Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Varient and other problems


  • This topic is locked This topic is locked
8 replies to this topic

#1 Xael

Xael

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 07 January 2009 - 08:56 PM

Everytime i run a scanner the problem is still there even after it "removes" the problem. I have a Vundo Varient problem and some Unknown Origin trackers and other things.
Thankyou in advance for any help.

DDS (Ver_09-01-07.01) - NTFSx86
Run by User1 at 19:48:42.98 on Wed 01/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1455 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\keyboard&mouse\MediaLife\MediaLifeService.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
D:\Daemon tools pro\DTProAgent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\keyboard&mouse\SetPoint\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Ipod\bin\iPodService.exe
C:\Documents and Settings\User1\Desktop\dds.scr
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {de691dee-aac1-bdf8-8794-8ed4522f0a51}: {15a0f225-4de8-4978-8fdb-1caaeed196ed} - c:\windows\system32\wjyofc.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {6d169ec8-c777-4360-aa27-b2716955605f} - c:\windows\system32\govujena.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {bffe891d-618a-7b53-da5c-3be675f45cc3} - c:\windows\system32\idgyabn.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {B9D1647F-A66A-4695-B249-07901A45FF59} - No File
uRun: [Orrm] "c:\windows\dobe~1\logonui.exe" -vt ndrv
uRun: [Kdy] "c:\program files\common files\a?sembly\w?crtupd.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Pro Agent] "d:\daemon tools pro\DTProAgent.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [GetModule30] c:\program files\getmodule\GetModule30.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [MediaLifeService] "d:\keyboard&mouse\medialife\MediaLifeService.exe"
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [NWEReboot]
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [{08-8C-C0-0C-ZN}] c:\documents and settings\user1\local settings\temp\T0CHD001.exe CHD001
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [fofedapido] Rundll32.exe "c:\windows\system32\juhijudu.dll",s
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [04b08ca3] rundll32.exe "c:\windows\system32\hizupoye.dll",b
mRun: [CPM0783bf3f] Rundll32.exe "c:\windows\system32\bipehozo.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\keyboard&mouse\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
Notify: !SASWinLogon - f:\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: winlbu32 - winlbu32.dll
AppInit_DLLs: wjyofc.dll c:\windows\system32\nutuhunu.dll c:\windows\system32\jukadoda.dll c:\windows\system32\bipehozo.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayvULee
LSA: Notification Packages = scecli c:\windows\system32\nutuhunu.dll

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R1 SASDIFSV;SASDIFSV;f:\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;f:\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090106.004\naveng.sys [2009-1-6 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090106.004\navex15.sys [2009-1-6 876112]
R3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2009-1-5 7548]
R4 aawservice;Lavasoft Ad-Aware Service;d:\ad-aware\aawservice.exe [2008-9-10 611664]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-30 24652]
S3 AutorunDirectIO;AutorunDirectIO;\??\e:\autorun\diodrvr.sys --> e:\autorun\DIODrvr.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2007-11-22 91797]
S3 SASENUM;SASENUM;f:\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]

=============== Created Last 30 ================

2009-01-07 18:39 460,059 a----r-- C:\txtsetup.sif
2009-01-07 18:39 260,272 a----r-- C:\$LDR$
2009-01-07 18:39 <DIR> --d----- C:\$WIN_NT$.~BT
2009-01-07 11:36 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-07 10:52 1,275,109 ---sh--- c:\windows\system32\eyopuzih.ini
2009-01-06 18:04 0 a------- c:\windows\vpc32.INI
2009-01-06 17:39 123,200 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 17:39 91,856 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-06 17:39 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-01-06 17:32 <DIR> --d----- c:\docume~1\user1\applic~1\IsolatedStorage
2009-01-06 17:31 <DIR> --d----- c:\windows\system32\URTTEMP
2009-01-06 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-01-06 17:26 <DIR> --d----- c:\program files\Symantec
2009-01-06 16:05 1,275,109 ---sh--- c:\windows\system32\abayopeh.ini
2009-01-05 16:14 487,424 a------- c:\windows\system32\FDRpage.dll
2009-01-05 16:14 77,824 a------- c:\windows\system32\FDRdriver.dll
2009-01-05 16:14 7,548 a------- c:\windows\system32\drivers\Samhid.sys
2009-01-05 16:14 <DIR> --d----- c:\program files\PHILIPS
2009-01-05 16:14 204,800 a------- c:\windows\system32\CreateDir.exe
2009-01-04 13:20 1,307,382 ---sh--- c:\windows\system32\rypxabyi.ini
2009-01-04 13:19 91,648 -------- c:\windows\system32\iybaxpyr.dll
2009-01-04 13:18 674,116 a--sh--- c:\windows\system32\eeLUvyay.ini2
2009-01-04 13:18 674,116 a--sh--- c:\windows\system32\eeLUvyay.ini
2009-01-04 13:06 1,085,440 a------- c:\windows\system32\rn.tmp
2009-01-02 18:36 48 a---h--- c:\windows\system32\ezsidmv.dat
2008-12-27 15:05 <DIR> --d----- c:\program files\Steam
2008-12-23 11:56 902,837 a--sh--- c:\windows\system32\ceKnmUvw.ini2
2008-12-23 11:56 902,837 a--sh--- c:\windows\system32\ceKnmUvw.ini

==================== Find3M ====================

2009-01-07 10:52 90,784 a--sh--- c:\windows\system32\hizupoye.dll
2008-12-10 21:13 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2008-12-06 13:50 862,481 a--sh--- c:\windows\system32\cIiRtBeg.ini2
2008-11-29 23:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-10-25 08:44 7,304 a------- c:\windows\TMP0001.TMP
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2007-08-11 09:35 6,421 ---sh--- c:\windows\system32\fhggh.bak1
0000-00-00 00:00 68,268 a--sh--- c:\windows\system32\govujena.dll
0000-00-00 00:00 68,268 a--sh--- c:\windows\system32\nutuhunu.dll
2007-11-26 16:32 10,807 a--sh--- c:\windows\system32\tsuvw.ini2
2007-08-21 10:19 6,513 ---sh--- c:\windows\system32\tuvyb.bak1

============= FINISH: 19:51:18.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:09 AM

Posted 08 January 2009 - 04:49 AM

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Xael

Xael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 08 January 2009 - 01:25 PM

Thanks for the quick response. I actually backed up all of my important documents the otherday because I was tempted to just reinstal windows but decided to do this first so that I could save myself from installing everything all over again.

Combo Logs:
ComboFix 09-01-08.01 - User1 2009-01-08 12:03:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1629 [GMT -6:00]
Running from: c:\documents and settings\User1\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\User1\Application Data\GetModule
c:\documents and settings\User1\Application Data\GetModule\dicik.gz
c:\documents and settings\User1\Application Data\GetModule\kwdik.gz
c:\documents and settings\User1\Application Data\GetModule\ofadik.gz
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\abayopeh.ini
c:\windows\system32\ayazifej.ini
c:\windows\system32\ceKnmUvw.ini
c:\windows\system32\ceKnmUvw.ini2
c:\windows\system32\cIiRtBeg.ini
c:\windows\system32\cIiRtBeg.ini2
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekadqbdmilf.sys
c:\windows\system32\eeLUvyay.ini
c:\windows\system32\eeLUvyay.ini2
c:\windows\system32\eyopuzih.ini
c:\windows\system32\fhggh.bak1
c:\windows\system32\hizupoye.dll
c:\windows\system32\jefizaya.dll
c:\windows\system32\kihugali.dll
c:\windows\system32\rypxabyi.ini
c:\windows\system32\seneka.dat
c:\windows\system32\senekabgrrsipx.dll
c:\windows\system32\senekadf.dat
c:\windows\system32\senekalog.dat
c:\windows\system32\senekaqjkyiudo.dll
c:\windows\system32\senekaymrrtjbe.dll
c:\windows\system32\tsuvw.ini
c:\windows\system32\tsuvw.ini2
c:\windows\system32\tugokubu.dll
c:\windows\system32\tuvyb.bak1
c:\windows\Tasks\jyuohsqq.job
c:\windows\wiaserviv.log

