Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan/Malware - Unknown types


  • This topic is locked This topic is locked
28 replies to this topic

#1 aj02719

aj02719

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 22 February 2010 - 07:55 AM

Last month, I experienced a Trojan, which I thought had been removed. I cannot recall what it was called. Since then, my browser (IE) appears to be hijacked at times. Google results are often redirected to fake virus scan sites among other things.

I am running Norton Interent Security, which hasn't appeared to have stopped or helped any of my issues.

Some things to note:

After running DDS, I receive an error message that states "can't find script engine for script c:\Documents and Settings\...\Local\temp\MSGB.PIF". I don't know if this affects the results of those logs. I ran DDS with Norton running at the time.

Also while running the GMER scan, a window pops up that states "Shutdown initiated by NT Authority\System - Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly." The computer then initiates a shutdown, leading to a "Fatal System Error" blue screen of death. Therefore, I am unable to save any log from the GMER program. I have tried multiple times, and it always results in a system shutdown. I've also tried to suspend Norton while running GMER, but it resulted ina a blue screen of death as well.



Thanks in advance for any assistance you can provide.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Andy Jones at 6:59:22.32 on Mon 02/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files Two\PrintKey2000\Printkey2000.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Andy Jones\Desktop\Defogger.exe
C:\Documents and Settings\Andy Jones\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Aim6]
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDET.EXE"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files two\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: motorola.com\idenupdate
Trusted Zone: movietickets.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxp://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127566791953
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxps://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andyjo~1\applic~1\mozilla\firefox\profiles\g67nmsn0.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R? AW_HOST;AW_HOST
R? awhost32;pcAnywhere Host Service
R? COMMONFX.SYS;COMMONFX.SYS
R? COMMONFX;COMMONFX
R? CTAUDFX.SYS;CTAUDFX.SYS
R? CTAUDFX;CTAUDFX
R? CTERFXFX.SYS;CTERFXFX.SYS
R? CTERFXFX;CTERFXFX
R? CTSBLFX.SYS;CTSBLFX.SYS
R? CTSBLFX;CTSBLFX
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? NPF;NetGroup Packet Filter Driver
R? NUVision;NUVision II Video Service
R? Transbase;Transbase
S? awlegacy;awlegacy
S? BHDrvx86;Symantec Heuristics Driver
S? ccHP;Symantec Hash Provider
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? IDSxpx86;IDSxpx86
S? Lbd;Lbd
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? Norton Internet Security;Norton Internet Security
S? Symantec Core LC;Symantec Core LC
S? SymEFA;Symantec Extended File Attributes
S? vburner;vburner
S? Viewpoint Manager Service;Viewpoint Manager Service

=============== Created Last 30 ================

2010-02-22 02:07:06 0 ----a-w- c:\documents and settings\andy jones\defogger_reenable
2010-02-21 03:16:17 98816 ----a-w- c:\windows\sed.exe
2010-02-21 03:16:17 77312 ----a-w- c:\windows\MBR.exe
2010-02-21 03:16:17 261632 ----a-w- c:\windows\PEV.exe
2010-02-21 03:16:17 161792 ----a-w- c:\windows\SWREG.exe
2010-01-30 01:36:22 0 d---a-w- c:\program files\Norton Support

==================== Find3M ====================

2010-01-27 17:06:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 03:14:22 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-01-01 22:44:34 70624 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2008-03-08 00:42:29 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-09-02 20:14:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090220080903\index.dat

============= FINISH: 7:00:57.62 ===============

Attached Files


Edited by aj02719, 23 February 2010 - 07:24 AM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 24 February 2010 - 03:20 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 aj02719

aj02719
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 25 February 2010 - 07:45 PM

Thank you for your reply.

I am still having issues. The only thing I am certain of is that I have a problem where my google searches are being redirected to fake sites. I have fixed javascript and vbscript errors in Windows XP that were causing me problems when I initially wrote this post.

I cannot complete a full scan using GMER. I have disabled all of my Norton Interent Security Components and have disabled Windows automatic updates. I had every Norton component disabled, turned on my Windows firewall, utilized Defogger AND had my internet connection unplugged. Scan times using GMER have varied between a few minutes to a few hours, but they always result in a blue screen of death. I cannot complete a full scan using GMER, therefore there are no results to post here. Addtitionaly, the link on your site to disable Norton does not work, nor can I seem to completely shut down Norton in any way, shape or fashion. I have searched for ways to shut Norton off, but the icon remains in my system tray.

