Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.TDSS and HJT log


  • This topic is locked This topic is locked
16 replies to this topic

#1 Pilottype1

Pilottype1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 26 December 2008 - 06:07 PM

I'm having a huge problem getting rid of trojan.tdss. The symptoms include IE (6.0) not working properly (redirects, outright not loading some webpages, images not downloading) and overall very, very slow system performance.

I've run Malwarebytes, Windows Live OneCare, Norton 360 (which the virus will also not allow to run), AVG Free Edition, and maybe one other. Malwarebytes initially found approximately 10 infections, but now finds zero. Norton found a few, but after the last scan, I cannot get it to run.

Here's a copy of the HJT log, and thanks for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:51 PM, on 12/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7719 bytes




Thanks,
Pilottype

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:21 PM

Posted 26 December 2008 - 06:57 PM

Hi, Pilottype1 :thumbsup:

Welcome.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console upon request.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Pilottype1

Pilottype1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 26 December 2008 - 07:16 PM

ComboFix Log:

ComboFix 08-12-26.02 - Bryan Dossey 2008-12-26 18:07:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.149 [GMT -6:00]
Running from: c:\documents and settings\Bryan Dossey\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
.

((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.

2008-12-26 17:18 . 2008-12-26 17:19 <DIR> d-------- c:\program files\mab
2008-12-26 17:18 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 17:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 16:58 . 2006-09-15 15:49 139,264 --a------ c:\windows\system32\igfxres.dll
2008-12-26 16:50 . 2004-08-10 04:13 73,728 --a--c--- c:\windows\system32\dllcache\ehresja.dll
2008-12-26 16:50 . 2004-08-10 04:13 69,632 --a--c--- c:\windows\system32\dllcache\ehresko.dll
2008-12-26 16:50 . 2004-08-10 04:13 69,632 --a--c--- c:\windows\system32\dllcache\ehresfr.dll
2008-12-26 16:50 . 2004-08-10 04:13 69,632 --a--c--- c:\windows\system32\dllcache\ehresde.dll
2008-12-26 16:48 . 2004-08-10 05:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2008-12-26 16:47 . 2004-08-10 05:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-12-26 16:46 . 2004-08-10 05:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2008-12-26 16:45 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2008-12-26 16:38 . 2004-08-10 05:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2008-12-26 16:38 . 2008-12-26 16:38 749 -rah----- c:\windows\WindowsShell.Manifest
2008-12-26 16:38 . 2008-12-26 16:38 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-26 16:38 . 2008-12-26 16:38 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-12-26 16:38 . 2008-12-26 16:38 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-12-26 16:38 . 2008-12-26 16:38 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-12-26 16:38 . 2008-12-26 16:38 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-12-26 16:31 . 2008-12-26 16:45 <DIR> d-------- c:\windows\LastGood.Tmp
2008-12-26 15:48 . 2004-08-10 05:00 1,086,058 -ra------ c:\windows\SETB6.tmp
2008-12-26 15:48 . 2004-08-10 05:00 106,147 -ra------ c:\windows\SETB3.tmp
2008-12-26 15:48 . 2004-08-10 05:00 13,753 -ra------ c:\windows\SETC2.tmp
2008-12-25 22:59 . 2008-12-26 14:20 <DIR> d-------- c:\program files\Malware
2008-12-25 22:57 . 2008-12-25 22:58 12,274 --a------ c:\windows\setupapi.old
2008-12-25 21:02 . 2008-12-25 21:02 <DIR> d-------- c:\program files\Trend Micro
2008-12-25 16:20 . 2008-12-25 16:20 <DIR> d-------- c:\documents and settings\Bryan Dossey\Application Data\Malwarebytes
2008-12-25 16:20 . 2008-12-25 16:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-25 16:10 . 2008-12-25 16:14 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2008-12-24 00:44 . 2008-12-24 00:44 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-24 00:35 . 2008-12-24 00:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg7
2008-12-23 04:13 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-23 04:13 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-23 04:13 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-23 03:23 . 2008-12-23 03:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-23 00:29 . 2008-12-23 00:29 <DIR> d-------- C:\04efae824985bf6294c84158dc
2008-12-22 00:09 . 2004-08-10 05:00 214,528 --a--c--- c:\windows\system32\dllcache\icwconn1.exe
2008-12-22 00:09 . 2004-08-10 05:00 86,016 --a--c--- c:\windows\system32\dllcache\icwconn2.exe
2008-12-22 00:09 . 2004-08-10 05:00 32,768 --a--c--- c:\windows\system32\dllcache\icwdl.dll
2008-12-22 00:09 . 2004-08-10 05:00 20,480 --a--c--- c:\windows\system32\dllcache\inetwiz.exe
2008-12-21 23:46 . 2004-08-10 05:00 1,086,058 -ra------ c:\windows\SET7E.tmp
2008-12-21 23:46 . 2004-08-10 05:00 106,147 -ra------ c:\windows\SET7B.tmp
2008-12-21 23:46 . 2006-03-30 04:03 22,339 -ra------ c:\windows\SETCD.tmp
2008-12-21 23:46 . 2004-08-10 05:00 13,753 -ra------ c:\windows\SET8A.tmp
2008-12-21 23:46 . 2005-03-30 11:54 10,559 -ra------ c:\windows\SETCE.tmp
2008-12-21 23:45 . 2008-12-21 23:45 <DIR> d---s---- c:\windows\system32\config\systemprofile\History
2008-12-21 22:11 . 2008-12-22 23:56 <DIR> d-------- c:\documents and settings\Bryan Dossey\Application Data\Symantec
2008-12-21 22:03 . 2008-12-21 22:03 <DIR> d-------- c:\program files\Windows Sidebar
2008-12-21 22:02 . 2008-12-25 16:13 <DIR> d-------- c:\program files\Norton 360
2008-12-21 21:57 . 2008-12-21 22:07 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-21 21:57 . 2008-12-21 22:07 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-21 21:57 . 2008-12-21 22:07 10,563 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-21 21:57 . 2008-12-21 22:07 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-21 21:56 . 2008-12-21 22:07 <DIR> d-------- c:\program files\Symantec
2008-12-21 21:56 . 2008-12-23 04:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-21 21:48 . 2008-12-24 18:00 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-18 18:55 . 2008-12-18 21:13 <DIR> d-------- c:\windows\system32\cap2
2008-12-18 18:55 . 2008-12-18 18:55 <DIR> d-------- c:\windows\system32\ain
2008-12-18 18:55 . 2008-12-26 14:57 <DIR> d-------- C:\Temp
2008-12-15 15:54 . 2008-12-15 15:53 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-15 15:39 . 2008-12-15 15:39 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-15 14:03 . 2008-12-15 14:03 <DIR> d-------- c:\documents and settings\Bryan Dossey\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2008-12-15 14:02 . 2008-12-15 14:02 <DIR> d-------- c:\program files\TweetDeck
2008-12-15 11:44 . 2008-12-15 11:44 <DIR> d-------- c:\documents and settings\Bryan Dossey\Application Data\SmartFTP
2008-12-15 11:43 . 2008-12-15 11:43 <DIR> d-------- c:\program files\SmartFTP Client 3.0 Setup Files
2008-12-15 11:43 . 2008-12-15 11:43 <DIR> d-------- c:\program files\SmartFTP Client
2008-12-11 11:07 . 2008-12-11 11:07 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2008-12-11 11:07 . 2008-12-11 11:07 <DIR> d--h----- c:\program files\CanonBJ
2008-12-11 11:07 . 2008-12-11 11:07 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-12-11 11:07 . 2006-11-06 14:00 198,656 --a------ c:\windows\system32\CNMLM8O.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-26 20:49 --------- d-----w c:\documents and settings\Bryan Dossey\Application Data\U3
2008-12-24 09:30 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-24 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-15 21:53 --------- d-----w c:\program files\Java
2008-12-15 17:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 16:20 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-01 06:19 --------- d-----w c:\documents and settings\Bryan Dossey\Application Data\Azureus
2008-11-09 19:39 --------- d-----w c:\program files\AutoGK
2008-11-09 19:38 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe
2008-11-09 19:38 --------- d-----w c:\program files\Gabest
2008-11-09 19:38 --------- d-----w c:\program files\AviSynth 2.5
2008-11-07 01:41 --------- d-----w c:\program files\WinPcap
2008-11-07 01:40 --------- d-----w c:\program files\SoftByte Labs
2008-11-06 19:00 --------- d-----w c:\program files\WinHTTrack
2008-11-05 05:51 --------- d-----w c:\program files\MSB IntegriClaim
2008-11-04 07:44 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-04 07:18 --------- d-----w c:\program files\Common Files\Adobe
2008-11-04 07:06 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-03 23:20 --------- d-----w c:\program files\Vuze
2008-11-03 23:20 --------- d-----w c:\program files\AskBarDis
2008-11-03 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-10-31 03:47 --------- d-----w c:\documents and settings\Bryan Dossey\Application Data\diag
2008-10-28 02:27 --------- d-----w c:\program files\Apple Software Update
2008-10-22 16:25 37,027 ----a-w c:\windows\atmoUn.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-05-25 02:09 47,360 ----a-w c:\documents and settings\Bryan Dossey\Application Data\pcouffin.sys
2008-06-30 19:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-26_15.02.29.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-26 22:34:55 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_b3f135c7\CustomMarshalers.dll
+ 2008-12-26 22:34:47 3,301,376 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_82133dc4\mscorlib.dll
+ 2008-12-26 22:34:54 1,454,080 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_70d30324\System.Design.dll
+ 2008-12-26 22:34:54 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_37b9bd73\System.Drawing.Design.dll
+ 2008-12-26 22:34:57 847,872 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_6ecd6c23\System.Drawing.dll
+ 2008-12-26 22:34:51 2,953,216 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_a9048dcd\System.Windows.Forms.dll
+ 2008-12-26 22:34:56 2,027,520 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_39e814ee\System.Xml.dll
+ 2008-12-26 22:34:45 1,855,488 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_b5b7eff0\System.dll
- 2008-08-14 09:55:01 2,142,720 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-30 01:21:23 2,135,552 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-08-14 09:18:44 2,062,976 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-30 01:01:11 2,056,832 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-08-14 09:18:46 2,020,864 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-30 01:01:12 2,015,232 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-08-14 09:57:20 2,185,984 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-30 01:23:32 2,179,584 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2007-06-13 10:23:07 1,033,216 ----a-w c:\windows\explorer.exe