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 00:11 . 2009-01-08 00:11 0 --a------ c:\windows\nsreg.dat
2009-01-07 18:39 . 2009-01-07 18:39 <DIR> d-------- C:\$WIN_NT$.~BT
2009-01-07 18:39 . 2002-12-31 06:00 460,059 -ra------ C:\txtsetup.sif
2009-01-07 18:39 . 2002-12-31 06:00 260,272 -ra------ C:\$LDR$
2009-01-07 11:36 . 2009-01-07 11:36 73,216 --a------ c:\windows\system32\ffkuz.dll
2009-01-06 18:04 . 2009-01-06 18:04 0 --a------ c:\windows\vpc32.INI
2009-01-06 17:39 . 2009-01-08 12:12 <DIR> d-------- c:\program files\Symantec AntiVirus
2009-01-06 17:39 . 2005-04-01 20:36 123,200 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 17:39 . 2005-04-01 20:36 91,856 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-06 17:32 . 2009-01-06 17:32 <DIR> d-------- c:\documents and settings\User1\Application Data\IsolatedStorage
2009-01-06 17:31 . 2009-01-06 17:31 <DIR> d-------- c:\windows\system32\URTTEMP
2009-01-06 17:26 . 2009-01-06 17:40 <DIR> d-------- c:\program files\Symantec
2009-01-06 17:26 . 2009-01-06 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-05 16:14 . 2009-01-05 16:14 <DIR> d-------- c:\program files\PHILIPS
2009-01-05 16:14 . 2007-06-14 15:38 487,424 --a------ c:\windows\system32\FDRpage.dll
2009-01-05 16:14 . 2007-06-08 10:59 204,800 --a------ c:\windows\system32\CreateDir.exe
2009-01-05 16:14 . 2006-01-04 16:39 77,824 --a------ c:\windows\system32\FDRdriver.dll
2009-01-05 16:14 . 2006-01-06 10:10 7,548 --a------ c:\windows\system32\drivers\Samhid.sys
2009-01-04 13:06 . 2009-01-04 13:07 1,085,440 --a------ c:\windows\system32\rn.tmp
2009-01-02 18:36 . 2009-01-03 10:08 <DIR> d-------- c:\documents and settings\User1\Application Data\skypePM
2009-01-02 18:36 . 2009-01-02 18:36 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-02 18:35 . 2009-01-04 13:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-01-01 22:43 . 2009-01-01 22:44 <DIR> d-------- c:\documents and settings\User1\Application Data\U3
2008-12-27 15:05 . 2009-01-08 12:12 <DIR> d-------- c:\program files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 17:40 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-07 17:39 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-07 17:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-07 03:04 --------- d-----w c:\documents and settings\User1\Application Data\Azureus
2009-01-06 23:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-11 03:13 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-12-07 02:50 --------- d-----w c:\documents and settings\User1\Application Data\Move Networks
2008-12-04 18:36 --------- d-----w c:\program files\AIM6
2008-12-04 18:36 --------- d-----w c:\documents and settings\User1\Application Data\acccore
2008-12-04 18:35 --------- d-----w c:\program files\Common Files\AOL
2008-12-04 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-12-04 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-30 05:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-11-30 02:04 --------- d-----w c:\documents and settings\User1\Application Data\Quake3
2008-11-12 20:52 --------- d--h--r c:\documents and settings\User1\Application Data\SecuROM
2008-10-25 14:44 7,304 ----a-w c:\windows\TMP0001.TMP
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
1601-01-01 00:12 67,866 --sha-w c:\windows\system32\nalayafi.dll
1601-01-01 00:12 46,080 --sha-w c:\windows\system32\yozezuna.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-06_22.07.55.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-01-19 19:29:19 14,048 ----a-w c:\windows\$hf_mig$\KB935448\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w c:\windows\$hf_mig$\KB935448\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w c:\windows\$hf_mig$\KB935448\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w c:\windows\$hf_mig$\KB935448\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w c:\windows\$hf_mig$\KB935448\update\updspapi.dll
+ 2007-07-06 09:52:38 72,960 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:08:11 138,240 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:08:11 47,104 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:08:11 16,896 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:08:11 660,992 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:08:11 177,152 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:08:11 95,744 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:08:11 48,640 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:08:11 471,552 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:12:25 14,048 ----a-w c:\windows\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w c:\windows\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w c:\windows\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w c:\windows\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w c:\windows\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w c:\windows\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w c:\windows\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-03-27 09:22:32 60,416 ----a-w c:\windows\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2008-03-27 10:40:24 60,416 ----a-w c:\windows\$hf_mig$\KB942763\SP3GDR\tzchange.exe
+ 2008-03-27 10:46:15 60,416 ----a-w c:\windows\$hf_mig$\KB942763\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB942763\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB942763\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB942763\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w c:\windows\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w c:\windows\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w c:\windows\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB943460\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w c:\windows\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w c:\windows\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w c:\windows\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB944338\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w c:\windows\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w c:\windows\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w c:\windows\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w c:\windows\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:32:03 151,040 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:32:04 357,888 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:32:04 251,904 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:32:04 96,256 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:32:04 16,384 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:32:06 449,024 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:32:07 532,480 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:32:07 39,424 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-16 09:32:08 618,496 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:09 666,112 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2008-02-15 09:06:21 351,744 ----a-w c:\windows\$hf_mig$\KB947864\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w c:\windows\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54 151,040 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55 357,888 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55 205,312 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55 55,808 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56 251,904 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56 96,256 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56 16,384 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57 449,024 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57 146,432 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58 532,480 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58 39,424 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58 474,112 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58 618,496 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59 666,624 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04 351,744 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29 3,066,880 ----a-w c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950759\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w c:\windows\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:39:39 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-12 05:22:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-13 09:52:16 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-01 15:04:00 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:11:40 1,024,000 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\browseui.dll
+ 2008-06-23 16:11:40 151,040 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\cdfview.dll
+ 2008-06-23 16:11:42 1,054,208 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\danim.dll
+ 2008-06-23 16:11:43 357,888 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:11:43 205,312 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\dxtrans.dll
+ 2008-06-23 16:11:43 55,808 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\extmgr.dll
+ 2008-06-23 09:53:58 18,432 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\iedw.exe
+ 2008-06-23 16:11:52 251,904 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\iepeers.dll
+ 2008-06-23 16:11:52 96,256 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\inseng.dll
+ 2008-06-23 16:11:52 16,384 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\jsproxy.dll
+ 2008-06-23 16:11:58 3,067,392 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\mshtml.dll
+ 2008-06-23 16:12:00 449,024 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\mshtmled.dll
+ 2008-06-23 16:12:02 146,432 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\msrating.dll
+ 2008-06-23 16:12:02 532,480 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\mstime.dll
+ 2008-06-23 16:12:02 39,424 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\pngfilt.dll
+ 2008-06-23 16:12:05 1,499,136 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\shdocvw.dll
+ 2008-06-23 16:12:05 474,112 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\shlwapi.dll
+ 2008-06-23 16:12:06 618,496 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\urlmon.dll
+ 2008-06-23 16:12:08 667,136 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
+ 2008-07-03 09:14:02 351,744 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\xpsp3res.dll
+ 2008-06-23 15:09:27 3,067,392 ----a-w c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll
+ 2008-06-26 08:15:29 1,499,136 ----a-w c:\windows\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
+ 2008-06-26 08:15:30 619,520 ----a-w c:\windows\$hf_mig$\KB953838\SP3GDR\urlmon.dll
+ 2008-06-23 15:09:27 666,112 ----a-w c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
+ 2008-06-25 04:24:48 3,067,904 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll
+ 2008-06-26 08:00:52 1,499,136 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
+ 2008-06-26 08:00:52 619,520 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\urlmon.dll
+ 2008-06-23 14:54:47 666,624 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB953838\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB953838\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB953838\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB953838\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB953838\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB953839\update\updspapi.dll
+ 2008-09-15 12:17:07 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP2QFE\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\$hf_mig$\KB954211\SP3GDR\win32k.sys
+ 2008-09-15 12:25:27 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-04 16:32:52 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP2QFE\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3GDR\msxml3.dll
+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 19:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-08-20 05:33:19 1,024,000 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\browseui.dll
+ 2008-08-20 05:33:17 151,040 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\cdfview.dll
+ 2008-08-20 05:33:18 1,054,208 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\danim.dll
+ 2008-08-20 05:33:18 357,888 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\dxtmsft.dll
+ 2008-08-20 05:33:18 205,312 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\dxtrans.dll
+ 2008-08-20 05:33:18 55,808 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\extmgr.dll
+ 2008-08-19 09:38:57 18,432 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\iedw.exe
+ 2008-08-20 05:33:18 251,904 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\iepeers.dll
+ 2008-08-20 05:33:18 96,256 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\inseng.dll
+ 2008-08-20 05:33:19 16,384 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\jsproxy.dll
+ 2008-08-20 05:33:20 3,067,392 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
+ 2008-08-20 05:33:19 449,024 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mshtmled.dll
+ 2008-08-20 05:33:18 146,432 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\msrating.dll
+ 2008-08-20 05:33:18 532,480 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mstime.dll
+ 2008-08-20 05:33:18 39,424 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\pngfilt.dll
+ 2008-08-20 05:33:19 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\shdocvw.dll
+ 2008-08-20 05:33:19 474,112 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\shlwapi.dll
+ 2008-08-20 05:33:19 619,008 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\urlmon.dll
+ 2008-08-20 05:33:19 667,648 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
+ 2008-08-19 09:20:32 351,744 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\xpsp3res.dll
+ 2008-08-20 05:30:53 3,067,904 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
+ 2008-08-20 05:30:51 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\shdocvw.dll
+ 2008-08-20 05:30:52 619,520 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\urlmon.dll
+ 2008-08-20 05:30:51 666,112 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
+ 2008-08-20 04:58:54 3,067,904 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
+ 2008-08-20 04:58:47 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\shdocvw.dll
+ 2008-08-20 04:58:50 620,032 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\urlmon.dll
+ 2008-08-20 04:58:48 666,624 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956390\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956390\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956390\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956390\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956390\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-08-14 09:48:52 138,368 ----a-w c:\windows\$hf_mig$\KB956803\SP2QFE\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3GDR\afd.sys
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlmp.exe
+ 2008-08-14 09:18:44 2,062,976 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrpamp.exe
+ 2008-08-14 09:57:20 2,185,984 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
+ 2008-08-14 10:09:26 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
+ 2008-08-14 10:39:28 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 20:39:46 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 21:11:10 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-08-28 10:35:33 333,056 ----a-w c:\windows\$hf_mig$\KB957095\SP2QFE\srv.sys
+ 2008-09-08 10:41:42 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3GDR\srv.sys
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:25:29 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-15 16:53:28 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP2QFE\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\$hf_mig$\KB958644\SP3GDR\netapi32.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2006-01-19 19:29:19 213,216 -c----w c:\windows\$NtUninstallKB935448$\spuninst\spuninst.exe
+ 2006-01-19 19:29:19 371,424 -c----w c:\windows\$NtUninstallKB935448$\spuninst\updspapi.dll
+ 2004-08-08 05:00:00 72,960 -c----w c:\windows\$NtUninstallKB937894$\mqac.sys
+ 2004-08-08 05:00:00 138,240 -c----w c:\windows\$NtUninstallKB937894$\mqad.dll
+ 2004-08-08 05:00:00 47,104 -c----w c:\windows\$NtUninstallKB937894$\mqdscli.dll
+ 2004-08-08 05:00:00 16,896 -c----w c:\windows\$NtUninstallKB937894$\mqise.dll
+ 2004-08-08 05:00:00 660,992 -c----w c:\windows\$NtUninstallKB937894$\mqqm.dll
+ 2004-08-08 05:00:00 177,152 -c----w c:\windows\$NtUninstallKB937894$\mqrt.dll
+ 2004-08-08 05:00:00 95,744 -c----w c:\windows\$NtUninstallKB937894$\mqsec.dll
+ 2004-08-08 05:00:00 48,640 -c----w c:\windows\$NtUninstallKB937894$\mqupgrd.dll
+ 2004-08-08 05:00:00 471,552 -c----w c:\windows\$NtUninstallKB937894$\mqutil.dll
+ 2005-10-12 23:12:26 213,216 -c----w c:\windows\$NtUninstallKB937894$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w c:\windows\$NtUninstallKB937894$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w c:\windows\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-27 21:39:36 213,216 -c----w c:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-27 21:39:46 371,424 -c----w c:\windows\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2005-01-28 18:44:28 224,768 -c----w c:\windows\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w c:\windows\$NtUninstallKB941644$\tcpip.sys
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB941693$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB941693$\spuninst\updspapi.dll
+ 2007-03-08 13:47:48 1,843,584 -c----w c:\windows\$NtUninstallKB941693$\win32k.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w c:\windows\$NtUninstallKB942763$\tzchange.exe
+ 2007-05-17 11:28:05 549,376 -c----w c:\windows\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-12-19 21:52:18 8,453,632 -c----w c:\windows\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 721,920 -c----w c:\windows\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2006-05-18 05:24:25 450,560 -c----w c:\windows\$NtUninstallKB944338$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB944338$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB944338$\spuninst\updspapi.dll
+ 2004-08-08 05:00:00 417,792 -c----w c:\windows\$NtUninstallKB944338$\vbscript.dll
+ 2007-12-27 01:23:26 163,644 -c----w c:\windows\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2006-06-26 17:37:10 148,480 -c----w c:\windows\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-08 05:00:00 45,568 -c----w c:\windows\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB945553$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB945553$\spuninst\updspapi.dll
+ 2004-08-08 05:00:00 181,248 -c----w c:\windows\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-08-22 13:12:15 1,022,976 -c----w c:\windows\$NtUninstallKB947864$\browseui.dll
+ 2007-08-22 13:12:15 151,040 -c----w c:\windows\$NtUninstallKB947864$\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 -c----w c:\windows\$NtUninstallKB947864$\danim.dll
+ 2007-08-22 13:12:16 357,888 -c----w c:\windows\$NtUninstallKB947864$\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 -c----w c:\windows\$NtUninstallKB947864$\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 -c----w c:\windows\$NtUninstallKB947864$\extmgr.dll
+ 2007-08-21 10:30:45 18,432 -c----w c:\windows\$NtUninstallKB947864$\iedw.exe
+ 2007-08-22 13:12:16 251,392 -c----w c:\windows\$NtUninstallKB947864$\iepeers.dll
+ 2007-08-22 13:12:16 96,256 -c----w c:\windows\$NtUninstallKB947864$\inseng.dll
+ 2007-08-22 13:12:16 16,384 -c----w c:\windows\$NtUninstallKB947864$\jsproxy.dll
+ 2007-08-22 13:12:17 3,058,176 -c----w c:\windows\$NtUninstallKB947864$\mshtml.dll
+ 2007-08-22 13:12:17 449,024 -c----w c:\windows\$NtUninstallKB947864$\mshtmled.dll
+ 2007-08-22 13:12:17 146,432 -c----w c:\windows\$NtUninstallKB947864$\msrating.dll
+ 2007-08-22 13:12:17 532,480 -c----w c:\windows\$NtUninstallKB947864$\mstime.dll
+ 2007-08-22 13:12:17 39,424 -c----w c:\windows\$NtUninstallKB947864$\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 -c----w c:\windows\$NtUninstallKB947864$\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 -c----w c:\windows\$NtUninstallKB947864$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB947864$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB947864$\spuninst\updspapi.dll
+ 2007-08-22 13:12:18 615,424 -c----w c:\windows\$NtUninstallKB947864$\urlmon.dll
+ 2007-08-22 13:12:18 658,944 -c----w c:\windows\$NtUninstallKB947864$\wininet.dll
+ 2007-08-21 10:20:02 115,712 -c----w c:\windows\$NtUninstallKB947864$\xpsp3res.dll
+ 2007-06-19 13:31:19 282,112 -c----w c:\windows\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\$NtUninstallKB948881$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\$NtUninstallKB948881$\spuninst\updspapi.dll
+ 2004-08-08 05:00:00 561,179 -c----w c:\windows\$NtUninstallKB950749$\dao360.dll
+ 2004-08-08 05:00:00 512,029 -c----w c:\windows\$NtUninstallKB950749$\msexch40.dll
+ 2004-08-08 05:00:00 319,517 -c----w c:\windows\$NtUninstallKB950749$\msexcl40.dll
+ 2004-08-08 05:00:00 1,507,356 -c----w c:\windows\$NtUninstallKB950749$\msjet40.dll
+ 2004-08-08 05:00:00 358,976 -c----w c:\windows\$NtUninstallKB950749$\msjetol1.dll
+ 2004-08-08 05:00:00 358,976 -c----w c:\windows\$NtUninstallKB950749$\msjetoledb40.dll
+ 2004-08-08 05:00:00 151,583 -c----w c:\windows\$NtUninstallKB950749$\msjint40.dll
+ 2004-08-08 05:00:00 53,279 -c----w c:\windows\$NtUninstallKB950749$\msjter40.dll
+ 2004-08-08 05:00:00 241,693 -c----w c:\windows\$NtUninstallKB950749$\msjtes40.dll
+ 2004-08-08 05:00:00 213,023 -c----w c:\windows\$NtUninstallKB950749$\msltus40.dll
+ 2004-08-08 05:00:00 348,189 -c----w c:\windows\$NtUninstallKB950749$\mspbde40.dll
+ 2004-08-08 05:00:00 421,919 -c----w c:\windows\$NtUninstallKB950749$\msrd2x40.dll
+ 2004-08-08 05:00:00 315,423 -c----w c:\windows\$NtUninstallKB950749$\msrd3x40.dll
+ 2004-08-08 05:00:00 552,989 -c----w c:\windows\$NtUninstallKB950749$\msrepl40.dll
+ 2004-08-08 05:00:00 258,077 -c----w c:\windows\$NtUninstallKB950749$\mstext40.dll
+ 2004-08-08 05:00:00 831,519 -c----w c:\windows\$NtUninstallKB950749$\mswdat10.dll
+ 2004-08-08 05:00:00 614,429 -c----w c:\windows\$NtUninstallKB950749$\mswstr10.dll
+ 2004-08-08 05:00:00 348,189 -c----w c:\windows\$NtUninstallKB950749$\msxbde40.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB950749$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB950749$\spuninst\updspapi.dll
+ 2008-02-16 08:59:34 1,023,488 -c----w c:\windows\$NtUninstallKB950759$\browseui.dll
+ 2008-02-16 08:59:35 151,040 -c----w c:\windows\$NtUninstallKB950759$\cdfview.dll
+ 2008-02-16 08:59:35 1,054,208 -c----w c:\windows\$NtUninstallKB950759$\danim.dll
+ 2008-02-16 08:59:35 357,888 -c----w c:\windows\$NtUninstallKB950759$\dxtmsft.dll
+ 2008-02-16 08:59:35 205,312 -c----w c:\windows\$NtUninstallKB950759$\dxtrans.dll
+ 2008-02-16 08:59:35 55,808 -c----w c:\windows\$NtUninstallKB950759$\extmgr.dll
+ 2008-02-15 09:23:37 18,432 -c----w c:\windows\$NtUninstallKB950759$\iedw.exe
+ 2008-02-16 08:59:35 251,392 -c----w c:\windows\$NtUninstallKB950759$\iepeers.dll
+ 2008-02-16 08:59:35 96,256 -c----w c:\windows\$NtUninstallKB950759$\inseng.dll
+ 2008-02-16 08:59:35 16,384 -c----w c:\windows\$NtUninstallKB950759$\jsproxy.dll
+ 2008-02-16 22:29:38 3,059,712 -c----w c:\windows\$NtUninstallKB950759$\mshtml.dll
+ 2008-02-16 08:59:37 449,024 -c----w c:\windows\$NtUninstallKB950759$\mshtmled.dll
+ 2008-02-16 08:59:37 146,432 -c----w c:\windows\$NtUninstallKB950759$\msrating.dll
+ 2008-02-16 08:59:37 532,480 -c----w c:\windows\$NtUninstallKB950759$\mstime.dll
+ 2008-02-16 08:59:37 39,424 -c----w c:\windows\$NtUninstallKB950759$\pngfilt.dll
+ 2008-02-16 08:59:38 1,494,528 -c----w c:\windows\$NtUninstallKB950759$\shdocvw.dll
+ 2008-02-16 08:59:38 474,112 -c----w c:\windows\$NtUninstallKB950759$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950759$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950759$\spuninst\updspapi.dll
+ 2008-02-16 08:59:38 615,936 -c----w c:\windows\$NtUninstallKB950759$\urlmon.dll
+ 2008-02-16 08:59:39 659,456 -c----w c:\windows\$NtUninstallKB950759$\wininet.dll
+ 2008-02-15 09:06:21 351,744 -c----w c:\windows\$NtUninstallKB950759$\xpsp3res.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950760$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950760$\spuninst\updspapi.dll
+ 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950762$\spuninst\updspapi.dll
+ 2005-07-26 04:39:45 243,200 -c----w c:\windows\$NtUninstallKB950974$\es.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2007-08-21 06:15:44 683,520 -c----w c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951066$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\updspapi.dll
+ 2008-03-27 09:24:20 60,416 -c----w c:\windows\$NtUninstallKB951072-v2$\tzchange.exe
+ 2008-04-14 11:01:02 272,128 -c----w c:\windows\$NtUninstallKB951376-v2$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951376$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB951376$\spuninst\updspapi.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w c:\windows\$NtUninstallKB951698$\quartz.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951698$\spuninst\updspapi.dll
+ 2004-08-08 05:00:00 138,496 -c----w c:\windows\$NtUninstallKB951748$\afd.sys
+ 2008-02-20 05:32:43 148,992 -c----w c:\windows\$NtUninstallKB951748$\dnsapi.dll
+ 2004-08-08 05:00:00 245,248 -c----w c:\windows\$NtUninstallKB951748$\mswsock.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB951748$\spuninst\updspapi.dll
+ 2007-10-30 17:20:55 360,064 -c----w c:\windows\$NtUninstallKB951748$\tcpip.sys
+ 2006-08-16 09:37:30 225,664 -c----w c:\windows\$NtUninstallKB951748$\tcpip6.sys
+ 2004-08-08 05:00:00 331,776 -c----w c:\windows\$NtUninstallKB952287$\msadce.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB952287$\spuninst\updspapi.dll
+ 2005-06-29 01:46:00 74,240 -c----w c:\windows\$NtUninstallKB952954$\mscms.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB952954$\spuninst\updspapi.dll
+ 2008-04-21 07:03:56 1,023,488 -c----w c:\windows\$NtUninstallKB953838$\browseui.dll
+ 2008-04-21 07:03:56 151,040 -c----w c:\windows\$NtUninstallKB953838$\cdfview.dll
+ 2008-04-21 07:03:57 1,054,208 -c----w c:\windows\$NtUninstallKB953838$\danim.dll
+ 2008-04-21 07:03:57 357,888 -c----w c:\windows\$NtUninstallKB953838$\dxtmsft.dll
+ 2008-04-21 07:03:57 205,312 -c----w c:\windows\$NtUninstallKB953838$\dxtrans.dll
+ 2008-04-21 07:03:57 55,808 -c----w c:\windows\$NtUninstallKB953838$\extmgr.dll
+ 2008-04-17 10:52:54 18,432 -c----w c:\windows\$NtUninstallKB953838$\iedw.exe
+ 2008-04-21 07:03:58 251,392 -c----w c:\windows\$NtUninstallKB953838$\iepeers.dll
+ 2008-04-21 07:03:58 96,256 -c----w c:\windows\$NtUninstallKB953838$\inseng.dll
+ 2008-04-21 07:03:58 16,384 -c----w c:\windows\$NtUninstallKB953838$\jsproxy.dll
+ 2008-04-21 07:03:59 3,059,712 -c----w c:\windows\$NtUninstallKB953838$\mshtml.dll
+ 2008-04-21 07:03:59 449,024 -c----w c:\windows\$NtUninstallKB953838$\mshtmled.dll
+ 2008-04-21 07:03:59 146,432 -c----w c:\windows\$NtUninstallKB953838$\msrating.dll
+ 2008-04-21 07:03:59 532,480 -c----w c:\windows\$NtUninstallKB953838$\mstime.dll
+ 2008-04-21 07:03:59 39,424 -c----w c:\windows\$NtUninstallKB953838$\pngfilt.dll
+ 2008-04-21 07:04:00 1,494,528 -c----w c:\windows\$NtUninstallKB953838$\shdocvw.dll
+ 2008-04-21 07:04:00 474,112 -c----w c:\windows\$NtUninstallKB953838$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB953838$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB953838$\spuninst\updspapi.dll
+ 2008-04-21 07:04:00 615,936 -c----w c:\windows\$NtUninstallKB953838$\urlmon.dll
+ 2008-04-21 07:04:00 659,456 -c----w c:\windows\$NtUninstallKB953838$\wininet.dll
+ 2008-04-17 10:37:04 351,744 -c----w c:\windows\$NtUninstallKB953838$\xpsp3res.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB953839$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
+ 2008-03-19 09:47:00 1,845,248 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 19:08:38 382,840 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2008-06-23 15:38:28 1,023,488 -c----w c:\windows\$NtUninstallKB956390$\browseui.dll
+ 2008-06-23 15:38:29 151,040 -c----w c:\windows\$NtUninstallKB956390$\cdfview.dll
+ 2008-06-23 15:38:30 1,054,208 -c----w c:\windows\$NtUninstallKB956390$\danim.dll
+ 2008-06-23 15:38:30 357,888 -c----w c:\windows\$NtUninstallKB956390$\dxtmsft.dll
+ 2008-06-23 15:38:30 205,312 -c----w c:\windows\$NtUninstallKB956390$\dxtrans.dll
+ 2008-06-23 15:38:30 55,808 -c----w c:\windows\$NtUninstallKB956390$\extmgr.dll
+ 2008-06-23 09:49:29 18,432 -c----w c:\windows\$NtUninstallKB956390$\iedw.exe
