dll
+ 2007-12-10 12:41:13 432,928 ------w C:\WINDOWS\ServicePackFiles\i386\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ------w C:\WINDOWS\ServicePackFiles\i386\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ------w C:\WINDOWS\ServicePackFiles\i386\msrepl40.dll
+ 2008-04-14 00:12:00 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\msrle32.dll
+ 2008-04-14 00:12:00 134,656 ------w C:\WINDOWS\ServicePackFiles\i386\mssap.dll
+ 2008-04-14 00:12:00 155,136 ------w C:\WINDOWS\ServicePackFiles\i386\mssha.dll
+ 2008-04-13 18:14:58 76,800 ------w C:\WINDOWS\ServicePackFiles\i386\msshamsg.dll
+ 2008-04-13 18:36:46 15,488 ------w C:\WINDOWS\ServicePackFiles\i386\mssmbios.sys
+ 2008-04-14 00:12:00 274,432 ------w C:\WINDOWS\ServicePackFiles\i386\mst120.dll
+ 2008-04-14 00:12:00 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\mst123.dll
+ 2008-04-13 18:46:08 49,024 ------w C:\WINDOWS\ServicePackFiles\i386\mstape.sys
+ 2008-04-14 00:12:00 274,944 ------w C:\WINDOWS\ServicePackFiles\i386\mstask.dll
+ 2008-04-13 18:39:50 5,504 ------w C:\WINDOWS\ServicePackFiles\i386\mstee.sys
+ 2007-12-10 12:41:13 264,992 ------w C:\WINDOWS\ServicePackFiles\i386\mstext40.dll
+ 2008-04-14 00:12:00 532,480 ------w C:\WINDOWS\ServicePackFiles\i386\mstime.dll
+ 2008-04-14 00:12:29 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\mstinit.exe
+ 2008-04-14 00:12:00 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\mstlsapi.dll
+ 2008-04-14 00:12:00 195,072 ------w C:\WINDOWS\ServicePackFiles\i386\msutb.dll
+ 2008-04-14 00:12:00 132,608 ------w C:\WINDOWS\ServicePackFiles\i386\msv1_0.dll
+ 2008-04-14 00:12:00 1,384,479 ------w C:\WINDOWS\ServicePackFiles\i386\msvbvm60.dll
+ 2008-04-14 00:12:01 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msvcirt.dll
+ 2008-04-14 00:12:01 413,696 ------w C:\WINDOWS\ServicePackFiles\i386\msvcp60.dll
+ 2008-04-14 00:12:01 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
+ 2008-04-13 18:30:46 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\msvcrt40.dll
+ 2008-04-14 00:12:01 121,344 ------w C:\WINDOWS\ServicePackFiles\i386\msvfw32.dll
+ 2008-04-14 00:12:01 1,428,992 ------w C:\WINDOWS\ServicePackFiles\i386\msvidctl.dll
+ 2008-04-14 00:12:01 72,704 ------w C:\WINDOWS\ServicePackFiles\i386\msw3prt.dll
+ 2007-12-10 12:41:13 838,432 ------w C:\WINDOWS\ServicePackFiles\i386\mswdat10.dll
+ 2008-04-14 00:12:01 203,776 ------w C:\WINDOWS\ServicePackFiles\i386\mswebdvd.dll
+ 2008-04-14 00:12:01 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
+ 2007-12-10 12:41:14 621,344 ------w C:\WINDOWS\ServicePackFiles\i386\mswstr10.dll
+ 2008-04-14 00:12:01 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\msxactps.dll
+ 2007-12-10 12:41:14 355,104 ------w C:\WINDOWS\ServicePackFiles\i386\msxbde40.dll
+ 2008-04-14 00:12:01 506,368 ------w C:\WINDOWS\ServicePackFiles\i386\msxml.dll
+ 2008-04-14 00:12:01 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\msxml2.dll
+ 2008-04-14 00:12:01 1,104,896 ------w C:\WINDOWS\ServicePackFiles\i386\msxml3.dll
+ 2008-04-14 00:12:01 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\msyuv.dll
+ 2004-08-04 06:41:40 126,686 ------w C:\WINDOWS\ServicePackFiles\i386\mtlmnt5.sys
+ 2004-08-04 06:41:38 1,309,184 ------w C:\WINDOWS\ServicePackFiles\i386\mtlstrm.sys
+ 2008-04-14 00:12:29 119,808 ------w C:\WINDOWS\ServicePackFiles\i386\mtstocom.exe
