Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spoolsv,Explorer infected! antivirus cant detect [combofix]


  • This topic is locked This topic is locked
2 replies to this topic

#1 aritrakundu

aritrakundu

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 05 April 2009 - 03:18 AM

some programs have been trying to access goansi.cn etc site....
my zonealarm have been trying to prevent it.

here is my combofix log with hijackthis log

ComboFix 09-04-04.01 - Aritra 2009-04-05 13:22:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.212 [GMT 5.5:30]
Running from: c:\documents and settings\Aritra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Aritra\Desktop\CFScript.log
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\IsDrv118.sys\
c:\windows\system32\drivers\IsPubDrv.sys\
c:\windows\system32\F56648C2FF.dll

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
.

2009-04-05 12:14 . 2009-04-05 12:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-04-05 12:13 . 2009-04-05 12:31 <DIR> d-------- c:\program files\Security Task Manager
2009-04-03 18:44 . 2009-04-03 18:45 <DIR> d-------- c:\documents and settings\Aritra\vw
2009-04-03 18:44 . 2009-04-03 18:44 <DIR> d-------- c:\documents and settings\Aritra\VisualRoute
2009-04-01 22:20 . 2009-04-01 22:20 <DIR> d-------- c:\program files\Prevx
2009-04-01 22:20 . 2009-04-03 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-04-01 22:20 . 2009-04-01 22:20 22,024 --a------ c:\windows\system32\drivers\pxscan.sys
2009-04-01 22:20 . 2009-04-01 22:20 63 --a------ c:\windows\wininit.ini
2009-04-01 01:25 . 2009-04-01 01:25 80 --a------ c:\windows\system32\asr_idvfe
2009-03-30 05:41 . 2009-03-30 21:05 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-30 05:41 . 2009-03-30 23:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-24 03:31 . 2009-03-24 03:31 704,000 --a------ c:\windows\is-TH5A6.exe
2009-03-24 03:31 . 2009-03-24 03:31 10,498 --a------ c:\windows\is-TH5A6.msg
2009-03-24 03:31 . 2009-03-24 03:31 460 --a------ c:\windows\is-TH5A6.lst
2009-03-24 03:13 . 2009-03-24 03:13 78 --a------ c:\windows\system32\asr_weuge
2009-03-13 16:06 . 2006-07-21 17:02 4,300,800 --a------ c:\windows\Earth.scr
2009-03-13 16:06 . 2009-03-13 16:06 4,608 --ahs---- c:\windows\system32\Thumbs.db
2009-03-06 20:04 . 2008-11-06 22:07 129,784 --------- c:\windows\system32\pxafs.dll
2009-03-06 20:04 . 2008-11-06 22:07 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-03-06 20:04 . 2008-11-06 22:07 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-03-06 20:03 . 2009-03-06 20:04 <DIR> d-------- c:\documents and settings\Aritra\Application Data\DivX
2009-03-06 20:02 . 2009-03-08 16:49 <DIR> d-------- c:\program files\DivX
2009-03-05 02:12 . 2009-03-07 09:43 <DIR> d-------- c:\documents and settings\Aritra\Application Data\DJJava
2009-03-05 02:11 . 2009-03-05 02:11 <DIR> d-------- c:\program files\decomp
2009-03-05 02:11 . 2009-03-05 02:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Protexis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 07:53 --------- d-----w c:\documents and settings\Aritra\Application Data\DMCache
2009-04-05 07:32 --------- d-----w c:\documents and settings\Aritra\Application Data\uTorrent
2009-04-05 06:55 30,601 ----a-w c:\windows\java\x.exe
2009-04-04 13:16 23,552 ----a-w c:\windows\Internet Logs\xDBF5.tmp
2009-04-04 02:30 356,864 ----a-w c:\windows\Internet Logs\xDBF4.tmp
2009-04-03 23:48 308,736 ----a-w c:\windows\Internet Logs\xDBF3.tmp
2009-04-03 19:07 88,576 ----a-w c:\windows\Internet Logs\xDBF1.tmp
2009-04-03 19:07 4,395,520 ----a-w c:\windows\Internet Logs\xDBF2.tmp
2009-04-03 16:20 4,395,008 ----a-w c:\windows\Internet Logs\xDBF0.tmp
2009-04-03 16:20 1,664,000 ----a-w c:\windows\Internet Logs\xDBEF.tmp
2009-04-02 02:20 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-01 18:09 --------- d-----w c:\documents and settings\Aritra\Application Data\LimeWire
2009-04-01 14:07 78,848 ----a-w c:\windows\Internet Logs\xDBED.tmp
2009-04-01 14:07 4,316,672 ----a-w c:\windows\Internet Logs\xDBEE.tmp
2009-04-01 07:35 616,960 ----a-w c:\windows\Internet Logs\xDBEB.tmp
2009-04-01 07:35 4,316,672 ----a-w c:\windows\Internet Logs\xDBEC.tmp
2009-03-31 06:29 50,688 ----a-w c:\windows\Internet Logs\xDBE9.tmp
2009-03-31 06:29 4,313,600 ----a-w c:\windows\Internet Logs\xDBEA.tmp
2009-03-31 02:06 4,313,088 ----a-w c:\windows\Internet Logs\xDBE8.tmp
2009-03-31 02:06 2,912,768 ----a-w c:\windows\Internet Logs\xDBE7.tmp
2009-03-30 02:31 4,302,848 ----a-w c:\windows\Internet Logs\xDBE6.tmp
2009-03-30 02:31 1,254,400 ----a-w c:\windows\Internet Logs\xDBE5.tmp
2009-03-29 14:43 4,292,608 ----a-w c:\windows\Internet Logs\xDBE4.tmp
2009-03-29 13:50 6,362,032 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-29 13:13 321,536 ----a-w c:\windows\Internet Logs\xDBE3.tmp
2009-03-28 23:42 955,392 ----a-w c:\windows\Internet Logs\xDBE1.tmp
2009-03-28 23:42 4,289,024 ----a-w c:\windows\Internet Logs\xDBE2.tmp
2009-03-28 15:23 4,288,512 ----a-w c:\windows\Internet Logs\xDBE0.tmp
2009-03-28 15:23 126,976 ----a-w c:\windows\Internet Logs\xDBDF.tmp
2009-03-27 16:36 346,112 ----a-w c:\windows\Internet Logs\xDBDE.tmp
2009-03-26 11:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 11:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-24 09:26 4,284,416 ----a-w c:\windows\Internet Logs\xDBDD.tmp
2009-03-24 09:26 2,936,832 ----a-w c:\windows\Internet Logs\xDBDC.tmp
2009-03-23 19:33 4,274,688 ----a-w c:\windows\Internet Logs\xDBDB.tmp
2009-03-23 19:33 210,432 ----a-w c:\windows\Internet Logs\xDBDA.tmp
2009-03-23 02:33 4,274,176 ----a-w c:\windows\Internet Logs\xDBD9.tmp
2009-03-23 02:33 1,572,864 ----a-w c:\windows\Internet Logs\xDBD8.tmp
2009-03-22 19:39 4,273,664 ----a-w c:\windows\Internet Logs\xDBD7.tmp
2009-03-22 19:39 1,588,736 ----a-w c:\windows\Internet Logs\xDBD6.tmp
2009-03-21 17:33 4,273,152 ----a-w c:\windows\Internet Logs\xDBD5.tmp
2009-03-21 17:33 182,784 ----a-w c:\windows\Internet Logs\xDBD4.tmp
2009-03-16 08:05 4,272,640 ----a-w c:\windows\Internet Logs\xDBD3.tmp
2009-03-16 08:05 246,272 ----a-w c:\windows\Internet Logs\xDBD2.tmp
2009-03-14 09:39 4,269,056 ----a-w c:\windows\Internet Logs\xDBD1.tmp
2009-03-14 09:39 1,009,152 ----a-w c:\windows\Internet Logs\xDBD0.tmp
2009-03-13 18:32 4,268,032 ----a-w c:\windows\Internet Logs\xDBCF.tmp
2009-03-13 18:32 201,728 ----a-w c:\windows\Internet Logs\xDBCE.tmp
2009-03-13 13:32 813,056 ----a-w c:\windows\Internet Logs\xDBCD.tmp
2009-03-13 13:28 --------- d-----w c:\program files\Phun
2009-03-12 09:39 33,792 ----a-w c:\windows\Internet Logs\xDBCC.tmp
2009-03-11 21:58 4,264,448 ----a-w c:\windows\Internet Logs\xDBCB.tmp
2009-03-11 21:58 2,796,544 ----a-w c:\windows\Internet Logs\xDBCA.tmp
2009-03-11 15:12 97,792 ----a-w c:\windows\Internet Logs\xDBC8.tmp
2009-03-11 15:12 4,260,864 ----a-w c:\windows\Internet Logs\xDBC9.tmp
2009-03-11 13:35 --------- d-----w c:\program files\Internet Download Manager
2009-03-11 11:21 1,031,168 ----a-w c:\windows\Internet Logs\xDBC7.tmp
2009-03-10 20:37 4,255,232 ----a-w c:\windows\Internet Logs\xDBC6.tmp
2009-03-10 20:37 166,912 ----a-w c:\windows\Internet Logs\xDBC5.tmp
2009-03-09 02:45 4,253,696 ----a-w c:\windows\Internet Logs\xDBC4.tmp
2009-03-09 02:45 2,998,784 ----a-w c:\windows\Internet Logs\xDBC3.tmp
2009-03-07 19:44 4,248,576 ----a-w c:\windows\Internet Logs\xDBC2.tmp
2009-03-07 19:44 138,240 ----a-w c:\windows\Internet Logs\xDBC1.tmp
2009-03-07 15:08 100,352 ----a-w c:\windows\Internet Logs\xDBC0.tmp
2009-03-07 07:51 4,241,920 ----a-w c:\windows\Internet Logs\xDBBF.tmp
2009-03-07 07:51 1,023,488 ----a-w c:\windows\Internet Logs\xDBBE.tmp
2009-03-07 05:26 --------- d-----w c:\documents and settings\Aritra\Application Data\IDM
2009-03-06 18:37 4,241,408 ----a-w c:\windows\Internet Logs\xDBBD.tmp
2009-03-06 18:37 113,152 ----a-w c:\windows\Internet Logs\xDBBC.tmp
2009-03-06 15:01 --------- d-----w c:\program files\Google
2009-03-04 21:23 4,224,000 ----a-w c:\windows\Internet Logs\xDBBB.tmp
2009-03-04 21:23 4,224,000 ----a-w c:\windows\Internet Logs\xDBB9.tmp
2009-03-04 21:23 378,880 ----a-w c:\windows\Internet Logs\xDBBA.tmp
2009-03-04 21:23 378,880 ----a-w c:\windows\Internet Logs\xDBB8.tmp
2009-03-03 20:03 4,212,224 ----a-w c:\windows\Internet Logs\xDBB7.tmp
2009-03-03 20:03 2,926,592 ----a-w c:\windows\Internet Logs\xDBB6.tmp
2009-03-03 15:30 68,608 ----a-w c:\windows\Internet Logs\xDBB4.tmp
2009-03-03 15:30 4,211,712 ----a-w c:\windows\Internet Logs\xDBB5.tmp
2009-03-03 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-03 09:22 4,211,200 ----a-w c:\windows\Internet Logs\xDBB3.tmp
2009-03-03 09:22 338,432 ----a-w c:\windows\Internet Logs\xDBB2.tmp
2009-03-03 02:21 1,103,872 ----a-w c:\windows\Internet Logs\xDBB1.tmp
2009-03-02 16:03 4,210,176 ----a-w c:\windows\Internet Logs\xDBB0.tmp
2009-03-02 16:03 320,512 ----a-w c:\windows\Internet Logs\xDBAF.tmp
2009-03-01 03:03 --------- d-----w c:\documents and settings\Aritra\Application Data\Mathematica
2009-03-01 03:03 --------- d-----w c:\documents and settings\All Users\Application Data\Mathematica
2009-03-01 02:54 --------- d-----w c:\program files\Wolfram Research
2009-03-01 02:40 223,128 ----a-w c:\windows\system32\drivers\dtscsi.sys
2009-03-01 02:40 --------- d-----w c:\program files\DAEMON Tools
2009-02-28 21:40 948,736 ----a-w c:\windows\Internet Logs\xDBAD.tmp
2009-02-28 21:40 4,191,232 ----a-w c:\windows\Internet Logs\xDBAE.tmp
2009-02-28 18:31 --------- d-----w c:\program files\Kundli for Windows
2009-02-28 09:10 --------- d-----w c:\program files\EqPlot
2009-02-28 02:32 1,280,512 ----a-w c:\windows\Internet Logs\xDBAC.tmp
2009-02-27 19:41 --------- d-----w c:\documents and settings\Aritra\Application Data\Runiter
2009-02-27 15:21 4,166,144 ----a-w c:\windows\Internet Logs\xDBAB.tmp
2009-02-27 15:21 158,720 ----a-w c:\windows\Internet Logs\xDBAA.tmp
2009-02-23 14:23 474,624 ----a-w c:\windows\Internet Logs\xDBA8.tmp
2009-02-23 14:23 4,165,632 ----a-w c:\windows\Internet Logs\xDBA9.tmp
2009-02-23 07:45 28,672 ----a-w c:\windows\Internet Logs\xDBA7.tmp
2008-12-29 10:12 890,912 --sha-w c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