Looking at the event viewer, the vblue screen/crash seems to coincide when Norton LiveUpdate tries to activate. But again, I had disabled the option to even run LiveUpdate in Norton altogether.

Any additional help or assistance is greatly appreciated!!!!

Below are the results of the DDS.txt file:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Andy Jones at 18:29:27.28 on Thu 02/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.556 [GMT -5:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files Two\PrintKey2000\Printkey2000.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Andy Jones\Desktop\Defogger.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\Andy Jones\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [tunebite.exe] c:\program files two\tunebite\tunebite.exe -hidden
uRun: [Aim6]
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDET.EXE"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bitmet~1.lnk - c:\program files\codebox\bitmeter\BitMeter2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files two\printkey2000\Printkey2000.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files two\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: motorola.com\idenupdate
Trusted Zone: movietickets.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxp://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127566791953
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxps://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andyjo~1\applic~1\mozilla\firefox\profiles\g67nmsn0.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-30 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-1-28 310320]
R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [2008-12-20 15872]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-1-28 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-28 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100218.001\IDSXpx86.sys [2010-2-19 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-1-28 117640]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-5 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-10 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100224.035\NAVENG.SYS [2010-2-24 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100224.035\NAVEX15.SYS [2010-2-24 1324720]
S3 awhost32;pcAnywhere Host Service;c:\program files two\symantec\pcanywhere\awhost32.exe [2004-11-1 106496]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2007-1-21 153760]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
S4 Transbase;Transbase;c:\bmwgroup\etklokal\transbase\tbmux32.exe --> c:\bmwgroup\etklokal\transbase\tbmux32.exe [?]

=============== Created Last 30 ================

2010-02-25 02:48:10 0 ----a-w- c:\documents and settings\andy jones\defogger_reenable
2010-02-25 02:12:27 0 d-----w- c:\temp\PS3
2010-02-23 12:40:56 0 d-----w- c:\temp\Grabs and Converts
2010-02-21 03:16:17 98816 ----a-w- c:\windows\sed.exe
2010-02-21 03:16:17 77312 ----a-w- c:\windows\MBR.exe
2010-02-21 03:16:17 261632 ----a-w- c:\windows\PEV.exe
2010-02-21 03:16:17 161792 ----a-w- c:\windows\SWREG.exe
2010-01-30 01:36:22 0 d---a-w- c:\program files\Norton Support

==================== Find3M ====================

2010-01-27 17:06:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 03:14:22 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-01-01 22:44:34 70624 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2008-03-08 00:42:29 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-09-02 20:14:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090220080903\index.dat

============= FINISH: 18:30:21.29 ===============

Attached Files


Edited by aj02719, 25 February 2010 - 09:22 PM.


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 28 February 2010 - 11:09 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

It sounds like a rootkit infection. We'll find out soon enough.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop. If you have already run ComboFix, delete your old copy and download a new one.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.


  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Try running GMER again after.

In your next reply include:
-the ComboFix log
-the GMER scan log (if you could run it)

With Regards,
The Panda

#5 aj02719

aj02719
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 28 February 2010 - 10:07 PM

Panda, thanks for the reply. I appreciate your assistance.

Since my first post, I have been doing some maintenance like removing unused programs, doing backups, etc. I've had several errors related to windows (explorer search, svhost crashing right on startup, etc). Everytime I fix one error, another pops up. I have no sound today, but it worked fine yesterday. I do realize some of my program deletion could have caused some of the errors. My browser is still hijacked - especially with the redirecting of links.

I tried to run GMER again, but it resulted in another blue screen. I suspect Norton is doing it. I checked the Event Viewer, and "Automatic Liveupdate" has an error right before blue screen/crash. Regarding how to shut off Norton: The directions you provided do not work for me. I click on the link for "Norton Interent Security" and I get a 405 error. In fact, I can't seem to visit any Symantec page without an error. Is there any way I could kill processes to shut off Norton?

Attached is my combofix log. I will try to run GMER again as well.

Thanks again.