+ 2008-04-14 00:12:01 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\mtxclu.dll
+ 2008-04-14 00:12:01 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\mtxdm.dll
+ 2008-04-14 00:12:01 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\mtxex.dll
+ 2008-04-14 00:12:01 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\mtxlegih.dll
+ 2008-04-14 00:12:01 91,648 ------w C:\WINDOWS\ServicePackFiles\i386\mtxoci.dll
+ 2008-04-14 00:12:01 1,737,856 ------w C:\WINDOWS\ServicePackFiles\i386\mtxparhd.dll
+ 2004-08-04 06:29:38 452,736 ------w C:\WINDOWS\ServicePackFiles\i386\mtxparhm.sys
+ 2008-04-14 00:12:29 90,624 ------w C:\WINDOWS\ServicePackFiles\i386\muisetup.exe
+ 2008-04-13 19:17:05 105,344 ------w C:\WINDOWS\ServicePackFiles\i386\mup.sys
+ 2008-04-13 18:43:55 12,672 ------w C:\WINDOWS\ServicePackFiles\i386\mutohpen.sys
+ 2008-04-14 00:12:01 90,624 ------w C:\WINDOWS\ServicePackFiles\i386\mydocs.dll
+ 2008-04-13 18:46:25 85,248 ------w C:\WINDOWS\ServicePackFiles\i386\nabtsfec.sys
+ 2008-04-14 00:12:01 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\nac.dll
+ 2008-04-14 00:12:01 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\napipsec.dll
+ 2008-04-14 00:12:01 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\napmontr.dll
+ 2008-04-14 00:12:29 176,640 ------w C:\WINDOWS\ServicePackFiles\i386\napstat.exe
+ 2008-04-14 00:12:29 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\narrator.exe
+ 2008-04-14 00:12:01 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\ncobjapi.dll
+ 2008-04-14 00:12:01 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\ncprov.dll
+ 2008-04-14 00:12:01 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\ncpsres.dll
+ 2008-04-14 00:12:01 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\nddeapi.dll
+ 2008-04-14 00:12:29 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\nddeapir.exe
+ 2008-04-14 00:12:01 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\nddenb32.dll
+ 2008-04-13 19:20:37 182,656 ------w C:\WINDOWS\ServicePackFiles\i386\ndis.sys
+ 2008-04-13 18:46:22 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\ndisip.sys
+ 2008-04-14 00:12:01 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\ndisnpp.dll
+ 2008-04-13 18:57:27 10,112 ------w C:\WINDOWS\ServicePackFiles\i386\ndistapi.sys
+ 2008-04-13 18:55:58 14,592 ------w C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys
+ 2008-04-13 19:20:42 91,520 ------w C:\WINDOWS\ServicePackFiles\i386\ndiswan.sys
+ 2008-04-13 18:57:29 40,576 ------w C:\WINDOWS\ServicePackFiles\i386\ndproxy.sys
+ 2008-04-14 00:12:29 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\net.exe
+ 2008-04-14 00:12:29 124,928 ------w C:\WINDOWS\ServicePackFiles\i386\net1.exe
+ 2008-04-14 00:12:01 337,408 ------w C:\WINDOWS\ServicePackFiles\i386\netapi32.dll
+ 2008-04-13 18:56:02 34,688 ------w C:\WINDOWS\ServicePackFiles\i386\netbios.sys
+ 2008-04-13 19:21:00 162,816 ------w C:\WINDOWS\ServicePackFiles\i386\netbt.sys
+ 2008-04-14 00:12:01 622,592 ------w C:\WINDOWS\ServicePackFiles\i386\netcfgx.dll
+ 2008-04-14 00:12:29 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\netdde.exe
+ 2004-08-04 12:00:00 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\netfxocm.dll
+ 2007-12-17 11:59:53 82,976 ------w C:\WINDOWS\ServicePackFiles\i386\netfxupdate.exe
+ 2008-04-14 00:12:01 139,264 ------w C:\WINDOWS\ServicePackFiles\i386\netid.dll
+ 2008-04-14 00:12:01 407,040 ------w C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