+ 2004-08-10 11:00:00 1,032,192 ----a-w c:\windows\explorer.exe
- 2005-05-26 23:22:01 10,752 ----a-w c:\windows\hh.exe
+ 2004-08-10 11:00:00 10,752 ----a-w c:\windows\hh.exe
+ 2004-08-10 11:00:00 230,912 ----a-w c:\windows\LastGood.Tmp\system32\blackbox.dll
+ 2004-08-10 11:00:00 158,720 ----a-w c:\windows\LastGood.Tmp\system32\cewmdm.dll
+ 2004-08-10 11:00:00 16,896 ----a-w c:\windows\LastGood.Tmp\system32\DRIVERS\wpdusb.sys
+ 2005-08-03 23:29:52 178,936 ----a-w c:\windows\LastGood.Tmp\system32\drmupgds.exe
+ 2004-08-10 11:00:00 533,504 ----a-w c:\windows\LastGood.Tmp\system32\drmv2clt.dll
+ 2004-08-10 11:00:00 6,656 ----a-w c:\windows\LastGood.Tmp\system32\laprxy.dll
+ 2004-08-10 11:00:00 94,208 ----a-w c:\windows\LastGood.Tmp\system32\logagent.exe
+ 2005-08-03 23:29:52 106,496 ----a-w c:\windows\LastGood.Tmp\system32\mfplat.dll
+ 2004-08-10 11:00:00 138,240 ----a-w c:\windows\LastGood.Tmp\system32\msnetobj.dll
+ 2004-08-10 11:00:00 25,088 ----a-w c:\windows\LastGood.Tmp\system32\MsPMSNSv.dll
+ 2004-08-10 11:00:00 166,400 ----a-w c:\windows\LastGood.Tmp\system32\MsPMSP.dll
+ 2004-08-10 11:00:00 350,720 ----a-w c:\windows\LastGood.Tmp\system32\MSSCP.dll
+ 2004-08-10 11:00:00 312,832 ----a-w c:\windows\LastGood.Tmp\system32\MSWMDM.dll
+ 2004-08-10 11:00:00 221,184 ----a-w c:\windows\LastGood.Tmp\system32\qasf.dll
+ 2004-08-10 11:00:00 46,592 ----a-w c:\windows\LastGood.Tmp\system32\uwdf.exe
+ 2004-08-10 11:00:00 15,360 ----a-w c:\windows\LastGood.Tmp\system32\wdfapi.dll
+ 2004-08-10 11:00:00 38,912 ----a-w c:\windows\LastGood.Tmp\system32\wdfmgr.exe
+ 2004-08-10 11:00:00 371,712 ----a-w c:\windows\LastGood.Tmp\system32\wmadmod.dll
+ 2004-08-10 11:00:00 712,704 ----a-w c:\windows\LastGood.Tmp\system32\wmadmoe.dll
+ 2004-08-10 11:00:00 223,744 ----a-w c:\windows\LastGood.Tmp\system32\wmasf.dll
+ 2004-08-10 11:00:00 25,088 ----a-w c:\windows\LastGood.Tmp\system32\WMDMLOG.dll
+ 2004-08-10 11:00:00 33,280 ----a-w c:\windows\LastGood.Tmp\system32\WMDMPS.dll
+ 2004-08-10 11:00:00 344,064 ----a-w c:\windows\LastGood.Tmp\system32\WMDRMdev.dll
+ 2004-08-10 11:00:00 290,816 ----a-w c:\windows\LastGood.Tmp\system32\WMDRMNet.dll
+ 2005-08-03 23:29:52 180,224 ----a-w c:\windows\LastGood.Tmp\system32\wmdrmsdk.dll
+ 2004-08-10 11:00:00 146,432 ----a-w c:\windows\LastGood.Tmp\system32\wmidx.dll
+ 2004-08-10 11:00:00 1,023,488 ----a-w c:\windows\LastGood.Tmp\system32\wmnetmgr.dll
+ 2004-08-10 11:00:00 765,952 ----a-w c:\windows\LastGood.Tmp\system32\wmsdmod.dll
+ 2004-08-10 11:00:00 1,116,160 ----a-w c:\windows\LastGood.Tmp\system32\wmsdmoe2.dll
+ 2004-08-10 11:00:00 523,776 ----a-w c:\windows\LastGood.Tmp\system32\wmspdmod.dll
+ 2004-08-10 11:00:00 936,960 ----a-w c:\windows\LastGood.Tmp\system32\wmspdmoe.dll
+ 2004-08-10 11:00:00 1,174,528 ----a-w c:\windows\LastGood.Tmp\system32\wmvadvd.dll
+ 2004-08-10 11:00:00 1,508,864 ----a-w c:\windows\LastGood.Tmp\system32\WMVADVE.DLL
+ 2004-08-10 11:00:00 2,355,200 ----a-w c:\windows\LastGood.Tmp\system32\wmvcore.dll
+ 2004-08-10 11:00:00 861,184 ----a-w c:\windows\LastGood.Tmp\system32\wmvdmod.dll
+ 2004-08-10 11:00:00 999,424 ----a-w c:\windows\LastGood.Tmp\system32\wmvdmoe2.dll
+ 2004-08-10 11:00:00 38,912 ----a-w c:\windows\LastGood.Tmp\system32\wpd_ci.dll
+ 2004-08-10 11:00:00 64,000 ----a-w c:\windows\LastGood.Tmp\system32\wpdconns.dll
+ 2004-08-10 11:00:00 116,224 ----a-w c:\windows\LastGood.Tmp\system32\wpdmtp.dll
+ 2004-08-10 11:00:00 333,824 ----a-w c:\windows\LastGood.Tmp\system32\wpdmtpdr.dll
+ 2004-08-10 11:00:00 69,120 ----a-w c:\windows\LastGood.Tmp\system32\wpdmtpus.dll
+ 2004-08-10 11:00:00 329,728 ----a-w c:\windows\LastGood.Tmp\system32\wpdsp.dll
+ 2004-08-10 11:00:00 10,752 ----a-w c:\windows\LastGood.Tmp\system32\wpdtrace.dll
- 2007-01-02 22:34:04 200,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2004-08-04 04:11:02 200,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2007-01-02 22:34:04 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2004-08-04 04:11:06 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2007-01-02 22:29:28 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2004-07-20 00:54:06 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2007-01-02 22:29:12 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-04 04:12:04 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2007-01-02 22:29:12 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-08-04 04:12:06 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2007-01-02 22:21:20 1,998,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-07-20 00:54:08 1,998,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2007-01-02 22:28:28 2,273,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-20 00:54:12 2,265,088 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2007-01-02 22:28:46 2,281,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-07-20 00:54:14 2,269,184 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2007-01-02 22:40:24 1,200,128 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-07-20 00:54:20 1,200,128 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2006-10-12 14:02:52 42,496 ----a-w c:\windows\msagent\agentdp2.dll
+ 2004-08-10 11:00:00 41,984 ----a-w c:\windows\msagent\agentdp2.dll
- 2007-03-09 13:46:24 57,344 ----a-w c:\windows\msagent\agentdpv.dll
+ 2004-08-10 11:00:00 58,880 ----a-w c:\windows\msagent\agentdpv.dll
- 2006-10-12 11:09:53 256,512 ----a-w c:\windows\msagent\agentsvr.exe
+ 2004-08-10 11:00:00 256,512 ----a-w c:\windows\msagent\agentsvr.exe
- 2008-12-22 06:19:48 282,624 ---ha-w c:\windows\repair\ntuser.dat
+ 2008-12-26 22:44:49 335,872 ---ha-w c:\windows\repair\ntuser.dat
- 2006-08-16 11:58:05 100,352 ----a-w c:\windows\system32\6to4svc.dll
+ 2004-08-10 11:00:00 100,352 ----a-w c:\windows\system32\6to4svc.dll
- 2005-03-02 18:09:29 56,832 ----a-w c:\windows\system32\authz.dll
+ 2004-08-10 11:00:00 56,832 ----a-w c:\windows\system32\authz.dll
- 2007-03-29 12:56:02 8,192 ----a-w c:\windows\system32\bitsprx2.dll
+ 2004-08-10 11:00:00 8,192 ----a-w c:\windows\system32\bitsprx2.dll
- 2007-03-29 12:56:02 7,168 ----a-w c:\windows\system32\bitsprx3.dll
+ 2004-08-10 11:00:00 7,168 ----a-w c:\windows\system32\bitsprx3.dll
- 2008-10-16 10:37:04 1,023,488 ----a-w c:\windows\system32\browseui.dll
+ 2006-03-04 03:33:40 1,022,976 ----a-w c:\windows\system32\browseui.dll
- 2005-07-26 04:39:42 225,792 ----a-w c:\windows\system32\catsrv.dll
+ 2004-08-10 11:00:00 229,888 ----a-w c:\windows\system32\catsrv.dll
- 2005-07-26 04:39:43 625,152 ----a-w c:\windows\system32\catsrvut.dll
+ 2004-08-10 11:00:00 628,224 ----a-w c:\windows\system32\catsrvut.dll
- 2008-10-16 10:37:02 151,040 ----a-w c:\windows\system32\cdfview.dll
+ 2006-03-04 03:33:40 151,040 ----a-w c:\windows\system32\cdfview.dll
- 2008-10-16 20:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
+ 2004-08-10 11:00:00 66,560 ----a-w c:\windows\system32\cdm.dll
- 2005-09-10 01:53:41 2,067,968 ----a-w c:\windows\system32\cdosys.dll
+ 2004-08-10 11:00:00 2,067,968 ----a-w c:\windows\system32\cdosys.dll
- 2006-06-22 05:06:29 69,120 ----a-w c:\windows\system32\ciodm.dll
+ 2004-08-10 11:00:00 69,120 ----a-w c:\windows\system32\ciodm.dll
- 2005-07-26 04:39:43 110,080 ----a-w c:\windows\system32\clbcatex.dll
+ 2004-08-10 11:00:00 110,080 ----a-w c:\windows\system32\clbcatex.dll
- 2005-07-26 04:39:43 498,688 ----a-w c:\windows\system32\clbcatq.dll
+ 2004-08-10 11:00:00 501,248 ----a-w c:\windows\system32\clbcatq.dll
- 2005-07-26 04:39:43 60,416 ----a-w c:\windows\system32\colbact.dll
+ 2004-08-10 11:00:00 62,464 ----a-w c:\windows\system32\colbact.dll
- 2005-07-26 04:39:44 195,072 ----a-w c:\windows\system32\Com\comadmin.dll
+ 2004-08-10 11:00:00 195,584 ----a-w c:\windows\system32\Com\comadmin.dll
- 2006-08-25 15:45:58 617,472 ----a-w c:\windows\system32\comctl32.dll
+ 2004-08-10 11:00:00 611,328 ----a-w c:\windows\system32\comctl32.dll
- 2005-07-26 04:39:44 97,792 ----a-w c:\windows\system32\comrepl.dll
+ 2004-08-10 11:00:00 82,432 ----a-w c:\windows\system32\comrepl.dll
- 2005-07-26 04:39:44 1,267,200 ----a-w c:\windows\system32\comsvcs.dll
+ 2004-08-10 11:00:00 1,251,840 ----a-w c:\windows\system32\comsvcs.dll
- 2005-07-26 04:39:45 540,160 ----a-w c:\windows\system32\comuid.dll
+ 2004-08-10 11:00:00 540,160 ----a-w c:\windows\system32\comuid.dll
- 2008-12-23 09:57:42 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-26 22:55:50 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-23 09:57:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-26 22:55:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-26 22:55:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122620081227\index.dat
- 2008-12-23 09:57:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-26 22:55:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-16 10:37:02 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2006-03-04 03:33:41 1,054,208 ----a-w c:\windows\system32\danim.dll
- 2006-05-19 12:59:41 111,616 ----a-w c:\windows\system32\dhcpcsvc.dll
+ 2004-08-10 11:00:00 111,104 ----a-w c:\windows\system32\dhcpcsvc.dll
- 2006-08-16 11:58:05 100,352 -c--a-w c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-10 11:00:00 100,352 -c--a-w c:\windows\system32\dllcache\6to4svc.dll
- 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys
+ 2004-08-10 11:00:00 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys
- 2006-10-12 14:02:52 42,496 -c--a-w c:\windows\system32\dllcache\agentdp2.dll
+ 2004-08-10 11:00:00 41,984 -c--a-w c:\windows\system32\dllcache\agentdp2.dll
- 2007-03-09 13:46:24 57,344 -c--a-w c:\windows\system32\dllcache\agentdpv.dll
+ 2004-08-10 11:00:00 58,880 -c--a-w c:\windows\system32\dllcache\agentdpv.dll
- 2006-10-12 11:09:53 256,512 -c--a-w c:\windows\system32\dllcache\agentsvr.exe
+ 2004-08-10 11:00:00 256,512 -c--a-w c:\windows\system32\dllcache\agentsvr.exe
- 2005-03-02 18:09:29 56,832 -c--a-w c:\windows\system32\dllcache\authz.dll
+ 2004-08-10 11:00:00 56,832 -c--a-w c:\windows\system32\dllcache\authz.dll
- 2007-03-29 12:56:02 8,192 -c--a-w c:\windows\system32\dllcache\bitsprx2.dll
+ 2004-08-10 11:00:00 8,192 -c--a-w c:\windows\system32\dllcache\bitsprx2.dll
- 2007-03-29 12:56:02 7,168 -c--a-w c:\windows\system32\dllcache\bitsprx3.dll
+ 2004-08-10 11:00:00 7,168 -c--a-w c:\windows\system32\dllcache\bitsprx3.dll
- 2008-10-16 10:37:04 1,023,488 -c--a-w c:\windows\system32\dllcache\browseui.dll
+ 2006-03-04 03:33:40 1,022,976 -c--a-w c:\windows\system32\dllcache\browseui.dll
- 2005-07-26 04:39:42 225,792 -c--a-w c:\windows\system32\dllcache\catsrv.dll
+ 2004-08-10 11:00:00 229,888 -c--a-w c:\windows\system32\dllcache\catsrv.dll
- 2005-07-26 04:39:43 625,152 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
+ 2004-08-10 11:00:00 628,224 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
- 2008-10-16 10:37:02 151,040 -c--a-w c:\windows\system32\dllcache\cdfview.dll