ComboFix 10-02-27.04 - Andy Jones 02/28/2010 20:50:29.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.553 [GMT -5:00]
Running from: c:\documents and settings\Andy Jones\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 01:44 . 2010-02-12 22:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-03-01 01:44 . 2010-02-02 00:20 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-02-28 22:39 . 2010-02-03 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100228.005\NAVENG.SYS
2010-02-28 22:39 . 2010-02-03 09:00 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100228.005\NAVEX15.SYS
2010-02-28 22:39 . 2009-12-09 09:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100228.005\CCERASER.DLL
2010-02-28 22:39 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100228.005\ECMSVR32.DLL
2010-02-28 22:39 . 2009-08-26 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100228.005\EECTRL.SYS
2010-02-28 22:39 . 2009-08-26 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100228.005\ERASER.SYS
2010-02-28 22:39 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100228.005\NAVENG32.DLL
2010-02-28 22:39 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100228.005\NAVEX32A.DLL
2010-02-27 14:40 . 2010-02-27 14:57 -------- d-----w- c:\documents and settings\Andy Jones\Tracing
2010-02-27 14:38 . 2010-02-27 14:38 -------- d-----w- c:\documents and settings\Andy Jones\Application Data\Windows Search
2010-02-27 14:36 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-02-27 14:31 . 2010-02-27 14:31 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-27 13:55 . 2010-02-28 14:59 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-27 13:55 . 2010-02-27 13:55 -------- d-----w- c:\windows\system32\GroupPolicy
2010-02-27 13:53 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-02-27 13:53 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-02-27 13:53 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-02-26 02:48 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSXpx86.sys
2010-02-26 02:48 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\Scxpx86.dll
2010-02-26 02:48 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSxpx86.dll
2010-02-26 02:48 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSvix86.sys
2010-02-26 02:48 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSviA64.sys
2010-02-26 02:44 . 2010-02-26 02:44 -------- d-----w- c:\documents and settings\Andy Jones\Local Settings\Application Data\Symantec
2010-02-25 02:12 . 2010-02-25 02:12 -------- d-----w- c:\temp\PS3
2010-02-23 12:40 . 2010-02-23 12:54 -------- d-----w- c:\temp\Grabs and Converts
2010-02-19 23:10 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\Scxpx86.dll
2010-02-19 23:10 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys
2010-02-19 23:10 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys
2010-02-19 23:10 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSxpx86.dll
2010-02-19 23:10 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys
2010-02-07 04:41 . 2010-02-28 13:20 -------- d-----w- c:\documents and settings\Andy Jones\Application Data\vlc
2010-02-05 17:55 . 2010-02-05 17:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-01 03:22 . 2010-02-01 03:27 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-01 03:09 . 2010-02-01 03:09 -------- d-sh--w- c:\documents and settings\Administrator.JONESY\IECompatCache
2010-02-01 02:59 . 2010-02-01 02:59 -------- d-sh--w- c:\documents and settings\Administrator.JONESY\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 02:01 . 2008-11-01 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitmeter2
2010-02-28 13:36 . 2006-07-04 19:05 -------- d-----w- c:\documents and settings\Andy Jones\Application Data\uTorrent
2010-02-27 14:52 . 2005-01-23 17:44 97024 ----a-w- c:\documents and settings\Administrator.JONESY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-27 14:39 . 2004-11-03 00:33 97024 ----a-w- c:\documents and settings\Andy Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-26 23:13 . 2008-01-20 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-23 12:51 . 2004-11-06 18:27 -------- d-----w- c:\program files\Winamp
2010-02-23 03:00 . 2005-02-19 01:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-23 02:58 . 2005-02-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-21 13:18 . 2007-02-14 02:44 -------- d-----w- c:\program files\MagicISO
2010-02-21 13:18 . 2007-02-01 02:48 -------- d-----w- c:\program files\Pinnacle
2010-02-21 13:18 . 2004-10-25 14:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 01:54 . 2004-11-21 17:05 -------- d-----w- c:\windows\Fonts\ATMFolder
2010-02-19 12:39 . 2008-09-27 14:04 -------- d-----w- c:\documents and settings\Andy Jones\Application Data\dvdcss
2010-02-05 17:06 . 2009-11-30 23:05 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-05 17:06 . 2009-11-30 23:02 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-05 17:06 . 2009-11-30 23:01 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-05 17:06 . 2009-11-30 23:00 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-04 02:41 . 2004-10-25 14:33 -------- d-----w- c:\program files\Microsoft Money
2010-02-01 03:27 . 2009-01-09 14:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 01:36 . 2010-01-30 01:36 -------- d---a-w- c:\program files\Norton Support
2010-01-07 21:07 . 2009-01-09 14:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-01-09 14:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 03:16 . 2010-01-06 03:16 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-06 03:14 . 2010-01-06 03:15 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-01-02 20:23 . 2010-01-02 20:23 175616 ----a-w- c:\documents and settings\Andy Jones\Application Data\EA\EASW\GameFace\unrar64_nocrypt.dll
2010-01-02 20:23 . 2010-01-02 20:23 150528 ----a-w- c:\documents and settings\Andy Jones\Application Data\EA\EASW\GameFace\unrar_nocrypt.dll
2010-01-02 20:23 . 2010-01-02 20:23 30208 ----a-w- c:\documents and settings\Andy Jones\Application Data\EA\EASW\GameFace\FileDownloadConsole.exe
2010-01-02 20:23 . 2010-01-02 20:23 -------- d-----w- c:\documents and settings\Andy Jones\Application Data\EA
2010-01-01 22:44 . 2010-01-01 22:44 70624 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 10:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 1980-01-01 05:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 1980-01-01 05:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 10:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-03-08 00:42 . 2007-02-15 03:00 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-10-25 14:28 . 2004-08-25 17:52 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2006-01-12 20:40 . 2006-01-12 20:40 155648 c:\program files\Common Files\Ahead\Lib\bak\NeroCheck.exe