2004-08-04 06:26 1051136 5ea99ea877ad0cfad8af3031d67da2a5 c:\windows\explorer.exe
2004-08-04 06:26 1051136 6966ca47ca40e02816bbe557898f79f3 c:\windows\system32\dllcache\explorer.exe

2004-08-04 06:26 34304 18c55d14b9f62fab432675d967255f26 c:\windows\system32\ctfmon.exe
2004-08-04 06:26 34304 77eae062fba1d545eb66718a34038741 c:\windows\system32\dllcache\ctfmon.exe

2004-08-04 06:26 76800 37116aaf6572696c4178a41f5358e6ba c:\windows\system32\spoolsv.exe
2004-08-04 06:26 76800 864a07e1ce1c20bee84366aa8ffd5b95 c:\windows\system32\dllcache\spoolsv.exe

2004-08-04 06:26 130048 ac926b04176d17454f404488baaf2bed c:\windows\system32\wuauclt.exe
2004-08-04 06:26 130048 1521200eb15dfc54fb8818e6b33bff70 c:\windows\system32\dllcache\wuauclt.exe

2004-08-04 06:26 43520 b89605d56a18206538fa392a64d5c50b c:\windows\system32\userinit.exe
2004-08-04 06:26 43520 8a90dfbf110574f612dc0a268f2db5b3 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-02-11_17.09.44.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-03 10:43:00 69,632 ------r c:\windows\Alcmtr.exe
+ 2005-05-03 10:43:00 90,112 ------r c:\windows\Alcmtr.exe
- 2006-05-04 08:26:00 2,808,832 ------r c:\windows\alcwzrd.exe
+ 2006-05-04 08:26:00 2,829,824 ------r c:\windows\alcwzrd.exe
- 2002-12-14 16:47:46 91,136 ----a-w c:\windows\BC5RMV.EXE
+ 2002-12-14 16:47:46 110,080 ----a-w c:\windows\BC5RMV.EXE
- 2005-10-20 14:32:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 14:32:28 185,856 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 02:30:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 02:30:00 109,984 ----a-w c:\windows\fdsv.exe
- 2000-08-31 02:30:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 02:30:00 99,356 ----a-w c:\windows\grep.exe
- 2004-08-04 00:56:52 10,752 ----a-w c:\windows\hh.exe
+ 2004-08-04 00:56:52 29,696 ----a-w c:\windows\hh.exe
- 2004-08-10 20:15:04 192,512 ----a-w c:\windows\inf\unregmp2.exe
+ 2004-08-10 20:15:04 212,992 ----a-w c:\windows\inf\unregmp2.exe
- 1998-10-29 10:15:06 306,688 ----a-w c:\windows\IsUninst.exe
+ 1998-10-29 10:15:06 325,632 ----a-w c:\windows\IsUninst.exe
- 2008-05-08 07:45:12 737,280 ----a-w c:\windows\iun6002.exe
+ 2008-05-08 07:45:12 757,760 ----a-w c:\windows\iun6002.exe
- 2006-10-11 09:42:00 2,157,568 ------r c:\windows\MicCal.exe
+ 2006-10-11 09:42:00 2,177,536 ------r c:\windows\MicCal.exe
- 2004-08-04 00:56:48 256,512 ----a-w c:\windows\msagent\agentsvr.exe
+ 2004-08-04 00:56:48 275,456 ----a-w c:\windows\msagent\agentsvr.exe
- 2000-08-31 02:30:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 02:30:00 50,688 ----a-w c:\windows\NIRCMD.exe
- 2004-08-04 00:56:56 69,120 ----a-w c:\windows\NOTEPAD.EXE
+ 2004-08-04 00:56:56 88,064 ----a-w c:\windows\NOTEPAD.EXE
- 2004-08-04 00:56:50 768,512 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
+ 2004-08-04 00:56:50 787,456 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
- 2001-09-04 04:21:08 99,840 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
+ 2001-09-04 04:21:08 118,784 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
- 2004-08-04 00:56:52 743,936 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2004-08-04 00:56:52 762,880 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
- 2004-08-04 00:56:52 18,944 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
+ 2004-08-04 00:56:52 37,888 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
- 2004-08-04 00:56:54 158,208 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
+ 2004-08-04 00:56:54 177,152 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
- 2001-09-04 04:22:38 35,328 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
+ 2001-09-04 04:22:38 54,272 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
- 2004-08-04 00:56:56 146,432 ----a-w c:\windows\regedit.exe
+ 2004-08-04 00:56:56 165,376 ----a-w c:\windows\regedit.exe
- 2006-10-30 11:49:00 16,269,312 ------r c:\windows\RTHDCPL.exe
+ 2006-10-30 11:49:00 16,288,256 ------r c:\windows\RTHDCPL.exe
- 2006-05-04 08:35:00 9,709,568 ------r c:\windows\RTLCPL.exe
+ 2006-05-04 08:35:00 9,730,560 ------r c:\windows\RTLCPL.exe
- 2006-09-28 06:00:00 1,183,744 ------r c:\windows\RtlUpd.exe
+ 2006-09-28 06:00:00 1,204,224 ------r c:\windows\RtlUpd.exe
- 2000-08-31 02:30:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 02:30:00 117,760 ----a-w c:\windows\sed.exe
- 2003-02-28 12:56:30 46,352 ----a-w c:\windows\setdebug.exe
+ 2003-02-28 12:56:30 65,296 ----a-w c:\windows\setdebug.exe
- 2006-05-16 10:04:00 2,879,488 ------r c:\windows\SkyTel.exe
+ 2006-05-16 10:04:00 2,901,504 ------r c:\windows\SkyTel.exe
- 2006-07-21 08:14:00 86,016 ------r c:\windows\SoundMan.exe
+ 2006-07-21 08:14:00 106,496 ------r c:\windows\SoundMan.exe
- 2000-08-31 02:30:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 02:30:00 181,248 ----a-w c:\windows\SWREG.exe
- 2000-08-31 02:30:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 02:30:00 156,672 ----a-w c:\windows\SWSC.exe
- 2000-08-31 02:30:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2000-08-31 02:30:00 231,424 ----a-w c:\windows\SWXCACLS.exe
- 2004-08-04 00:56:48 183,808 ----a-w c:\windows\system32\accwiz.exe
+ 2004-08-04 00:56:48 202,752 ----a-w c:\windows\system32\accwiz.exe
- 2004-08-04 00:56:48 4,096 ----a-w c:\windows\system32\actmovie.exe
+ 2004-08-04 00:56:48 23,040 ----a-w c:\windows\system32\actmovie.exe
- 2004-08-04 00:56:48 98,304 ----a-w c:\windows\system32\ahui.exe
+ 2004-08-04 00:56:48 117,248 ----a-w c:\windows\system32\ahui.exe
- 2004-08-04 00:56:48 44,544 ----a-w c:\windows\system32\alg.exe
+ 2004-08-04 00:56:48 63,488 ----a-w c:\windows\system32\alg.exe
- 2001-09-04 04:20:14 19,456 ----a-w c:\windows\system32\arp.exe
+ 2001-09-04 04:20:14 38,400 ----a-w c:\windows\system32\arp.exe
- 2004-08-04 00:56:48 30,208 ----a-w c:\windows\system32\asr_fmt.exe
+ 2004-08-04 00:56:48 49,152 ----a-w c:\windows\system32\asr_fmt.exe
- 2001-09-04 04:20:16 32,256 ----a-w c:\windows\system32\asr_ldm.exe
+ 2001-09-04 04:20:16 51,200 ----a-w c:\windows\system32\asr_ldm.exe
- 2004-08-04 00:56:48 32,768 ----a-w c:\windows\system32\asr_pfu.exe
+ 2004-08-04 00:56:48 51,712 ----a-w c:\windows\system32\asr_pfu.exe
- 2004-08-04 00:56:48 25,088 ----a-w c:\windows\system32\at.exe
+ 2004-08-04 00:56:48 44,032 ----a-w c:\windows\system32\at.exe
- 2004-08-04 00:56:48 11,264 ----a-w c:\windows\system32\atmadm.exe
+ 2004-08-04 00:56:48 30,208 ----a-w c:\windows\system32\atmadm.exe
- 2001-09-04 04:20:16 11,264 ----a-w c:\windows\system32\attrib.exe
+ 2001-09-04 04:20:16 30,208 ----a-w c:\windows\system32\attrib.exe
- 2004-08-04 00:56:48 14,336 ----a-w c:\windows\system32\auditusr.exe
+ 2004-08-04 00:56:48 33,280 ----a-w c:\windows\system32\auditusr.exe
- 2004-08-04 00:56:48 71,680 ----a-w c:\windows\system32\blastcln.exe
+ 2004-08-04 00:56:48 90,624 ----a-w c:\windows\system32\blastcln.exe
- 2001-09-04 04:20:18 136,704 ----a-w c:\windows\system32\bootcfg.exe
+ 2001-09-04 04:20:18 155,648 ----a-w c:\windows\system32\bootcfg.exe
- 2001-09-04 04:20:18 4,608 ----a-w c:\windows\system32\bootok.exe
+ 2001-09-04 04:20:18 23,552 ----a-w c:\windows\system32\bootok.exe
- 2001-09-04 04:20:18 5,120 ----a-w c:\windows\system32\bootvrfy.exe
+ 2001-09-04 04:20:18 24,064 ----a-w c:\windows\system32\bootvrfy.exe
- 2001-09-04 04:20:20 18,432 ----a-w c:\windows\system32\cacls.exe
+ 2001-09-04 04:20:20 37,376 ----a-w c:\windows\system32\cacls.exe
- 2001-09-04 04:20:20 114,688 ----a-w c:\windows\system32\calc.exe
+ 2001-09-04 04:20:20 133,632 ----a-w c:\windows\system32\calc.exe
- 2001-09-04 04:20:20 80,384 ----a-w c:\windows\system32\charmap.exe
+ 2001-09-04 04:20:20 99,328 ----a-w c:\windows\system32\charmap.exe
- 2006-08-01 07:02:00 49,152 ------r c:\windows\system32\ChCfg.exe
+ 2006-08-01 07:02:00 69,632 ------r c:\windows\system32\ChCfg.exe
- 2001-09-04 04:20:20 11,776 ----a-w c:\windows\system32\chkdsk.exe
+ 2001-09-04 04:20:20 30,720 ----a-w c:\windows\system32\chkdsk.exe
- 2001-09-04 04:20:20 11,264 ----a-w c:\windows\system32\chkntfs.exe
+ 2001-09-04 04:20:20 30,208 ----a-w c:\windows\system32\chkntfs.exe
- 2001-09-04 04:20:20 8,192 ----a-w c:\windows\system32\cidaemon.exe
+ 2001-09-04 04:20:20 27,136 ----a-w c:\windows\system32\cidaemon.exe
- 2004-08-04 00:56:48 56,320 ----a-w c:\windows\system32\cipher.exe
+ 2004-08-04 00:56:48 75,264 ----a-w c:\windows\system32\cipher.exe
- 2004-08-04 00:56:48 5,632 ----a-w c:\windows\system32\cisvc.exe
+ 2004-08-04 00:56:48 24,576 ----a-w c:\windows\system32\cisvc.exe
- 2001-09-04 04:20:22 7,680 ----a-w c:\windows\system32\ckcnv.exe
+ 2001-09-04 04:20:22 26,624 ----a-w c:\windows\system32\ckcnv.exe
- 2004-08-04 00:56:48 64,000 ----a-w c:\windows\system32\cleanmgr.exe
+ 2004-08-04 00:56:48 82,944 ----a-w c:\windows\system32\cleanmgr.exe
- 2004-08-04 00:56:48 20,480 ----a-w c:\windows\system32\cliconfg.exe
+ 2004-08-04 00:56:48 40,960 ----a-w c:\windows\system32\cliconfg.exe
- 2004-08-04 00:56:48 102,912 ----a-w c:\windows\system32\clipbrd.exe
+ 2004-08-04 00:56:48 121,856 ----a-w c:\windows\system32\clipbrd.exe
- 2004-08-04 00:56:48 33,280 ----a-w c:\windows\system32\clipsrv.exe
+ 2004-08-04 00:56:48 52,224 ----a-w c:\windows\system32\clipsrv.exe
- 2003-02-28 12:56:26 49,424 ----a-w c:\windows\system32\clspack.exe
+ 2003-02-28 12:56:26 68,368 ----a-w c:\windows\system32\clspack.exe
- 2004-08-04 00:56:50 388,608 ----a-w c:\windows\system32\cmd.exe
+ 2004-08-04 00:56:50 407,552 ----a-w c:\windows\system32\cmd.exe