+ 2006-03-04 03:33:40 151,040 -c--a-w c:\windows\system32\dllcache\cdfview.dll
- 2005-09-10 01:53:41 2,067,968 -c--a-w c:\windows\system32\dllcache\cdosys.dll
+ 2004-08-10 11:00:00 2,067,968 -c--a-w c:\windows\system32\dllcache\cdosys.dll
- 2006-06-22 05:06:29 69,120 -c--a-w c:\windows\system32\dllcache\ciodm.dll
+ 2004-08-10 11:00:00 69,120 -c--a-w c:\windows\system32\dllcache\ciodm.dll
- 2005-07-26 04:39:43 110,080 -c--a-w c:\windows\system32\dllcache\clbcatex.dll
+ 2004-08-10 11:00:00 110,080 -c--a-w c:\windows\system32\dllcache\clbcatex.dll
- 2005-07-26 04:39:43 498,688 -c--a-w c:\windows\system32\dllcache\clbcatq.dll
+ 2004-08-10 11:00:00 501,248 -c--a-w c:\windows\system32\dllcache\clbcatq.dll
- 2005-07-26 04:39:43 60,416 -c--a-w c:\windows\system32\dllcache\colbact.dll
+ 2004-08-10 11:00:00 62,464 -c--a-w c:\windows\system32\dllcache\colbact.dll
- 2005-07-26 04:39:44 195,072 -c--a-w c:\windows\system32\dllcache\comadmin.dll
+ 2004-08-10 11:00:00 195,584 -c--a-w c:\windows\system32\dllcache\comadmin.dll
- 2006-08-25 15:45:58 617,472 -c--a-w c:\windows\system32\dllcache\comctl32.dll
+ 2004-08-10 11:00:00 611,328 -c--a-w c:\windows\system32\dllcache\comctl32.dll
- 2005-07-26 04:39:44 97,792 -c--a-w c:\windows\system32\dllcache\comrepl.dll
+ 2004-08-10 11:00:00 82,432 -c--a-w c:\windows\system32\dllcache\comrepl.dll
- 2005-07-26 04:39:44 1,267,200 -c--a-w c:\windows\system32\dllcache\comsvcs.dll
+ 2004-08-10 11:00:00 1,251,840 -c--a-w c:\windows\system32\dllcache\comsvcs.dll
- 2005-07-26 04:39:45 540,160 -c--a-w c:\windows\system32\dllcache\comuid.dll
+ 2004-08-10 11:00:00 540,160 -c--a-w c:\windows\system32\dllcache\comuid.dll
- 2008-10-16 10:37:02 1,054,208 -c--a-w c:\windows\system32\dllcache\danim.dll
+ 2006-03-04 03:33:41 1,054,208 -c--a-w c:\windows\system32\dllcache\danim.dll
- 2008-03-25 04:50:25 554,008 -c--a-w c:\windows\system32\dllcache\dao360.dll
+ 2004-08-10 11:00:00 561,179 -c--a-w c:\windows\system32\dllcache\dao360.dll
- 2006-05-19 12:59:41 111,616 -c--a-w c:\windows\system32\dllcache\dhcpcsvc.dll
+ 2004-08-10 11:00:00 111,104 -c--a-w c:\windows\system32\dllcache\dhcpcsvc.dll
- 2007-05-16 15:12:00 86,528 -c--a-w c:\windows\system32\dllcache\directdb.dll
+ 2004-08-10 11:00:00 81,408 -c--a-w c:\windows\system32\dllcache\directdb.dll
- 2008-06-20 17:41:10 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-10 11:00:00 148,480 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
- 2008-02-20 05:32:43 45,568 -c--a-w c:\windows\system32\dllcache\dnsrslvr.dll
+ 2004-08-10 11:00:00 45,568 -c--a-w c:\windows\system32\dllcache\dnsrslvr.dll
- 2006-08-22 10:05:26 498,742 -c--a-w c:\windows\system32\dllcache\dxmasf.dll
+ 2004-08-10 11:00:00 498,205 -c--a-w c:\windows\system32\dllcache\dxmasf.dll
- 2008-10-16 10:37:02 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 11:00:00 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 10:37:02 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2006-03-04 03:33:41 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-07-07 20:32:22 253,952 -c--a-w c:\windows\system32\dllcache\es.dll
+ 2004-08-10 11:00:00 243,200 -c--a-w c:\windows\system32\dllcache\es.dll
- 2005-10-20 22:20:03 1,082,368 -c--a-w c:\windows\system32\dllcache\esent.dll
+ 2004-08-10 11:00:00 1,082,368 -c--a-w c:\windows\system32\dllcache\esent.dll
- 2007-06-13 10:23:07 1,033,216 -c--a-w c:\windows\system32\dllcache\explorer.exe
+ 2004-08-10 11:00:00 1,032,192 -c--a-w c:\windows\system32\dllcache\explorer.exe
- 2008-10-16 10:37:02 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2006-03-04 03:33:41 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2006-08-21 12:26:44 16,896 -c--a-w c:\windows\system32\dllcache\fltlib.dll
+ 2004-08-10 11:00:00 16,896 -c--a-w c:\windows\system32\dllcache\fltlib.dll
- 2006-08-21 09:43:32 23,040 -c--a-w c:\windows\system32\dllcache\fltmc.exe
+ 2004-08-10 11:00:00 22,528 -c--a-w c:\windows\system32\dllcache\fltmc.exe
- 2006-08-21 09:43:32 128,768 -c--a-w c:\windows\system32\dllcache\fltmgr.sys
+ 2004-08-10 11:00:00 124,800 -c--a-w c:\windows\system32\dllcache\fltmgr.sys
- 2005-10-17 21:14:45 80,896 -c--a-w c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-10 11:00:00 79,360 -c--a-w c:\windows\system32\dllcache\fontsub.dll
- 2008-10-23 13:01:36 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2004-08-10 11:00:00 278,016 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2005-05-26 23:22:01 10,752 -c--a-w c:\windows\system32\dllcache\hh.exe
+ 2004-08-10 11:00:00 10,752 -c--a-w c:\windows\system32\dllcache\hh.exe
- 2005-05-27 02:04:27 41,472 -c--a-w c:\windows\system32\dllcache\hhsetup.dll
+ 2004-08-10 11:00:00 38,912 -c--a-w c:\windows\system32\dllcache\hhsetup.dll
- 2006-07-21 08:24:43 72,704 -c--a-w c:\windows\system32\dllcache\hlink.dll
+ 2004-08-10 11:00:00 77,850 -c--a-w c:\windows\system32\dllcache\hlink.dll
- 2005-06-29 01:46:00 254,976 -c--a-w c:\windows\system32\dllcache\icm32.dll
+ 2004-08-10 11:00:00 253,952 -c--a-w c:\windows\system32\dllcache\icm32.dll
- 2008-10-15 09:45:01 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2006-03-04 00:39:06 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2008-10-16 10:37:02 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2006-03-04 03:33:41 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-04-11 18:50:43 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-10 11:00:00 678,400 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
- 2008-10-16 10:37:02 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2006-03-04 03:33:41 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2006-05-19 12:59:41 94,720 -c--a-w c:\windows\system32\dllcache\iphlpapi.dll
+ 2004-08-10 11:00:00 94,720 -c--a-w c:\windows\system32\dllcache\iphlpapi.dll
- 2004-09-29 22:28:37 134,912 -c--a-w c:\windows\system32\dllcache\ipnat.sys
+ 2004-08-10 11:00:00 134,912 -c--a-w c:\windows\system32\dllcache\ipnat.sys
- 2005-05-27 02:04:27 155,136 -c--a-w c:\windows\system32\dllcache\itircl.dll
+ 2004-08-10 11:00:00 143,872 -c--a-w c:\windows\system32\dllcache\itircl.dll
- 2005-05-27 02:04:27 137,216 -c--a-w c:\windows\system32\dllcache\itss.dll
+ 2004-08-10 11:00:00 134,144 -c--a-w c:\windows\system32\dllcache\itss.dll
- 2007-12-18 14:40:58 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2004-08-10 11:00:00 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-10-16 10:37:03 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 11:00:00 15,872 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2005-06-15 17:49:30 295,936 -c--a-w c:\windows\system32\dllcache\kerberos.dll
+ 2004-08-10 11:00:00 294,400 -c--a-w c:\windows\system32\dllcache\kerberos.dll
- 2007-04-16 15:52:53 984,576 -c--a-w c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-10 11:00:00 983,552 -c--a-w c:\windows\system32\dllcache\kernel32.dll
- 2005-09-01 01:41:53 19,968 -c--a-w c:\windows\system32\dllcache\linkinfo.dll
+ 2004-08-10 11:00:00 18,944 -c--a-w c:\windows\system32\dllcache\linkinfo.dll
- 2008-06-11 08:47:52 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2005-08-03 23:29:52 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2007-11-07 09:26:56 721,920 -c--a-w c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-10 11:00:00 721,920 -c--a-w c:\windows\system32\dllcache\lsasrv.dll
- 2007-03-08 15:36:28 40,960 -c--a-w c:\windows\system32\dllcache\mf3216.dll
+ 2004-08-10 11:00:00 39,936 -c--a-w c:\windows\system32\dllcache\mf3216.dll
- 2006-11-01 19:17:45 927,504 -c--a-w c:\windows\system32\dllcache\mfc40u.dll
+ 2004-08-10 11:00:00 924,432 -c--a-w c:\windows\system32\dllcache\mfc40u.dll
- 2006-10-14 08:13:25 981,760 -c--a-w c:\windows\system32\dllcache\mfc42u.dll
+ 2004-08-10 11:00:00 1,024,000 -c--a-w c:\windows\system32\dllcache\mfc42u.dll
- 2005-07-25 23:46:57 7,680 -c--a-w c:\windows\system32\dllcache\migregdb.exe
+ 2004-08-10 11:00:00 7,680 -c--a-w c:\windows\system32\dllcache\migregdb.exe
- 2007-07-06 10:05:47 72,960 -c--a-w c:\windows\system32\dllcache\mqac.sys
+ 2004-08-10 11:00:00 72,960 -c--a-w c:\windows\system32\dllcache\mqac.sys
- 2007-07-06 12:46:59 138,240 -c--a-w c:\windows\system32\dllcache\mqad.dll
+ 2004-08-10 11:00:00 138,240 -c--a-w c:\windows\system32\dllcache\mqad.dll
- 2007-07-06 12:46:59 47,104 -c--a-w c:\windows\system32\dllcache\mqdscli.dll
+ 2004-08-10 11:00:00 47,104 -c--a-w c:\windows\system32\dllcache\mqdscli.dll
- 2007-07-06 12:46:59 16,896 -c--a-w c:\windows\system32\dllcache\mqise.dll
+ 2004-08-10 11:00:00 16,896 -c--a-w c:\windows\system32\dllcache\mqise.dll
- 2007-07-06 12:46:59 660,992 -c--a-w c:\windows\system32\dllcache\mqqm.dll
+ 2004-08-10 11:00:00 660,992 -c--a-w c:\windows\system32\dllcache\mqqm.dll
- 2007-07-06 12:46:59 177,152 -c--a-w c:\windows\system32\dllcache\mqrt.dll
+ 2004-08-10 11:00:00 177,152 -c--a-w c:\windows\system32\dllcache\mqrt.dll
- 2007-07-06 12:46:59 95,744 -c--a-w c:\windows\system32\dllcache\mqsec.dll
+ 2004-08-10 11:00:00 95,744 -c--a-w c:\windows\system32\dllcache\mqsec.dll
- 2007-07-06 12:46:59 48,640 -c--a-w c:\windows\system32\dllcache\mqupgrd.dll
+ 2004-08-10 11:00:00 48,640 -c--a-w c:\windows\system32\dllcache\mqupgrd.dll
- 2007-07-06 12:46:59 471,552 -c--a-w c:\windows\system32\dllcache\mqutil.dll
+ 2004-08-10 11:00:00 471,552 -c--a-w c:\windows\system32\dllcache\mqutil.dll
- 2007-12-18 09:51:35 179,584 -c--a-w c:\windows\system32\dllcache\mrxdav.sys
+ 2004-08-10 11:00:00 181,248 -c--a-w c:\windows\system32\dllcache\mrxdav.sys
- 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2004-08-10 11:00:00 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
- 2006-03-23 05:44:21 143,360 -c--a-w c:\windows\system32\dllcache\msadco.dll
+ 2004-08-10 11:00:00 143,360 -c--a-w c:\windows\system32\dllcache\msadco.dll
- 2006-12-26 13:07:23 536,576 -c--a-w c:\windows\system32\dllcache\msado15.dll
+ 2004-08-10 11:00:00 536,576 -c--a-w c:\windows\system32\dllcache\msado15.dll
- 2006-12-26 13:07:23 180,224 -c--a-w c:\windows\system32\dllcache\msadomd.dll
+ 2004-08-10 11:00:00 180,224 -c--a-w c:\windows\system32\dllcache\msadomd.dll
- 2006-12-26 13:07:23 200,704 -c--a-w c:\windows\system32\dllcache\msadox.dll
+ 2004-08-10 11:00:00 200,704 -c--a-w c:\windows\system32\dllcache\msadox.dll
- 2008-06-24 16:23:05 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll
+ 2004-08-10 11:00:00 73,728 -c--a-w c:\windows\system32\dllcache\mscms.dll
- 2006-03-01 19:42:42 426,496 -c--a-w c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-10 11:00:00 425,472 -c--a-w c:\windows\system32\dllcache\msdtcprx.dll
- 2006-03-01 19:42:42 956,416 -c--a-w c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-10 11:00:00 949,248 -c--a-w c:\windows\system32\dllcache\msdtctm.dll
- 2006-03-01 19:42:42 161,280 -c--a-w c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-10 11:00:00 161,280 -c--a-w c:\windows\system32\dllcache\msdtcuiu.dll
- 2008-03-25 04:50:28 518,944 -c--a-w c:\windows\system32\dllcache\msexch40.dll