+ 2008-06-23 15:38:31 251,392 -c----w c:\windows\$NtUninstallKB956390$\iepeers.dll
+ 2008-06-23 15:38:31 96,256 -c----w c:\windows\$NtUninstallKB956390$\inseng.dll
+ 2008-06-23 15:38:31 16,384 -c----w c:\windows\$NtUninstallKB956390$\jsproxy.dll
+ 2008-06-23 15:38:33 3,059,712 -c----w c:\windows\$NtUninstallKB956390$\mshtml.dll
+ 2008-06-23 15:38:33 449,024 -c----w c:\windows\$NtUninstallKB956390$\mshtmled.dll
+ 2008-06-23 15:38:33 146,432 -c----w c:\windows\$NtUninstallKB956390$\msrating.dll
+ 2008-06-23 15:38:33 532,480 -c----w c:\windows\$NtUninstallKB956390$\mstime.dll
+ 2008-06-23 15:38:33 39,424 -c----w c:\windows\$NtUninstallKB956390$\pngfilt.dll
+ 2008-06-23 15:38:34 1,494,528 -c----w c:\windows\$NtUninstallKB956390$\shdocvw.dll
+ 2008-06-23 15:38:34 474,112 -c----w c:\windows\$NtUninstallKB956390$\shlwapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956390$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB956390$\spuninst\updspapi.dll
+ 2008-06-23 15:38:34 615,936 -c----w c:\windows\$NtUninstallKB956390$\urlmon.dll
+ 2008-06-23 15:38:34 659,456 -c----w c:\windows\$NtUninstallKB956390$\wininet.dll
+ 2008-07-03 09:14:02 351,744 -c----w c:\windows\$NtUninstallKB956390$\xpsp3res.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\$NtUninstallKB956841$\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2006-05-05 09:41:45 453,120 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12 382,840 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 332,288 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
+ 2006-11-02 12:22:52 51,680 -c----w c:\windows\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll
+ 2006-10-09 02:51:14 221,488 -c----w c:\windows\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2006-10-09 02:51:14 379,184 -c----w c:\windows\$NtUninstallWdf01005$\spuninst\updspapi.dll
+ 2009-01-06 23:31:12 7,680 ----a-w c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-01-06 23:31:09 12,288 ----a-w c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-01-06 23:31:13 33,792 ----a-w c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-01-06 23:31:17 7,168 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-01-06 23:31:15 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-01-06 23:31:15 4,608 ----a-w c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-01-06 23:31:15 26,112 ----a-w c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-05-28 00:49:20 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-05-28 00:49:20 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-05-28 00:49:20 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-05-28 00:49:15 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-28 00:49:16 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-28 00:49:16 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-28 00:49:17 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-28 00:49:17 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-28 00:49:17 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-28 00:49:18 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-28 00:49:18 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-28 00:49:19 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-28 00:49:20 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-28 00:49:21 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-05-28 00:49:21 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-05-28 00:49:21 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-05-28 00:49:21 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-05-28 00:49:19 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-01-06 23:31:09 716,800 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-01-06 23:31:09 28,672 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-01-06 23:31:09 299,008 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-01-06 23:31:10 6,144 ----a-w c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2009-01-06 23:31:09 11,264 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-01-06 23:31:09 32,768 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-01-06 23:31:09 6,656 ----a-w c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-01-06 23:31:15 1,564,672 ----a-w c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-01-06 23:31:17 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-01-06 23:31:15 77,824 ----a-w c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-01-06 23:31:19 299,008 ----a-w c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-01-06 23:31:15 1,290,240 ----a-w c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2009-01-06 23:31:16 1,699,840 ----a-w c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-01-06 23:31:16 86,016 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-01-06 23:31:16 65,536 ----a-w c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-01-06 23:31:16 466,944 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-01-06 23:31:16 241,664 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-01-06 23:31:16 64,000 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-01-06 23:31:16 368,640 ----a-w c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-01-06 23:31:16 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-01-06 23:31:16 323,584 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-01-06 23:31:16 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-01-06 23:31:16 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-01-06 23:31:16 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-01-06 23:31:17 819,200 ----a-w c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-01-06 23:31:17 57,344 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-01-06 23:31:17 569,344 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-01-06 23:31:17 1,245,184 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-01-06 23:31:17 2,039,808 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-01-06 23:31:17 1,335,296 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2009-01-06 23:31:16 1,216,512 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-01-16 00:58:13 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-01-16 00:58:20 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-01-16 00:58:20 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-01-16 00:58:21 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-01-16 00:58:18 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-01-16 00:58:09 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-01-16 00:58:09 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-01-16 00:58:26 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-01-16 00:58:14 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-01-16 00:58:12 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-01-16 00:58:09 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-01-16 00:58:10 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-01-16 00:58:19 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-01-16 00:58:20 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-01-16 00:58:20 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-01-16 00:58:11 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-01-16 00:58:11 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-01-16 00:58:11 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-01-16 00:58:12 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-01-16 00:58:10 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-01-16 00:58:27 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-01-16 00:58:27 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-01-16 00:58:08 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-01-16 00:58:27 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-01-16 00:58:28 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-01-16 00:58:09 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-01-16 00:58:08 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-01-16 00:58:09 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-01-16 00:58:24 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-01-16 00:58:13 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-01-16 00:58:24 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-01-16 00:58:22 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-01-16 00:58:10 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-01-16 00:58:18 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-01-16 00:58:13 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-01-16 00:58:13 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-01-16 00:58:14 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-01-16 00:58:25 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-01-16 00:58:22 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-01-16 00:58:26 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-01-16 00:58:23 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-01-16 00:58:23 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-01-16 00:58:12 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-01-16 00:58:14 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-01-16 00:58:26 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-01-16 00:58:15 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-01-16 00:58:16 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-01-16 00:58:17 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-01-16 00:58:17 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-01-16 00:58:25 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-16 01:24:10 26,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\0579b785749f3843bab1d7837b27ef1c\Accessibility.ni.dll
+ 2008-01-16 01:24:10 860,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\17618b79e6485342ad9dca5aa02ebca9\AspNetMMCExt.ni.dll
+ 2008-01-16 01:24:11 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\03fe98958cd37741838e54416fc9a01c\CustomMarshalers.ni.dll
+ 2008-01-16 01:24:10 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\bb196d6df7dcbc49b525aec202e4dac5\dfsvc.ni.exe
+ 2008-01-16 01:24:12 880,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a7afe54dc51f71409750b7d2bddfe6b9\Microsoft.Build.Engine.ni.dll
+ 2008-01-16 01:24:12 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5187dbcf28c2fe4aa64e6c8d9fd1e7b4\Microsoft.Build.Framework.ni.dll
+ 2008-01-16 01:24:14 1,691,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e17a3e1faaf9364780976011999c3a6f\Microsoft.Build.Tasks.ni.dll
+ 2008-01-16 01:24:14 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7561d22d2655ed42a439b2f125fe0e2e\Microsoft.Build.Utilities.ni.dll
+ 2008-01-16 01:24:15 1,724,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a7cbd4ec12d7164caff13b2bd9a98732\Microsoft.VisualBasic.ni.dll
+ 2008-01-16 00:58:49 11,415,552 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e6121a7776f22643b6b1c5e1fd4771f9\mscorlib.ni.dll
+ 2008-01-16 01:24:16 962,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\6c9678d52e7e1e4dbb1d75805a5b4e18\System.Configuration.ni.dll
+ 2008-01-16 00:59:32 6,688,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\d11c41f764849c47a54b4761448a1d85\System.Data.ni.dll
+ 2008-01-16 01:24:17 1,712,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\1f2117e686d777499a3c4dd389b2eb04\System.Deployment.ni.dll
+ 2008-01-16 00:59:45 10,723,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\72179798247e13489794e9571aba5b73\System.Design.ni.dll
+ 2008-01-16 01:24:19 1,220,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\904f06cb5d201549bbbbdad0000f51fc\System.DirectoryServices.ni.dll
+ 2008-01-16 01:24:20 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ee6e2abaea77cc4e9314f919e4deab4d\System.DirectoryServices.Protocols.ni.dll
+ 2008-01-16 00:59:03 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b58220f6cc952f4291e1058202727f30\System.Drawing.Design.ni.dll
+ 2008-01-16 00:59:06 1,626,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0cb9a6f7968fe44996c6eb1a5fbb36b8\System.Drawing.ni.dll
+ 2008-01-16 01:24:21 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fee733817568984e912386a4b8b78730\System.EnterpriseServices.ni.dll
+ 2008-01-16 01:24:21 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fee733817568984e912386a4b8b78730\System.EnterpriseServices.Wrapper.dll
+ 2008-01-16 01:24:21 729,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\54e4183021589a4683d0dcc2d19d0034\System.Security.ni.dll
+ 2008-01-16 01:24:22 684,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\48bade8ffd20e94dab372a27e316d770\System.Transactions.ni.dll
+ 2008-01-16 01:24:38 2,310,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9ffc68c9260d744faa81d905bf4456a8\System.Web.Mobile.ni.dll
+ 2008-01-16 01:24:38 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\17968da178b1144d93f907f5b6018e99\System.Web.RegularExpressions.ni.dll
+ 2008-01-16 01:24:40 1,945,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9ae97d72cc5cbb409a7ff1f29e86a409\System.Web.Services.ni.dll
+ 2008-01-16 01:24:34 11,808,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b87811b2de978f42849146abce20c2f2\System.Web.ni.dll
+ 2008-01-16 00:59:19 13,107,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a46bf0282a536e448553f176699e1e9f\System.Windows.Forms.ni.dll
+ 2008-01-16 00:59:25 5,640,192 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ad044fe76f7cab4cabb4ec7a40c513ee\System.Xml.ni.dll
+ 2008-01-16 00:59:02 8,093,696 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\d266c21acd488c4595a6db69970ec7c7\System.ni.dll
+ 2009-01-06 23:31:49 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9e7e6f48\CustomMarshalers.dll
+ 2009-01-06 23:31:51 3,289,088 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_348af82d\mscorlib.dll
+ 2009-01-06 23:31:54 1,462,272 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_0ead85ef\System.Design.dll
+ 2009-01-06 23:31:57 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_4b57c454\System.Drawing.Design.dll
+ 2009-01-06 23:31:58 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cbc2717a\System.Drawing.dll
+ 2009-01-06 23:32:01 2,994,176 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_846ba7aa\System.Windows.Forms.dll
+ 2009-01-06 23:32:04 2,076,672 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_964c1ce5\System.Xml.dll
+ 2009-01-06 23:31:56 1,929,216 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f48f73ce\System.dll
- 2007-04-05 22:17:36 27,790 ----a-w c:\windows\DIIUnin.dat
+ 2008-06-23 16:13:06 28,607 ----a-w c:\windows\DIIUnin.dat
+ 2007-04-05 21:46:44 2,829 ----a-w c:\windows\DIIUnin.pif
+ 2007-01-24 01:41:42 841,304 ----a-w c:\windows\Downloaded Program Files\ampAx3.0.84.2.dll
+ 2008-03-25 00:33:02 1,527,056 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-12-04 18:35:33 38,428 ----a-w c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2007-03-13 16:57:10 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2000-08-31 14:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 14:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-12-27 21:05:36 27,648 ----a-r c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2008-10-25 18:52:17 10,134 ----a-r c:\windows\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}\ARPPRODUCTICON.exe
+ 2007-12-21 18:23:28 9,326 ----a-r c:\windows\Installer\{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}\ARPPRODUCTICON.exe
+ 2007-12-21 18:23:28 9,326 ----a-r c:\windows\Installer\{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}\NewShortcut1_24667137707E4437B2FE1B10A3F55BE1.exe
+ 2007-12-21 18:23:28 9,326 ----a-r c:\windows\Installer\{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}\NewShortcut2_24667137707E4437B2FE1B10A3F55BE1.exe
+ 2007-12-21 18:23:28 9,326 ----a-r c:\windows\Installer\{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}\NewShortcut9_24667137707E4437B2FE1B10A3F55BE1.exe
+ 2008-10-25 18:50:45 10,134 ----a-r c:\windows\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
+ 2008-08-19 18:48:18 102,400 ----a-r c:\windows\Installer\{3DE0053C-FD9A-483E-B7C9-B06E4392206E}\iTunesIco.exe
+ 2008-10-25 18:53:12 10,134 ----a-r c:\windows\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
+ 2009-01-06 23:40:30 25,214 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\ARPPRODUCTICON.exe
+ 2009-01-06 23:40:30 40,960 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-19 18:24:37 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-11-13 05:54:17 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-02-15 03:12:30 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-02-29 08:12:38 76,304 ----a-w c:\windows\KHALMNPR.Exe
+ 2005-03-18 22:23:10 53,248 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 22:23:10 12,800 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 22:23:14 473,600 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 18:38:58 2,676,224 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 22:23:10 145,920 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 22:23:10 159,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 22:23:14 364,544 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 22:23:12 178,176 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 22:23:14 223,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 21:53:06 2,846,720 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-06 01:32:54 563,712 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 23:23:14 567,296 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 21:15:56 576,000 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 23:21:34 577,024 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 20:11:52 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 23:20:50 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 13:40:48 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 17:27:50 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-23 13:28:52 72,704 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2005-09-23 13:29:04 5,632 ----a-w c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2005-09-23 13:29:04 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-23 13:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 13:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 13:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 13:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 13:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2003-02-21 08:59:44 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-21 09:55:06 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 09:02:16 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-21 11:04:20 155,648 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 13:24:08 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-21 11:00:36 98,304 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 01:19:42 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 01:19:32 253,952 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 01:19:22 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-21 01:19:34 20,480 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-21 01:19:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-21 01:19:36 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 17:11:50 219,136 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-21 13:24:10 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 13:24:32 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 01:09:08 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 16:20:44 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-21 16:21:00 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-21 13:24:34 12,288 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 13:24:36 33,792 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 10:12:24 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 16:21:40 524,288 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 01:16:32 798,720 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 01:06:20 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 13:24:38 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 13:24:38 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 13:24:40 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 13:24:40 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 01:09:40 196,608 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-21 13:24:42 15,872 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 01:22:24 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 13:24:44 26,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 13:24:52 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 13:26:36 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-21 13:26:38 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 13:24:54 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 13:25:02 6,144 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 13:24:58 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 13:25:06 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 13:25:02 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 13:25:04 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 13:25:04 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 13:25:06 1,564,672 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2003-02-21 01:09:12 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 01:09:12 233,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 01:09:14 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-21 01:06:32 311,296 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-21 01:09:16 98,304 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-21 13:26:34 2,088,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 00:43:52 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-21 01:06:34 65,536 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-21 01:09:18 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-21 01:09:18 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-21 01:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-21 01:07:34 2,494,464 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 01:09:24 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 01:08:32 2,482,176 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-21 10:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-21 01:18:34 20,480 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-21 00:43:36 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-21 01:09:46 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-21 01:09:30 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 13:25:24 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-21 13:26:46 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 13:25:30 12,288 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 01:09:34 253,952 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 01:09:34 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-21 01:09:34 319,488 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 13:26:38 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 13:26:38 1,290,240 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-21 13:25:42 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-21 13:26:42 1,699,840 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 13:26:44 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 13:26:46 1,216,512 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 13:26:48 65,536 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 13:26:50 466,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 13:26:50 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 01:09:36 64,000 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 13:26:52 368,640 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 13:26:54 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 13:26:56 323,584 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 13:26:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 13:26:58 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-21 13:27:00 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 13:27:02 1,245,184 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 13:27:06 819,200 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 13:24:18 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 13:27:06 569,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 13:27:08 2,039,808 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 13:27:10 1,335,296 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 16:20:38 737,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 11:04:18 1,032,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-21 02:10:40 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2005-09-23 13:28:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 13:28:42 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-23 13:28:44 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 13:29:04 183,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 13:28:28 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 13:28:56 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 13:28:58 138,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 13:28:36 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 13:28:58 55,488 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 13:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 13:28:32 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 13:28:32 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 13:28:32 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 13:28:32 70,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 13:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 13:28:32 26,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 13:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 13:28:32 29,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 13:28:32 29,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 13:28:32 503,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 13:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 13:28:56 88,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 13:28:42 76,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 13:28:42 1,144,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-23 13:28:42 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 13:28:58 17,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 13:28:56 68,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 13:28:44 31,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 13:28:38 52,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 13:28:38 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 13:29:12 547,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 13:28:56 788,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 13:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 13:28:56 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 13:28:56 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 13:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 13:28:56 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 13:28:56 224,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 13:28:56 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 13:28:56 55,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 13:28:56 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 13:28:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 13:01:16 609,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 12:29:48 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 12:32:24 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 12:34:10 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 12:34:12 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 12:34:44 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 12:36:24 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 09:46:14 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 12:38:26 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 12:38:52 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 12:40:30 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 12:40:32 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 12:40:56 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 12:42:58 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 12:44:58 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 12:46:38 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 12:46:38 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 12:46:40 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 12:47:04 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 12:47:30 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 12:47:32 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 12:47:32 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 12:30:18 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 12:47:06 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 