+ 2008-04-14 00:12:01 198,144 ------w C:\WINDOWS\ServicePackFiles\i386\netman.dll
+ 2008-04-14 00:12:01 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\netoc.dll
+ 2008-04-14 00:12:01 875,008 ------w C:\WINDOWS\ServicePackFiles\i386\netplwiz.dll
+ 2008-04-14 00:12:01 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\netrap.dll
+ 2008-04-14 00:16:51 329,728 ------w C:\WINDOWS\ServicePackFiles\i386\netsetup.exe
+ 2008-04-14 00:12:29 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\netsh.exe
+ 2008-04-14 00:12:02 1,703,936 ------w C:\WINDOWS\ServicePackFiles\i386\netshell.dll
+ 2008-04-14 00:12:29 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\netstat.exe
+ 2008-04-14 00:12:02 80,896 ------w C:\WINDOWS\ServicePackFiles\i386\netui0.dll
+ 2008-04-14 00:12:02 245,760 ------w C:\WINDOWS\ServicePackFiles\i386\netui1.dll
+ 2004-08-04 05:31:42 132,695 ------w C:\WINDOWS\ServicePackFiles\i386\netwlan5.sys
+ 2008-04-14 00:12:02 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\newdev.dll
+ 2008-04-13 16:11:06 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\ngen.exe
+ 2008-04-13 18:51:25 61,824 ------w C:\WINDOWS\ServicePackFiles\i386\nic1394.sys
+ 2008-04-14 00:12:02 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\nlhtml.dll
+ 2008-04-14 00:12:02 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\nmas.dll
+ 2008-04-14 00:12:02 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\nmasnt.dll
+ 2008-04-14 00:12:02 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\nmchat.dll
+ 2008-04-14 00:12:02 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\nmcom.dll
+ 2008-04-14 00:12:02 151,552 ------w C:\WINDOWS\ServicePackFiles\i386\nmft.dll
+ 2008-04-14 00:12:02 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\nmmkcert.dll
+ 2008-04-13 18:53:09 40,320 ------w C:\WINDOWS\ServicePackFiles\i386\nmnt.sys
+ 2008-04-14 00:12:02 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\nmoldwb.dll
+ 2008-04-14 00:12:02 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\nmwb.dll
+ 2008-04-14 00:12:29 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\notepad.exe
+ 2008-04-13 18:32:39 30,848 ------w C:\WINDOWS\ServicePackFiles\i386\npfs.sys
+ 2008-04-14 00:12:29 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\nppagent.exe
+ 2008-04-14 00:12:02 54,784 ------w C:\WINDOWS\ServicePackFiles\i386\npptools.dll
+ 2008-04-13 18:54:36 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\nscirda.sys
+ 2008-04-14 00:12:02 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\nsepm.dll
+ 2008-04-14 00:12:29 76,800 ------w C:\WINDOWS\ServicePackFiles\i386\nslookup.exe
+ 2008-04-14 00:12:30 1,200,640 ------w C:\WINDOWS\ServicePackFiles\i386\ntbackup.exe
+ 2007-12-10 20:51:52 47,564 ------w C:\WINDOWS\ServicePackFiles\i386\ntdetect.com
+ 2008-04-14 00:11:24 706,048 ------w C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
+ 2008-04-14 00:12:02 67,072 ------w C:\WINDOWS\ServicePackFiles\i386\ntdsapi.dll
+ 2008-04-14 00:12:02 212,992 ------w C:\WINDOWS\ServicePackFiles\i386\ntevt.dll
+ 2008-04-13 19:15:53 574,976 ------w C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
+ 2004-08-04 12:00:00 33,840 ------w C:\WINDOWS\ServicePackFiles\i386\ntio.sys
+ 2004-08-04 12:00:00 34,560 ------w C:\WINDOWS\ServicePackFiles\i386\ntio404.sys
+ 2004-08-04 12:00:00 35,648 ------w C:\WINDOWS\ServicePackFiles\i386\ntio411.sys