2004-11-27 14:49 . 2004-11-27 14:49 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2008-07-16 10:17 . 2008-07-16 10:17 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

2004-01-07 06:01 . 2004-01-07 06:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

2004-10-25 14:29 . 2002-09-30 06:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\bak\CTDVDDet.EXE
2009-01-17 14:30 . 2003-06-18 06:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

2004-10-25 14:29 . 2002-10-29 14:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\bak\CTSysVol.exe

2004-10-25 14:32 . 2004-08-23 23:19 57344 c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe

2004-10-25 14:32 . 2004-04-12 01:15 290816 c:\program files\Dell\Media Experience\bak\PCMService.exe

2005-04-12 15:27 . 2005-04-12 15:27 45056 c:\program files\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe

2007-07-28 02:07 . 2007-07-28 02:07 68856 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

2005-02-17 03:11 . 2005-02-17 03:11 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2007-05-08 20:24 . 2007-05-08 20:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2004-10-25 14:27 . 2004-03-23 17:16 135168 c:\program files\Intel\Intel Application Accelerator\bak\iaanotif.exe

2004-10-25 14:28 . 2003-09-04 01:12 221184 c:\program files\Intel\Modem Event Monitor\bak\IntelMEM.exe

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe
2009-09-09 01:09 . 2009-09-09 01:09 305440 c:\program files\iTunes\iTunesHelper.exe

2007-07-25 23:02 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe
2009-09-05 05:54 . 2009-09-05 05:54 417792 c:\program files\QuickTime\QTTask.exe

2005-05-19 13:47 . 2005-05-19 13:47 57344 c:\program files\SlySoft\CloneCD\bak\CloneCDTray.exe

2004-02-06 16:29 . 2004-02-06 16:29 0 c:\program files two\321Studios\Platinum\bak\makedir

2004-10-25 14:29 . 2000-05-11 06:00 90112 c:\windows\bak\UpdReg.EXE

2007-02-01 02:52 . 2003-11-10 21:06 406016 c:\windows\SYSTEM32\bak\PSDrvCheck.exe