- 2004-08-04 00:56:50 47,104 ----a-w c:\windows\system32\cmdl32.exe
+ 2004-08-04 00:56:50 66,048 ----a-w c:\windows\system32\cmdl32.exe
- 2004-08-04 00:56:50 39,936 ----a-w c:\windows\system32\cmmon32.exe
+ 2004-08-04 00:56:50 58,880 ----a-w c:\windows\system32\cmmon32.exe
- 2004-08-04 00:56:50 63,488 ----a-w c:\windows\system32\cmstp.exe
+ 2004-08-04 00:56:50 82,432 ----a-w c:\windows\system32\cmstp.exe
- 2004-08-04 00:56:50 9,728 ----a-w c:\windows\system32\Com\comrepl.exe
+ 2004-08-04 00:56:50 28,672 ----a-w c:\windows\system32\Com\comrepl.exe
- 2001-09-04 04:20:28 5,120 ----a-w c:\windows\system32\Com\comrereg.exe
+ 2001-09-04 04:20:28 24,064 ----a-w c:\windows\system32\Com\comrereg.exe
- 2001-09-04 04:20:24 15,872 ----a-w c:\windows\system32\comp.exe
+ 2001-09-04 04:20:24 34,816 ----a-w c:\windows\system32\comp.exe
- 2001-09-04 04:20:24 17,408 ----a-w c:\windows\system32\compact.exe
+ 2001-09-04 04:20:24 36,352 ----a-w c:\windows\system32\compact.exe
- 2008-04-07 17:17:23 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-05 05:45:41 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-04-07 17:17:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-05 05:45:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-07 17:17:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-05 05:45:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-04 00:56:50 27,648 ----a-w c:\windows\system32\conime.exe
+ 2004-08-04 00:56:50 46,592 ----a-w c:\windows\system32\conime.exe
- 2001-09-04 04:20:28 8,192 ----a-w c:\windows\system32\control.exe
+ 2001-09-04 04:20:28 27,136 ----a-w c:\windows\system32\control.exe
- 2001-09-04 04:20:30 13,824 ----a-w c:\windows\system32\convert.exe
+ 2001-09-04 04:20:30 32,768 ----a-w c:\windows\system32\convert.exe
- 1999-10-27 09:28:00 581,632 ----a-w c:\windows\system32\CONVERT2.EXE
+ 1999-10-27 09:28:00 600,576 ----a-w c:\windows\system32\CONVERT2.EXE
- 2004-08-04 00:56:50 98,304 ----a-w c:\windows\system32\cscript.exe
+ 2004-08-04 00:56:50 118,784 ----a-w c:\windows\system32\cscript.exe
- 2001-09-04 04:20:34 5,120 ----a-w c:\windows\system32\dcomcnfg.exe
+ 2001-09-04 04:20:34 24,064 ----a-w c:\windows\system32\dcomcnfg.exe
- 2004-08-04 00:56:50 30,208 ----a-w c:\windows\system32\ddeshare.exe
+ 2004-08-04 00:56:50 49,152 ----a-w c:\windows\system32\ddeshare.exe
- 2004-08-04 00:56:50 25,088 ----a-w c:\windows\system32\defrag.exe
+ 2004-08-04 00:56:50 44,032 ----a-w c:\windows\system32\defrag.exe
- 2004-08-04 00:56:50 82,432 ----a-w c:\windows\system32\dfrgfat.exe
+ 2004-08-04 00:56:50 101,376 ----a-w c:\windows\system32\dfrgfat.exe
- 2004-08-04 00:56:50 104,960 ----a-w c:\windows\system32\dfrgntfs.exe
+ 2004-08-04 00:56:50 123,904 ----a-w c:\windows\system32\dfrgntfs.exe
- 2004-08-04 00:56:50 85,504 ----a-w c:\windows\system32\diantz.exe
+ 2004-08-04 00:56:50 104,448 ----a-w c:\windows\system32\diantz.exe
- 2004-08-04 00:56:50 163,840 ----a-w c:\windows\system32\diskpart.exe
+ 2004-08-04 00:56:50 182,784 ----a-w c:\windows\system32\diskpart.exe
- 2001-09-04 04:20:36 17,920 ----a-w c:\windows\system32\diskperf.exe
+ 2001-09-04 04:20:36 36,864 ----a-w c:\windows\system32\diskperf.exe
+ 2008-11-06 16:33:52 684,032 ----a-w c:\windows\system32\DivX.dll
+ 2008-11-06 16:33:54 823,296 ----a-w c:\windows\system32\divx_xx07.dll
+ 2008-11-06 16:33:54 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
+ 2008-11-06 16:33:54 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
+ 2008-11-06 16:33:54 802,816 ----a-w c:\windows\system32\divx_xx11.dll
+ 2008-11-06 16:37:36 544,768 ----a-w c:\windows\system32\DivXsm.exe
+ 2008-11-06 16:33:02 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
- 2004-08-04 00:56:48 183,808 -c--a-w c:\windows\system32\dllcache\accwiz.exe
+ 2004-08-04 00:56:48 202,752 -c--a-w c:\windows\system32\dllcache\accwiz.exe
- 2004-08-04 00:56:48 4,096 -c--a-w c:\windows\system32\dllcache\actmovie.exe
+ 2004-08-04 00:56:48 23,040 -c--a-w c:\windows\system32\dllcache\actmovie.exe
- 2003-03-24 11:22:04 16,439 -c--a-w c:\windows\system32\dllcache\admin.exe
+ 2003-03-24 11:22:04 36,919 -c--a-w c:\windows\system32\dllcache\admin.exe
- 2004-08-04 00:56:48 256,512 -c--a-w c:\windows\system32\dllcache\agentsvr.exe
+ 2004-08-04 00:56:48 275,456 -c--a-w c:\windows\system32\dllcache\agentsvr.exe
- 2004-08-04 00:56:48 98,304 -c--a-w c:\windows\system32\dllcache\ahui.exe
+ 2004-08-04 00:56:48 117,248 -c--a-w c:\windows\system32\dllcache\ahui.exe
- 2004-08-04 00:56:48 44,544 -c--a-w c:\windows\system32\dllcache\alg.exe
+ 2004-08-04 00:56:48 63,488 -c--a-w c:\windows\system32\dllcache\alg.exe
- 2001-09-04 04:20:14 19,456 -c--a-w c:\windows\system32\dllcache\arp.exe
+ 2001-09-04 04:20:14 38,400 -c--a-w c:\windows\system32\dllcache\arp.exe
- 2004-08-04 00:56:48 30,208 -c--a-w c:\windows\system32\dllcache\asr_fmt.exe
+ 2004-08-04 00:56:48 49,152 -c--a-w c:\windows\system32\dllcache\asr_fmt.exe
- 2001-09-04 04:20:16 32,256 -c--a-w c:\windows\system32\dllcache\asr_ldm.exe
+ 2001-09-04 04:20:16 51,200 -c--a-w c:\windows\system32\dllcache\asr_ldm.exe
- 2004-08-04 00:56:48 32,768 -c--a-w c:\windows\system32\dllcache\asr_pfu.exe
+ 2004-08-04 00:56:48 51,712 -c--a-w c:\windows\system32\dllcache\asr_pfu.exe
- 2004-08-04 00:56:48 25,088 -c--a-w c:\windows\system32\dllcache\at.exe
+ 2004-08-04 00:56:48 44,032 -c--a-w c:\windows\system32\dllcache\at.exe
- 2004-08-04 00:56:48 11,264 -c--a-w c:\windows\system32\dllcache\atmadm.exe
+ 2004-08-04 00:56:48 30,208 -c--a-w c:\windows\system32\dllcache\atmadm.exe
- 2001-09-04 04:20:16 11,264 -c--a-w c:\windows\system32\dllcache\attrib.exe
+ 2001-09-04 04:20:16 30,208 -c--a-w c:\windows\system32\dllcache\attrib.exe
- 2004-08-04 00:56:48 14,336 -c--a-w c:\windows\system32\dllcache\auditusr.exe
+ 2004-08-04 00:56:48 33,280 -c--a-w c:\windows\system32\dllcache\auditusr.exe
- 2003-03-24 11:22:04 16,439 -c--a-w c:\windows\system32\dllcache\author.exe
+ 2003-03-24 11:22:04 36,919 -c--a-w c:\windows\system32\dllcache\author.exe
- 2001-09-04 04:20:18 42,577 -c--a-w c:\windows\system32\dllcache\bckgzm.exe
+ 2001-09-04 04:20:18 61,521 -c--a-w c:\windows\system32\dllcache\bckgzm.exe
- 2004-08-04 00:56:50 768,512 -c--a-w c:\windows\system32\dllcache\helpctr.exe
+ 2004-08-04 00:56:50 787,456 -c--a-w c:\windows\system32\dllcache\helpctr.exe
- 2004-08-04 00:56:56 69,632 -c--a-w c:\windows\system32\dllcache\odbcconf.exe
+ 2004-08-04 00:56:56 90,112 -c--a-w c:\windows\system32\dllcache\odbcconf.exe
+ 2007-04-27 04:13:58 120,200 ----a-w c:\windows\system32\DLLDEV32i.dll
- 2004-08-04 00:56:50 5,120 ----a-w c:\windows\system32\dllhost.exe
+ 2004-08-04 00:56:50 24,064 ----a-w c:\windows\system32\dllhost.exe
- 2001-09-04 04:20:36 4,608 ----a-w c:\windows\system32\dllhst3g.exe
+ 2001-09-04 04:20:36 23,552 ----a-w c:\windows\system32\dllhst3g.exe
- 2004-08-04 00:56:50 224,768 ----a-w c:\windows\system32\dmadmin.exe
+ 2004-08-04 00:56:50 243,712 ----a-w c:\windows\system32\dmadmin.exe
- 2004-08-04 00:56:50 15,872 ----a-w c:\windows\system32\dmremote.exe
+ 2004-08-04 00:56:50 34,816 ----a-w c:\windows\system32\dmremote.exe
- 2001-09-04 04:20:36 10,752 ----a-w c:\windows\system32\doskey.exe
+ 2001-09-04 04:20:36 29,696 ----a-w c:\windows\system32\doskey.exe
+ 2008-12-11 00:33:26 86,016 ----a-w c:\windows\system32\dpl100.dll
- 2004-08-04 00:56:50 30,208 ----a-w c:\windows\system32\dplaysvr.exe
+ 2004-08-04 00:56:50 49,152 ----a-w c:\windows\system32\dplaysvr.exe
- 2004-08-04 00:56:50 18,432 ----a-w c:\windows\system32\dpnsvr.exe
+ 2004-08-04 00:56:50 37,376 ----a-w c:\windows\system32\dpnsvr.exe
+ 2008-12-09 02:28:52 294,912 ----a-w c:\windows\system32\dpu11.dll
+ 2008-12-09 02:28:52 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
+ 2008-12-09 02:28:52 344,064 ----a-w c:\windows\system32\dpus11.dll
+ 2008-12-09 02:28:52 57,344 ----a-w c:\windows\system32\dpv11.dll
- 2004-08-04 00:56:50 83,456 ----a-w c:\windows\system32\dpvsetup.exe
+ 2004-08-04 00:56:50 102,400 ----a-w c:\windows\system32\dpvsetup.exe
- 2001-09-04 04:20:56 58,368 ----a-w c:\windows\system32\driverquery.exe
+ 2001-09-04 04:20:56 77,312 ----a-w c:\windows\system32\driverquery.exe
- 2001-09-04 04:20:56 45,568 ----a-w c:\windows\system32\drwtsn32.exe
+ 2001-09-04 04:20:56 64,512 ----a-w c:\windows\system32\drwtsn32.exe
+ 2008-12-11 00:33:26 200,704 ----a-w c:\windows\system32\dtu100.dll
- 2004-08-04 00:56:50 10,752 ----a-w c:\windows\system32\dumprep.exe
+ 2004-08-04 00:56:50 29,696 ----a-w c:\windows\system32\dumprep.exe
- 2001-09-04 04:20:56 55,296 ----a-w c:\windows\system32\dvdplay.exe
+ 2001-09-04 04:20:56 74,240 ----a-w c:\windows\system32\dvdplay.exe
- 2004-08-04 00:56:50 17,920 ----a-w c:\windows\system32\dvdupgrd.exe
+ 2004-08-04 00:56:50 36,864 ----a-w c:\windows\system32\dvdupgrd.exe
- 2004-08-04 00:56:50 180,224 ----a-w c:\windows\system32\dwwin.exe
+ 2004-08-04 00:56:50 200,704 ----a-w c:\windows\system32\dwwin.exe
- 2004-08-04 00:56:50 1,298,432 ----a-w c:\windows\system32\dxdiag.exe
+ 2004-08-04 00:56:50 1,318,912 ----a-w c:\windows\system32\dxdiag.exe
- 2001-09-04 04:21:00 39,424 ----a-w c:\windows\system32\esentutl.exe
+ 2001-09-04 04:21:00 58,368 ----a-w c:\windows\system32\esentutl.exe
- 2004-08-04 00:56:50 193,024 ----a-w c:\windows\system32\eudcedit.exe
+ 2004-08-04 00:56:50 211,968 ----a-w c:\windows\system32\eudcedit.exe
- 2004-08-04 00:56:50 50,176 ----a-w c:\windows\system32\eventcreate.exe
+ 2004-08-04 00:56:50 69,120 ----a-w c:\windows\system32\eventcreate.exe