+ 2004-08-04 12:00:00 35,424 ------w C:\WINDOWS\ServicePackFiles\i386\ntio412.sys
+ 2004-08-04 12:00:00 34,560 ------w C:\WINDOWS\ServicePackFiles\i386\ntio804.sys
+ 2008-04-13 19:24:37 2,145,280 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrnlmp.exe
+ 2008-04-13 18:31:21 2,065,792 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
+ 2008-04-13 18:31:21 2,023,936 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrpamp.exe
+ 2008-04-14 00:12:02 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\ntlanman.dll
+ 2008-04-14 00:12:02 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\ntlsapi.dll
+ 2008-04-14 00:12:02 118,784 ------w C:\WINDOWS\ServicePackFiles\i386\ntmarta.dll
+ 2008-04-14 00:12:02 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsapi.dll
+ 2008-04-14 00:12:02 179,200 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsdba.dll
+ 2008-04-14 00:12:02 488,448 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsmgr.dll
+ 2008-04-14 00:12:02 435,200 ------w C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
+ 2004-08-04 06:41:40 180,360 ------w C:\WINDOWS\ServicePackFiles\i386\ntmtlfax.sys
+ 2008-04-14 00:12:02 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\ntoc.dll
+ 2008-04-13 19:27:53 2,188,928 ------w C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
+ 2008-04-14 00:12:02 91,136 ------w C:\WINDOWS\ServicePackFiles\i386\ntprint.dll
+ 2008-04-14 00:12:02 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\ntshrui.dll
+ 2008-04-14 00:12:30 420,864 ------w C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe
+ 2008-04-14 00:12:02 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ntvdmd.dll
+ 2008-04-14 00:12:02 4,274,816 ------w C:\WINDOWS\ServicePackFiles\i386\nv4_disp.dll
+ 2004-08-04 05:29:56 1,897,408 ------w C:\WINDOWS\ServicePackFiles\i386\nv4_mini.sys
+ 2008-04-14 00:12:02 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\nwapi32.dll
+ 2008-04-13 18:56:06 88,320 ------w C:\WINDOWS\ServicePackFiles\i386\nwlnkipx.sys
+ 2008-04-14 00:12:02 142,336 ------w C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
+ 2008-04-13 18:34:12 163,584 ------w C:\WINDOWS\ServicePackFiles\i386\nwrdr.sys
+ 2008-04-14 00:12:02 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\nwwks.dll
+ 2008-04-14 00:12:02 270,336 ------w C:\WINDOWS\ServicePackFiles\i386\oakley.dll
+ 2008-04-14 00:10:30 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\obelog.dll
+ 2008-04-14 00:10:30 966,656 ------w C:\WINDOWS\ServicePackFiles\i386\obemetal.dll
+ 2007-04-02 18:44:11 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\obemtllc.dll
+ 2008-04-14 00:10:30 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\obepopc.dll
+ 2008-04-14 00:12:02 286,208 ------w C:\WINDOWS\ServicePackFiles\i386\objsel.dll
+ 2008-04-13 18:40:07 393,728 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0401.dll
+ 2008-04-13 18:40:23 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0404.dll
+ 2008-04-13 18:40:24 428,032 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0405.dll
+ 2008-04-13 18:40:27 418,816 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0406.dll
+ 2008-04-13 18:40:34 403,456 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0407.dll
+ 2008-04-13 18:40:30 419,328 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0408.dll
+ 2008-04-13 18:40:32 405,504 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040b.dll