+ 2004-08-10 11:00:00 512,029 -c--a-w c:\windows\system32\dllcache\msexch40.dll
- 2008-03-25 04:50:30 326,432 -c--a-w c:\windows\system32\dllcache\msexcl40.dll
+ 2004-08-10 11:00:00 319,517 -c--a-w c:\windows\system32\dllcache\msexcl40.dll
- 2006-11-27 14:54:06 539,136 -c--a-w c:\windows\system32\dllcache\msftedit.dll
+ 2004-08-10 11:00:00 537,088 -c--a-w c:\windows\system32\dllcache\msftedit.dll
- 2008-12-12 17:33:23 3,060,224 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2006-03-23 17:32:42 3,053,568 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 10:37:03 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2006-03-04 03:33:43 448,512 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2007-04-18 16:12:23 2,854,400 -c--a-w c:\windows\system32\dllcache\msi.dll
+ 2004-08-10 11:00:00 2,804,224 -c--a-w c:\windows\system32\dllcache\msi.dll
- 2005-05-04 20:45:36 78,848 -c--a-w c:\windows\system32\dllcache\msiexec.exe
+ 2004-08-10 11:00:00 77,312 -c--a-w c:\windows\system32\dllcache\msiexec.exe
- 2005-05-04 20:45:36 271,360 -c--a-w c:\windows\system32\dllcache\msihnd.dll
+ 2004-08-10 11:00:00 331,264 -c--a-w c:\windows\system32\dllcache\msihnd.dll
- 2005-05-04 20:45:36 884,736 -c--a-w c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-10 11:00:00 884,736 -c--a-w c:\windows\system32\dllcache\msimsg.dll
- 2005-05-04 20:45:36 15,360 -c--a-w c:\windows\system32\dllcache\msisip.dll
+ 2004-08-10 11:00:00 44,032 -c--a-w c:\windows\system32\dllcache\msisip.dll
- 2008-03-25 04:50:34 1,516,568 -c--a-w c:\windows\system32\dllcache\msjet40.dll
+ 2004-08-10 11:00:00 1,507,356 -c--a-w c:\windows\system32\dllcache\msjet40.dll
- 2008-03-25 04:50:40 355,112 -c--a-w c:\windows\system32\dllcache\msjetol1.dll
+ 2004-08-10 11:00:00 358,976 -c--a-w c:\windows\system32\dllcache\msjetol1.dll
- 2008-03-27 08:12:54 151,583 -c--a-w c:\windows\system32\dllcache\msjint40.dll
+ 2004-08-10 11:00:00 151,583 -c--a-w c:\windows\system32\dllcache\msjint40.dll
- 2006-12-26 13:07:23 102,400 -c--a-w c:\windows\system32\dllcache\msjro.dll
+ 2004-08-10 11:00:00 102,400 -c--a-w c:\windows\system32\dllcache\msjro.dll
- 2008-03-25 04:50:42 60,192 -c--a-w c:\windows\system32\dllcache\msjter40.dll
+ 2004-08-10 11:00:00 53,279 -c--a-w c:\windows\system32\dllcache\msjter40.dll
- 2008-03-25 04:50:42 248,608 -c--a-w c:\windows\system32\dllcache\msjtes40.dll
+ 2004-08-10 11:00:00 241,693 -c--a-w c:\windows\system32\dllcache\msjtes40.dll
- 2008-03-25 04:50:44 219,936 -c--a-w c:\windows\system32\dllcache\msltus40.dll
+ 2004-08-10 11:00:00 213,023 -c--a-w c:\windows\system32\dllcache\msltus40.dll
- 2007-05-16 15:12:08 1,314,816 -c--a-w c:\windows\system32\dllcache\msoe.dll
+ 2004-08-10 11:00:00 1,311,232 -c--a-w c:\windows\system32\dllcache\msoe.dll
- 2008-03-25 04:50:45 355,104 -c--a-w c:\windows\system32\dllcache\mspbde40.dll
+ 2004-08-10 11:00:00 348,189 -c--a-w c:\windows\system32\dllcache\mspbde40.dll
- 2008-10-16 10:37:02 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2006-03-04 03:33:43 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-03-25 04:50:47 432,928 -c--a-w c:\windows\system32\dllcache\msrd2x40.dll
+ 2004-08-10 11:00:00 421,919 -c--a-w c:\windows\system32\dllcache\msrd2x40.dll
- 2008-03-25 04:50:49 322,336 -c--a-w c:\windows\system32\dllcache\msrd3x40.dll
+ 2004-08-10 11:00:00 315,423 -c--a-w c:\windows\system32\dllcache\msrd3x40.dll
- 2008-03-25 04:50:52 559,904 -c--a-w c:\windows\system32\dllcache\msrepl40.dll
+ 2004-08-10 11:00:00 552,989 -c--a-w c:\windows\system32\dllcache\msrepl40.dll
- 2008-03-25 04:50:55 264,992 -c--a-w c:\windows\system32\dllcache\mstext40.dll
+ 2004-08-10 11:00:00 258,077 -c--a-w c:\windows\system32\dllcache\mstext40.dll
- 2008-10-16 10:37:02 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2006-03-04 03:33:43 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-03-25 04:50:57 838,432 -c--a-w c:\windows\system32\dllcache\mswdat10.dll
+ 2004-08-10 11:00:00 831,519 -c--a-w c:\windows\system32\dllcache\mswdat10.dll
- 2008-06-20 17:41:10 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-10 11:00:00 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll
- 2008-03-25 04:50:58 621,344 -c--a-w c:\windows\system32\dllcache\mswstr10.dll
+ 2004-08-10 11:00:00 614,429 -c--a-w c:\windows\system32\dllcache\mswstr10.dll
- 2008-03-25 04:50:58 355,104 -c--a-w c:\windows\system32\dllcache\msxbde40.dll
+ 2004-08-10 11:00:00 348,189 -c--a-w c:\windows\system32\dllcache\msxbde40.dll
- 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-10 11:00:00 1,236,480 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2006-03-01 19:42:42 66,560 -c--a-w c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-10 11:00:00 66,560 -c--a-w c:\windows\system32\dllcache\mtxclu.dll
- 2006-03-01 19:42:42 91,136 -c--a-w c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-10 11:00:00 90,112 -c--a-w c:\windows\system32\dllcache\mtxoci.dll
- 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2004-08-10 11:00:00 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2005-08-22 18:29:46 197,632 -c--a-w c:\windows\system32\dllcache\netman.dll
+ 2004-08-10 11:00:00 198,144 -c--a-w c:\windows\system32\dllcache\netman.dll
- 2007-02-09 11:10:35 574,464 -c--a-w c:\windows\system32\dllcache\ntfs.sys
+ 2004-08-10 11:00:00 574,592 -c--a-w c:\windows\system32\dllcache\ntfs.sys
- 2006-10-13 12:35:12 64,000 -c--a-w c:\windows\system32\dllcache\nwapi32.dll
+ 2004-08-10 11:00:00 58,880 -c--a-w c:\windows\system32\dllcache\nwapi32.dll
- 2006-10-13 12:35:12 142,336 -c--a-w c:\windows\system32\dllcache\nwprovau.dll
+ 2004-08-10 11:00:00 144,384 -c--a-w c:\windows\system32\dllcache\nwprovau.dll
- 2006-10-13 10:23:15 163,584 -c--a-w c:\windows\system32\dllcache\nwrdr.sys
+ 2004-08-10 11:00:00 163,584 -c--a-w c:\windows\system32\dllcache\nwrdr.sys
- 2006-10-13 12:35:12 65,536 -c--a-w c:\windows\system32\dllcache\nwwks.dll
+ 2004-08-10 11:00:00 64,000 -c--a-w c:\windows\system32\dllcache\nwwks.dll
- 2005-07-26 04:39:48 1,285,120 -c--a-w c:\windows\system32\dllcache\ole32.dll
+ 2004-08-10 11:00:00 1,281,536 -c--a-w c:\windows\system32\dllcache\ole32.dll
- 2007-12-04 18:38:13 550,912 -c--a-w c:\windows\system32\dllcache\oleaut32.dll
+ 2004-08-10 11:00:00 553,472 -c--a-w c:\windows\system32\dllcache\oleaut32.dll
- 2005-07-26 04:39:48 74,752 -c--a-w c:\windows\system32\dllcache\olecli32.dll
+ 2004-08-10 11:00:00 68,608 -c--a-w c:\windows\system32\dllcache\olecli32.dll
- 2005-07-26 04:39:49 37,888 -c--a-w c:\windows\system32\dllcache\olecnv32.dll
+ 2004-08-10 11:00:00 34,304 -c--a-w c:\windows\system32\dllcache\olecnv32.dll
- 2006-10-16 16:15:00 122,880 -c--a-w c:\windows\system32\dllcache\oledlg.dll
+ 2004-08-10 11:00:00 117,760 -c--a-w c:\windows\system32\dllcache\oledlg.dll
- 2008-10-16 10:37:02 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2006-03-04 03:33:43 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2007-03-29 12:56:02 409,600 -c--a-w c:\windows\system32\dllcache\qmgr.dll
+ 2004-08-10 11:00:00 382,464 -c--a-w c:\windows\system32\dllcache\qmgr.dll
- 2007-03-29 12:56:02 18,944 -c--a-w c:\windows\system32\dllcache\qmgrprxy.dll
+ 2004-08-10 11:00:00 18,944 -c--a-w c:\windows\system32\dllcache\qmgrprxy.dll
- 2008-05-07 05:18:48 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll
+ 2004-08-10 11:00:00 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll
- 2006-06-22 05:06:30 1,435,648 -c--a-w c:\windows\system32\dllcache\query.dll
+ 2004-08-10 11:00:00 1,435,648 -c--a-w c:\windows\system32\dllcache\query.dll
- 2006-06-26 17:37:10 8,192 -c--a-w c:\windows\system32\dllcache\rasadhlp.dll
+ 2004-08-10 11:00:00 8,192 -c--a-w c:\windows\system32\dllcache\rasadhlp.dll
- 2006-06-22 10:47:18 181,248 -c--a-w c:\windows\system32\dllcache\rasmans.dll
+ 2004-08-10 11:00:00 174,080 -c--a-w c:\windows\system32\dllcache\rasmans.dll
- 2006-05-05 09:47:57 174,592 -c--a-w c:\windows\system32\dllcache\rdbss.sys
+ 2004-08-10 11:00:00 176,512 -c--a-w c:\windows\system32\dllcache\rdbss.sys
- 2005-06-10 04:09:46 139,528 -c--a-w c:\windows\system32\dllcache\rdpwd.sys
+ 2004-08-10 11:00:00 139,400 -c--a-w c:\windows\system32\dllcache\rdpwd.sys
- 2006-11-27 14:54:06 433,152 -c--a-w c:\windows\system32\dllcache\riched20.dll
+ 2004-08-10 11:00:00 431,616 -c--a-w c:\windows\system32\dllcache\riched20.dll
- 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2004-08-10 11:00:00 200,064 -c--a-w c:\windows\system32\dllcache\rmcast.sys
- 2007-07-09 13:09:42 584,192 -c--a-w c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-10 11:00:00 581,120 -c--a-w c:\windows\system32\dllcache\rpcrt4.dll
- 2005-07-26 04:39:49 397,824 -c--a-w c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-10 11:00:00 395,776 -c--a-w c:\windows\system32\dllcache\rpcss.dll
- 2007-04-25 14:21:15 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
+ 2004-08-10 11:00:00 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
- 2008-10-16 10:37:03 1,494,528 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
+ 2006-03-30 09:16:03 1,492,480 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
- 2007-10-26 03:36:51 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2004-08-10 11:00:00 8,384,000 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2008-10-16 10:37:03 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2006-03-04 03:33:44 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
- 2006-12-19 21:52:18 134,656 -c--a-w c:\windows\system32\dllcache\shsvcs.dll
+ 2004-08-10 11:00:00 134,656 -c--a-w c:\windows\system32\dllcache\shsvcs.dll
- 2005-06-10 23:53:32 57,856 -c--a-w c:\windows\system32\dllcache\spoolsv.exe
+ 2004-08-10 11:00:00 57,856 -c--a-w c:\windows\system32\dllcache\spoolsv.exe
- 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2004-08-10 11:00:00 336,256 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2004-12-07 19:32:34 96,768 -c--a-w c:\windows\system32\dllcache\srvsvc.dll
+ 2004-08-10 11:00:00 96,768 -c--a-w c:\windows\system32\dllcache\srvsvc.dll
- 2008-10-03 10:15:47 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-10 11:00:00 246,302 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2006-10-19 13:56:32 713,216 -c--a-w c:\windows\system32\dllcache\sxs.dll
+ 2004-08-10 11:00:00 713,216 -c--a-w c:\windows\system32\dllcache\sxs.dll
- 2005-10-17 21:14:46 118,272 -c--a-w c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-10 11:00:00 210,432 -c--a-w c:\windows\system32\dllcache\t2embed.dll
- 2005-07-08 16:27:56 249,344 -c--a-w c:\windows\system32\dllcache\tapisrv.dll
+ 2004-08-10 11:00:00 246,272 -c--a-w c:\windows\system32\dllcache\tapisrv.dll
- 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-10 11:00:00 359,040 -c--a-w c:\windows\system32\dllcache\tcpip.sys
- 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-10 11:00:00 223,616 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
- 2005-05-10 23:45:48 75,776 -c--a-w c:\windows\system32\dllcache\telnet.exe