2004-10-25 14:43 . 2004-08-13 06:05 122939 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe
2009-05-29 01:23 . 2004-08-13 05:05 122939 c:\windows\SYSTEM32\dla\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"tunebite.exe"="c:\program files two\tunebite\tunebite.exe" [N/A]
"Aim6"="" [N/A]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [N/A]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [N/A]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [N/A]
"UpdReg"="c:\windows\UpdReg.EXE" [N/A]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [N/A]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [N/A]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-16 185896]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"CTHelper"="CTHELPER.EXE" [2008-06-27 19456]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-18 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2008-6-29 1462272]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Printkey2000.lnk - c:\program files two\PrintKey2000\Printkey2000.exe [2005-10-22 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2004-11-01 16:50 8704 ----a-w- c:\windows\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\ANDYJO~1\LOCALS~1\Temp\gdwvn.tmp 2yADJIIHEP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files Two\\FlexiSIGN-PRO 7\\Program\\App.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [11/30/2009 6:06 PM 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NIS\1008000.029\SymEFA.sys [1/28/2010 4:48 PM 310320]
R0 vburner;vburner;c:\windows\SYSTEM32\DRIVERS\vburner.sys [12/20/2008 2:28 PM 15872]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NIS\1008000.029\BHDrvx86.sys [1/28/2010 4:48 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NIS\1008000.029\cchpx86.sys [1/28/2010 4:48 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSXpx86.sys [2/25/2010 9:48 PM 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [1/28/2010 4:48 PM 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/10/2009 7:47 PM 24652]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/27/2008 7:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/27/2008 7:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/27/2008 7:21 PM 566296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2010 3:17 AM 102448]
S3 COMMONFX;COMMONFX;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/27/2008 7:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/27/2008 7:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/27/2008 7:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/27/2008 7:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/27/2008 7:21 PM 566296]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [11/6/2007 3:22 PM 34064]
S3 NUVision;NUVision II Video Service;c:\windows\SYSTEM32\DRIVERS\nuvvid2.sys [1/21/2007 4:11 PM 153760]
S4 Transbase;Transbase;c:\bmwgroup\ETKLokal\transbase\tbmux32.exe --> c:\bmwgroup\ETKLokal\transbase\tbmux32.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:06]

2010-02-27 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:06]

2010-02-27 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:06]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:06]

2010-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:06]

2010-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-02-28 c:\windows\Tasks\User_Feed_Synchronization-{B8DF4450-6212-4BBF-8EB8-9B61E398EF8A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: motorola.com\idenupdate
Trusted Zone: movietickets.com\www
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\Andy Jones\Application Data\Mozilla\Firefox\Profiles\g67nmsn0.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 21:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1292)
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(940)
c:\windows\system32\WININET.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-28 21:05:40
ComboFix-quarantined-files.txt 2010-03-01 02:05
ComboFix2.txt 2010-02-21 03:32
ComboFix3.txt 2009-01-13 12:34

Pre-Run: 90,426,032,128 bytes free
Post-Run: 90,636,763,136 bytes free

- - End Of File - - FFBF381B1F9A6E0B5413569234C8C611

Edited by PropagandaPanda, 01 March 2010 - 04:32 PM.
remove redundant log portion


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 01 March 2010 - 04:38 PM

Hello.

I see some signs of infection.

Let's temporarily uninstall Norton. Please follow the directions on doing so here:
http://service1.symantec.com/Support/tsgen...005033108162039

I take it that GMER could not run even after ComboFix? If so, please run RootRepeal.

Download and Run Scan with RootRepeal
We will use RootRepeal to scan for rootkits.
  • Open RootRepeal.exe on your desktop. If you are using Windows Vista, right click RootRepeal.exe and select Run As Administrator.
  • Click the Report tab.
  • Click the Scan button.
  • Check all seven boxes.
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

With Regards,
The Panda

#7 aj02719

aj02719
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 02 March 2010 - 06:56 AM

Panda,

I was finally able to download the Norton Removal Tool using another computer then transferring the file. Any Norton related site will not load on the infected PC.

I ran RootReperal and had an error "Error - Invalid PE image found", but was still able to run the scan. I did not see any checkboxes however.

I also tried to run GMER again, and this time it did NOT result in a blue screen, I'm assuming becuase we removed Norton. It did look like the scan completed, but when I tried to save the results, the program just crashed/closed with no warning or message.

Thanks again!!!

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/03/01 23:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF7644000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xF77EC000 Size: 23552 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF74D5000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xF73E9000 Size: 101888 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB8560000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7654000 Size: 42368 File Visible: - Signed: -
Status: -

Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xF7684000 Size: 44928 File Visible: - Signed: -
Status: -

Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xF793C000 Size: 12800 File Visible: - Signed: -
Status: -

Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xF7584000 Size: 55168 File Visible: - Signed: -
Status: -

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 02 March 2010 - 07:09 PM

Hello.