+ 2008-04-13 18:40:33 410,624 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040c.dll
+ 2008-04-13 18:40:32 384,000 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040d.dll
+ 2008-04-13 18:40:39 434,176 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040e.dll
+ 2008-04-13 18:40:39 413,696 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0410.dll
+ 2008-04-13 18:40:44 275,456 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0411.dll
+ 2008-04-13 18:40:48 306,688 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0412.dll
+ 2008-04-13 18:40:44 401,920 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0413.dll
+ 2008-04-13 18:40:44 353,792 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0414.dll
+ 2008-04-13 18:40:47 391,680 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0415.dll
+ 2008-04-13 18:40:10 409,600 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0416.dll
+ 2008-04-13 18:40:50 427,008 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0419.dll
+ 2008-04-13 18:40:52 405,504 ------w C:\WINDOWS\ServicePackFiles\i386\obrb041b.dll
+ 2008-04-13 18:40:56 363,008 ------w C:\WINDOWS\ServicePackFiles\i386\obrb041d.dll
+ 2008-04-13 18:41:00 390,144 ------w C:\WINDOWS\ServicePackFiles\i386\obrb041f.dll
+ 2008-04-13 18:40:56 408,576 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0424.dll
+ 2008-04-13 18:40:24 270,336 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0804.dll
+ 2008-04-13 18:40:48 435,200 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0816.dll
+ 2008-04-13 18:40:30 446,464 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0c0a.dll
+ 2008-04-14 00:12:02 96,256 ------w C:\WINDOWS\ServicePackFiles\i386\occache.dll
+ 2008-04-14 00:12:02 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ocgen.dll
+ 2008-04-14 00:12:02 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\ocmanage.dll
+ 2008-04-14 00:12:02 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\ocmsn.dll
+ 2004-08-04 12:00:00 26,224 ------w C:\WINDOWS\ServicePackFiles\i386\odbc16gt.dll
+ 2008-04-14 00:12:02 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\odbc32.dll
+ 2008-04-14 00:12:02 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\odbc32gt.dll
+ 2008-04-14 00:12:30 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe
+ 2008-04-14 00:12:02 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\odbcbcp.dll
+ 2008-04-14 00:12:02 135,168 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.dll
+ 2008-04-14 00:12:30 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe
+ 2008-04-14 00:12:02 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\odbccp32.dll
+ 2008-04-14 00:12:02 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\odbccr32.dll
+ 2008-04-14 00:12:02 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\odbccu32.dll
+ 2008-04-13 17:26:05 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\odbcint.dll
+ 2008-04-14 00:10:31 53,279 ------w C:\WINDOWS\ServicePackFiles\i386\odbcji32.dll
+ 2008-04-14 00:12:02 278,559 ------w C:\WINDOWS\ServicePackFiles\i386\odbcjt32.dll
+ 2008-04-13 17:26:05 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\odbcp32r.dll
+ 2008-04-14 00:12:02 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\odbctrac.dll
+ 2008-04-14 00:12:02 20,511 ------w C:\WINDOWS\ServicePackFiles\i386\oddbse32.dll