+ 2004-08-10 11:00:00 75,264 -c--a-w c:\windows\system32\dllcache\telnet.exe
- 2005-07-26 04:39:49 101,376 -c--a-w c:\windows\system32\dllcache\txflog.dll
+ 2004-08-10 11:00:00 101,376 -c--a-w c:\windows\system32\dllcache\txflog.dll
- 2005-08-23 03:35:42 123,392 -c--a-w c:\windows\system32\dllcache\umpnpmgr.dll
+ 2004-08-10 11:00:00 118,272 -c--a-w c:\windows\system32\dllcache\umpnpmgr.dll
- 2007-04-23 10:32:54 364,160 -c--a-w c:\windows\system32\dllcache\update.sys
+ 2004-08-10 11:00:00 209,408 -c--a-w c:\windows\system32\dllcache\update.sys
- 2007-02-05 20:17:02 185,344 -c--a-w c:\windows\system32\dllcache\upnphost.dll
+ 2004-08-10 11:00:00 185,344 -c--a-w c:\windows\system32\dllcache\upnphost.dll
- 2008-10-16 10:37:04 615,936 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2006-03-18 11:09:37 613,376 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2007-03-08 15:36:28 577,536 -c--a-w c:\windows\system32\dllcache\user32.dll
+ 2004-08-10 11:00:00 577,024 -c--a-w c:\windows\system32\dllcache\user32.dll
- 2007-12-18 14:40:58 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-10 11:00:00 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2007-06-26 15:13:22 851,968 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2004-08-10 11:00:00 848,384 -c--a-w c:\windows\system32\dllcache\vgx.dll
- 2007-05-16 15:12:12 510,976 -c--a-w c:\windows\system32\dllcache\wab32.dll
+ 2004-08-10 11:00:00 504,832 -c--a-w c:\windows\system32\dllcache\wab32.dll
- 2007-05-16 15:12:15 85,504 -c--a-w c:\windows\system32\dllcache\wabimp.dll
+ 2004-08-10 11:00:00 84,992 -c--a-w c:\windows\system32\dllcache\wabimp.dll
- 2006-01-04 03:35:05 68,096 -c--a-w c:\windows\system32\dllcache\webclnt.dll
+ 2004-08-10 11:00:00 67,584 -c--a-w c:\windows\system32\dllcache\webclnt.dll
- 2006-12-19 18:16:47 333,824 -c--a-w c:\windows\system32\dllcache\wiaservc.dll
+ 2004-08-10 11:00:00 333,312 -c--a-w c:\windows\system32\dllcache\wiaservc.dll
- 2008-09-15 11:57:41 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2004-08-10 11:00:00 1,835,904 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2008-10-16 10:37:03 659,456 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2006-03-04 03:33:45 658,432 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2007-03-17 13:43:01 292,864 -c--a-w c:\windows\system32\dllcache\winsrv.dll
+ 2004-08-10 11:00:00 290,816 -c--a-w c:\windows\system32\dllcache\winsrv.dll
- 2006-08-17 12:28:27 132,096 -c--a-w c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-10 11:00:00 132,096 -c--a-w c:\windows\system32\dllcache\wkssvc.dll
- 2007-10-27 23:39:46 228,864 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2005-08-03 23:29:52 227,840 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2008-06-11 08:58:16 988,672 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
+ 2005-08-03 23:29:52 988,672 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
- 2007-04-30 14:20:24 5,537,792 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2004-08-10 11:00:00 5,496,832 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2008-06-11 08:58:24 2,330,624 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2005-08-03 23:29:54 2,330,624 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
- 2008-10-16 20:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2004-08-10 11:00:00 36,864 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2006-03-01 19:42:42 11,776 -c--a-w c:\windows\system32\dllcache\xolehlp.dll
+ 2004-08-10 11:00:00 11,776 -c--a-w c:\windows\system32\dllcache\xolehlp.dll
- 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi.dll
+ 2004-08-10 11:00:00 148,480 ----a-w c:\windows\system32\dnsapi.dll
- 2008-02-20 05:32:43 45,568 ----a-w c:\windows\system32\dnsrslvr.dll
+ 2004-08-10 11:00:00 45,568 ----a-w c:\windows\system32\dnsrslvr.dll
- 2006-02-15 00:22:26 142,464 ----a-w c:\windows\system32\drivers\aec.sys
+ 2004-08-10 11:00:00 142,464 ----a-w c:\windows\system32\drivers\aec.sys
- 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2004-08-10 11:00:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys
- 2008-06-13 13:10:50 272,128 ----a-w c:\windows\system32\drivers\bthport.sys
+ 2004-08-10 11:00:00 274,304 ----a-w c:\windows\system32\drivers\bthport.sys
- 2006-08-21 09:43:32 128,768 ----a-w c:\windows\system32\drivers\fltmgr.sys
+ 2004-08-10 11:00:00 124,800 ----a-w c:\windows\system32\drivers\fltMgr.sys
- 2006-03-17 00:33:10 262,784 ----a-w c:\windows\system32\drivers\http.sys
+ 2004-08-10 11:00:00 263,040 ----a-w c:\windows\system32\drivers\http.sys
- 2004-09-29 22:28:37 134,912 ----a-w c:\windows\system32\drivers\ipnat.sys
+ 2004-08-10 11:00:00 134,912 ----a-w c:\windows\system32\drivers\ipnat.sys
- 2006-06-14 08:47:45 172,416 ----a-w c:\windows\system32\drivers\kmixer.sys
+ 2004-08-10 11:00:00 171,776 ----a-w c:\windows\system32\drivers\kmixer.sys
- 2007-07-06 10:05:47 72,960 ----a-w c:\windows\system32\drivers\mqac.sys
+ 2004-08-10 11:00:00 72,960 ----a-w c:\windows\system32\drivers\mqac.sys
- 2007-12-18 09:51:35 179,584 ----a-w c:\windows\system32\drivers\mrxdav.sys
+ 2004-08-10 11:00:00 181,248 ----a-w c:\windows\system32\drivers\mrxdav.sys
- 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-10 11:00:00 451,456 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2007-02-09 11:10:35 574,464 ----a-w c:\windows\system32\drivers\ntfs.sys
+ 2004-08-10 11:00:00 574,592 ----a-w c:\windows\system32\drivers\ntfs.sys
- 2006-10-13 10:23:15 163,584 ----a-w c:\windows\system32\drivers\nwrdr.sys
+ 2004-08-10 11:00:00 163,584 ----a-w c:\windows\system32\drivers\nwrdr.sys
- 2008-02-13 09:00:00 43,528 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2004-08-10 09:39:56 19,840 ----a-w c:\windows\system32\drivers\pxhelp20.sys
- 2006-05-05 09:47:57 174,592 ----a-w c:\windows\system32\drivers\rdbss.sys
+ 2004-08-10 11:00:00 176,512 ----a-w c:\windows\system32\drivers\rdbss.sys
- 2005-06-10 04:09:46 139,528 ----a-w c:\windows\system32\drivers\rdpwd.sys
+ 2004-08-10 11:00:00 139,400 ----a-w c:\windows\system32\drivers\rdpwd.sys
- 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
+ 2004-08-10 11:00:00 200,064 ----a-w c:\windows\system32\drivers\RMCast.sys
- 2007-11-13 10:25:53 20,480 ----a-w c:\windows\system32\drivers\secdrv.sys
+ 2004-08-10 11:00:00 27,440 ----a-w c:\windows\system32\drivers\secdrv.sys
- 2006-06-14 08:47:46 6,400 ----a-w c:\windows\system32\drivers\splitter.sys
+ 2004-08-04 05:07:48 6,400 ----a-w c:\windows\system32\drivers\splitter.sys
- 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
+ 2004-08-10 11:00:00 336,256 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2004-08-10 11:00:00 359,040 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-10 11:00:00 223,616 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2007-04-23 10:32:54 364,160 ----a-w c:\windows\system32\drivers\update.sys
+ 2004-08-10 11:00:00 209,408 ----a-w c:\windows\system32\drivers\update.sys
- 2006-06-14 09:00:45 82,944 ----a-w c:\windows\system32\drivers\wdmaud.sys
+ 2004-08-10 11:00:00 82,944 ----a-w c:\windows\system32\drivers\wdmaud.sys
- 2006-08-22 10:05:26 498,742 ----a-w c:\windows\system32\dxmasf.dll
+ 2004-08-10 11:00:00 498,205 ----a-w c:\windows\system32\dxmasf.dll
- 2008-10-16 10:37:02 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2004-08-10 11:00:00 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 10:37:02 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2006-03-04 03:33:41 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2008-12-22 06:06:50 34,284 ----a-w c:\windows\system32\emptyregdb.dat
+ 2008-12-26 22:33:45 34,344 ----a-w c:\windows\system32\emptyregdb.dat
- 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
+ 2004-08-10 11:00:00 243,200 ----a-w c:\windows\system32\es.dll
- 2005-10-20 22:20:03 1,082,368 ----a-w c:\windows\system32\esent.dll
+ 2004-08-10 11:00:00 1,082,368 ----a-w c:\windows\system32\esent.dll
- 2008-10-16 10:37:02 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2006-03-04 03:33:41 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2006-08-21 12:26:44 16,896 ----a-w c:\windows\system32\fltlib.dll
+ 2004-08-10 11:00:00 16,896 ----a-w c:\windows\system32\fltlib.dll
- 2006-08-21 09:43:32 23,040 ----a-w c:\windows\system32\fltmc.exe
+ 2004-08-10 11:00:00 22,528 ----a-w c:\windows\system32\fltMc.exe
- 2008-12-24 09:39:51 235,168 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-26 22:55:02 235,168 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2005-10-17 21:14:45 80,896 ----a-w c:\windows\system32\fontsub.dll
+ 2004-08-10 11:00:00 79,360 ----a-w c:\windows\system32\fontsub.dll
- 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll
+ 2004-08-10 11:00:00 278,016 ----a-w c:\windows\system32\gdi32.dll
- 2005-05-27 02:04:27 41,472 ----a-w c:\windows\system32\hhsetup.dll
+ 2004-08-10 11:00:00 38,912 ----a-w c:\windows\system32\hhsetup.dll
- 2006-07-21 08:24:43 72,704 ----a-w c:\windows\system32\hlink.dll
+ 2004-08-10 11:00:00 77,850 ----a-w c:\windows\system32\hlink.dll
- 2004-11-17 17:41:24 347,136 ----a-w c:\windows\system32\hypertrm.dll
+ 2004-08-10 11:00:00 345,088 ----a-w c:\windows\system32\hypertrm.dll
- 2005-06-29 01:46:00 254,976 ----a-w c:\windows\system32\icm32.dll
+ 2004-08-10 11:00:00 253,952 ----a-w c:\windows\system32\icm32.dll
- 2008-10-16 10:37:02 251,392 ----a-w c:\windows\system32\iepeers.dll
+ 2006-03-04 03:33:41 251,392 ----a-w c:\windows\system32\iepeers.dll
- 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2004-08-10 11:00:00 678,400 ----a-w c:\windows\system32\inetcomm.dll
- 2008-10-16 10:37:02 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2006-03-04 03:33:41 96,256 ----a-w c:\windows\system32\inseng.dll
- 2006-05-19 12:59:41 94,720 ----a-w c:\windows\system32\iphlpapi.dll
+ 2004-08-10 11:00:00 94,720 ----a-w c:\windows\system32\iphlpapi.dll
- 2005-05-27 02:04:27 155,136 ----a-w c:\windows\system32\itircl.dll
+ 2004-08-10 11:00:00 143,872 ----a-w c:\windows\system32\itircl.dll
- 2005-05-27 02:04:27 137,216 ----a-w c:\windows\system32\itss.dll
+ 2004-08-10 11:00:00 134,144 ----a-w c:\windows\system32\itss.dll
- 2006-06-01 18:47:07 163,840 ----a-w c:\windows\system32\jgdw400.dll
+ 2004-08-10 11:00:00 144,896 ----a-w c:\windows\system32\jgdw400.dll
- 2006-06-01 18:47:07 27,648 ----a-w c:\windows\system32\jgpl400.dll
+ 2004-08-10 11:00:00 42,496 ----a-w c:\windows\system32\jgpl400.dll
- 2007-12-18 14:40:58 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2004-08-10 11:00:00 450,560 ----a-w c:\windows\system32\jscript.dll
- 2008-10-16 10:37:03 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2004-08-10 11:00:00 15,872 ----a-w c:\windows\system32\jsproxy.dll
- 2005-06-15 17:49:30 295,936 ----a-w c:\windows\system32\kerberos.dll
+ 2004-08-10 11:00:00 294,400 ----a-w c:\windows\system32\kerberos.dll
- 2007-04-16 15:52:53 984,576 ----a-w c:\windows\system32\kernel32.dll
+ 2004-08-10 11:00:00 983,552 ----a-w c:\windows\system32\kernel32.dll