- 2001-09-04 04:21:00 77,824 ----a-w c:\windows\system32\eventtriggers.exe
+ 2001-09-04 04:21:00 96,768 ----a-w c:\windows\system32\eventtriggers.exe
- 2001-09-04 04:21:00 8,704 ----a-w c:\windows\system32\eventvwr.exe
+ 2001-09-04 04:21:00 27,648 ----a-w c:\windows\system32\eventvwr.exe
- 2001-09-04 04:21:00 15,872 ----a-w c:\windows\system32\expand.exe
+ 2001-09-04 04:21:00 34,816 ----a-w c:\windows\system32\expand.exe
- 2004-08-04 00:56:50 45,568 ----a-w c:\windows\system32\extrac32.exe
+ 2004-08-04 00:56:50 64,512 ----a-w c:\windows\system32\extrac32.exe
- 2001-09-04 04:21:00 14,848 ----a-w c:\windows\system32\fc.exe
+ 2001-09-04 04:21:00 33,792 ----a-w c:\windows\system32\fc.exe
- 2001-09-04 04:21:02 9,216 ----a-w c:\windows\system32\find.exe
+ 2001-09-04 04:21:02 28,160 ----a-w c:\windows\system32\find.exe
- 2004-08-04 00:56:50 27,136 ----a-w c:\windows\system32\findstr.exe
+ 2004-08-04 00:56:50 46,080 ----a-w c:\windows\system32\findstr.exe
- 2001-09-04 04:21:02 9,216 ----a-w c:\windows\system32\finger.exe
+ 2001-09-04 04:21:02 28,160 ----a-w c:\windows\system32\finger.exe
- 2001-09-04 04:21:02 3,072 ----a-w c:\windows\system32\fixmapi.exe
+ 2001-09-04 04:21:02 22,016 ----a-w c:\windows\system32\fixmapi.exe
- 2004-08-04 00:56:50 22,528 ----a-w c:\windows\system32\fltMc.exe
+ 2004-08-04 00:56:50 41,472 ----a-w c:\windows\system32\fltMc.exe
- 2008-07-01 14:21:31 1,597,216 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-02 13:58:41 1,615,112 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 00:56:50 20,992 ----a-w c:\windows\system32\fontview.exe
+ 2004-08-04 00:56:50 39,936 ----a-w c:\windows\system32\fontview.exe
- 2001-09-04 04:21:02 7,168 ----a-w c:\windows\system32\forcedos.exe
+ 2001-09-04 04:21:02 26,112 ----a-w c:\windows\system32\forcedos.exe
- 2001-09-04 04:21:02 55,296 ----a-w c:\windows\system32\freecell.exe
+ 2001-09-04 04:21:02 74,240 ----a-w c:\windows\system32\freecell.exe
- 2004-08-04 00:56:50 193,024 ----a-w c:\windows\system32\fsquirt.exe
+ 2004-08-04 00:56:50 211,968 ----a-w c:\windows\system32\fsquirt.exe
- 2001-09-04 04:21:02 56,320 ----a-w c:\windows\system32\fsutil.exe
+ 2001-09-04 04:21:02 75,264 ----a-w c:\windows\system32\fsutil.exe
- 2004-08-04 00:56:50 42,496 ----a-w c:\windows\system32\ftp.exe
+ 2004-08-04 00:56:50 61,440 ----a-w c:\windows\system32\ftp.exe
- 2001-09-04 04:21:04 55,296 ----a-w c:\windows\system32\getmac.exe
+ 2001-09-04 04:21:04 74,240 ----a-w c:\windows\system32\getmac.exe
- 2009-01-05 22:33:03 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
+ 2009-01-05 22:33:03 3,772,475 ----a-w c:\windows\system32\GPhotos.scr
- 2004-08-04 00:56:50 119,808 ----a-w c:\windows\system32\gpresult.exe
+ 2004-08-04 00:56:50 138,752 ----a-w c:\windows\system32\gpresult.exe
- 2001-09-04 04:21:06 57,344 ----a-w c:\windows\system32\gpupdate.exe
+ 2001-09-04 04:21:06 76,288 ----a-w c:\windows\system32\gpupdate.exe
- 2004-08-04 00:56:50 39,424 ----a-w c:\windows\system32\grpconv.exe
+ 2004-08-04 00:56:50 58,368 ----a-w c:\windows\system32\grpconv.exe
- 2005-01-07 11:37:16 61,952 ------w c:\windows\system32\HdAShCut.exe
+ 2005-01-07 11:37:16 80,896 ------w c:\windows\system32\HdAShCut.exe
- 2001-09-04 04:21:08 14,848 ----a-w c:\windows\system32\help.exe
+ 2001-09-04 04:21:08 33,792 ----a-w c:\windows\system32\help.exe
- 2005-11-03 07:22:36 77,824 ----a-w c:\windows\system32\hkcmd.exe
+ 2005-11-03 07:22:36 98,304 ----a-w c:\windows\system32\hkcmd.exe
- 2001-09-04 04:21:08 7,680 ----a-w c:\windows\system32\hostname.exe
+ 2001-09-04 04:21:08 26,624 ----a-w c:\windows\system32\hostname.exe
- 2005-11-03 07:27:04 114,688 ----a-r c:\windows\system32\ialmudlg.exe
+ 2005-11-03 07:27:04 135,168 ----a-r c:\windows\system32\ialmudlg.exe
+ 2009-01-22 14:49:49 206,256 ----a-w c:\windows\system32\idmmbc.dll
- 2004-08-04 00:56:52 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2004-08-04 00:56:52 53,248 ----a-w c:\windows\system32\ie4uinit.exe
- 2004-08-04 00:56:52 114,688 ----a-w c:\windows\system32\iexpress.exe
+ 2004-08-04 00:56:52 133,632 ----a-w c:\windows\system32\iexpress.exe
- 2005-11-03 07:25:12 450,560 ----a-r c:\windows\system32\igfxcfg.exe
+ 2005-11-03 07:25:12 471,040 ----a-r c:\windows\system32\igfxcfg.exe
- 2005-11-03 07:26:22 94,208 ----a-r c:\windows\system32\igfxext.exe
+ 2005-11-03 07:26:22 114,688 ----a-r c:\windows\system32\igfxext.exe
- 2005-11-03 07:26:30 118,784 ----a-w c:\windows\system32\igfxpers.exe
+ 2005-11-03 07:26:30 139,264 ----a-w c:\windows\system32\igfxpers.exe
- 2005-11-03 07:22:28 159,744 ----a-r c:\windows\system32\igfxsrvc.exe
+ 2005-11-03 07:22:28 180,224 ----a-r c:\windows\system32\igfxsrvc.exe
- 2005-11-03 07:25:48 98,304 ----a-r c:\windows\system32\igfxtray.exe
+ 2005-11-03 07:25:48 118,784 ----a-r c:\windows\system32\igfxtray.exe
- 2005-11-03 07:26:16 114,688 ----a-r c:\windows\system32\igfxzoom.exe
+ 2005-11-03 07:26:16 135,168 ----a-r c:\windows\system32\igfxzoom.exe
- 2004-08-04 00:56:52 150,016 ----a-w c:\windows\system32\imapi.exe
+ 2004-08-04 00:56:52 168,960 ----a-w c:\windows\system32\imapi.exe
- 2004-08-03 17:32:16 455,168 ----a-w c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
+ 2004-08-03 17:32:16 474,112 ----a-w c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
- 2004-08-04 00:56:52 55,808 ----a-w c:\windows\system32\ipconfig.exe
+ 2004-08-04 00:56:52 74,752 ----a-w c:\windows\system32\ipconfig.exe
- 2001-09-04 04:21:14 44,032 ----a-w c:\windows\system32\ipsec6.exe
+ 2001-09-04 04:21:14 62,976 ----a-w c:\windows\system32\ipsec6.exe
- 2004-08-04 00:56:52 53,248 ----a-w c:\windows\system32\ipv6.exe
+ 2004-08-04 00:56:52 72,192 ----a-w c:\windows\system32\ipv6.exe
- 2004-08-04 00:56:52 23,552 ----a-w c:\windows\system32\ipxroute.exe
+ 2004-08-04 00:56:52 42,496 ----a-w c:\windows\system32\ipxroute.exe
- 2008-05-26 14:51:00 49,245 ----a-w c:\windows\system32\java.exe
+ 2008-05-26 14:51:00 69,725 ----a-w c:\windows\system32\java.exe
- 2008-05-26 14:51:00 49,247 ----a-w c:\windows\system32\javaw.exe
+ 2008-05-26 14:51:00 69,727 ----a-w c:\windows\system32\javaw.exe
- 2008-05-26 14:51:00 127,075 ----a-w c:\windows\system32\javaws.exe
+ 2008-05-26 14:51:00 147,555 ----a-w c:\windows\system32\javaws.exe
- 2003-02-28 12:56:30 15,120 ----a-w c:\windows\system32\jdbgmgr.exe
+ 2003-02-28 12:56:30 34,064 ----a-w c:\windows\system32\jdbgmgr.exe
- 2003-02-28 12:56:30 172,304 ----a-w c:\windows\system32\jview.exe
+ 2003-02-28 12:56:30 191,248 ----a-w c:\windows\system32\jview.exe
- 2001-09-04 04:21:20 9,728 ----a-w c:\windows\system32\label.exe
+ 2001-09-04 04:21:20 28,672 ----a-w c:\windows\system32\label.exe
+ 2008-11-06 16:35:00 1,044,480 ----a-w c:\windows\system32\libdivx.dll
- 2001-09-04 04:22:04 29,696 ----a-w c:\windows\system32\lights.exe
+ 2001-09-04 04:22:04 48,640 ----a-w c:\windows\system32\lights.exe
- 2001-09-04 04:22:04 25,088 ----a-w c:\windows\system32\lnkstub.exe
+ 2001-09-04 04:22:04 44,032 ----a-w c:\windows\system32\lnkstub.exe
- 2004-08-04 00:56:52 75,264 ----a-w c:\windows\system32\locator.exe
+ 2004-08-04 00:56:52 94,208 ----a-w c:\windows\system32\locator.exe
- 2001-09-04 04:22:04 5,120 ----a-w c:\windows\system32\lodctr.exe
+ 2001-09-04 04:22:04 24,064 ----a-w c:\windows\system32\lodctr.exe
- 2004-08-10 20:15:04 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2004-08-10 20:15:04 115,712 ----a-w c:\windows\system32\logagent.exe
- 2004-08-04 00:56:52 59,392 ----a-w c:\windows\system32\logman.exe
+ 2004-08-04 00:56:52 78,336 ----a-w c:\windows\system32\logman.exe
- 2001-09-04 04:22:04 15,360 ----a-w c:\windows\system32\logoff.exe
+ 2001-09-04 04:22:04 34,304 ----a-w c:\windows\system32\logoff.exe
- 2004-08-04 00:56:58 220,672 ----a-w c:\windows\system32\logon.scr
+ 2004-08-04 00:56:58 239,616 ----a-w c:\windows\system32\logon.scr
- 2004-08-04 00:56:52 514,560 ----a-w c:\windows\system32\logonui.exe
+ 2004-08-04 00:56:52 533,504 ----a-w c:\windows\system32\logonui.exe
- 2001-09-04 04:22:04 6,144 ----a-w c:\windows\system32\lpq.exe
+ 2001-09-04 04:22:04 25,088 ----a-w c:\windows\system32\lpq.exe
- 2001-09-04 04:22:04 8,192 ----a-w c:\windows\system32\lpr.exe
+ 2001-09-04 04:22:04 27,136 ----a-w c:\windows\system32\lpr.exe
- 2004-08-04 00:56:52 72,704 ----a-w c:\windows\system32\magnify.exe
+ 2004-08-04 00:56:52 91,648 ----a-w c:\windows\system32\magnify.exe
- 2004-08-04 00:56:52 85,504 ----a-w c:\windows\system32\makecab.exe
+ 2004-08-04 00:56:52 104,448 ----a-w c:\windows\system32\makecab.exe
+ 2007-12-04 08:50:56 700,416 ----a-w c:\windows\system32\mgxoschk.dll
- 2001-09-04 04:22:12 51,712 ----a-w c:\windows\system32\migpwd.exe
+ 2001-09-04 04:22:12 70,656 ----a-w c:\windows\system32\migpwd.exe
+ 2008-11-10 16:23:32 255,272 ----a-w c:\windows\system32\ml32i1.dll
+ 2008-11-10 16:23:34 267,560 ----a-w c:\windows\system32\ml32i2.dll
+ 2008-11-10 16:23:34 378,152 ----a-w c:\windows\system32\ml32i3.dll
+ 2008-11-10 16:23:36 185,640 ----a-w c:\windows\system32\mlmodule32.dll
- 2004-08-04 00:56:52 815,104 ----a-w c:\windows\system32\mmc.exe
+ 2004-08-04 00:56:52 834,048 ----a-w c:\windows\system32\mmc.exe
- 2004-08-04 00:56:52 32,768 ----a-w c:\windows\system32\mnmsrvc.exe
+ 2004-08-04 00:56:52 53,248 ----a-w c:\windows\system32\mnmsrvc.exe
- 2004-08-04 00:56:52 143,360 ----a-w c:\windows\system32\mobsync.exe
+ 2004-08-04 00:56:52 162,304 ----a-w c:\windows\system32\mobsync.exe
- 2001-09-04 04:22:14 8,192 ----a-w c:\windows\system32\mountvol.exe
+ 2001-09-04 04:22:14 27,136 ----a-w c:\windows\system32\mountvol.exe