12:29:50 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 12:36:48 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 13:57:06 245,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 13:28:48 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 13:28:48 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 13:28:48 647,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 13:28:48 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 13:28:48 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 13:29:10 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 13:29:10 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 13:29:08 667,648 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 13:28:30 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 13:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 13:28:30 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 13:28:30 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 13:28:30 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 13:28:32 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 13:28:48 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 13:28:56 800,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 13:28:56 73,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 13:28:56 288,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 13:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 13:28:56 326,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 13:28:56 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 13:28:56 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 13:28:56 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 13:29:00 330,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 13:28:56 67,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 13:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 13:28:56 226,816 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 13:28:56 66,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 13:28:56 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 13:28:50 5,615,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 13:29:00 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 13:28:56 96,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 13:28:56 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 13:28:56 78,336 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 13:28:50 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 13:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 13:28:56 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 13:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 13:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 13:28:56 107,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 13:29:00 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 13:28:56 377,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 13:28:56 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 13:28:58 389,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 13:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 13:28:56 2,878,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 13:28:56 482,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 13:28:56 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 13:28:38 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 13:28:56 5,050,368 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 13:28:56 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 13:28:56 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 13:28:56 3,018,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 13:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 13:28:56 700,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 13:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 13:28:56 47,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 13:28:56 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 13:28:56 368,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 13:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 13:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 13:28:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 13:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 13:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 13:28:56 260,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 13:28:56 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 13:28:56 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 13:28:56 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 13:28:56 823,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 13:28:56 5,316,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 13:28:56 2,035,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 13:28:56 71,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 13:29:06 1,140,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 13:28:30 1,306,624 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 13:28:32 298,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 13:28:56 28,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2004-08-04 07:56:44 1,392,671 ----a-w c:\windows\msvbvm60.dll
+ 2002-01-05 10:40:18 487,424 ----a-w c:\windows\msvcp70.dll
+ 2002-01-05 10:37:26 344,064 ----a-w c:\windows\msvcr70.dll
- 2007-06-17 06:11:58 51,200 ----a-w c:\windows\NirCmd.exe
+ 2000-08-31 14:00:00 28,672 ----a-w c:\windows\NirCmd.exe
+ 2007-03-31 21:09:20 2,722 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2000-08-31 14:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 14:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 14:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 14:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2004-08-08 05:00:00 2,000 ----a-w c:\windows\system\KEYBOARD.DRV
+ 2004-08-08 05:00:00 73,376 ----a-w c:\windows\system\MCIAVI.DRV
+ 2004-08-08 05:00:00 25,264 ----a-w c:\windows\system\MCISEQ.DRV
+ 2004-08-08 05:00:00 28,160 ----a-w c:\windows\system\MCIWAVE.DRV
+ 2004-08-08 05:00:00 2,032 ----a-w c:\windows\system\MOUSE.DRV
+ 2004-08-08 05:00:00 1,744 ----a-w c:\windows\system\SOUND.DRV
+ 2004-08-08 05:00:00 3,360 ----a-w c:\windows\system\SYSTEM.DRV
+ 2004-08-08 05:00:00 4,048 ----a-w c:\windows\system\TIMER.DRV
+ 2004-08-08 05:00:00 2,176 ----a-w c:\windows\system\VGA.DRV
+ 2004-08-08 05:00:00 13,600 ----a-w c:\windows\system\WFWNET.DRV
+ 1997-01-02 06:00:00 92,208 ----a-w c:\windows\system\WING.DLL
+ 1997-01-02 06:00:00 12,800 ----a-w c:\windows\system\WING32.DLL
+ 2004-08-08 05:00:00 146,432 ----a-w c:\windows\system\WINSPOOL.DRV
+ 2006-12-31 02:16:36 313,344 ----a-w c:\windows\system32\avisynth.dll
+ 2007-12-29 20:04:12 9,728 ----a-w c:\windows\system32\BASSMOD.dll
- 2007-08-22 13:12:15 1,022,976 ----a-w c:\windows\system32\browseui.dll
+ 2008-08-20 05:38:45 1,023,488 ----a-w c:\windows\system32\browseui.dll
+ 2008-05-02 07:38:42 301,656 ----a-w c:\windows\system32\BtCoreIf.dll
+ 2005-03-31 23:32:24 466,944 ----a-w c:\windows\system32\capicom.dll
+ 2005-04-17 18:31:56 34,552 ----a-w c:\windows\system32\cba.dll
- 2007-08-22 13:12:15 151,040 ----a-w c:\windows\system32\cdfview.dll
+ 2008-08-20 05:38:39 151,040 ----a-w c:\windows\system32\cdfview.dll
- 2007-09-11 22:52:20 108,144 ----a-w c:\windows\system32\CmdLineExt.dll
+ 2008-08-15 18:15:24 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
+ 2004-08-08 05:00:00 10,544 ----a-w c:\windows\system32\comm.drv
- 2007-03-28 05:30:37 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-08 18:02:14 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-28 05:30:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-08 18:02:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-03-28 05:30:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-08 18:02:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-12 21:42:30 1,123,696 ----a-w c:\windows\system32\D3DCompiler_33.dll
+ 2007-03-12 22:42:30 1,123,696 ----a-w c:\windows\system32\D3DCompiler_33.dll
- 2007-05-16 21:45:16 1,124,720 ----a-w c:\windows\system32\D3DCompiler_34.dll
+ 2007-05-16 22:45:16 1,124,720 ----a-w c:\windows\system32\D3DCompiler_34.dll
+ 2007-07-20 00:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll
+ 2007-10-12 21:14:00 1,374,232 ----a-w c:\windows\system32\D3DCompiler_36.dll
+ 2008-03-05 20:56:58 1,420,824 ----a-w c:\windows\system32\D3DCompiler_37.dll
+ 2008-05-30 19:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll
+ 2008-07-12 13:18:52 1,493,528 ----a-w c:\windows\system32\D3DCompiler_39.dll
- 2007-03-15 21:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll
+ 2007-03-15 22:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll
- 2007-05-16 21:45:16 443,752 ----a-w c:\windows\system32\d3dx10_34.dll
+ 2007-05-16 22:45:16 443,752 ----a-w c:\windows\system32\d3dx10_34.dll
+ 2007-07-20 00:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll
+ 2007-10-02 15:56:34 444,776 ----a-w c:\windows\system32\d3dx10_36.dll
+ 2008-02-06 04:07:36 462,864 ----a-w c:\windows\system32\d3dx10_37.dll
+ 2008-05-30 19:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll
+ 2008-07-12 13:18:52 467,984 ----a-w c:\windows\system32\d3dx10_39.dll
- 2006-09-28 21:05:20 2,414,360 ----a-w c:\windows\system32\d3dx9_31.dll
+ 2006-09-28 22:05:20 2,414,360 ----a-w c:\windows\system32\d3dx9_31.dll
- 2006-11-29 18:06:18 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll
+ 2006-11-29 19:06:18 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll
- 2007-03-12 21:42:30 3,495,784 ----a-w c:\windows\system32\d3dx9_33.dll
+ 2007-03-12 22:42:30 3,495,784 ----a-w c:\windows\system32\d3dx9_33.dll
- 2007-05-16 21:45:16 3,497,832 ----a-w c:\windows\system32\d3dx9_34.dll
+ 2007-05-16 22:45:16 3,497,832 ----a-w c:\windows\system32\d3dx9_34.dll
+ 2007-07-20 00:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll
+ 2007-10-12 21:14:00 3,734,536 ----a-w c:\windows\system32\d3dx9_36.dll
+ 2008-03-05 20:56:58 3,786,760 ----a-w c:\windows\system32\D3DX9_37.dll
+ 2008-05-30 19:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
+ 2008-07-12 13:18:52 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll
- 2007-08-22 13:12:16 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2008-08-20 05:38:40 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2004-08-08 05:00:00 1,788 ----a-w c:\windows\system32\Dcache.bin
+ 2004-05-26 12:37:34 719,872 ----a-w c:\windows\system32\devil.dll
+ 2005-09-23 13:28:38 83,456 ----a-w c:\windows\system32\dfshim.dll
- 2007-09-28 16:05:40 739,840 ----a-w c:\windows\system32\DivX.dll
+ 2007-12-04 01:33:16 682,496 ----a-w c:\windows\system32\DivX.dll
- 2007-09-28 16:05:40 823,296 ----a-w c:\windows\system32\divx_xx07.dll
+ 2007-12-04 01:33:18 823,296 ----a-w c:\windows\system32\divx_xx07.dll
- 2007-09-28 16:05:40 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
+ 2007-12-04 01:33:18 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
- 2007-09-28 16:05:40 802,816 ----a-w c:\windows\system32\divx_xx11.dll
+ 2007-12-04 01:33:18 802,816 ----a-w c:\windows\system32\divx_xx11.dll
- 2007-09-28 16:08:18 156,992 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
+ 2007-11-28 21:55:18 156,992 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
- 2007-09-28 16:07:54 524,288 ----a-w c:\windows\system32\DivXsm.exe
+ 2007-11-29 22:30:42 524,288 ----a-w c:\windows\system32\DivXsm.exe
- 2007-09-28 16:05:08 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
+ 2007-11-28 21:52:32 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
- 2004-08-08 05:00:00 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
- 2007-08-22 13:12:15 1,022,976 -c--a-w c:\windows\system32\dllcache\browseui.dll
+ 2008-08-20 05:38:45 1,023,488 -c--a-w c:\windows\system32\dllcache\browseui.dll
+ 2008-06-13 13:10:50 272,128 -c----w c:\windows\system32\dllcache\bthport.sys
- 2007-08-22 13:12:15 151,040 -c--a-w c:\windows\system32\dllcache\cdfview.dll
+ 2008-08-20 05:38:39 151,040 -c--a-w c:\windows\system32\dllcache\cdfview.dll
- 2007-07-31 00:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 20:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2007-08-22 13:12:16 1,054,208 -c--a-w c:\windows\system32\dllcache\danim.dll
+ 2008-08-20 05:38:40 1,054,208 -c--a-w c:\windows\system32\dllcache\danim.dll
- 2004-08-08 05:00:00 561,179 -c--a-w c:\windows\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w c:\windows\system32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
- 2004-08-08 05:00:00 45,568 -c--a-w c:\windows\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 -c--a-w c:\windows\system32\dllcache\dnsrslvr.dll
- 2007-08-22 13:12:16 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-20 05:38:40 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-22 13:12:16 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-20 05:38:40 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2005-07-26 04:39:45 243,200 -c--a-w c:\windows\system32\dllcache\es.dll
+ 2008-07-07 20:32:22 253,952 -c--a-w c:\windows\system32\dllcache\es.dll
- 2007-08-22 13:12:16 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-20 05:38:40 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2004-08-04 04:08:20 36,224 -c--a-w c:\windows\system32\dllcache\hidclass.sys
+ 2004-08-04 05:08:20 36,224 -c--a-w c:\windows\system32\dllcache\hidclass.sys
- 2004-08-04 04:08:18 24,960 -c--a-w c:\windows\system32\dllcache\hidparse.sys
+ 2004-08-04 05:08:18 24,960 -c--a-w c:\windows\system32\dllcache\hidparse.sys
+ 2004-08-04 05:56:44 21,504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
- 2001-08-17 19:02:20 9,600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
+ 2001-08-17 20:02:20 9,600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
- 2004-08-04 05:14:38 52,736 -c--a-w c:\windows\system32\dllcache\i8042prt.sys
+ 2004-08-04 04:14:38 52,736 -c--a-w c:\windows\system32\dllcache\i8042prt.sys
- 2007-08-21 10:30:45 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2008-08-19 09:30:39 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2007-08-22 13:12:16 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2008-08-20 05:38:41 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2007-08-21 06:15:44 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
- 2007-08-22 13:12:16 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2008-08-20 05:38:41 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2007-08-22 13:12:16 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-20 05:38:44 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 04:58:34 24,576 -c--a-w c:\windows\system32\dllcache\kbdclass.sys
+ 2004-08-04 03:58:34 24,576 -c--a-w c:\windows\system32\dllcache\kbdclass.sys
+ 2007-04-16 15:52:53 984,576 -c--a-w c:\windows\system32\dllcache\kbdpx.dll
+ 2004-08-08 05:00:00 2,000 -c--a-w c:\windows\system32\dllcache\keyboard.drv
- 2006-08-17 12:28:27 721,920 -c--a-w c:\windows\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-08 05:00:00 2,560 -c--a-w c:\windows\system32\dllcache\lz32.dll
+ 2004-08-08 05:00:00 73,376 -c--a-w c:\windows\system32\dllcache\mciavi.drv
+ 2004-08-08 05:00:00 25,264 -c--a-w c:\windows\system32\dllcache\mciseq.drv
+ 2004-08-08 05:00:00 28,160 -c--a-w c:\windows\system32\dllcache\mciwave.drv
- 2004-08-04 04:58:34 23,040 -c--a-w c:\windows\system32\dllcache\mouclass.sys
+ 2004-08-04 03:58:34 23,040 -c--a-w c:\windows\system32\dllcache\mouclass.sys
+ 2004-08-08 05:00:00 2,032 -c--a-w c:\windows\system32\dllcache\mouse.drv
- 2004-08-08 05:00:00 72,960 -c--a-w c:\windows\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 -c--a-w c:\windows\system32\dllcache\mqac.sys
- 2004-08-08 05:00:00 138,240 -c--a-w c:\windows\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 -c--a-w c:\windows\system32\dllcache\mqad.dll
- 2004-08-08 05:00:00 47,104 -c--a-w c:\windows\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 -c--a-w c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-08 05:00:00 16,896 -c--a-w c:\windows\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 -c--a-w c:\windows\system32\dllcache\mqise.dll
- 2004-08-08 05:00:00 660,992 -c--a-w c:\windows\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 -c--a-w c:\windows\system32\dllcache\mqqm.dll
- 2004-08-08 05:00:00 177,152 -c--a-w c:\windows\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 -c--a-w c:\windows\system32\dllcache\mqrt.dll
- 2004-08-08 05:00:00 95,744 -c--a-w c:\windows\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 95,744 -c--a-w c:\windows\system32\dllcache\mqsec.dll
- 2004-08-08 05:00:00 48,640 -c--a-w c:\windows\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 -c--a-w c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-08 05:00:00 471,552 -c--a-w c:\windows\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59 471,552 -c--a-w c:\windows\system32\dllcache\mqutil.dll
- 2004-08-08 05:00:00 181,248 -c--a-w c:\windows\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w c:\windows\system32\dllcache\mrxdav.sys
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2004-08-08 05:00:00 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
- 2005-06-29 01:46:00 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:05 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll
- 2004-08-08 05:00:00 512,029 -c--a-w c:\windows\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w c:\windows\system32\dllcache\msexch40.dll
- 2004-08-08 05:00:00 319,517 -c--a-w c:\windows\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w c:\windows\system32\dllcache\msexcl40.dll
- 2007-08-22 13:12:17 3,058,176 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-20 05:38:47 3,060,224 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2007-08-22 13:12:17 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-20 05:38:43 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-08 05:00:00 1,507,356 -c--a-w c:\windows\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w c:\windows\system32\dllcache\msjet40.dll
- 2004-08-08 05:00:00 358,976 -c--a-w c:\windows\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w c:\windows\system32\dllcache\msjetol1.dll
- 2004-08-08 05:00:00 151,583 -c--a-w c:\windows\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w c:\windows\system32\dllcache\msjint40.dll
- 2004-08-08 05:00:00 53,279 -c--a-w c:\windows\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w c:\windows\system32\dllcache\msjter40.dll
- 2004-08-08 05:00:00 241,693 -c--a-w c:\windows\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w c:\windows\system32\dllcache\msjtes40.dll
- 2004-08-08 05:00:00 213,023 -c--a-w c:\windows\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w c:\windows\system32\dllcache\msltus40.dll
- 2004-08-08 05:00:00 348,189 -c--a-w c:\windows\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w c:\windows\system32\dllcache\mspbde40.dll
- 2007-08-22 13:12:17 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-20 05:38:41 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2004-08-08 05:00:00 421,919 -c--a-w c:\windows\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w c:\windows\system32\dllcache\msrd2x40.dll
- 2004-08-08 05:00:00 315,423 -c--a-w c:\windows\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w c:\windows\system32\dllcache\msrd3x40.dll
- 2004-08-08 05:00:00 552,989 -c--a-w c:\windows\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w c:\windows\system32\dllcache\msrepl40.dll
- 2004-08-08 05:00:00 258,077 -c--a-w c:\windows\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w c:\windows\system32\dllcache\mstext40.dll
- 2007-08-22 13:12:17 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-20 05:38:41 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2004-08-08 05:00:00 831,519 -c--a-w c:\windows\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w c:\windows\system32\dllcache\mswdat10.dll
- 2004-08-08 05:00:00 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll
- 2004-08-08 05:00:00 614,429 -c--a-w c:\windows\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w c:\windows\system32\dllcache\mswstr10.dll
- 2004-08-08 05:00:00 348,189 -c--a-w c:\windows\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w c:\windows\system32\dllcache\msxbde40.dll
- 2007-06-26 06:08:16 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:28:27 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2004-08-08 05:00:00 2,944 -c--a-w c:\windows\system32\dllcache\null.sys
- 2006-10-22 17:22:00 3,994,624 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys
+ 2007-12-05 07:41:00 7,435,392 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys
- 2007-05-17 11:28:05 549,376 -c--a-w c:\windows\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c--a-w c:\windows\system32\dllcache\oleaut32.dll
- 2007-08-22 13:12:17 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-20 05:38:41 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 -c--a-w c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
- 2007-08-22 13:12:18 1,494,528 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:38:42 1,494,528 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2007-08-22 13:12:18 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-08-20 05:38:44 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-08 05:00:00 1,744 -c--a-w c:\windows\system32\dllcache\sound.drv
- 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2004-08-08 05:00:00 3,360 -c--a-w c:\windows\system32\dllcache\system.drv
- 2006-04-20 11:51:50 359,808 -c--a-w c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-08 05:00:00 4,048 -c--a-w c:\windows\system32\dllcache\timer.drv
- 2007-08-22 13:12:18 615,424 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-20 05:38:45 615,936 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2004-08-08 05:00:00 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-08 05:00:00 2,176 -c--a-w c:\windows\system32\dllcache\vga.drv
+ 2004-08-04 06:56:58 23,552 -c--a-w c:\windows\system32\dllcache\wdmaud.drv
+ 2004-08-08 05:00:00 13,600 -c--a-w c:\windows\system32\dllcache\wfwnet.drv
- 2007-03-08 13:47:48 1,843,584 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2007-08-22 13:12:18 658,944 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-20 05:38:43 659,456 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2004-08-08 05:00:00 2,864 -c--a-w c:\windows\system32\dllcache\winsock.dll
+ 2004-08-08 05:00:00 146,432 -c--a-w c:\windows\system32\dllcache\winspool.drv
+ 2004-08-08 05:00:00 2,112 -c--a-w c:\windows\system32\dllcache\winspool.exe
- 2005-01-28 18:44:28 224,768 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-27 22:40:06 227,328 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-08 05:00:00 2,736 -c--a-w c:\windows\system32\dllcache\wowdeb.exe
- 2007-07-31 00:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 20:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-31 00:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 20:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 20:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-31 00:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 20:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-31 00:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 20:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-31 00:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 20:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2006-06-26 17:37:10 148,480 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi.dll
- 2004-08-08 05:00:00 45,568 ----a-w c:\windows\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w c:\windows\system32\dnsrslvr.dll
- 2007-09-28 16:05:50 81,920 ----a-w c:\windows\system32\dpl100.dll
+ 2007-11-29 22:28:24 81,920 ----a-w c:\windows\system32\dpl100.dll
- 2007-09-28 16:05:42 294,912 ----a-w c:\windows\system32\dpu10.dll
+ 2007-11-28 21:53:18 294,912 ----a-w c:\windows\system32\dpu10.dll
- 2007-09-28 16:05:42 294,912 ----a-w c:\windows\system32\dpu11.dll
+ 2007-11-28 21:53:18 294,912 ----a-w c:\windows\system32\dpu11.dll
- 2007-09-28 16:05:44 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
+ 2007-11-28 21:53:18 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
- 2007-09-28 16:05:42 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
+ 2007-11-28 21:53:18 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
- 2007-09-28 16:05:42 344,064 ----a-w c:\windows\system32\dpus11.dll
+ 2007-11-28 21:53:18 344,064 ----a-w c:\windows\system32\dpus11.dll
- 2007-09-28 16:05:42 57,344 ----a-w c:\windows\system32\dpv11.dll
+ 2007-11-28 21:53:18 57,344 ----a-w c:\windows\system32\dpv11.dll
- 2004-08-08 05:00:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2007-12-29 20:10:24 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
- 2007-06-04 20:14:56 6,272 ----a-w c:\windows\system32\drivers\AWRTPD.sys
+ 2008-04-29 16:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
- 2007-11-26 14:48:18 8,320 ----a-w c:\windows\system32\drivers\AWRTRD.sys
+ 2008-04-29 16:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\system32\drivers\bthport.sys
+ 2007-03-27 07:55:32 2,432 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-03-27 07:55:32 2,560 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2004-08-03 23:07:58 2,944 ----a-w c:\windows\system32\drivers\drmkaud.sys
- 2006-09-19 19:44:04 15,664 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 17:01:28 16,168 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
- 2004-08-04 04:08:20 36,224 ----a-w c:\windows\system32\drivers\hidclass.sys
+ 2004-08-04 05:08:20 36,224 ----a-w c:\windows\system32\drivers\hidclass.sys
- 2004-08-04 04:08:18 24,960 ----a-w c:\windows\system32\drivers\hidparse.sys
+ 2004-08-04 05:08:18 24,960 ----a-w c:\windows\system32\drivers\hidparse.sys
- 2001-08-17 19:02:20 9,600 ----a-w c:\windows\system32\drivers\hidusb.sys
+ 2001-08-17 20:02:20 9,600 ----a-w c:\windows\system32\drivers\hidusb.sys
- 2004-08-04 05:14:38 52,736 ----a-w c:\windows\system32\drivers\i8042prt.sys
+ 2004-08-04 04:14:38 52,736 ----a-w c:\windows\system32\drivers\i8042prt.sys
- 2004-08-04 04:58:34 24,576 ----a-w c:\windows\system32\drivers\kbdclass.sys
+ 2004-08-04 03:58:34 24,576 ----a-w c:\windows\system32\drivers\kbdclass.sys
- 2005-05-20 21:00:36 13,056 ----a-w c:\windows\system32\drivers\L8042Kbd.sys
+ 2008-02-29 08:12:48 20,240 ----a-w c:\windows\system32\drivers\L8042Kbd.sys
+ 2008-02-29 08:13:16 35,344 ----a-w c:\windows\system32\drivers\LHidFilt.Sys
+ 2005-05-20 21:01:32 25,600 ----a-w c:\windows\system32\drivers\LHidKE.Sys
+ 2007-12-29 20:10:23 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
+ 2008-02-29 08:13:24 36,880 ----a-w c:\windows\system32\drivers\LMouFilt.Sys
+ 2008-02-29 08:13:46 28,944 ----a-w c:\windows\system32\drivers\LUsbFilt.sys
- 2004-08-04 04:58:34 23,040 ----a-w c:\windows\system32\drivers\mouclass.sys
+ 2004-08-04 03:58:34 23,040 ----a-w c:\windows\system32\drivers\mouclass.sys
- 2004-08-08 05:00:00 72,960 ----a-w c:\windows\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w c:\windows\system32\drivers\mqac.sys
- 2004-08-08 05:00:00 181,248 ----a-w c:\windows\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w c:\windows\system32\drivers\mrxdav.sys
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2007-11-26 14:48:18 9,344 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2008-04-29 16:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2004-08-08 05:00:00 2,944 ----a-w c:\windows\system32\drivers\null.sys
- 2006-10-22 17:22:00 3,994,624 ----a-w c:\windows\system32\drivers\nv4_mini.sys
+ 2007-12-05 07:41:00 7,435,392 ----a-w c:\windows\system32\drivers\nv4_mini.sys
- 2006-07-13 08:48:58 202,240 ----a-w c:\windows\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2007-09-27 23:03:41 11,973 ----a-w c:\windows\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w c:\windows\system32\drivers\secdrv.sys
+ 2005-08-10 12:44:04 50,688 ----a-w c:\windows\system32\drivers\sfdrv01.sys
+ 2005-05-16 13:20:39 6,656 ----a-w c:\windows\system32\drivers\sfhlp02.sys
+ 2005-12-06 15:11:18 35,328 ----a-w c:\windows\system32\drivers\sfsync03.sys
+ 2005-11-03 14:40:07 63,488 ----a-w c:\windows\system32\drivers\sfvfs02.sys
- 2007-06-24 18:18:26 682,232 ----a-w c:\windows\system32\drivers\sptd.sys
+ 2007-12-29 19:58:57 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
+ 2005-04-05 17:16:52 11,512 ----a-w c:\windows\system32\drivers\symdns.sys
+ 2005-04-05 17:16:54 173,208 ----a-w c:\windows\system32\drivers\symfw.sys
+ 2005-04-05 17:16:58 36,984 ----a-w c:\windows\system32\drivers\symids.sys
+ 2005-04-05 17:16:56 47,192 ----a-w c:\windows\system32\drivers\symndis.sys
+ 2005-04-05 17:17:00 17,976 ----a-w c:\windows\system32\drivers\symredrv.sys
+ 2005-04-05 17:17:02 267,192 ----a-w c:\windows\system32\drivers\symtdi.sys
- 2006-04-20 11:51:50 359,808 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2006-11-02 12:22:54 492,000 ------w c:\windows\system32\drivers\wdf01000.sys