- 2005-09-01 01:41:53 19,968 ----a-w c:\windows\system32\linkinfo.dll
+ 2004-08-10 11:00:00 18,944 ----a-w c:\windows\system32\linkinfo.dll
- 2008-06-11 08:47:52 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2005-08-03 23:29:52 96,768 ----a-w c:\windows\system32\logagent.exe
- 2007-11-07 09:26:56 721,920 ----a-w c:\windows\system32\lsasrv.dll
+ 2004-08-10 11:00:00 721,920 ----a-w c:\windows\system32\lsasrv.dll
- 2007-03-08 15:36:28 40,960 ----a-w c:\windows\system32\mf3216.dll
+ 2004-08-10 11:00:00 39,936 ----a-w c:\windows\system32\mf3216.dll
- 2006-11-01 19:17:45 927,504 ----a-w c:\windows\system32\mfc40u.dll
+ 2004-08-10 11:00:00 924,432 ----a-w c:\windows\system32\mfc40u.dll
- 2006-10-14 08:13:25 981,760 ----a-w c:\windows\system32\mfc42u.dll
+ 2004-08-10 11:00:00 1,024,000 ----a-w c:\windows\system32\mfc42u.dll
- 2007-07-06 12:46:59 138,240 ----a-w c:\windows\system32\mqad.dll
+ 2004-08-10 11:00:00 138,240 ----a-w c:\windows\system32\mqad.dll
- 2007-07-06 12:46:59 47,104 ----a-w c:\windows\system32\mqdscli.dll
+ 2004-08-10 11:00:00 47,104 ----a-w c:\windows\system32\mqdscli.dll
- 2007-07-06 12:46:59 16,896 ----a-w c:\windows\system32\mqise.dll
+ 2004-08-10 11:00:00 16,896 ----a-w c:\windows\system32\mqise.dll
- 2007-07-06 12:46:59 660,992 ----a-w c:\windows\system32\mqqm.dll
+ 2004-08-10 11:00:00 660,992 ----a-w c:\windows\system32\mqqm.dll
- 2007-07-06 12:46:59 177,152 ----a-w c:\windows\system32\mqrt.dll
+ 2004-08-10 11:00:00 177,152 ----a-w c:\windows\system32\mqrt.dll
- 2007-07-06 12:46:59 95,744 ----a-w c:\windows\system32\mqsec.dll
+ 2004-08-10 11:00:00 95,744 ----a-w c:\windows\system32\mqsec.dll
- 2007-07-06 12:46:59 48,640 ----a-w c:\windows\system32\mqupgrd.dll
+ 2004-08-10 11:00:00 48,640 ----a-w c:\windows\system32\mqupgrd.dll
- 2007-07-06 12:46:59 471,552 ----a-w c:\windows\system32\mqutil.dll
+ 2004-08-10 11:00:00 471,552 ----a-w c:\windows\system32\mqutil.dll
- 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll
+ 2004-08-10 11:00:00 73,728 ----a-w c:\windows\system32\mscms.dll
- 2005-09-23 13:28:52 270,848 ----a-w c:\windows\system32\mscoree.dll
+ 2004-07-20 00:54:08 131,072 ----a-w c:\windows\system32\mscoree.dll
- 2006-03-01 19:42:42 426,496 ----a-w c:\windows\system32\msdtcprx.dll
+ 2004-08-10 11:00:00 425,472 ----a-w c:\windows\system32\msdtcprx.dll
- 2006-03-01 19:42:42 956,416 ----a-w c:\windows\system32\msdtctm.dll
+ 2004-08-10 11:00:00 949,248 ----a-w c:\windows\system32\msdtctm.dll
- 2006-03-01 19:42:42 161,280 ----a-w c:\windows\system32\msdtcuiu.dll
+ 2004-08-10 11:00:00 161,280 ----a-w c:\windows\system32\msdtcuiu.dll
- 2008-03-25 04:50:28 518,944 ----a-w c:\windows\system32\msexch40.dll
+ 2004-08-10 11:00:00 512,029 ----a-w c:\windows\system32\msexch40.dll
- 2008-03-25 04:50:30 326,432 ----a-w c:\windows\system32\msexcl40.dll
+ 2004-08-10 11:00:00 319,517 ----a-w c:\windows\system32\msexcl40.dll
- 2006-11-27 14:54:06 539,136 ----a-w c:\windows\system32\msftedit.dll
+ 2004-08-10 11:00:00 537,088 ----a-w c:\windows\system32\msftedit.dll
- 2008-12-12 17:33:23 3,060,224 ----a-w c:\windows\system32\mshtml.dll
+ 2006-03-23 17:32:42 3,053,568 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 10:37:03 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2006-03-04 03:33:43 448,512 ----a-w c:\windows\system32\mshtmled.dll
- 2007-04-18 16:12:23 2,854,400 ----a-w c:\windows\system32\msi.dll
+ 2004-08-10 11:00:00 2,804,224 ----a-w c:\windows\system32\msi.dll
- 2005-05-04 20:45:36 78,848 ----a-w c:\windows\system32\msiexec.exe
+ 2004-08-10 11:00:00 77,312 ----a-w c:\windows\system32\msiexec.exe
- 2005-05-04 20:45:36 271,360 ----a-w c:\windows\system32\msihnd.dll
+ 2004-08-10 11:00:00 331,264 ----a-w c:\windows\system32\msihnd.dll
- 2005-05-04 20:45:36 884,736 ----a-w c:\windows\system32\msimsg.dll
+ 2004-08-10 11:00:00 884,736 ----a-w c:\windows\system32\msimsg.dll
- 2005-05-04 20:45:36 15,360 ----a-w c:\windows\system32\msisip.dll
+ 2004-08-10 11:00:00 44,032 ----a-w c:\windows\system32\msisip.dll
- 2008-03-25 04:50:34 1,516,568 ----a-w c:\windows\system32\msjet40.dll
+ 2004-08-10 11:00:00 1,507,356 ----a-w c:\windows\system32\msjet40.dll
- 2008-03-25 04:50:40 355,112 ----a-w c:\windows\system32\msjetoledb40.dll
+ 2004-08-10 11:00:00 358,976 ----a-w c:\windows\system32\msjetoledb40.dll
- 2008-03-27 08:12:54 151,583 ----a-w c:\windows\system32\msjint40.dll
+ 2004-08-10 11:00:00 151,583 ----a-w c:\windows\system32\msjint40.dll
- 2008-03-25 04:50:42 60,192 ----a-w c:\windows\system32\msjter40.dll
+ 2004-08-10 11:00:00 53,279 ----a-w c:\windows\system32\msjter40.dll
- 2008-03-25 04:50:42 248,608 ----a-w c:\windows\system32\msjtes40.dll
+ 2004-08-10 11:00:00 241,693 ----a-w c:\windows\system32\msjtes40.dll
- 2008-03-25 04:50:44 219,936 ----a-w c:\windows\system32\msltus40.dll
+ 2004-08-10 11:00:00 213,023 ----a-w c:\windows\system32\msltus40.dll
- 2008-03-25 04:50:45 355,104 ----a-w c:\windows\system32\mspbde40.dll
+ 2004-08-10 11:00:00 348,189 ----a-w c:\windows\system32\mspbde40.dll
- 2008-10-16 10:37:02 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2006-03-04 03:33:43 146,432 ----a-w c:\windows\system32\msrating.dll
- 2008-03-25 04:50:47 432,928 ----a-w c:\windows\system32\msrd2x40.dll
+ 2004-08-10 11:00:00 421,919 ----a-w c:\windows\system32\msrd2x40.dll
- 2008-03-25 04:50:49 322,336 ----a-w c:\windows\system32\msrd3x40.dll
+ 2004-08-10 11:00:00 315,423 ----a-w c:\windows\system32\msrd3x40.dll
- 2008-03-25 04:50:52 559,904 ----a-w c:\windows\system32\msrepl40.dll
+ 2004-08-10 11:00:00 552,989 ----a-w c:\windows\system32\msrepl40.dll
- 2008-03-25 04:50:55 264,992 ----a-w c:\windows\system32\mstext40.dll
+ 2004-08-10 11:00:00 258,077 ----a-w c:\windows\system32\mstext40.dll
- 2008-10-16 10:37:02 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2006-03-04 03:33:43 532,480 ----a-w c:\windows\system32\mstime.dll
- 2008-03-25 04:50:57 838,432 ----a-w c:\windows\system32\mswdat10.dll
+ 2004-08-10 11:00:00 831,519 ----a-w c:\windows\system32\mswdat10.dll
- 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll
+ 2004-08-10 11:00:00 245,248 ----a-w c:\windows\system32\mswsock.dll
- 2008-03-25 04:50:58 621,344 ----a-w c:\windows\system32\mswstr10.dll
+ 2004-08-10 11:00:00 614,429 ----a-w c:\windows\system32\mswstr10.dll
- 2008-03-25 04:50:58 355,104 ----a-w c:\windows\system32\msxbde40.dll
+ 2004-08-10 11:00:00 348,189 ----a-w c:\windows\system32\msxbde40.dll
- 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
+ 2004-08-10 11:00:00 1,236,480 ----a-w c:\windows\system32\msxml3.dll
- 2006-03-01 19:42:42 66,560 ----a-w c:\windows\system32\mtxclu.dll
+ 2004-08-10 11:00:00 66,560 ----a-w c:\windows\system32\mtxclu.dll
- 2006-03-01 19:42:42 91,136 ----a-w c:\windows\system32\mtxoci.dll
+ 2004-08-10 11:00:00 90,112 ----a-w c:\windows\system32\mtxoci.dll
- 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
+ 2004-08-10 11:00:00 332,288 ----a-w c:\windows\system32\netapi32.dll
- 2005-09-23 13:28:56 32,768 ----a-w c:\windows\system32\netfxperf.dll
+ 2002-06-21 23:31:52 16,384 ----a-w c:\windows\system32\netfxperf.dll
- 2005-08-22 18:29:46 197,632 ----a-w c:\windows\system32\netman.dll
+ 2004-08-10 11:00:00 198,144 ----a-w c:\windows\system32\netman.dll
- 2008-08-14 09:18:44 2,062,976 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2005-03-30 01:01:11 2,056,832 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2008-08-14 09:57:20 2,185,984 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2005-03-30 01:23:32 2,179,584 ----a-w c:\windows\system32\ntoskrnl.exe
- 2006-10-13 12:35:12 64,000 ----a-w c:\windows\system32\nwapi32.dll
+ 2004-08-10 11:00:00 58,880 ----a-w c:\windows\system32\nwapi32.dll
- 2006-10-13 12:35:12 142,336 ----a-w c:\windows\system32\nwprovau.dll
+ 2004-08-10 11:00:00 144,384 ----a-w c:\windows\system32\nwprovau.dll
- 2006-10-13 12:35:12 65,536 ----a-w c:\windows\system32\nwwks.dll
+ 2004-08-10 11:00:00 64,000 ----a-w c:\windows\system32\nwwks.dll
- 2005-07-26 04:39:48 1,285,120 ----a-w c:\windows\system32\ole32.dll
+ 2004-08-10 11:00:00 1,281,536 ----a-w c:\windows\system32\ole32.dll
- 2007-12-04 18:38:13 550,912 ----a-w c:\windows\system32\oleaut32.dll
+ 2004-08-10 11:00:00 553,472 ----a-w c:\windows\system32\oleaut32.dll
- 2005-07-26 04:39:48 74,752 ----a-w c:\windows\system32\olecli32.dll
+ 2004-08-10 11:00:00 68,608 ----a-w c:\windows\system32\olecli32.dll
- 2005-07-26 04:39:49 37,888 ----a-w c:\windows\system32\olecnv32.dll
+ 2004-08-10 11:00:00 34,304 ----a-w c:\windows\system32\olecnv32.dll
- 2006-10-16 16:15:00 122,880 ----a-w c:\windows\system32\oledlg.dll
+ 2004-08-10 11:00:00 117,760 ----a-w c:\windows\system32\oledlg.dll
- 2008-12-23 10:03:25 63,590 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-26 23:05:52 63,590 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-23 10:03:25 404,536 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-26 23:05:52 404,536 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-16 10:37:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2006-03-04 03:33:43 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2007-03-29 12:56:02 409,600 ----a-w c:\windows\system32\qmgr.dll
+ 2004-08-10 11:00:00 382,464 ----a-w c:\windows\system32\qmgr.dll
- 2007-03-29 12:56:02 18,944 ----a-w c:\windows\system32\qmgrprxy.dll
+ 2004-08-10 11:00:00 18,944 ----a-w c:\windows\system32\qmgrprxy.dll
- 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll
+ 2004-08-10 11:00:00 1,287,680 ----a-w c:\windows\system32\quartz.dll
- 2006-06-22 05:06:30 1,435,648 ----a-w c:\windows\system32\query.dll
+ 2004-08-10 11:00:00 1,435,648 ----a-w c:\windows\system32\query.dll
- 2006-06-26 17:37:10 8,192 ----a-w c:\windows\system32\rasadhlp.dll
+ 2004-08-10 11:00:00 8,192 ----a-w c:\windows\system32\rasadhlp.dll
- 2006-06-22 10:47:18 181,248 ----a-w c:\windows\system32\rasmans.dll
+ 2004-08-10 11:00:00 174,080 ----a-w c:\windows\system32\rasmans.dll
- 2006-11-27 14:54:06 433,152 ----a-w c:\windows\system32\riched20.dll
+ 2004-08-10 11:00:00 431,616 ----a-w c:\windows\system32\riched20.dll
- 2007-07-09 13:09:42 584,192 ----a-w c:\windows\system32\rpcrt4.dll
+ 2004-08-10 11:00:00 581,120 ----a-w c:\windows\system32\rpcrt4.dll
- 2005-07-26 04:39:49 397,824 ----a-w c:\windows\system32\rpcss.dll
+ 2004-08-10 11:00:00 395,776 ----a-w c:\windows\system32\rpcss.dll
- 2007-04-25 14:21:15 144,896 ----a-w c:\windows\system32\schannel.dll
+ 2004-08-10 11:00:00 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-10-16 10:37:03 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
+ 2006-03-30 09:16:03 1,492,480 ----a-w c:\windows\system32\shdocvw.dll
- 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\system32\shell32.dll
+ 2004-08-10 11:00:00 8,384,000 ----a-w c:\windows\system32\shell32.dll
- 2008-10-16 10:37:03 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2006-03-04 03:33:44 474,112 ----a-w c:\windows\system32\shlwapi.dll