Hmm I don't see any active malware left. Please confirm that the redirects are still occuring.

It appears that some program files were removed at some point. You may have to reinstall the following programs:
Windows Live Messenger
TuneBite

Run ComboFix with CFScript
The script below includes directives for ComboFix to upload a file sample. Follow any given prompts given at the end of ComboFix's run.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    CODE
    http://www.bleepingcomputer.com/forums/t/297686/trojanmalware-unknown-types/
    Suspect::[59]
    c:\windows\SYSTEM32\DRIVERS\vburner.sys

    AWF::
    c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
    c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
    c:\program files\Intel\Intel Application Accelerator\bak\iaanotif.exe
    c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
    c:\program files\Intel\Modem Event Monitor\bak\IntelMEM.exe
    c:\windows\bak\UpdReg.EXE
    c:\program files\Common Files\Ahead\Lib\bak\NeroCheck.exe
    c:\program files\SlySoft\CloneCD\bak\CloneCDTray.exe
    c:\windows\SYSTEM32\bak\PSDrvCheck.exe

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midi9"=-
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)

    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

With Regards,
The Panda

#9 aj02719

aj02719
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 03 March 2010 - 08:37 PM

Panda, my system suffered a crash right when I tried that fix. Long story short, I had to utilize system restore to get my computer working again. Should I continue with that fix? Thanks.

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 04 March 2010 - 04:26 PM

Hello.

That is strange. The script did not touch any vital system files. I would appreciate a brief description of the crash. You computer couldn't start again?

Please run ComboFix again just by clicking on it. Post back the resulting log.

With Regards,
The Panda

#11 aj02719

aj02719
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 04 March 2010 - 11:06 PM

Combofix locked up. I waited a long time, and nothing would respond. I had to power down manually. When I restarted, the Windows XP logo screen came up, followed by a nlack screen with only the mouse function. Nothing else worked.

I could log into Safe Mode, so after trying a few things, I was forced to do do a system restore to an earlier point.

I know I have a ton of Windows error at this point. I've had trouble removing Norton, as I also had to remove PCAnywhere in the process. If I removed both at the same time, I got svhost errors on start up. The OS seems to be more stable at this point.

As to a previous question, my Google searches result in redirects at least 20% of the time. I also still can't visit any Norton/Symantec sites.

When I ran Combofix, I get a "can't find ???CMD.cfxxe", but Combofix still runs a scan.