+ 2006-11-02 12:22:52 32,224 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2007-04-16 22:46:34 33,792 -c--a-w c:\windows\system32\DRVSTORE\amdppm_C66586B319F61C772BA2DAB141D0FE08F299F411\AmdPPM.sys
+ 2007-04-16 22:46:38 44,544 -c--a-w c:\windows\system32\DRVSTORE\amdppm_C66586B319F61C772BA2DAB141D0FE08F299F411\AmdPPM64.sys
+ 2008-07-23 01:32:44 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys
- 2007-09-28 16:05:50 196,608 ----a-w c:\windows\system32\dtu100.dll
+ 2007-11-29 22:28:24 196,608 ----a-w c:\windows\system32\dtu100.dll
- 2007-08-22 13:12:16 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-20 05:38:40 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 1998-08-27 04:51:44 182,032 ----a-w c:\windows\system32\dxtmsft3.dll
- 2007-08-22 13:12:16 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-20 05:38:40 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
- 2007-08-22 13:12:16 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-08-20 05:38:40 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2007-11-04 01:09:07 278,152 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-19 14:48:29 278,152 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w c:\windows\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll
- 2006-10-04 00:47:52 109,360 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-01-29 17:02:30 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2004-08-04 05:56:44 21,504 ----a-w c:\windows\system32\hidserv.dll
- 2007-08-22 13:12:16 251,392 ----a-w c:\windows\system32\iepeers.dll
+ 2008-08-20 05:38:41 251,392 ----a-w c:\windows\system32\iepeers.dll
- 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2007-08-22 13:12:16 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2008-08-20 05:38:41 96,256 ----a-w c:\windows\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w c:\windows\system32\jscript.dll
- 2007-08-22 13:12:16 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-20 05:38:44 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2007-04-16 15:52:53 984,576 ----a-w c:\windows\system32\kbdpx.dll
+ 2008-05-02 07:39:50 170,512 ----a-w c:\windows\system32\kemutb.dll
+ 2008-05-02 07:39:54 145,936 ----a-w c:\windows\system32\KemUtil.dll
+ 2008-05-02 07:40:02 117,264 ----a-w c:\windows\system32\KemWnd.dll
+ 2008-05-02 07:40:08 84,496 ----a-w c:\windows\system32\KemXML.dll
+ 2004-08-08 05:00:00 2,000 ----a-w c:\windows\system32\keyboard.drv
- 2006-10-22 17:22:00 425,984 ----a-w c:\windows\system32\keystone.exe
+ 2007-12-05 07:41:00 425,984 ----a-w c:\windows\system32\keystone.exe
+ 2004-08-08 05:00:00 221,600 ----a-w c:\windows\system32\lanman.drv
- 2007-09-28 16:07:44 1,044,480 ----a-w c:\windows\system32\libdivx.dll
+ 2007-11-29 22:30:16 1,044,480 ----a-w c:\windows\system32\libdivx.dll
+ 1998-09-02 08:28:18 38,160 ----a-w c:\windows\system32\LMRTREND.dll
+ 2005-04-17 18:31:58 83,648 ----a-w c:\windows\system32\loc32vc0.dll
- 2006-08-17 12:28:27 721,920 ----a-w c:\windows\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w c:\windows\system32\lsasrv.dll
- 2007-04-13 20:19:52 7,680 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-05-16 16:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2004-08-08 05:00:00 2,560 ----a-w c:\windows\system32\lz32.dll
+ 2008-03-25 02:32:44 218,496 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-07-25 05:53:31 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-05-27 23:25:50 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-08 05:00:00 73,376 ----a-w c:\windows\system32\mciavi.drv
+ 1998-08-17 09:21:54 11,776 ----a-w c:\windows\system32\mciqtz.drv
+ 2004-08-08 05:00:00 25,264 ----a-w c:\windows\system32\mciseq.drv
+ 2004-08-08 05:00:00 28,160 ----a-w c:\windows\system32\mciwave.drv
+ 2004-08-08 05:00:00 2,032 ----a-w c:\windows\system32\mouse.drv
- 2004-08-08 05:00:00 138,240 ----a-w c:\windows\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w c:\windows\system32\mqad.dll
- 2004-08-08 05:00:00 47,104 ----a-w c:\windows\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w c:\windows\system32\mqdscli.dll
- 2004-08-08 05:00:00 16,896 ----a-w c:\windows\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w c:\windows\system32\mqise.dll
- 2004-08-08 05:00:00 660,992 ----a-w c:\windows\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w c:\windows\system32\mqqm.dll
- 2004-08-08 05:00:00 177,152 ----a-w c:\windows\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w c:\windows\system32\mqrt.dll
- 2004-08-08 05:00:00 95,744 ----a-w c:\windows\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w c:\windows\system32\mqsec.dll
- 2004-08-08 05:00:00 48,640 ----a-w c:\windows\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w c:\windows\system32\mqupgrd.dll
- 2004-08-08 05:00:00 471,552 ----a-w c:\windows\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w c:\windows\system32\mqutil.dll
+ 2004-08-08 05:00:00 20,480 ----a-w c:\windows\system32\msacm32.drv
- 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll
+ 2005-09-23 13:28:52 270,848 ----a-w c:\windows\system32\mscoree.dll
+ 2005-09-23 13:28:52 150,016 ----a-w c:\windows\system32\mscorier.dll
+ 2005-09-23 13:28:52 74,240 ----a-w c:\windows\system32\mscories.dll
- 2004-08-08 05:00:00 512,029 ----a-w c:\windows\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w c:\windows\system32\msexch40.dll
- 2004-08-08 05:00:00 319,517 ----a-w c:\windows\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w c:\windows\system32\msexcl40.dll
+ 2005-04-17 18:31:58 46,848 ----a-w c:\windows\system32\msgsys.dll
+ 2004-08-08 05:00:00 188,416 ----a-w c:\windows\system32\msh261.drv
+ 2004-08-04 06:56:58 294,912 ----a-w c:\windows\system32\msh263.drv
- 2007-08-22 13:12:17 3,058,176 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-20 05:38:47 3,060,224 ----a-w c:\windows\system32\mshtml.dll
- 2007-08-22 13:12:17 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-20 05:38:43 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2004-08-08 05:00:00 1,507,356 ----a-w c:\windows\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w c:\windows\system32\msjet40.dll
- 2004-08-08 05:00:00 358,976 ----a-w c:\windows\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w c:\windows\system32\msjetoledb40.dll
- 2004-08-08 05:00:00 151,583 ----a-w c:\windows\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w c:\windows\system32\msjint40.dll
- 2004-08-08 05:00:00 53,279 ----a-w c:\windows\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w c:\windows\system32\msjter40.dll
- 2004-08-08 05:00:00 241,693 ----a-w c:\windows\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w c:\windows\system32\msjtes40.dll
- 2004-08-08 05:00:00 213,023 ----a-w c:\windows\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w c:\windows\system32\msltus40.dll
- 2004-08-08 05:00:00 348,189 ----a-w c:\windows\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w c:\windows\system32\mspbde40.dll
- 2007-08-22 13:12:17 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-20 05:38:41 146,432 ----a-w c:\windows\system32\msrating.dll
- 2004-08-08 05:00:00 421,919 ----a-w c:\windows\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w c:\windows\system32\msrd2x40.dll
- 2004-08-08 05:00:00 315,423 ----a-w c:\windows\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w c:\windows\system32\msrd3x40.dll
- 2004-08-08 05:00:00 552,989 ----a-w c:\windows\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w c:\windows\system32\msrepl40.dll
- 2004-08-08 05:00:00 258,077 ----a-w c:\windows\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w c:\windows\system32\mstext40.dll
- 2007-08-22 13:12:17 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-20 05:38:41 532,480 ----a-w c:\windows\system32\mstime.dll
- 2004-08-08 05:00:00 831,519 ----a-w c:\windows\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w c:\windows\system32\mswdat10.dll
- 2004-08-08 05:00:00 245,248 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll
- 2004-08-08 05:00:00 614,429 ----a-w c:\windows\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w c:\windows\system32\mswstr10.dll
- 2004-08-08 05:00:00 348,189 ----a-w c:\windows\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w c:\windows\system32\msxbde40.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3(3).dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 20:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 22:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
+ 2003-02-21 00:43:36 4,096 ----a-w c:\windows\system32\mui\0409\mscoreer.dll
+ 2005-09-23 13:29:00 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll
+ 2005-04-17 18:30:56 43,712 ----a-w c:\windows\system32\NavLogon.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
+ 2005-09-23 13:28:56 32,768 ----a-w c:\windows\system32\netfxperf.dll
+ 2004-08-08 05:00:00 2,656 ----a-w c:\windows\system32\netware.drv
- 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2005-04-17 18:32:00 83,704 ----a-w c:\windows\system32\nts.dll
- 2006-10-22 17:22:00 4,527,488 ----a-w c:\windows\system32\nv4_disp.dll
+ 2007-12-05 07:41:00 5,773,568 ----a-w c:\windows\system32\nv4_disp.dll
- 2006-10-22 17:22:00 212,992 ----a-w c:\windows\system32\nvapi.dll
+ 2007-12-05 07:41:00 385,024 ----a-w c:\windows\system32\nvapi.dll
- 2006-10-22 17:22:00 442,368 ----a-w c:\windows\system32\nvappbar.exe
+ 2007-12-05 07:41:00 442,368 ----a-w c:\windows\system32\nvappbar.exe
- 2006-10-22 17:22:00 35,840 ----a-w c:\windows\system32\nvcod.dll
+ 2007-12-05 07:41:00 35,328 ----a-w c:\windows\system32\nvcod.dll
- 2006-10-22 17:22:00 35,840 ----a-w c:\windows\system32\nvcodins.dll
+ 2007-12-05 07:41:00 35,328 ----a-w c:\windows\system32\nvcodins.dll
- 2006-10-22 17:22:00 147,456 ----a-w c:\windows\system32\nvcolor.exe
+ 2007-12-05 07:41:00 147,456 ----a-w c:\windows\system32\nvcolor.exe
- 2006-10-22 17:22:00 7,700,480 ----a-w c:\windows\system32\nvcpl.dll
+ 2007-12-05 07:41:00 8,523,776 ----a-w c:\windows\system32\nvcpl.dll
- 2006-10-22 17:22:00 794,624 ----a-w c:\windows\system32\nvcplui.exe
+ 2007-12-05 07:41:00 753,664 ----a-w c:\windows\system32\nvcplui.exe
+ 2007-12-05 07:41:00 1,089,536 ----a-w c:\windows\system32\nvcuda.dll
- 2006-10-22 17:22:00 5,619,712 ----a-w c:\windows\system32\nvdisps.dll
+ 2007-12-05 07:41:00 6,549,504 ----a-w c:\windows\system32\nvdisps.dll
- 2006-10-22 17:22:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe
+ 2007-12-05 07:41:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe
- 2006-10-22 17:22:00 311,296 ----a-w c:\windows\system32\nvexpbar.dll
+ 2007-12-05 07:41:00 307,200 ----a-w c:\windows\system32\nvexpbar.dll
- 2006-10-22 17:22:00 3,047,424 ----a-w c:\windows\system32\nvgames.dll
+ 2007-12-05 07:41:00 3,420,160 ----a-w c:\windows\system32\nvgames.dll
- 2006-10-22 17:22:00 1,470,464 ----a-w c:\windows\system32\nview.dll
+ 2007-12-05 07:41:00 1,474,560 ----a-w c:\windows\system32\nview.dll
- 2006-10-22 17:22:00 229,376 ----a-w c:\windows\system32\nvmccs.dll
+ 2007-12-05 07:41:00 229,376 ----a-w c:\windows\system32\nvmccs.dll
- 2006-10-22 17:22:00 45,056 ----a-w c:\windows\system32\nvmccsrs.dll
+ 2007-12-05 07:41:00 45,056 ----a-w c:\windows\system32\nvmccsrs.dll
- 2006-10-22 17:22:00 188,416 ----a-w c:\windows\system32\nvmccss.dll
+ 2007-12-05 07:41:00 188,416 ----a-w c:\windows\system32\nvmccss.dll
- 2006-10-22 17:22:00 86,016 ----a-w c:\windows\system32\nvmctray.dll
+ 2007-12-05 07:41:00 81,920 ----a-w c:\windows\system32\nvmctray.dll
- 2006-10-22 17:22:00 888,832 ----a-w c:\windows\system32\nvmobls.dll
+ 2007-12-05 07:41:00 1,228,800 ----a-w c:\windows\system32\nvmobls.dll
- 2006-10-22 17:22:00 286,720 ----a-w c:\windows\system32\nvnt4cpl.dll
+ 2007-12-05 07:41:00 286,720 ----a-w c:\windows\system32\nvnt4cpl.dll
- 2006-10-22 17:22:00 5,644,288 ----a-w c:\windows\system32\nvoglnt.dll
+ 2007-12-05 07:41:00 6,901,760 ----a-w c:\windows\system32\nvoglnt.dll
- 2006-10-22 17:22:00 466,944 ----a-w c:\windows\system32\nvshell.dll
+ 2007-12-05 07:41:00 466,944 ----a-w c:\windows\system32\nvshell.dll
- 2006-10-22 17:22:00 159,810 ----a-w c:\windows\system32\nvsvc32.exe
+ 2007-12-05 07:41:00 155,716 ----a-w c:\windows\system32\nvsvc32.exe
- 2006-12-15 21:40:16 356,352 ----a-w c:\windows\system32\nvudisp.exe
+ 2007-12-05 07:41:00 356,352 ----a-w c:\windows\system32\nvudisp.exe
- 2006-12-15 21:40:16 356,352 ----a-w c:\windows\system32\NVUNINST.EXE
+ 2007-12-05 08:53:08 356,352 ----a-w c:\windows\system32\NVUNINST.EXE
- 2006-10-22 17:22:00 2,924,544 ----a-w c:\windows\system32\nvvitvs.dll
+ 2007-12-05 07:41:00 3,710,976 ----a-w c:\windows\system32\nvvitvs.dll
- 2006-10-22 17:22:00 81,920 ----a-w c:\windows\system32\nvwddi.dll
+ 2007-12-05 07:41:00 81,920 ----a-w c:\windows\system32\nvwddi.dll
- 2006-10-22 17:22:00 1,662,976 ----a-w c:\windows\system32\nvwdmcpl.dll
+ 2007-12-05 07:41:00 1,703,936 ----a-w c:\windows\system32\nvwdmcpl.dll
- 2006-10-22 17:22:00 1,019,904 ----a-w c:\windows\system32\nvwimg.dll
+ 2007-12-05 07:41:00 1,019,904 ----a-w c:\windows\system32\nvwimg.dll
- 2006-10-22 17:22:00 1,236,992 ----a-w c:\windows\system32\nvwss.dll
+ 2007-12-05 07:41:00 2,498,560 ----a-w c:\windows\system32\nvwss.dll
+ 2007-12-05 07:41:00 1,626,112 ----a-w c:\windows\system32\nwiz.exe
- 2007-05-17 11:28:05 549,376 ----a-w c:\windows\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w c:\windows\system32\oleaut32.dll
+ 2005-04-17 18:32:00 71,416 ----a-w c:\windows\system32\pds.dll
- 2007-11-11 19:41:20 40,196 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-06 23:31:43 62,490 ----a-w c:\windows\system32\perfc009.dat
- 2007-11-11 19:41:20 311,934 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-06 23:31:43 400,954 ----a-w c:\windows\system32\perfh009.dat
- 2007-08-22 13:12:17 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-20 05:38:41 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 1998-09-02 08:02:02 194,320 ----a-w c:\windows\system32\qcut.dll
- 2007-09-28 16:07:52 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
+ 2007-11-29 22:30:28 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll
+ 2006-10-22 17:22:00 4,527,488 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nv4_disp.dll
+ 2006-10-22 17:22:00 3,994,624 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nv4_mini.sys
+ 2006-10-22 17:22:00 212,992 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvapi.dll
+ 2006-10-22 17:22:00 35,840 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvcod.dll
+ 2006-10-22 17:22:00 7,700,480 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvcpl.dll
+ 2006-10-22 17:22:00 5,619,712 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvdisps.dll
+ 2006-10-22 17:22:00 5,255,168 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvdispsr.dll
+ 2006-10-22 17:22:00 3,047,424 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvgames.dll
+ 2006-10-22 17:22:00 3,203,072 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvgamesr.dll
+ 2006-10-22 17:22:00 581,632 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvhwvid.dll
+ 2006-10-22 17:22:00 229,376 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmccs.dll
+ 2006-10-22 17:22:00 188,416 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmccss.dll
+ 2006-10-22 17:22:00 458,752 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmccssr.dll
+ 2006-10-22 17:22:00 86,016 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmctray.dll
+ 2006-10-22 17:22:00 888,832 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmobls.dll
+ 2006-10-22 17:22:00 2,859,008 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvmoblsr.dll
+ 2006-10-22 17:22:00 286,720 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvnt4cpl.dll
+ 2006-10-22 17:22:00 5,644,288 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvoglnt.dll
+ 2006-10-22 17:22:00 159,810 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvsvc32.exe
+ 2006-10-22 17:22:00 2,924,544 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvvitvs.dll
+ 2006-10-22 17:22:00 2,973,696 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvvitvsr.dll
+ 2006-10-22 17:22:00 81,920 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvwddi.dll
+ 2006-10-22 17:22:00 1,236,992 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvwss.dll
+ 2006-10-22 17:22:00 1,732,608 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvwssr.dll
+ 2006-07-02 04:39:40 36,864 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\AmdK8.sys
+ 2004-08-04 05:14:38 52,736 ----a-w c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\i8042prt.sys
+ 2004-08-04 04:58:34 23,040 ----a-w c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\mouclass.sys
+ 2005-05-20 21:00:48 54,528 ----a-w c:\windows\system32\ReinstallBackups\0010\DriverFiles\L8042mou.Sys
+ 2005-05-20 21:01:26 68,352 ----a-w c:\windows\system32\ReinstallBackups\0010\DriverFiles\LMouKE.Sys
+ 2004-08-08 05:00:00 20,992 ----a-w c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\hid.dll
+ 2004-08-04 04:08:20 36,224 ----a-w c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\hidclass.sys
+ 2004-08-04 04:08:18 24,960 ----a-w c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\hidparse.sys
+ 2001-08-17 19:02:20 9,600 ----a-w c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\hidusb.sys
+ 2004-08-08 05:00:00 20,992 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\hid.dll
+ 2004-08-04 04:08:20 36,224 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\hidclass.sys
+ 2004-08-04 04:08:18 24,960 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\hidparse.sys
+ 2001-08-17 19:02:20 9,600 ----a-w c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\hidusb.sys
+ 2004-08-08 05:00:00 20,992 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\hid.dll
+ 2004-08-04 04:08:20 36,224 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\hidclass.sys
+ 2004-08-04 04:08:18 24,960 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\hidparse.sys
+ 2001-08-17 19:02:20 9,600 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\hidusb.sys
+ 2004-08-04 04:58:34 24,576 ----a-w c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\kbdclass.sys
+ 2004-08-04 03:58:36 14,848 ----a-w c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\kbdhid.sys
+ 2004-08-08 05:00:00 20,992 ----a-w c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\hid.dll
+ 2004-08-04 04:08:20 36,224 ----a-w c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\hidclass.sys
+ 2004-08-04 04:08:18 24,960 ----a-w c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\hidparse.sys
+ 2001-08-17 19:02:20 9,600 ----a-w c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\hidusb.sys
+ 2004-08-08 05:00:00 20,992 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\hid.dll
+ 2004-08-04 04:08:20 36,224 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\hidclass.sys
+ 2004-08-04 04:08:18 24,960 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\hidparse.sys
+ 2001-08-17 19:02:20 9,600 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\hidusb.sys
- 2007-11-26 13:26:28 549,628 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-12-06 20:42:48 140,048 ----a-w c:\windows\system32\Restore\rstrlog.dat
- 2007-08-22 13:12:18 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-08-20 05:38:42 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w c:\windows\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\system32\shell32.dll
- 2007-08-22 13:12:18 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-08-20 05:38:44 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-07-19 03:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-19 03:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 20:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2004-08-08 05:00:00 1,744 ----a-w c:\windows\system32\sound.drv
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
- 2005-06-28 15:21:34 22,752 ----a-w c:\windows\system32\spupdsvc.exe
+ 2006-10-09 02:51:14 23,856 ----a-w c:\windows\system32\spupdsvc.exe
- 2007-09-28 16:07:44 200,704 ----a-w c:\windows\system32\ssldivx.dll
+ 2007-11-29 22:30:16 200,704 ----a-w c:\windows\system32\ssldivx.dll
+ 2005-04-05 17:17:04 517,848 ----a-w c:\windows\system32\SymNeti.dll
+ 2005-04-05 17:17:04 132,824 ----a-w c:\windows\system32\SymRedir.dll
+ 2004-08-08 05:00:00 3,360 ----a-w c:\windows\system32\system.drv
+ 2004-08-08 05:00:00 4,048 ----a-w c:\windows\system32\timer.drv
- 2007-07-18 12:42:22 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
+ 1998-09-02 08:28:48 63,488 ----a-w c:\windows\system32\unam4ie.exe
- 2007-08-22 13:12:18 615,424 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-20 05:38:45 615,936 ----a-w c:\windows\system32\urlmon.dll
+ 2003-02-21 11:16:08 49,152 ----a-w c:\windows\system32\URTTEMP\regtlib.exe
- 2004-08-08 05:00:00 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2004-08-08 05:00:00 2,176 ----a-w c:\windows\system32\vga.drv
+ 1998-08-17 09:21:56 10,240 ----a-w c:\windows\system32\vidx16.dll
+ 2008-03-25 21:24:00 2,272 ----a-w c:\windows\system32\w95inf16.dll
+ 2008-03-25 21:24:00 4,608 ----a-w c:\windows\system32\w95inf32.dll
+ 2007-06-22 17:34:02 1,419,232 ----a-w c:\windows\system32\WdfCoInstaller01005.dll
+ 2004-08-04 06:56:58 23,552 ----a-w c:\windows\system32\wdmaud.drv
+ 2004-08-08 05:00:00 13,600 ----a-w c:\windows\system32\wfwnet.drv
- 2007-03-08 13:47:48 1,843,584 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
+ 1997-01-02 06:00:00 6,736 ----a-w c:\windows\system32\WINGDIB.DRV
- 2007-08-22 13:12:18 658,944 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-20 05:38:43 659,456 ----a-w c:\windows\system32\wininet.dll
+ 2004-08-08 05:00:00 2,864 ----a-w c:\windows\system32\winsock.dll
+ 2004-08-08 05:00:00 146,432 ----a-w c:\windows\system32\winspool.drv
+ 2004-08-08 05:00:00 2,112 ----a-w c:\windows\system32\winspool.exe
- 2005-01-28 18:44:28 224,768 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-27 22:40:06 227,328 ----a-w c:\windows\system32\wmasf.dll
+ 2004-08-08 05:00:00 2,736 ----a-w c:\windows\system32\wowdeb.exe
- 2007-03-05 17:42:18 15,128 ----a-w c:\windows\system32\x3daudio1_1.dll
+ 2007-03-05 18:42:18 15,128 ----a-w c:\windows\system32\x3daudio1_1.dll
- 2007-06-21 01:45:20 18,280 ----a-w c:\windows\system32\x3daudio1_2.dll
+ 2007-10-22 09:37:16 17,928 ----a-w c:\windows\system32\X3DAudio1_2.dll
+ 2008-03-05 21:00:06 25,608 ----a-w c:\windows\system32\X3DAudio1_3.dll
+ 2008-05-30 19:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll
+ 2007-10-22 09:39:54 267,272 ----a-w c:\windows\system32\xactengine2_10.dll
- 2006-05-31 12:24:16 230,168 ----a-w c:\windows\system32\xactengine2_2.dll
+ 2006-05-31 13:24:16 230,168 ----a-w c:\windows\system32\xactengine2_2.dll
- 2006-07-28 14:30:32 236,824 ----a-w c:\windows\system32\xactengine2_3.dll
+ 2006-07-28 15:30:32 236,824 ----a-w c:\windows\system32\xactengine2_3.dll
- 2006-09-28 21:05:56 237,848 ----a-w c:\windows\system32\xactengine2_4.dll
+ 2006-09-28 22:05:56 237,848 ----a-w c:\windows\system32\xactengine2_4.dll
- 2006-12-08 17:02:00 251,672 ----a-w c:\windows\system32\xactengine2_5.dll
+ 2006-12-08 18:02:00 251,672 ----a-w c:\windows\system32\xactengine2_5.dll
- 2007-01-24 20:27:30 255,848 ----a-w c:\windows\system32\xactengine2_6.dll
+ 2007-01-24 21:27:30 255,848 ----a-w c:\windows\system32\xactengine2_6.dll
- 2007-04-04 23:55:00 261,480 ----a-w c:\windows\system32\xactengine2_7.dll
+ 2007-04-05 00:55:00 261,480 ----a-w c:\windows\system32\xactengine2_7.dll
- 2007-06-21 01:46:04 266,088 ----a-w c:\windows\system32\xactengine2_8.dll
+ 2007-06-21 02:46:04 266,088 ----a-w c:\windows\system32\xactengine2_8.dll
+ 2007-07-20 06:57:12 267,112 ----a-w c:\windows\system32\xactengine2_9.dll
+ 2008-03-05 21:03:20 238,088 ----a-w c:\windows\system32\xactengine3_0.dll
+ 2008-05-30 19:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll
+ 2008-07-31 15:41:54 238,088 ----a-w c:\windows\system32\xactengine3_2.dll
+ 2008-05-30 19:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll
+ 2008-07-31 15:41:52 68,616 ----a-w c:\windows\system32\XAPOFX1_1.dll
+ 2008-03-05 21:03:54 479,752 ----a-w c:\windows\system32\XAudio2_0.dll
+ 2008-05-30 19:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll
+ 2008-07-31 15:40:32 509,448 ----a-w c:\windows\system32\XAudio2_2.dll
- 2006-07-28 14:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll
+ 2006-07-28 15:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll
- 2007-04-04 23:53:42 81,768 ----a-w c:\windows\system32\xinput1_3.dll
+ 2007-04-05 00:53:42 81,768 ----a-w c:\windows\system32\xinput1_3.dll
- 2007-08-21 10:20:02 115,712 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-08-19 09:20:32 351,744 ----a-w c:\windows\system32\xpsp3res.dll
- 1996-07-18 18:06:14 297,472 ----a-w c:\windows\uninst.exe
+ 1996-10-15 23:01:00 298,496 ----a-w c:\windows\uninst.exe
+ 2000-08-31 14:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2008-09-30 22:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 22:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2006-12-02 04:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2006-06-05 19:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 20:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
- 2006-06-05 19:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 20:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
- 2006-06-05 19:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 20:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2005-09-23 13:29:16 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 13:29:16 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 13:29:16 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-12-02 06:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 06:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 06:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 06:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 06:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 06:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 06:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 06:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 06:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 06:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 06:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 06:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 06:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 06:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2008-01-16 00:58:09 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-01-16 00:58:09 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2000-08-31 14:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kdy"="c:\program files\Common Files\a?sembly\w?crtupd.exe" [?]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]
"DAEMON Tools Pro Agent"="d:\daemon tools pro\DTProAgent.exe" [2007-09-06 136136]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-27 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"MediaLifeService"="d:\keyboard&mouse\MediaLife\MediaLifeService.exe" [2005-05-12 110739]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2008-07-30 289064]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-09 113664]
Logitech SetPoint.lnk - d:\keyboard&mouse\SetPoint\SetPoint.exe [2008-10-25 805392]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-04-01 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\superantispyware\SASSEH.DLL" [2008-12-06 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-06 14:58 352256 f:\superantispyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"aux1"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 16:29 165784 f:\daemon tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 d:\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 14:22 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 04:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\AIM\\aim.exe"=
"d:\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Azureus\\Azureus\\Azureus.exe"=
"f:\\LimeWire\\LimeWire.exe"=
"d:\\Blazing Angles 2\\Blazing Angels 2 Secret Missions of WWII\\Bin\\BA2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Dungeon Siege\\DSLOA.exe"=
"f:\\Hellgate\\Launcher.exe"=
"c:\\Program Files\\Tremulous\\tremulous.exe"=
"d:\\iTunes\\iTunes.exe"=
"d:\\Tremulous\\tremulous.exe"=
"d:\\Quake3\\ioquake3.x86.exe"=
"f:\\Age of Empires 2\\age2_x1.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\brsvc01a.exe"=
"c:\\WINDOWS\\system32\\brss01a.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41178:TCP"= 41178:TCP:Service
"41188:TCP"= 41188:TCP:Service
"41549:TCP"= 41549:TCP:Service
"41569:TCP"= 41569:TCP:Service
"41128:TCP"= 41128:TCP:Service
"41148:TCP"= 41148:TCP:Service