+ 2008-04-14 00:12:02 20,510 ------w C:\WINDOWS\ServicePackFiles\i386\odexl32.dll
+ 2008-04-14 00:12:02 20,510 ------w C:\WINDOWS\ServicePackFiles\i386\odfox32.dll
+ 2008-04-14 00:12:02 20,510 ------w C:\WINDOWS\ServicePackFiles\i386\odpdx32.dll
+ 2008-04-14 00:12:02 20,511 ------w C:\WINDOWS\ServicePackFiles\i386\odtext32.dll
+ 2008-04-14 00:12:02 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\oeimport.dll
+ 2008-04-14 00:12:30 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\oemig50.exe
+ 2008-04-14 00:12:02 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\oemiglib.dll
+ 2008-04-14 00:12:02 192,000 ------w C:\WINDOWS\ServicePackFiles\i386\offfilt.dll
+ 2008-04-13 18:46:18 61,696 ------w C:\WINDOWS\ServicePackFiles\i386\ohci1394.sys
+ 2008-04-14 00:12:02 1,287,168 ------w C:\WINDOWS\ServicePackFiles\i386\ole32.dll
+ 2008-04-14 00:12:02 551,936 ------w C:\WINDOWS\ServicePackFiles\i386\oleaut32.dll
+ 2008-04-14 00:12:02 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\olecli32.dll
+ 2008-04-14 00:12:02 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\olecnv32.dll
+ 2008-04-14 00:12:02 487,424 ------w C:\WINDOWS\ServicePackFiles\i386\oledb32.dll
+ 2008-04-14 00:12:02 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\oledb32r.dll
+ 2008-04-14 00:12:02 122,880 ------w C:\WINDOWS\ServicePackFiles\i386\oledlg.dll
+ 2008-04-14 00:12:02 107,008 ------w C:\WINDOWS\ServicePackFiles\i386\oleprn.dll
+ 2008-04-14 00:12:02 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\olepro32.dll
+ 2008-04-14 00:12:02 144,384 ------w C:\WINDOWS\ServicePackFiles\i386\onex.dll
+ 2008-04-14 00:12:31 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\oobebaln.exe
+ 2008-04-14 00:12:02 713,728 ------w C:\WINDOWS\ServicePackFiles\i386\opengl32.dll
+ 2008-04-14 00:12:31 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\opnfiles.exe
+ 2008-04-13 18:32:32 166,912 ------w C:\WINDOWS\ServicePackFiles\i386\oschoice.exe
+ 2008-04-14 00:12:31 215,552 ------w C:\WINDOWS\ServicePackFiles\i386\osk.exe
+ 2008-04-13 18:31:43 230,400 ------w C:\WINDOWS\ServicePackFiles\i386\osloader.exe
+ 2008-04-14 00:12:02 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\osuninst.dll
+ 2008-04-14 00:12:02 153,600 ------w C:\WINDOWS\ServicePackFiles\i386\p2p.dll
+ 2008-04-14 00:12:02 105,472 ------w C:\WINDOWS\ServicePackFiles\i386\p2pgasvc.dll
+ 2008-04-14 00:12:02 313,856 ------w C:\WINDOWS\ServicePackFiles\i386\p2pgraph.dll
+ 2008-04-14 00:12:02 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\p2pnetsh.dll
+ 2008-04-14 00:12:02 554,496 ------w C:\WINDOWS\ServicePackFiles\i386\p2psvc.dll
+ 2008-04-13 18:31:31 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\p3.sys
+ 2008-04-14 00:12:31 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\packager.exe
+ 2008-04-13 18:40:10 80,128 ------w C:\WINDOWS\ServicePackFiles\i386\parport.sys
+ 2008-04-13 18:40:49 19,712 ------w C:\WINDOWS\ServicePackFiles\i386\partmgr.sys
+ 2008-04-14 00:12:02 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\pautoenr.dll
+ 2004-08-04 05:31:24 29,502 ------w C:\WINDOWS\ServicePackFiles\i386\pca200e.sys
+ 2008-04-14 00:12:02 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\pchshell.dll
+ 2008-04-14 00:12:02 38,400 ------w C:\WINDOWS\ServicePackFiles\i386\pchsvc.dll
+ 2008-04-13 18:36:44 68,224 ------w C:\WINDOWS\ServicePackFiles\i386\pci.sys




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users