- 2004-08-04 00:56:54 123,392 ----a-w c:\windows\system32\mplay32.exe
+ 2004-08-04 00:56:54 142,336 ----a-w c:\windows\system32\mplay32.exe
- 2001-09-04 04:22:14 22,016 ----a-w c:\windows\system32\mpnotify.exe
+ 2001-09-04 04:22:14 40,960 ----a-w c:\windows\system32\mpnotify.exe
- 2004-08-04 00:56:54 19,968 ----a-w c:\windows\system32\mqbkup.exe
+ 2004-08-04 00:56:54 38,912 ----a-w c:\windows\system32\mqbkup.exe
- 2004-08-04 00:56:54 4,608 ----a-w c:\windows\system32\mqsvc.exe
+ 2004-08-04 00:56:54 23,552 ----a-w c:\windows\system32\mqsvc.exe
- 2004-08-04 00:56:54 117,248 ----a-w c:\windows\system32\mqtgsvc.exe
+ 2004-08-04 00:56:54 136,192 ----a-w c:\windows\system32\mqtgsvc.exe
- 2001-09-04 04:22:16 12,800 ----a-w c:\windows\system32\mrinfo.exe
+ 2001-09-04 04:22:16 31,744 ----a-w c:\windows\system32\mrinfo.exe
- 2004-08-04 00:56:54 6,144 ----a-w c:\windows\system32\msdtc.exe
+ 2004-08-04 00:56:54 25,088 ----a-w c:\windows\system32\msdtc.exe
- 2001-09-04 04:22:20 20,992 ----a-w c:\windows\system32\msg.exe
+ 2001-09-04 04:22:20 39,936 ----a-w c:\windows\system32\msg.exe
- 2001-09-04 04:22:20 126,976 ----a-w c:\windows\system32\mshearts.exe
+ 2001-09-04 04:22:20 145,920 ----a-w c:\windows\system32\mshearts.exe
- 2004-08-04 00:56:54 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2004-08-04 00:56:54 48,128 ----a-w c:\windows\system32\mshta.exe
- 2005-05-04 09:15:36 78,848 ----a-w c:\windows\system32\msiexec.exe
+ 2005-05-04 09:15:36 97,792 ----a-w c:\windows\system32\msiexec.exe
- 2004-08-04 00:56:54 343,040 ----a-w c:\windows\system32\mspaint.exe
+ 2004-08-04 00:56:54 361,984 ----a-w c:\windows\system32\mspaint.exe
- 2001-09-04 04:22:26 6,656 ----a-w c:\windows\system32\msswchx.exe
+ 2001-09-04 04:22:26 25,600 ----a-w c:\windows\system32\msswchx.exe
- 2004-08-04 00:56:54 12,288 ----a-w c:\windows\system32\mstinit.exe
+ 2004-08-04 00:56:54 31,232 ----a-w c:\windows\system32\mstinit.exe
- 2004-08-03 17:59:42 407,552 ----a-w c:\windows\system32\mstsc.exe
+ 2004-08-03 17:59:42 426,496 ----a-w c:\windows\system32\mstsc.exe
- 2003-04-18 11:16:22 1,233,920 ----a-w c:\windows\system32\msxml4.dll
+ 2003-04-18 10:16:22 1,233,920 ----a-w c:\windows\system32\msxml4.dll
+ 2003-04-18 09:59:26 44,544 ----a-w c:\windows\system32\msxml4a.dll
- 2003-04-18 10:59:26 82,432 ----a-w c:\windows\system32\msxml4r.dll
+ 2003-04-18 09:59:26 82,432 ----a-w c:\windows\system32\msxml4r.dll
- 2004-08-04 00:56:56 53,760 ----a-w c:\windows\system32\narrator.exe
+ 2004-08-04 00:56:56 72,704 ----a-w c:\windows\system32\narrator.exe
- 2001-09-04 04:22:32 20,480 ----a-w c:\windows\system32\nbtstat.exe
+ 2001-09-04 04:22:32 39,424 ----a-w c:\windows\system32\nbtstat.exe
- 2004-08-04 00:56:56 4,096 ----a-w c:\windows\system32\nddeapir.exe
+ 2004-08-04 00:56:56 23,040 ----a-w c:\windows\system32\nddeapir.exe
- 2004-08-04 00:56:56 42,496 ----a-w c:\windows\system32\net.exe
+ 2004-08-04 00:56:56 61,440 ----a-w c:\windows\system32\net.exe
- 2004-08-04 00:56:56 124,928 ----a-w c:\windows\system32\net1.exe
+ 2004-08-04 00:56:56 143,872 ----a-w c:\windows\system32\net1.exe
- 2004-08-04 00:56:56 111,104 ----a-w c:\windows\system32\netdde.exe
+ 2004-08-04 00:56:56 130,048 ----a-w c:\windows\system32\netdde.exe
- 2004-08-04 01:02:46 329,728 ----a-w c:\windows\system32\netsetup.exe
+ 2004-08-04 01:02:46 350,720 ----a-w c:\windows\system32\netsetup.exe
- 2004-08-04 00:56:56 86,016 ----a-w c:\windows\system32\netsh.exe
+ 2004-08-04 00:56:56 104,960 ----a-w c:\windows\system32\netsh.exe
- 2004-08-04 00:56:56 36,864 ----a-w c:\windows\system32\netstat.exe
+ 2004-08-04 00:56:56 55,808 ----a-w c:\windows\system32\netstat.exe
- 2004-08-04 00:56:56 69,120 ----a-w c:\windows\system32\notepad.exe
+ 2004-08-04 00:56:56 88,064 ----a-w c:\windows\system32\notepad.exe
- 2004-08-04 00:56:56 15,360 ----a-w c:\windows\system32\npp\nppagent.exe
+ 2004-08-04 00:56:56 34,304 ----a-w c:\windows\system32\npp\nppagent.exe
- 2004-08-04 00:56:56 76,800 ----a-w c:\windows\system32\nslookup.exe
+ 2004-08-04 00:56:56 95,744 ----a-w c:\windows\system32\nslookup.exe
- 2004-08-04 00:56:56 1,200,128 ----a-w c:\windows\system32\ntbackup.exe
+ 2004-08-04 00:56:56 1,219,072 ----a-w c:\windows\system32\ntbackup.exe
- 2001-09-04 04:22:44 31,744 ----a-w c:\windows\system32\ntsd.exe
+ 2001-09-04 04:22:44 50,688 ----a-w c:\windows\system32\ntsd.exe
- 2004-08-04 00:56:56 419,840 ----a-w c:\windows\system32\ntvdm.exe
+ 2004-08-04 00:56:56 438,784 ----a-w c:\windows\system32\ntvdm.exe
- 2001-09-04 04:22:46 126,464 ----a-w c:\windows\system32\nwscript.exe
+ 2001-09-04 04:22:46 145,408 ----a-w c:\windows\system32\nwscript.exe
- 2004-08-04 00:56:56 32,768 ----a-w c:\windows\system32\odbcad32.exe
+ 2004-08-04 00:56:56 53,248 ----a-w c:\windows\system32\odbcad32.exe
- 2004-08-04 00:56:56 69,632 ----a-w c:\windows\system32\odbcconf.exe
+ 2004-08-04 00:56:56 90,112 ----a-w c:\windows\system32\odbcconf.exe
- 2004-08-04 00:56:56 67,584 ----a-w c:\windows\system32\openfiles.exe
+ 2004-08-04 00:56:56 86,528 ----a-w c:\windows\system32\openfiles.exe
- 2004-08-04 00:56:56 215,552 ----a-w c:\windows\system32\osk.exe
+ 2004-08-04 00:56:56 234,496 ----a-w c:\windows\system32\osk.exe
- 2001-09-04 04:22:54 40,448 ----a-w c:\windows\system32\osuninst.exe
+ 2001-09-04 04:22:54 59,392 ----a-w c:\windows\system32\osuninst.exe
- 2004-08-04 00:56:56 58,368 ----a-w c:\windows\system32\packager.exe
+ 2004-08-04 00:56:56 77,312 ----a-w c:\windows\system32\packager.exe
- 2001-09-04 04:22:54 21,504 ----a-w c:\windows\system32\pathping.exe
+ 2001-09-04 04:22:54 40,448 ----a-w c:\windows\system32\pathping.exe
- 2001-09-04 04:22:54 15,360 ----a-w c:\windows\system32\pentnt.exe
+ 2001-09-04 04:22:54 34,304 ----a-w c:\windows\system32\pentnt.exe
- 2004-08-04 00:56:56 15,872 ----a-w c:\windows\system32\perfmon.exe
+ 2004-08-04 00:56:56 34,816 ----a-w c:\windows\system32\perfmon.exe
- 2004-08-04 00:56:56 17,920 ----a-w c:\windows\system32\ping.exe
+ 2004-08-04 00:56:56 36,864 ----a-w c:\windows\system32\ping.exe
- 2001-09-04 04:22:56 33,280 ----a-w c:\windows\system32\ping6.exe
+ 2001-09-04 04:22:56 52,224 ----a-w c:\windows\system32\ping6.exe
- 2004-08-04 00:56:56 49,152 ----a-w c:\windows\system32\powercfg.exe
+ 2004-08-04 00:56:56 68,096 ----a-w c:\windows\system32\powercfg.exe
- 2001-09-04 04:22:56 9,216 ----a-w c:\windows\system32\print.exe
+ 2001-09-04 04:22:56 28,160 ----a-w c:\windows\system32\print.exe
- 2004-08-04 00:56:56 109,568 ----a-w c:\windows\system32\progman.exe
+ 2004-08-04 00:56:56 128,512 ----a-w c:\windows\system32\progman.exe
- 2004-08-04 00:56:56 50,176 ----a-w c:\windows\system32\proquota.exe
+ 2004-08-04 00:56:56 69,120 ----a-w c:\windows\system32\proquota.exe
- 2004-08-04 00:56:56 9,216 ----a-w c:\windows\system32\proxycfg.exe
+ 2004-08-04 00:56:56 28,160 ----a-w c:\windows\system32\proxycfg.exe
+ 2008-11-06 16:37:28 66,296 ------w c:\windows\system32\pxcpya64.exe
+ 2008-11-06 16:37:28 64,760 ------w c:\windows\system32\pxinsa64.exe
+ 2008-11-06 16:37:28 1,628,920 ------w c:\windows\system32\pxsfs.dll
- 2001-09-04 04:23:04 16,896 ----a-w c:\windows\system32\qappsrv.exe
+ 2001-09-04 04:23:04 35,840 ----a-w c:\windows\system32\qappsrv.exe
- 2004-08-04 00:56:56 20,480 ----a-w c:\windows\system32\qprocess.exe
+ 2004-08-04 00:56:56 39,424 ----a-w c:\windows\system32\qprocess.exe
+ 2008-11-06 16:37:32 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
- 2001-09-04 04:23:06 22,016 ----a-w c:\windows\system32\qwinsta.exe
+ 2001-09-04 04:23:06 40,960 ----a-w c:\windows\system32\qwinsta.exe
- 2001-09-04 04:23:08 11,776 ----a-w c:\windows\system32\rasautou.exe
+ 2001-09-04 04:23:08 30,720 ----a-w c:\windows\system32\rasautou.exe
- 2001-09-04 04:23:08 11,264 ----a-w c:\windows\system32\rasdial.exe
+ 2001-09-04 04:23:08 30,208 ----a-w c:\windows\system32\rasdial.exe
- 2004-08-04 00:56:56 56,832 ----a-w c:\windows\system32\rasphone.exe
+ 2004-08-04 00:56:56 75,776 ----a-w c:\windows\system32\rasphone.exe
- 2004-08-04 00:56:56 35,840 ----a-w c:\windows\system32\rcimlby.exe
+ 2004-08-04 00:56:56 54,784 ----a-w c:\windows\system32\rcimlby.exe
- 2004-08-04 00:56:56 21,504 ----a-w c:\windows\system32\rcp.exe
+ 2004-08-04 00:56:56 40,448 ----a-w c:\windows\system32\rcp.exe
- 2004-08-04 00:56:56 62,464 ----a-w c:\windows\system32\rdpclip.exe
+ 2004-08-04 00:56:56 81,408 ----a-w c:\windows\system32\rdpclip.exe
- 2004-08-04 00:56:56 13,824 ----a-w c:\windows\system32\rdsaddin.exe
+ 2004-08-04 00:56:56 32,768 ----a-w c:\windows\system32\rdsaddin.exe
- 2004-08-04 00:56:56 67,072 ----a-w c:\windows\system32\rdshost.exe
+ 2004-08-04 00:56:56 86,016 ----a-w c:\windows\system32\rdshost.exe
- 2001-09-04 04:23:08 7,168 ----a-w c:\windows\system32\recover.exe
+ 2001-09-04 04:23:08 26,112 ----a-w c:\windows\system32\recover.exe
- 2004-08-04 00:56:56 50,176 ----a-w c:\windows\system32\reg.exe
+ 2004-08-04 00:56:56 69,120 ----a-w c:\windows\system32\reg.exe
- 2001-09-04 04:23:08 3,584 ----a-w c:\windows\system32\regedt32.exe
+ 2001-09-04 04:23:08 22,528 ----a-w c:\windows\system32\regedt32.exe
- 2001-09-04 04:23:08 33,792 ----a-w c:\windows\system32\regini.exe
+ 2001-09-04 04:23:08 52,736 ----a-w c:\windows\system32\regini.exe
- 2004-08-04 00:56:56 11,776 ----a-w c:\windows\system32\regsvr32.exe
+ 2004-08-04 00:56:56 30,720 ----a-w c:\windows\system32\regsvr32.exe
- 2001-09-04 04:23:08 4,608 ----a-w c:\windows\system32\regwiz.exe
+ 2001-09-04 04:23:08 23,552 ----a-w c:\windows\system32\regwiz.exe