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 SASDIFSV;SASDIFSV;f:\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;f:\superantispyware\SASKUTIL.SYS [2007-02-27 55024]
R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2009-01-06 99376]
R3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2009-01-05 7548]
S3 AutorunDirectIO;AutorunDirectIO;\??\e:\autorun\DIODrvr.sys --> e:\autorun\DIODrvr.sys [?]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2007-11-22 91797]
S3 SASENUM;SASENUM;f:\superantispyware\SASENUM.SYS [2006-02-16 4096]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilRebootDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d271f4f0-4f58-11dc-804d-00115bacd5eb}]
\Shell\AutoRun\command - J:\LinksysConnectPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6bb17d0-d887-11dd-8280-00508db24c29}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-08 c:\windows\Tasks\pwnlnglf.job
- c:\windows\system32\rundll32.exe [2004-08-07 23:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{15a0f225-4de8-4978-8fdb-1caaeed196ed} - c:\windows\system32\wjyofc.dll
BHO-{6d169ec8-c777-4360-aa27-b2716955605f} - c:\windows\system32\rejanote.dll
BHO-{BFFE891D-618A-7B53-DA5C-3BE675F45CC3} - c:\windows\system32\idgyabn.dll
HKCU-Run-Orrm - c:\windows\DOBE~1\logonui.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-GetModule30 - c:\program files\GetModule\GetModule30.exe
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
HKLM-Run-{08-8C-C0-0C-ZN} - c:\documents and settings\User1\Local Settings\Temp\T0CHD001.exe
HKLM-Run-CPM0783bf3f - c:\windows\system32\hovolile.dll
HKLM-Run-NWEReboot - (no file)
Notify-WgaLogon - (no file)
Notify-winlbu32 - winlbu32.dll
MSConfigStartUp-gxmbsjcl - c:\documents and settings\All Users\Application Data\gxmbsjcl.dll
MSConfigStartUp-io43mvuiw4kj - c:\windows\io43mvuiw4kj.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-ohspilkz - c:\program files\ohspilkz\gnixuhep.dll
MSConfigStartUp-pmdejsly - c:\documents and settings\All Users\Application Data\pmdejsly.dll