- 2006-12-19 21:52:18 134,656 ----a-w c:\windows\system32\shsvcs.dll
+ 2004-08-10 11:00:00 134,656 ----a-w c:\windows\system32\shsvcs.dll
- 2005-06-10 23:53:32 57,856 ----a-w c:\windows\system32\spoolsv.exe
+ 2004-08-10 11:00:00 57,856 ----a-w c:\windows\system32\spoolsv.exe
- 2004-12-07 19:32:34 96,768 ----a-w c:\windows\system32\srvsvc.dll
+ 2004-08-10 11:00:00 96,768 ----a-w c:\windows\system32\srvsvc.dll
- 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
+ 2004-08-10 11:00:00 246,302 ----a-w c:\windows\system32\strmdll.dll
- 2006-10-19 13:56:32 713,216 ----a-w c:\windows\system32\sxs.dll
+ 2004-08-10 11:00:00 713,216 ----a-w c:\windows\system32\sxs.dll
- 2005-10-17 21:14:46 118,272 ----a-w c:\windows\system32\t2embed.dll
+ 2004-08-10 11:00:00 210,432 ----a-w c:\windows\system32\t2embed.dll
- 2005-07-08 16:27:56 249,344 ----a-w c:\windows\system32\tapisrv.dll
+ 2004-08-10 11:00:00 246,272 ----a-w c:\windows\system32\tapisrv.dll
- 2005-05-10 23:45:48 75,776 ----a-w c:\windows\system32\telnet.exe
+ 2004-08-10 11:00:00 75,264 ----a-w c:\windows\system32\telnet.exe
- 2005-07-26 04:39:49 101,376 ----a-w c:\windows\system32\txflog.dll
+ 2004-08-10 11:00:00 101,376 ----a-w c:\windows\system32\txflog.dll
- 2005-08-23 03:35:42 123,392 ----a-w c:\windows\system32\umpnpmgr.dll
+ 2004-08-10 11:00:00 118,272 ----a-w c:\windows\system32\umpnpmgr.dll
- 2007-02-05 20:17:02 185,344 ----a-w c:\windows\system32\upnphost.dll
+ 2004-08-10 11:00:00 185,344 ----a-w c:\windows\system32\upnphost.dll
- 2008-10-16 10:37:04 615,936 ----a-w c:\windows\system32\urlmon.dll
+ 2006-03-18 11:09:37 613,376 ----a-w c:\windows\system32\urlmon.dll
- 2007-03-08 15:36:28 577,536 ----a-w c:\windows\system32\user32.dll
+ 2004-08-10 11:00:00 577,024 ----a-w c:\windows\system32\user32.dll
- 2007-12-18 14:40:58 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2004-08-10 11:00:00 417,792 ----a-w c:\windows\system32\vbscript.dll
- 2006-01-04 03:35:05 68,096 ----a-w c:\windows\system32\webclnt.dll
+ 2004-08-10 11:00:00 67,584 ----a-w c:\windows\system32\webclnt.dll
- 2006-12-19 18:16:47 333,824 ----a-w c:\windows\system32\wiaservc.dll
+ 2004-08-10 11:00:00 333,312 ----a-w c:\windows\system32\wiaservc.dll
- 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
+ 2004-08-10 11:00:00 1,835,904 ----a-w c:\windows\system32\win32k.sys
- 2008-10-16 10:37:03 659,456 ----a-w c:\windows\system32\wininet.dll
+ 2006-03-04 03:33:45 658,432 ----a-w c:\windows\system32\wininet.dll
- 2007-03-17 13:43:01 292,864 ----a-w c:\windows\system32\winsrv.dll
+ 2004-08-10 11:00:00 290,816 ----a-w c:\windows\system32\winsrv.dll
- 2006-08-17 12:28:27 132,096 ----a-w c:\windows\system32\wkssvc.dll
+ 2004-08-10 11:00:00 132,096 ----a-w c:\windows\system32\wkssvc.dll
- 2007-10-27 23:39:46 228,864 ----a-w c:\windows\system32\wmasf.dll
+ 2005-08-03 23:29:52 227,840 ----a-w c:\windows\system32\wmasf.dll
- 2008-06-11 08:58:16 988,672 ----a-w c:\windows\system32\WMNetmgr.dll
+ 2005-08-03 23:29:52 988,672 ----a-w c:\windows\system32\wmnetmgr.dll
- 2007-04-30 14:20:24 5,537,792 ----a-w c:\windows\system32\wmp.dll
+ 2004-08-10 11:00:00 5,496,832 ----a-w c:\windows\system32\wmp.dll
- 2008-06-11 08:58:24 2,330,624 ----a-w c:\windows\system32\wmvcore.dll
+ 2005-08-03 23:29:54 2,330,624 ----a-w c:\windows\system32\wmvcore.dll
- 2008-10-16 20:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
+ 2004-08-10 11:00:00 430,592 ----a-w c:\windows\system32\wuapi.dll
- 2008-10-16 20:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
+ 2004-08-10 11:00:00 111,104 ----a-w c:\windows\system32\wuauclt.exe
- 2008-10-16 20:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
+ 2004-08-10 11:00:00 1,134,592 ----a-w c:\windows\system32\wuaueng.dll
- 2008-10-16 20:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
+ 2004-08-10 11:00:00 112,640 ----a-w c:\windows\system32\wucltui.dll
- 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\wups.dll
+ 2004-08-10 11:00:00 36,864 ----a-w c:\windows\system32\wups.dll
- 2008-10-16 20:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2004-08-10 11:00:00 120,320 ----a-w c:\windows\system32\wuweb.dll
- 2006-03-01 19:42:42 11,776 ----a-w c:\windows\system32\xolehlp.dll
+ 2004-08-10 11:00:00 11,776 ----a-w c:\windows\system32\xolehlp.dll
+ 2008-12-26 22:56:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_380.dat
+ 2008-12-26 22:56:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_464.dat
+ 2004-08-10 11:00:00 921,088 ----a-w c:\windows\WinSxS\InstallTemp\75509\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-04-18 520192]
"pdfFactory Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-04-18 520192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Eudora\EuShlExt.dll" [2005-08-09 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-05-14 13:23 1191936 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 08:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-02-21 10:17 970752 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-09-22 07:42 206184 c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sprtsvc_dellsupportcenter"=2 (0x2)
"iPod Service"=3 (0x3)
"DSBrokerService"=3 (0x3)
"ASKService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R0 DRVMCDB;DRVMCDB;c:\windows\system32\Drivers\DRVMCDB.SYS [2008-05-01 89264]
R1 APPDRV;APPDRV;c:\windows\system32\DRIVERS\APPDRV.SYS [2008-05-01 16128]
R1 DLACDBHM;DLACDBHM;c:\windows\system32\Drivers\DLACDBHM.SYS [2008-05-01 5660]
R1 DLARTL_N;DLARTL_N;c:\windows\system32\Drivers\DLARTL_N.SYS [2008-05-01 22684]
R1 eeCtrl;Symantec Eraser Control driver;\??\c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-12-21 371248]
R1 SRTSP;SRTSP;c:\windows\system32\Drivers\SRTSP.SYS [2008-01-31 279088]
R1 SRTSPX;SRTSPX;c:\windows\system32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler;"c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe" [2008-02-21 238968]
R2 DLABOIOM;DLABOIOM;c:\windows\system32\DLA\DLABOIOM.SYS [2008-05-01 25628]
R2 DLADResN;DLADResN;c:\windows\system32\DLA\DLADResN.SYS [2008-05-01 2496]
R2 DLAIFS_M;DLAIFS_M;c:\windows\system32\DLA\DLAIFS_M.SYS [2008-05-01 86652]
R2 DLAOPIOM;DLAOPIOM;c:\windows\system32\DLA\DLAOPIOM.SYS [2008-05-01 14684]
R2 DLAPoolM;DLAPoolM;c:\windows\system32\DLA\DLAPoolM.SYS [2008-05-01 6364]
R2 DLAUDF_M;DLAUDF_M;c:\windows\system32\DLA\DLAUDF_M.SYS [2008-05-01 87036]
R2 DLAUDFAM;DLAUDFAM;c:\windows\system32\DLA\DLAUDFAM.SYS [2008-05-01 94332]
R2 DRVNDDM;DRVNDDM;c:\windows\system32\Drivers\DRVNDDM.SYS [2008-05-01 40544]
R2 dsunidrv;DellSupport UniDriver;c:\windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 ehRecvr;Media Center Receiver Service;c:\windows\eHome\ehRecvr.exe [2008-04-30 237568]
R2 ehSched;Media Center Scheduler Service;c:\windows\eHome\ehSched.exe [2008-04-30 102912]
R2 JavaQuickStarterService;Java Quick Starter;"c:\program files\Java\jre6\bin\jqs.exe" -service -config "c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf" [2008-12-15 152984]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service;c:\program files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 rimmptsk;rimmptsk;c:\windows\system32\DRIVERS\rimmptsk.sys [2008-05-01 32256]
R2 rimsptsk;rimsptsk;c:\windows\system32\DRIVERS\rimsptsk.sys [2008-05-01 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver;c:\windows\system32\DRIVERS\rixdptsk.sys [2008-05-01 37376]
R2 RMSvc;Media Center Extender Resource Monitor;c:\windows\ehome\RMSvc.exe [2005-10-20 28160]
R2 s24trans;WLAN Transport;c:\windows\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service;c:\program files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;c:\windows\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-23 99376]
R3 HSF_DPV;HSF_DPV;c:\windows\system32\DRIVERS\HSX_DPV.sys [2008-05-01 936960]
R3 HSXHWAZL;HSXHWAZL;c:\windows\system32\DRIVERS\HSXHWAZL.sys [2008-05-01 192512]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2008-05-24 47360]
R3 sdbus;sdbus;c:\windows\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC;c:\windows\system32\drivers\sthda.sys [2008-05-01 1222840]
R3 SymIMMP;SymIMMP;c:\windows\system32\DRIVERS\SymIM.sys [2008-02-06 31408]
R3 SYMNDIS;SYMNDIS;c:\windows\system32\Drivers\SYMNDIS.SYS [2008-02-05 37424]
R3 SynTP;Synaptics TouchPad Driver;c:\windows\system32\DRIVERS\SynTP.sys [2008-05-01 191872]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP;c:\windows\system32\DRIVERS\w29n51.sys [2008-05-01 2209408]
S0 cercsr6;cercsr6;c:\windows\system32\drivers\cercsr6.sys [2004-12-13 39904]
S1 volsnapp;volsnapp;c:\windows\system32\drivers\volsnapp.sys []
S2 CLTNetCnService;Symantec Lic NetConnect service;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
S2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
S3 comHost;COM Host;"c:\program files\Common Files\Symantec Shared\VAScanner\comHost.exe" [2007-08-22 55640]
S3 DSproct;DSproct;\??\c:\program files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [2008-11-04 654848]
S3 MHN;MHN;c:\windows\System32\svchost.exe -k netsvcs [2004-08-10 14336]
S3 MHNDRV;MHN driver;c:\windows\system32\DRIVERS\mhndrv.sys [2008-04-30 11008]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-28 42512]
S3 odserv;Microsoft Office Diagnostics Service;"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [2007-08-24 443776]
S3 QWAVE;QWAVE service;c:\windows\system32\svchost.exe -k QWAVE [2004-08-10 14336]
S3 QWAVEDRV;QWAVE driver;c:\windows\system32\DRIVERS\qwavedrv.sys [2005-10-20 14336]
S3 sffdisk;SFF Storage Class Driver;c:\windows\system32\DRIVERS\sffdisk.sys [2004-08-10 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;c:\windows\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240]
S3 SPBBCDrv;SPBBCDrv;\??\c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-01-16 447024]
S3 SRTSPL;SRTSPL;c:\windows\system32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 SymIM;Symantec Network Security Intermediate Filter Service;c:\windows\system32\DRIVERS\SymIM.sys [2008-02-06 31408]
S3 UIUSys;Conexant Setup API;c:\windows\system32\DRIVERS\UIUSYS.SYS []
S4 Apple Mobile Device;Apple Mobile Device;"c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [2008-02-18 110592]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-11-03 460168]
S4 DSBrokerService;DSBrokerService;"c:\program files\DellSupport\brkrsvc.exe" [2007-03-19 70656]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);c:\program files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14207361-9a38-11dd-8ce2-001422a5ce46}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SanDiskPhoto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bd378bc-8dba-11dd-8d3f-e7e05e1ef942}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c02c5962-d309-11dd-8d0b-001422a5ce46}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da64dc0f-18ee-11dd-8d1d-001422a5ce46}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - BITS
*Newly Created Service* - PCIIDE
.
Contents of the 'Scheduled Tasks' folder