- 2001-09-04 04:23:08 32,768 ----a-w c:\windows\system32\relog.exe
+ 2001-09-04 04:23:08 51,712 ----a-w c:\windows\system32\relog.exe
- 2007-07-11 09:49:04 19,456 ----a-w c:\windows\system32\RemoveScr.exe
+ 2007-07-11 09:49:04 38,400 ----a-w c:\windows\system32\RemoveScr.exe
- 2001-09-04 04:23:08 12,800 ----a-w c:\windows\system32\replace.exe
+ 2001-09-04 04:23:08 31,744 ----a-w c:\windows\system32\replace.exe
- 2001-09-04 04:23:08 9,728 ----a-w c:\windows\system32\reset.exe
+ 2001-09-04 04:23:08 28,672 ----a-w c:\windows\system32\reset.exe
- 2004-08-04 00:56:56 380,416 ----a-w c:\windows\system32\Restore\rstrui.exe
+ 2004-08-04 00:56:56 399,360 ----a-w c:\windows\system32\Restore\rstrui.exe
- 2004-08-04 00:56:56 13,824 ----a-w c:\windows\system32\rexec.exe
+ 2004-08-04 00:56:56 32,768 ----a-w c:\windows\system32\rexec.exe
- 2001-09-04 04:23:10 19,968 ----a-w c:\windows\system32\route.exe
+ 2001-09-04 04:23:10 38,912 ----a-w c:\windows\system32\route.exe
- 2001-09-04 04:23:10 25,600 ----a-w c:\windows\system32\routemon.exe
+ 2001-09-04 04:23:10 44,544 ----a-w c:\windows\system32\routemon.exe
- 2004-08-04 00:56:56 14,848 ----a-w c:\windows\system32\rsh.exe
+ 2004-08-04 00:56:56 33,792 ----a-w c:\windows\system32\rsh.exe
- 2001-09-04 04:23:10 49,152 ----a-w c:\windows\system32\rsm.exe
+ 2001-09-04 04:23:10 68,096 ----a-w c:\windows\system32\rsm.exe
- 2001-09-04 04:23:10 24,576 ----a-w c:\windows\system32\rsmsink.exe
+ 2001-09-04 04:23:10 43,520 ----a-w c:\windows\system32\rsmsink.exe
- 2001-09-04 04:23:10 49,152 ----a-w c:\windows\system32\rsmui.exe
+ 2001-09-04 04:23:10 68,096 ----a-w c:\windows\system32\rsmui.exe
- 2004-08-04 00:56:56 107,520 ----a-w c:\windows\system32\rsnotify.exe
+ 2004-08-04 00:56:56 126,464 ----a-w c:\windows\system32\rsnotify.exe
- 2001-09-04 04:23:10 62,976 ----a-w c:\windows\system32\rsopprov.exe
+ 2001-09-04 04:23:10 81,920 ----a-w c:\windows\system32\rsopprov.exe
- 2001-09-04 04:23:10 132,608 ----a-w c:\windows\system32\rsvp.exe
+ 2001-09-04 04:23:10 151,552 ----a-w c:\windows\system32\rsvp.exe
- 2004-08-04 00:56:56 77,312 ----a-w c:\windows\system32\rtcshare.exe
+ 2004-08-04 00:56:56 96,256 ----a-w c:\windows\system32\rtcshare.exe
- 2001-09-04 04:23:10 16,384 ----a-w c:\windows\system32\runas.exe
+ 2001-09-04 04:23:10 35,328 ----a-w c:\windows\system32\runas.exe
- 2004-08-04 00:56:56 33,280 ----a-w c:\windows\system32\rundll32.exe
+ 2004-08-04 00:56:56 52,224 ----a-w c:\windows\system32\rundll32.exe
- 2004-08-04 00:56:56 14,336 ----a-w c:\windows\system32\runonce.exe
+ 2004-08-04 00:56:56 33,280 ----a-w c:\windows\system32\runonce.exe
- 2001-09-04 04:23:12 15,872 ----a-w c:\windows\system32\rwinsta.exe
+ 2001-09-04 04:23:12 34,816 ----a-w c:\windows\system32\rwinsta.exe
- 2004-08-04 00:56:56 13,312 ----a-w c:\windows\system32\savedump.exe
+ 2004-08-04 00:56:56 32,256 ----a-w c:\windows\system32\savedump.exe
- 2001-09-04 04:23:12 31,232 ----a-w c:\windows\system32\sc.exe
+ 2001-09-04 04:23:12 50,176 ----a-w c:\windows\system32\sc.exe
- 2004-08-04 00:56:56 95,744 ----a-w c:\windows\system32\scardsvr.exe
+ 2004-08-04 00:56:56 114,688 ----a-w c:\windows\system32\scardsvr.exe
- 2004-08-04 00:56:56 121,856 ----a-w c:\windows\system32\schtasks.exe
+ 2004-08-04 00:56:56 140,800 ----a-w c:\windows\system32\schtasks.exe
- 2004-08-04 00:56:58 9,216 ----a-w c:\windows\system32\scrnsave.scr
+ 2004-08-04 00:56:58 28,160 ----a-w c:\windows\system32\scrnsave.scr
- 2004-08-04 00:56:56 77,312 ----a-w c:\windows\system32\sdbinst.exe
+ 2004-08-04 00:56:56 96,256 ----a-w c:\windows\system32\sdbinst.exe
- 2004-08-04 00:56:56 18,432 ----a-w c:\windows\system32\secedit.exe
+ 2004-08-04 00:56:56 37,376 ----a-w c:\windows\system32\secedit.exe
- 2004-08-04 00:56:58 140,800 ----a-w c:\windows\system32\sessmgr.exe
+ 2004-08-04 00:56:58 159,744 ----a-w c:\windows\system32\sessmgr.exe
- 2004-08-04 00:56:58 31,232 ----a-w c:\windows\system32\sethc.exe
+ 2004-08-04 00:56:58 50,176 ----a-w c:\windows\system32\sethc.exe
- 2004-08-04 00:56:58 23,040 ----a-w c:\windows\system32\setup.exe
+ 2004-08-04 00:56:58 41,984 ----a-w c:\windows\system32\setup.exe
- 2001-09-04 04:23:14 9,728 ----a-w c:\windows\system32\sfc.exe
+ 2001-09-04 04:23:14 28,672 ----a-w c:\windows\system32\sfc.exe
- 2001-09-04 04:23:14 14,848 ----a-w c:\windows\system32\shadow.exe
+ 2001-09-04 04:23:14 33,792 ----a-w c:\windows\system32\shadow.exe
- 2004-08-04 00:56:58 42,496 ----a-w c:\windows\system32\shmgrate.exe
+ 2004-08-04 00:56:58 61,440 ----a-w c:\windows\system32\shmgrate.exe
- 2004-08-04 00:56:58 77,824 ----a-w c:\windows\system32\shrpubw.exe
+ 2004-08-04 00:56:58 96,768 ----a-w c:\windows\system32\shrpubw.exe
- 2004-08-04 00:56:58 19,456 ----a-w c:\windows\system32\shutdown.exe
+ 2004-08-04 00:56:58 38,400 ----a-w c:\windows\system32\shutdown.exe
- 2004-08-04 00:56:58 70,144 ----a-w c:\windows\system32\sigverif.exe
+ 2004-08-04 00:56:58 89,088 ----a-w c:\windows\system32\sigverif.exe
- 2004-08-04 00:56:58 26,112 ----a-w c:\windows\system32\skeys.exe
+ 2004-08-04 00:56:58 45,056 ----a-w c:\windows\system32\skeys.exe
- 2004-08-03 19:26:58 32,866 ----a-w c:\windows\system32\slrundll.exe
+ 2004-08-03 19:26:58 53,346 ----a-w c:\windows\system32\slrundll.exe
- 2004-08-03 19:26:58 73,796 ----a-w c:\windows\system32\slserv.exe
+ 2004-08-03 19:26:58 94,276 ----a-w c:\windows\system32\slserv.exe
- 2004-08-04 00:56:58 8,192 ----a-w c:\windows\system32\smbinst.exe
+ 2004-08-04 00:56:58 27,136 ----a-w c:\windows\system32\smbinst.exe
- 2004-08-04 00:56:58 89,600 ----a-w c:\windows\system32\smlogsvc.exe
+ 2004-08-04 00:56:58 108,544 ----a-w c:\windows\system32\smlogsvc.exe
- 2004-08-04 00:56:58 131,584 ----a-w c:\windows\system32\sndrec32.exe
+ 2004-08-04 00:56:58 150,528 ----a-w c:\windows\system32\sndrec32.exe
- 2001-09-04 04:23:18 138,752 ----a-w c:\windows\system32\sndvol32.exe
+ 2001-09-04 04:23:18 157,696 ----a-w c:\windows\system32\sndvol32.exe
- 2001-09-04 04:23:20 56,832 ----a-w c:\windows\system32\sol.exe
+ 2001-09-04 04:23:20 75,776 ----a-w c:\windows\system32\sol.exe
- 2001-09-04 04:23:20 23,552 ----a-w c:\windows\system32\sort.exe
+ 2001-09-04 04:23:20 42,496 ----a-w c:\windows\system32\sort.exe
- 2004-08-04 00:56:58 538,624 ----a-w c:\windows\system32\spider.exe
+ 2004-08-04 00:56:58 557,568 ----a-w c:\windows\system32\spider.exe
- 2004-08-03 17:59:36 12,800 ----a-w c:\windows\system32\spiisupd.exe
+ 2004-08-03 17:59:36 31,744 ----a-w c:\windows\system32\spiisupd.exe
- 2004-08-04 00:56:58 11,776 ----a-w c:\windows\system32\spnpinst.exe
+ 2004-08-04 00:56:58 30,720 ----a-w c:\windows\system32\spnpinst.exe
- 2004-08-04 00:56:58 704,512 ----a-w c:\windows\system32\ss3dfo.scr
+ 2004-08-04 00:56:58 724,992 ----a-w c:\windows\system32\ss3dfo.scr
- 2004-08-04 00:56:58 19,968 ----a-w c:\windows\system32\ssbezier.scr
+ 2004-08-04 00:56:58 38,912 ----a-w c:\windows\system32\ssbezier.scr
- 2004-08-04 00:56:58 393,216 ----a-w c:\windows\system32\ssflwbox.scr
+ 2004-08-04 00:56:58 413,696 ----a-w c:\windows\system32\ssflwbox.scr
+ 2008-11-06 16:35:00 200,704 ----a-w c:\windows\system32\ssldivx.dll
- 2004-08-04 00:56:58 20,992 ----a-w c:\windows\system32\ssmarque.scr
+ 2004-08-04 00:56:58 39,936 ----a-w c:\windows\system32\ssmarque.scr
- 2004-08-04 00:56:58 47,104 ----a-w c:\windows\system32\ssmypics.scr
+ 2004-08-04 00:56:58 66,048 ----a-w c:\windows\system32\ssmypics.scr
- 2004-08-04 00:56:58 18,944 ----a-w c:\windows\system32\ssmyst.scr
+ 2004-08-04 00:56:58 37,888 ----a-w c:\windows\system32\ssmyst.scr
- 2004-08-04 00:56:58 610,304 ----a-w c:\windows\system32\sspipes.scr
+ 2004-08-04 00:56:58 630,784 ----a-w c:\windows\system32\sspipes.scr
- 2004-08-04 00:56:58 14,336 ----a-w c:\windows\system32\ssstars.scr
+ 2004-08-04 00:56:58 33,280 ----a-w c:\windows\system32\ssstars.scr
- 2004-08-04 00:56:58 679,936 ----a-w c:\windows\system32\sstext3d.scr
+ 2004-08-04 00:56:58 700,416 ----a-w c:\windows\system32\sstext3d.scr
- 2004-08-04 00:56:58 14,848 ----a-w c:\windows\system32\stimon.exe
+ 2004-08-04 00:56:58 33,792 ----a-w c:\windows\system32\stimon.exe
- 2001-09-04 04:23:22 9,216 ----a-w c:\windows\system32\subst.exe
+ 2001-09-04 04:23:22 28,160 ----a-w c:\windows\system32\subst.exe
- 2001-09-04 04:23:24 51,200 ----a-w c:\windows\system32\syncapp.exe
+ 2001-09-04 04:23:24 70,144 ----a-w c:\windows\system32\syncapp.exe
- 2001-09-04 04:23:24 36,864 ----a-w c:\windows\system32\syskey.exe
+ 2001-09-04 04:23:24 55,808 ----a-w c:\windows\system32\syskey.exe
- 2004-08-04 00:56:58 105,984 ----a-w c:\windows\system32\sysocmgr.exe
+ 2004-08-04 00:56:58 124,928 ----a-w c:\windows\system32\sysocmgr.exe
- 2001-09-04 04:23:24 68,096 ----a-w c:\windows\system32\systeminfo.exe
+ 2001-09-04 04:23:24 87,040 ----a-w c:\windows\system32\systeminfo.exe
- 2001-09-04 04:23:26 3,072 ----a-w c:\windows\system32\systray.exe
+ 2001-09-04 04:23:26 22,016 ----a-w c:\windows\system32\systray.exe
- 2001-09-04 04:23:28 72,192 ----a-w c:\windows\system32\taskkill.exe
+ 2001-09-04 04:23:28 91,136 ----a-w c:\windows\system32\taskkill.exe
- 2001-09-04 04:23:28 72,192 ----a-w c:\windows\system32\tasklist.exe
+ 2001-09-04 04:23:28 91,136 ----a-w c:\windows\system32\tasklist.exe
- 2001-09-04 04:23:28 15,360 ----a-w c:\windows\system32\taskman.exe
+ 2001-09-04 04:23:28 34,304 ----a-w c:\windows\system32\taskman.exe
- 2004-08-04 00:56:58 135,680 ----a-w c:\windows\system32\taskmgr.exe
+ 2004-08-04 00:56:58 154,624 ----a-w c:\windows\system32\taskmgr.exe