.
------- Supplementary Scan -------
.
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\s3845xmg.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\opera\program\plugins\npdivx32.dll
FF - plugin: d:\opera\program\plugins\npdsplay.dll
FF - plugin: d:\opera\program\plugins\npqtplugin.dll
FF - plugin: d:\opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\opera\program\plugins\NPSWF32.dll
FF - plugin: d:\opera\program\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 12:13:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0




**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
f:\superantispyware\SASWINLO.DLL
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
d:\ad-aware\aawservice.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\wscntfy.exe
d:\ipod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-01-08 12:17:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 18:16:37
ComboFix2.txt 2007-12-07 04:08:23

Pre-Run: 82,117,873,664 bytes free
Post-Run: 82,755,694,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

2201 --- E O F --- 2008-11-13 05:55:43



DDS (Ver_09-01-07.01) - NTFSx86
Run by User1 at 12:22:04.06 on Thu 01/08/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1429 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\keyboard&mouse\MediaLife\MediaLifeService.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Daemon tools pro\DTProAgent.exe
C:\Program Files\AIM6\aim6.exe
D:\keyboard&mouse\SetPoint\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Ipod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\Opera\opera.exe
C:\Documents and Settings\User1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {B9D1647F-A66A-4695-B249-07901A45FF59} - No File
uRun: [Kdy] "c:\program files\common files\a?sembly\w?crtupd.exe"
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Pro Agent] "d:\daemon tools pro\DTProAgent.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [MediaLifeService] "d:\keyboard&mouse\medialife\MediaLifeService.exe"
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\keyboard&mouse\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
Notify: !SASWinLogon - f:\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user1\applic~1\mozilla\firefox\profiles\s3845xmg.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\opera\program\plugins\npdivx32.dll
FF - plugin: d:\opera\program\plugins\npdsplay.dll
FF - plugin: d:\opera\program\plugins\npqtplugin.dll
FF - plugin: d:\opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\opera\program\plugins\NPSWF32.dll
FF - plugin: d:\opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: XUL Cache: {BF4BA4DD-4EA6-4BAE-A8A5-728CE1974834} - c:\windows\system32\config\systemprofile\local settings\application data\{bf4ba4dd-4ea6-4bae-a8a5-728ce1974834}\