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bryan Dossey\Application Data\Mozilla\Firefox\Profiles\6ucemp4n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.productionartservices.com
FF - component: c:\documents and settings\Bryan Dossey\Application Data\Mozilla\Firefox\Profiles\6ucemp4n.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\Bryan Dossey\Application Data\Mozilla\Firefox\Profiles\6ucemp4n.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 18:11:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-26 18:12:42
ComboFix-quarantined-files.txt 2008-12-27 00:12:19
ComboFix2.txt 2008-12-26 21:04:27

Pre-Run: 23,489,220,608 bytes free
Post-Run: 23,476,129,792 bytes free

1135 --- E O F --- 2008-12-25 03:35:59


New HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:59 PM, on 12/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8072


ONE IMPORTANT NOTE: Norton 360 is installed on this computer, and due to the virus problem, I cannot uninstall it. ComboFix noted this before it ran.

Thanks,

Pilottype

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:21 PM

Posted 26 December 2008 - 08:39 PM

Pilottype1 :thumbsup:

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

c:\windows\SETB6.tmp
c:\windows\SETB3.tmp
c:\windows\SETC2.tmp
c:\windows\SET7E.tmp
c:\windows\SET7B.tmp
c:\windows\SETCD.tmp
c:\windows\SET8A.tmp
c:\windows\SETCE.tmp

  • Download the Norton Removal Tool for your version of Windows.
  • Save the file to the Windows desktop.
  • On the Windows desktop, double-click the Norton Removal tool icon.
  • Follow the on-screen instructions.
  • Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u11-windows-i586-p.exe) and select "Run as an Administrator.")

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Pilottype1

Pilottype1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 27 December 2008 - 12:02 AM

OK .. I did everything you just wrote, including a 2+ hour scan using Kaspersky. When I went to save the logfile, MY COMPUTER FROZE! Oh my goodness. Anyway, I wrote down the filenames that Kaspersky found -- there were two, and it showed my computer as "infected."

They were, and yes, I realize that it's a partial path, but it's all I could get as the screen was locked up:

C:\Documents and Settings\Bryan Dossey\Local Settings\..\Trojan-Spy.Win32.Zbot.gdl
C:\Documents and Settings\Bryan Dossey\..\not-a-virus: Webtoolbar (again, there may be more....)

The scan is currently re-running. Since it took 2 hours, and it's 11pm here already, I'll try to get it posted in the morning. Hopefully the information contained here is of some value.

Results of the re-run; notice that the second instance was not recorded.

Saturday, December 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 27, 2008 02:53:32
Records in database: 1519459
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 101668
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 02:41:20

File name Threat name Threats count
C:\Documents and Settings\Bryan Dossey\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Trojan-Spy.Win32.Zbot.gdl 1
The selected area was scanned.

Thanks,

Pilottype

Edited by Pilottype1, 27 December 2008 - 03:01 AM.


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:21 PM

Posted 27 December 2008 - 02:32 AM

No enough information.

As an alternative, please run the F-Secure Online Scanner

Note: You must use Internet Explorer for this scan!
  • Accept the License Agreement.
  • Once the ActiveX installs click Full System Scan
  • Once the download completes, the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy and paste the entire report in your next reply.
Click here to download Dr.Web CureIt and save it to your desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Pilottype1

Pilottype1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 27 December 2008 - 03:04 AM

I reposted some information about the Kaspersky scan, and maybe that'll help. I'll move forward with your current instructions.

Again thanks,

Pilottype

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:21 PM

Posted 27 December 2008 - 03:12 AM

OK. You just have to empty your delete items, inbox and sent box in Outlook Express.

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Pilottype1

Pilottype1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 27 December 2008 - 03:34 AM

It seems to be running much faster now, but IE still redirects to FireFox ... not on all webpages, but on some like Trend Micro. To really get a feel for it, I'll have to reinstall Norton 360, which wasn't running before. I'll hold off on that until it gets the official blessing.

ALSO -- A QUICK QUESTION -- As previously mentioned, this isn't my computer ... it belongs to a good friend. I can't delete his inbox without talking to him (and it's 2:30am here), so I just deleted the other boxes that you suggested. HERE'S THE QUESTION: Can I export the files in his inbox and/or scan them to ensure that they're not infected, or is he just going to have to give up the email?

Here's the DrWeb quick scan and the new HJT; the complete scan is currently running.

DrWeb:

askservice.exe;c:\program files\askbardis\bar\bin;Probably BACKDOOR.Trojan;Incurable.Moved.;


HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:25 AM, on 12/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bryan Dossey\Desktop\drweb-cureit.exe
C:\DOCUME~1\BRYAND~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\BRYAND~1\LOCALS~1\Temp\RarSFX0\setup.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6985 bytes


Complete Scan to follow.

Thanks,
Pilottype

#10 Pilottype1

Pilottype1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 27 December 2008 - 06:02 AM

OK! The computer is running MUCH, MUCH better now. It was still redirecting to FireFox most of the time, so I installed IE7, and now no problem. Plus it seems much faster. I did another Express Scan using DrWeb, and it showed clear (the first ones did show the trojan.)

I'm having another problem with it now, but it's not malware-related; during this operation, at some point I got the error "GetRequestedRuntimeInfo could not be found in Dynamic Link Library mscoree.dll" (close to the actual message.) There are a few links that discuss it, and I will research that elsewhere. Perhaps an upgrade to SP3 would handle it as well.

At any rate, thank you, thank you, thank you for your help. I'd probably spent a dozen hours or more toiling with this problem, and following your instructions cleared it right up.

Pilottype

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:21 PM

Posted 27 December 2008 - 10:42 AM

I am not savy as far as Outlook is concern, so can't answer your question. Askbar is open for discussion as far as malware is concern. As it hasn't been declared malware, I did not request to remove it, but it certainly could be responsible for the re-direction.

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

AskBar

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\AskBarDis

Re-start. Let me know if that has made the difference.

Lets do some housekeeping:

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Posted Image
Create a Restore point (If the above process fails to do so):
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.
Keep me posted.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Pilottype1

Pilottype1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 27 December 2008 - 01:03 PM

I completed the instructions in your last email, and the computer is back up and running -- the only thing I have left to fix is the GetRunTimeInfo problem, and there's plenty of information on the web about that. I appreciate your expertise and willingness to share it.

Thanks,
Pilottype

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:21 PM

Posted 27 December 2008 - 01:16 PM

When do you receive this error message? Attempting to run which program?
  • Open Hijackthis
  • Click on Open the Misc Tools Section
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, and attach the results in your next post.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:21 PM

Posted 27 December 2008 - 01:23 PM

Download the enclosed folder. Save and extract its contents to the desktop. Once extracted, open the VFIND folder and click on the RunMe.bat file. It will take some time for the results to pop. Post the contents of the report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Pilottype1

Pilottype1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 28 December 2008 - 05:02 PM

I gave the computer back to my buddy after it appeared to be working correctly, and he removed the Windows Recovery Console from it, and fixed the problem with the .NET Framework (which is what caused the GetRunTimeInfo problem.) The error message appeared upon bootup, and occurred with another error message about the .NET Framework .dll file not found in mscoree.dll.

The way he fixed it was to remove (using the Control Panel, Add/Remove Programs) .NET Framework 2.0, and then to install SP3. This cleared up all the problems. He also installed Norton 360 2.0, and used that to scan some data he'd backed up before we started working on his machine.

He asked me to express his thanks for your help. He's a blogger, and has included a plug for bleepingcomputer.com in a blog he wrote about this experience.

Thanks again,
Pilottype




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users