- 2001-09-04 04:23:28 12,288 ----a-w c:\windows\system32\tcmsetup.exe
+ 2001-09-04 04:23:28 31,232 ----a-w c:\windows\system32\tcmsetup.exe
- 2001-09-04 04:23:28 19,456 ----a-w c:\windows\system32\tcpsvcs.exe
+ 2001-09-04 04:23:28 38,400 ----a-w c:\windows\system32\tcpsvcs.exe
- 2004-08-04 00:56:58 75,264 ----a-w c:\windows\system32\telnet.exe
+ 2004-08-04 00:56:58 94,208 ----a-w c:\windows\system32\telnet.exe
- 2001-09-04 04:23:28 16,896 ----a-w c:\windows\system32\tftp.exe
+ 2001-09-04 04:23:28 35,840 ----a-w c:\windows\system32\tftp.exe
- 2004-08-04 00:56:58 61,440 ----a-w c:\windows\system32\tlntadmn.exe
+ 2004-08-04 00:56:58 80,384 ----a-w c:\windows\system32\tlntadmn.exe
- 2004-08-04 00:56:58 78,336 ----a-w c:\windows\system32\tlntsess.exe
+ 2004-08-04 00:56:58 97,280 ----a-w c:\windows\system32\tlntsess.exe
- 2004-08-04 00:56:58 73,216 ----a-w c:\windows\system32\tlntsvr.exe
+ 2004-08-04 00:56:58 92,160 ----a-w c:\windows\system32\tlntsvr.exe
- 2004-08-04 00:56:58 347,136 ----a-w c:\windows\system32\tourstart.exe
+ 2004-08-04 00:56:58 366,080 ----a-w c:\windows\system32\tourstart.exe
- 2004-08-04 00:56:58 259,584 ----a-w c:\windows\system32\tracerpt.exe
+ 2004-08-04 00:56:58 278,528 ----a-w c:\windows\system32\tracerpt.exe
- 2004-08-04 00:56:58 12,288 ----a-w c:\windows\system32\tracert.exe
+ 2004-08-04 00:56:58 31,232 ----a-w c:\windows\system32\tracert.exe
- 2001-09-04 04:23:32 31,744 ----a-w c:\windows\system32\tracert6.exe
+ 2001-09-04 04:23:32 50,688 ----a-w c:\windows\system32\tracert6.exe
- 2001-09-04 04:23:32 14,848 ----a-w c:\windows\system32\tscon.exe
+ 2001-09-04 04:23:32 33,792 ----a-w c:\windows\system32\tscon.exe
- 2004-08-03 17:59:28 44,544 ----a-w c:\windows\system32\tscupgrd.exe
+ 2004-08-03 17:59:28 63,488 ----a-w c:\windows\system32\tscupgrd.exe
- 2001-09-04 04:23:32 14,848 ----a-w c:\windows\system32\tsdiscon.exe
+ 2001-09-04 04:23:32 33,792 ----a-w c:\windows\system32\tsdiscon.exe
- 2001-09-04 04:23:32 16,384 ----a-w c:\windows\system32\tskill.exe
+ 2001-09-04 04:23:32 35,328 ----a-w c:\windows\system32\tskill.exe
- 2001-09-04 04:23:32 16,896 ----a-w c:\windows\system32\tsshutdn.exe
+ 2001-09-04 04:23:32 35,840 ----a-w c:\windows\system32\tsshutdn.exe
- 2007-03-21 15:24:16 69,632 ----a-w c:\windows\system32\TWUNK_32.EXE
+ 2007-03-21 15:24:16 88,576 ----a-w c:\windows\system32\TWUNK_32.EXE
- 2001-09-04 04:23:34 36,352 ----a-w c:\windows\system32\typeperf.exe
+ 2001-09-04 04:23:34 55,296 ----a-w c:\windows\system32\typeperf.exe
- 2001-09-04 04:23:34 4,096 ----a-w c:\windows\system32\unlodctr.exe
+ 2001-09-04 04:23:34 23,040 ----a-w c:\windows\system32\unlodctr.exe
- 2004-08-04 00:56:58 16,896 ----a-w c:\windows\system32\upnpcont.exe
+ 2004-08-04 00:56:58 35,840 ----a-w c:\windows\system32\upnpcont.exe
- 2004-08-04 00:56:58 18,432 ----a-w c:\windows\system32\ups.exe
+ 2004-08-04 00:56:58 37,376 ----a-w c:\windows\system32\ups.exe
- 2004-08-04 00:56:52 240,128 ----a-w c:\windows\system32\usmt\migwiz.exe
+ 2004-08-04 00:56:52 259,072 ----a-w c:\windows\system32\usmt\migwiz.exe
- 2001-09-04 04:20:56 77,891 ----a-w c:\windows\system32\usrmlnka.exe
+ 2001-09-04 04:20:56 98,371 ----a-w c:\windows\system32\usrmlnka.exe
- 2001-09-04 04:20:56 61,508 ----a-w c:\windows\system32\usrprbda.exe
+ 2001-09-04 04:20:56 81,988 ----a-w c:\windows\system32\usrprbda.exe
- 2001-09-04 04:20:56 69,700 ----a-w c:\windows\system32\usrshuta.exe
+ 2001-09-04 04:20:56 90,180 ----a-w c:\windows\system32\usrshuta.exe
- 2004-08-04 00:56:58 50,176 ----a-w c:\windows\system32\utilman.exe
+ 2004-08-04 00:56:58 69,120 ----a-w c:\windows\system32\utilman.exe
- 2004-08-10 20:15:04 47,104 ----a-w c:\windows\system32\uwdf.exe
+ 2004-08-10 20:15:04 66,048 ----a-w c:\windows\system32\uwdf.exe
- 2001-09-04 04:23:38 98,304 ----a-w c:\windows\system32\verifier.exe
+ 2001-09-04 04:23:38 117,248 ----a-w c:\windows\system32\verifier.exe
- 2001-09-04 04:23:38 33,792 ----a-w c:\windows\system32\vssadmin.exe
+ 2001-09-04 04:23:38 52,736 ----a-w c:\windows\system32\vssadmin.exe
- 2004-08-04 00:56:58 289,792 ----a-w c:\windows\system32\vssvc.exe
+ 2004-08-04 00:56:58 308,736 ----a-w c:\windows\system32\vssvc.exe
- 2001-09-04 04:23:38 49,664 ----a-w c:\windows\system32\w32tm.exe
+ 2001-09-04 04:23:38 68,608 ----a-w c:\windows\system32\w32tm.exe
- 2004-08-04 00:56:56 36,864 ----a-w c:\windows\system32\wbem\scrcons.exe
+ 2004-08-04 00:56:56 55,808 ----a-w c:\windows\system32\wbem\scrcons.exe
- 2001-09-04 04:23:34 16,896 ----a-w c:\windows\system32\wbem\unsecapp.exe
+ 2001-09-04 04:23:34 35,840 ----a-w c:\windows\system32\wbem\unsecapp.exe
- 2004-08-04 00:56:58 126,464 ----a-w c:\windows\system32\wbem\wmiapsrv.exe
+ 2004-08-04 00:56:58 145,408 ----a-w c:\windows\system32\wbem\wmiapsrv.exe
- 2004-08-04 00:56:58 218,112 ----a-w c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-04 00:56:58 237,056 ----a-w c:\windows\system32\wbem\wmiprvse.exe
- 2004-08-10 20:15:04 38,912 ----a-w c:\windows\system32\wdfmgr.exe
+ 2004-08-10 20:15:04 57,856 ----a-w c:\windows\system32\wdfmgr.exe
- 2004-08-04 00:56:58 65,536 ----a-w c:\windows\system32\wextract.exe
+ 2004-08-04 00:56:58 84,480 ----a-w c:\windows\system32\wextract.exe
- 2004-08-04 00:56:58 433,664 ----a-w c:\windows\system32\wiaacmgr.exe
+ 2004-08-04 00:56:58 452,608 ----a-w c:\windows\system32\wiaacmgr.exe
- 2001-09-04 04:24:06 8,192 ----a-w c:\windows\system32\winhlp32.exe
+ 2001-09-04 04:24:06 27,136 ----a-w c:\windows\system32\winhlp32.exe
- 2001-09-04 04:24:08 119,808 ----a-w c:\windows\system32\winmine.exe
+ 2001-09-04 04:24:08 138,752 ----a-w c:\windows\system32\winmine.exe
- 2001-09-04 04:24:08 11,776 ----a-w c:\windows\system32\winmsd.exe
+ 2001-09-04 04:24:08 30,720 ----a-w c:\windows\system32\winmsd.exe
- 2004-08-04 00:56:58 5,632 ----a-w c:\windows\system32\winver.exe
+ 2004-08-04 00:56:58 24,576 ----a-w c:\windows\system32\winver.exe
- 2006-10-26 08:15:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE
+ 2006-10-26 08:15:04 312,320 ----a-w c:\windows\system32\WISPTIS.EXE
- 2003-02-28 12:56:32 171,792 ----a-w c:\windows\system32\wjview.exe
+ 2003-02-28 12:56:32 190,736 ----a-w c:\windows\system32\wjview.exe
- 2004-08-04 00:56:58 32,256 ----a-w c:\windows\system32\wpabaln.exe
+ 2004-08-04 00:56:58 51,200 ----a-w c:\windows\system32\wpabaln.exe
- 2004-08-04 00:56:58 32,256 ----a-w c:\windows\system32\wpnpinst.exe
+ 2004-08-04 00:56:58 51,200 ----a-w c:\windows\system32\wpnpinst.exe
- 2001-09-04 04:24:18 5,632 ----a-w c:\windows\system32\write.exe
+ 2001-09-04 04:24:18 24,576 ----a-w c:\windows\system32\write.exe
- 2004-08-04 00:56:58 13,824 ----a-w c:\windows\system32\wscntfy.exe
+ 2004-08-04 00:56:58 32,768 ----a-w c:\windows\system32\wscntfy.exe
- 2004-08-04 00:56:58 114,688 ----a-w c:\windows\system32\wscript.exe
+ 2004-08-04 00:56:58 135,168 ----a-w c:\windows\system32\wscript.exe
- 2004-08-04 00:56:58 165,888 ----a-w c:\windows\system32\wuauclt1.exe
+ 2004-08-04 00:56:58 184,832 ----a-w c:\windows\system32\wuauclt1.exe
- 2001-09-04 04:24:20 32,256 ----a-w c:\windows\system32\wupdmgr.exe
+ 2001-09-04 04:24:20 51,200 ----a-w c:\windows\system32\wupdmgr.exe
- 2004-08-04 00:56:58 30,720 ----a-w c:\windows\system32\xcopy.exe
+ 2004-08-04 00:56:58 49,664 ----a-w c:\windows\system32\xcopy.exe
- 2009-02-10 20:21:05 4,212 ---h--w c:\windows\system32\zllictbl.dat
+ 2009-04-05 05:53:48 4,212 ---h--w c:\windows\system32\zllictbl.dat
- 2009-01-30 23:46:39 10,881,581 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2009-03-31 16:12:31 11,622,888 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
- 2009-01-10 18:41:15 10,696,658 ----a-w c:\windows\system32\ZoneLabs\spyware0.dat
+ 2009-03-27 13:17:17 11,576,520 ----a-w c:\windows\system32\ZoneLabs\spyware0.dat
- 2001-09-04 04:23:28 15,360 ----a-w c:\windows\TASKMAN.EXE
+ 2001-09-04 04:23:28 34,304 ----a-w c:\windows\TASKMAN.EXE
- 2001-09-04 04:23:34 25,600 ----a-w c:\windows\twunk_32.exe
+ 2001-09-04 04:23:34 44,544 ----a-w c:\windows\twunk_32.exe
- 2000-08-31 02:30:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2000-08-31 02:30:00 72,548 ----a-w c:\windows\VFIND.exe
- 2004-08-04 00:56:58 283,648 ----a-w c:\windows\winhlp32.exe
+ 2004-08-04 00:56:58 302,592 ----a-w c:\windows\winhlp32.exe
- 2000-08-31 02:30:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 02:30:00 87,040 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 34304]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-03-11 2745776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 139264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-17 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 11:58 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dino]
--------- 2006-05-23 16:02 376832 c:\program files\ScreenMates\DOG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 69632 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-11-26 14:54 1057064 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1686528 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-11-26 14:54 1629480 c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-17 22:39 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Tenable Nessus"=2 (0x2)
"Abel"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"unwise_.exe"= unwise_.exe:SYSTEM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:TCP"= 9999:TCP:PORT1
"1013:TCP"= 1013:TCP:BS
"9991:TCP"= 9991:TCP:PORT2
"44423:TCP"= 44423:TCP:FD
"11929:TCP"= 11929:TCP:FD