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R1 SASDIFSV;SASDIFSV;f:\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;f:\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\common files\symantec shared\eengine\EraserUtilDrvI7.sys [2009-1-6 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090106.004\naveng.sys [2009-1-6 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090106.004\navex15.sys [2009-1-6 876112]
R3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2009-1-5 7548]
R4 aawservice;Lavasoft Ad-Aware Service;d:\ad-aware\aawservice.exe [2008-9-10 611664]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
S3 AutorunDirectIO;AutorunDirectIO;\??\e:\autorun\diodrvr.sys --> e:\autorun\DIODrvr.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2007-11-22 91797]
S3 SASENUM;SASENUM;f:\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-01-08 11:51 <DIR> a-dshr-- C:\cmdcons
2009-01-08 11:49 161,792 a------- c:\windows\SWREG.exe
2009-01-08 11:49 98,816 a------- c:\windows\sed.exe
2009-01-07 18:39 460,059 a----r-- C:\txtsetup.sif
2009-01-07 18:39 260,272 a----r-- C:\$LDR$
2009-01-07 18:39 <DIR> --d----- C:\$WIN_NT$.~BT
2009-01-07 11:36 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-06 18:04 0 a------- c:\windows\vpc32.INI
2009-01-06 17:39 123,200 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 17:39 91,856 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-06 17:39 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-01-06 17:32 <DIR> --d----- c:\docume~1\user1\applic~1\IsolatedStorage
2009-01-06 17:31 <DIR> --d----- c:\windows\system32\URTTEMP
2009-01-06 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-01-06 17:26 <DIR> --d----- c:\program files\Symantec
2009-01-05 16:14 487,424 a------- c:\windows\system32\FDRpage.dll
2009-01-05 16:14 77,824 a------- c:\windows\system32\FDRdriver.dll
2009-01-05 16:14 7,548 a------- c:\windows\system32\drivers\Samhid.sys
2009-01-05 16:14 <DIR> --d----- c:\program files\PHILIPS
2009-01-05 16:14 204,800 a------- c:\windows\system32\CreateDir.exe
2009-01-04 13:06 1,085,440 a------- c:\windows\system32\rn.tmp
2009-01-02 18:36 48 a---h--- c:\windows\system32\ezsidmv.dat
2008-12-27 15:05 <DIR> --d----- c:\program files\Steam

==================== Find3M ====================

2008-12-10 21:13 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2008-11-29 23:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-10-25 08:44 7,304 a------- c:\windows\TMP0001.TMP
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
0000-00-00 00:00 67,866 a--sh--- c:\windows\system32\nalayafi.dll
0000-00-00 00:00 46,080 a--sh--- c:\windows\system32\yozezuna.dll

============= FINISH: 12:22:59.29 ===============

Attached Files



#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:09 AM

Posted 08 January 2009 - 01:36 PM

Hi,

Much better already, but we're not finished yet..

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\system32\ffkuz.dll
c:\windows\system32\nalayafi.dll
c:\windows\system32\yozezuna.dll
c:\windows\Tasks\pwnlnglf.job
Folder::
Driver::
Viewpoint Manager Service
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kdy"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Edited by miekiemoes, 08 January 2009 - 01:36 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Xael

Xael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 08 January 2009 - 02:44 PM

Combo Log:
ComboFix 09-01-08.01 - User1 2009-01-08 13:22:56.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1439 [GMT -6:00]
Running from: c:\documents and settings\User1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User1\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\ffkuz.dll
c:\windows\system32\nalayafi.dll
c:\windows\system32\yozezuna.dll
c:\windows\Tasks\pwnlnglf.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ffkuz.dll
c:\windows\system32\nalayafi.dll
c:\windows\system32\yozezuna.dll
c:\windows\Tasks\pwnlnglf.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 00:11 . 2009-01-08 00:11 0 --a------ c:\windows\nsreg.dat
2009-01-07 18:39 . 2009-01-07 18:39 <DIR> d-------- C:\$WIN_NT$.~BT
2009-01-07 18:39 . 2002-12-31 06:00 460,059 -ra------ C:\txtsetup.sif
2009-01-07 18:39 . 2002-12-31 06:00 260,272 -ra------ C:\$LDR$
2009-01-06 18:04 . 2009-01-06 18:04 0 --a------ c:\windows\vpc32.INI
2009-01-06 17:39 . 2009-01-08 13:36 <DIR> d-------- c:\program files\Symantec AntiVirus
2009-01-06 17:39 . 2005-04-01 20:36 123,200 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 17:39 . 2005-04-01 20:36 91,856 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-06 17:32 . 2009-01-06 17:32 <DIR> d-------- c:\documents and settings\User1\Application Data\IsolatedStorage
2009-01-06 17:31 . 2009-01-06 17:31 <DIR> d-------- c:\windows\system32\URTTEMP
2009-01-06 17:26 . 2009-01-06 17:40 <DIR> d-------- c:\program files\Symantec
2009-01-06 17:26 . 2009-01-06 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-05 16:14 . 2009-01-05 16:14 <DIR> d-------- c:\program files\PHILIPS
2009-01-05 16:14 . 2007-06-14 15:38 487,424 --a------ c:\windows\system32\FDRpage.dll
2009-01-05 16:14 . 2007-06-08 10:59 204,800 --a------ c:\windows\system32\CreateDir.exe
2009-01-05 16:14 . 2006-01-04 16:39 77,824 --a------ c:\windows\system32\FDRdriver.dll
2009-01-05 16:14 . 2006-01-06 10:10 7,548 --a------ c:\windows\system32\drivers\Samhid.sys
2009-01-04 13:06 . 2009-01-04 13:07 1,085,440 --a------ c:\windows\system32\rn.tmp
2009-01-02 18:36 . 2009-01-03 10:08 <DIR> d-------- c:\documents and settings\User1\Application Data\skypePM
2009-01-02 18:36 . 2009-01-02 18:36 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-02 18:35 . 2009-01-04 13:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-01-01 22:43 . 2009-01-01 22:44 <DIR> d-------- c:\documents and settings\User1\Application Data\U3
2008-12-27 15:05 . 2009-01-08 13:35 <DIR> d-------- c:\program files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 17:40 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-07 17:39 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-07 17:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-07 03:04 --------- d-----w c:\documents and settings\User1\Application Data\Azureus
2009-01-06 23:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-11 03:13 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-12-07 02:50 --------- d-----w c:\documents and settings\User1\Application Data\Move Networks
2008-12-04 18:36 --------- d-----w c:\program files\AIM6
2008-12-04 18:36 --------- d-----w c:\documents and settings\User1\Application Data\acccore
2008-12-04 18:35 --------- d-----w c:\program files\Common Files\AOL
2008-12-04 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-12-04 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-30 05:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-11-30 02:04 --------- d-----w c:\documents and settings\User1\Application Data\Quake3
2008-11-12 20:52 --------- d--h--r c:\documents and settings\User1\Application Data\SecuROM
2008-10-25 14:44 7,304 ----a-w c:\windows\TMP0001.TMP
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-08_12.15.08.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-08 18:02:14 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-08 18:11:57 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-08 18:02:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-08 18:11:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-08 18:02:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-08 18:11:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]
"DAEMON Tools Pro Agent"="d:\daemon tools pro\DTProAgent.exe" [2007-09-06 136136]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-27 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"MediaLifeService"="d:\keyboard&mouse\MediaLife\MediaLifeService.exe" [2005-05-12 110739]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2008-07-30 289064]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-09 113664]
Logitech SetPoint.lnk - d:\keyboard&mouse\SetPoint\SetPoint.exe [2008-10-25 805392]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-04-01 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\superantispyware\SASSEH.DLL" [2008-12-06 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-06 14:58 352256 f:\superantispyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"aux1"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 16:29 165784 f:\daemon tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 d:\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 14:22 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 04:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\AIM\\aim.exe"=
"d:\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Azureus\\Azureus\\Azureus.exe"=
"f:\\LimeWire\\LimeWire.exe"=
"d:\\Blazing Angles 2\\Blazing Angels 2 Secret Missions of WWII\\Bin\\BA2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Dungeon Siege\\DSLOA.exe"=
"f:\\Hellgate\\Launcher.exe"=
"c:\\Program Files\\Tremulous\\tremulous.exe"=
"d:\\iTunes\\iTunes.exe"=
"d:\\Tremulous\\tremulous.exe"=
"d:\\Quake3\\ioquake3.x86.exe"=
"f:\\Age of Empires 2\\age2_x1.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\brsvc01a.exe"=
"c:\\WINDOWS\\system32\\brss01a.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41178:TCP"= 41178:TCP:Service
"41188:TCP"= 41188:TCP:Service
"41549:TCP"= 41549:TCP:Service
"41569:TCP"= 41569:TCP:Service
"44343:TCP"= 44343:TCP:Service
"44353:TCP"= 44353:TCP:Service

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 SASDIFSV;SASDIFSV;f:\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;f:\superantispyware\SASKUTIL.SYS [2007-02-27 55024]
R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2009-01-06 99376]
R3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2009-01-05 7548]
S3 AutorunDirectIO;AutorunDirectIO;\??\e:\autorun\DIODrvr.sys --> e:\autorun\DIODrvr.sys [?]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2007-11-22 91797]
S3 SASENUM;SASENUM;f:\superantispyware\SASENUM.SYS [2006-02-16 4096]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilRebootDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d271f4f0-4f58-11dc-804d-00115bacd5eb}]
\Shell\AutoRun\command - J:\LinksysConnectPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6bb17d0-d887-11dd-8280-00508db24c29}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\s3845xmg.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\opera\program\plugins\npdivx32.dll
FF - plugin: d:\opera\program\plugins\npdsplay.dll
FF - plugin: d:\opera\program\plugins\npqtplugin.dll
FF - plugin: d:\opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\opera\program\plugins\NPSWF32.dll
FF - plugin: d:\opera\program\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 13:35:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
f:\superantispyware\SASWINLO.DLL
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3520)
d:\keyboard&mouse\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
d:\ad-aware\aawservice.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
d:\ipod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-01-08 13:40:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 19:40:16
ComboFix2.txt 2009-01-08 18:17:10
ComboFix3.txt 2007-12-07 04:08:23

Pre-Run: 82,654,846,976 bytes free
Post-Run: 82,634,260,480 bytes free

284 --- E O F --- 2008-11-13 05:55:43




Other Log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by User1 at 13:41:42.97 on Thu 01/08/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1498 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\keyboard&mouse\MediaLife\MediaLifeService.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Daemon tools pro\DTProAgent.exe
D:\keyboard&mouse\SetPoint\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Ipod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {B9D1647F-A66A-4695-B249-07901A45FF59} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Pro Agent] "d:\daemon tools pro\DTProAgent.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [MediaLifeService] "d:\keyboard&mouse\medialife\MediaLifeService.exe"
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\keyboard&mouse\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
Notify: !SASWinLogon - f:\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user1\applic~1\mozilla\firefox\profiles\s3845xmg.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\opera\program\plugins\npdivx32.dll
FF - plugin: d:\opera\program\plugins\npdsplay.dll
FF - plugin: d:\opera\program\plugins\npqtplugin.dll
FF - plugin: d:\opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\opera\program\plugins\NPSWF32.dll
FF - plugin: d:\opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: XUL Cache: {BF4BA4DD-4EA6-4BAE-A8A5-728CE1974834} - c:\windows\system32\config\systemprofile\local settings\application data\{bf4ba4dd-4ea6-4bae-a8a5-728ce1974834}\

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R1 SASDIFSV;SASDIFSV;f:\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;f:\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\common files\symantec shared\eengine\EraserUtilDrvI7.sys [2009-1-6 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090106.004\naveng.sys [2009-1-6 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090106.004\navex15.sys [2009-1-6 876112]
R3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2009-1-5 7548]
R4 aawservice;Lavasoft Ad-Aware Service;d:\ad-aware\aawservice.exe [2008-9-10 611664]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
S3 AutorunDirectIO;AutorunDirectIO;\??\e:\autorun\diodrvr.sys --> e:\autorun\DIODrvr.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2007-11-22 91797]
S3 SASENUM;SASENUM;f:\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]

=============== Created Last 30 ================

2009-01-08 11:51 <DIR> a-dshr-- C:\cmdcons
2009-01-08 11:49 161,792 a------- c:\windows\SWREG.exe
2009-01-08 11:49 98,816 a------- c:\windows\sed.exe
2009-01-07 18:39 460,059 a----r-- C:\txtsetup.sif
2009-01-07 18:39 260,272 a----r-- C:\$LDR$
2009-01-07 18:39 <DIR> --d----- C:\$WIN_NT$.~BT
2009-01-06 18:04 0 a------- c:\windows\vpc32.INI
2009-01-06 17:39 123,200 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 17:39 91,856 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-06 17:39 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-01-06 17:32 <DIR> --d----- c:\docume~1\user1\applic~1\IsolatedStorage
2009-01-06 17:31 <DIR> --d----- c:\windows\system32\URTTEMP
2009-01-06 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-01-06 17:26 <DIR> --d----- c:\program files\Symantec
2009-01-05 16:14 487,424 a------- c:\windows\system32\FDRpage.dll
2009-01-05 16:14 77,824 a------- c:\windows\system32\FDRdriver.dll
2009-01-05 16:14 7,548 a------- c:\windows\system32\drivers\Samhid.sys
2009-01-05 16:14 <DIR> --d----- c:\program files\PHILIPS
2009-01-05 16:14 204,800 a------- c:\windows\system32\CreateDir.exe
2009-01-04 13:06 1,085,440 a------- c:\windows\system32\rn.tmp
2009-01-02 18:36 48 a---h--- c:\windows\system32\ezsidmv.dat
2008-12-27 15:05 <DIR> --d----- c:\program files\Steam

==================== Find3M ====================

2008-12-10 21:13 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2008-11-29 23:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-10-25 08:44 7,304 a------- c:\windows\TMP0001.TMP
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

============= FINISH: 13:42:16.60 ===============

Attached Files



#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:09 AM

Posted 08 January 2009 - 02:48 PM

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Xael

Xael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 08 January 2009 - 04:58 PM

Thanks for the help, Franky (my computer) is running much better. I've run a virus scanner and I no longer have those Vundo viruses or trojans. Not to mention i no longer have 2 Run.dll errors when my computer starts up.

Thanks again.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:09 AM

Posted 08 January 2009 - 05:01 PM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:09 AM

Posted 12 January 2009 - 06:27 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users