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-26 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-26 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-26 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-26 298264]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-04-01 4414520]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-11 179856]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-04-19 2368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-11 15504]
S2 dhgxcerd;Image System;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 mdttmg;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 Windows Hosts Controller;Windows Hosts Controller; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - PROCMON11

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dhgxcerd
mdttmg
.
Contents of the 'Scheduled Tasks' folder

2009-04-04 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Aritra\Application Data\Mozilla\Firefox\Profiles\tpw2kqok.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/intl/
FF - component: c:\documents and settings\Aritra\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 13:25:45
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dhgxcerd]
"ServiceDll"="c:\windows\system32\pxeqog.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdttmg]
"ServiceDll"="c:\program files\Movie Maker\pxeqog.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):83,52,c6,53,40,49,3a,70,48,6e,3a,e1,a1,39,e3,e7,60,a8,98,1a,89,
ec,cc,e7,3c,9f,ca,03,04,d4,e6,c1,7b,04,41,8d,01,a7,5f,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7ea2df4a-111e-436e-bf17-0d40784f9f20}]
@Denied: (Full) (Everyone)
"Model"=dword:00000048
"Therad"=dword:00000005
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,20,01,b4,f4,48,
4b,95,61,05,98,32,02,34,2b,da,61,57,0e,fb,66,f7,a9,b0,41,b4,ba,0a,1e,d5,ad,\
.
Completion time: 2009-04-05 13:28:01
ComboFix-quarantined-files.txt 2009-04-05 07:57:58
ComboFix2.txt 2009-02-11 11:40:42
ComboFix3.txt 2008-04-24 04:03:43

Pre-Run: 320,425,984 bytes free
Post-Run: 308,256,768 bytes free

1105


PLEASE HELP

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 AM

Posted 13 April 2009 - 05:41 PM

Hello.

This is a nasty infection. You have a file infector infection.

Usually when only userinit.exe is infected we can cure it by altering the registry but now explorer.exe is infected it's very difficult to fix and in addition you have spoolsv.exe infected.. :thumbup2:

The option you should take is to format and start over.

Posted ImageFile Infector Warning

Your system is infected with a very nasty infection known as the File infectors. These infections also has IRC bot functionality. It is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.

For these reasons, you really can't truly fix it. You will need to reinstall and format the operating system on this machine. As of now, security experts suggest that a clean Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, pictures etc..) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.

Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them as it can penetrate and infect .exe files inside compressed files too.

More information on File infectors can be found over here and here

Good luck!

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 AM

Posted 16 April 2009 - 03:05 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users