ComboFix 10-02-27.04 - Andy Jones 03/04/2010 22:33:54.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.620 [GMT -5:00]
Running from: c:\documents and settings\Andy Jones\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 02:19 . 2010-03-05 02:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-05 02:17 . 2010-03-05 02:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-03-05 02:15 . 2010-03-05 02:16 -------- d--h--w- c:\program files\Creative Installation Information
2010-03-05 02:15 . 2010-03-05 02:15 -------- d-----w- c:\program files\Common Files\Creative
2010-03-04 23:16 . 2010-03-05 02:15 -------- d-----w- C:\ComboFix(3)
2010-03-04 03:24 . 2010-03-04 23:28 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-03-04 03:24 . 2010-03-04 23:28 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-03-04 03:14 . 1998-01-08 07:00 1048576 ------w- c:\windows\system32\SFMAN.DAT
2010-03-04 03:02 . 2003-02-20 22:33 232723 ----a-w- c:\windows\system32\ctstatic.dat
2010-03-04 03:02 . 2003-02-20 22:44 190842 ----a-w- c:\windows\system32\ctdlang.dat
2010-03-04 03:02 . 2003-02-20 22:29 53674 ----a-w- c:\windows\system32\ctdaught.dat
2010-03-04 03:02 . 2003-01-23 18:17 138716 ----a-w- c:\windows\system32\ctbas2w.dat
2010-03-04 03:02 . 2003-01-23 18:09 110720 ----a-w- c:\windows\system32\CTBASICW.DAT
2010-03-04 01:25 . 2010-03-05 02:17 -------- d-----w- C:\RECYCLER(3)
2010-03-03 08:49 . 2010-03-03 08:49 -------- d-----w- c:\windows\dell
2010-03-03 01:53 . 2010-03-05 02:17 -------- d-----w- C:\ComboFix(2)
2010-03-02 22:36 . 2010-03-02 22:36 -------- d-----w- C:\found.000
2010-02-27 14:40 . 2010-02-27 14:57 -------- d-----w- c:\documents and settings\Andy Jones\Tracing
2010-02-27 14:38 . 2010-02-27 14:38 -------- d-----w- c:\documents and settings\Andy Jones\Application Data\Windows Search
2010-02-27 14:36 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-02-27 14:31 . 2010-02-27 14:31 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-27 13:55 . 2010-02-28 14:59 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-27 13:55 . 2010-02-27 13:55 -------- d-----w- c:\windows\system32\GroupPolicy
2010-02-27 13:53 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-02-27 13:53 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-02-27 13:53 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-02-26 02:44 . 2010-02-26 02:44 -------- d-----w- c:\documents and settings\Andy Jones\Local Settings\Application Data\Symantec
2010-02-25 02:12 . 2010-02-25 02:12 -------- d-----w- c:\temp\PS3
2010-02-23 12:40 . 2010-02-23 12:54 -------- d-----w- c:\temp\Grabs and Converts
2010-02-07 04:41 . 2010-03-04 23:13 -------- d-----w- c:\documents and settings\Andy Jones\Application Data\vlc
2010-02-05 17:55 . 2010-02-05 17:55 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 03:42 . 2008-11-01 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitmeter2
2010-03-05 03:22 . 2004-10-25 14:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-05 03:22 . 2004-10-25 14:36 -------- d-----w- c:\program files\Symantec
2010-03-05 03:22 . 2004-10-25 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-05 03:22 . 2004-11-03 00:32 -------- d-----w- c:\documents and settings\Andy Jones\Application Data\Symantec
2010-03-05 02:17 . 2008-02-09 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-05 02:17 . 2005-12-20 01:16 -------- d-----w- c:\program files\Lavasoft
2010-03-05 02:16 . 2004-10-25 14:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 02:15 . 2004-10-25 14:28 -------- d-----w- c:\program files\Creative
2010-03-05 01:39 . 2004-08-10 18:13 78479 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-01 23:06 . 2009-11-30 23:02 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-28 13:36 . 2006-07-04 19:05 -------- d-----w- c:\documents and settings\Andy Jones\Application Data\uTorrent
2010-02-27 14:52 . 2005-01-23 17:44 97024 ----a-w- c:\documents and settings\Administrator.JONESY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-27 14:39 . 2004-11-03 00:33 97024 ----a-w- c:\documents and settings\Andy Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-26 23:13 . 2008-01-20 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-23 12:51 . 2004-11-06 18:27 -------- d-----w- c:\program files\Winamp
2010-02-23 03:00 . 2005-02-19 01:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-23 02:58 . 2005-02-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-21 13:18 . 2007-02-14 02:44 -------- d-----w- c:\program files\MagicISO
2010-02-21 13:18 . 2007-02-01 02:48 -------- d-----w- c:\program files\Pinnacle
2010-02-20 01:54 . 2004-11-21 17:05 -------- d-----w- c:\windows\Fonts\ATMFolder
2010-02-19 12:39 . 2008-09-27 14:04 -------- d-----w- c:\documents and settings\Andy Jones\Application Data\dvdcss
2010-02-05 17:06 . 2009-11-30 23:05 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-05 17:06 . 2009-11-30 23:01 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-05 17:06 . 2009-11-30 23:00 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-04 02:41 . 2004-10-25 14:33 -------- d-----w- c:\program files\Microsoft Money
2010-02-01 03:27 . 2009-01-09 14:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 03:27 . 2010-02-01 03:22 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-30 01:36 . 2010-01-30 01:36 -------- d---a-w- c:\program files\Norton Support
2010-01-07 21:07 . 2009-01-09 14:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-01-09 14:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 03:16 . 2010-01-06 03:16 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-06 03:14 . 2010-01-06 03:15 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-01-02 20:23 . 2010-01-02 20:23 175616 ----a-w- c:\documents and settings\Andy Jones\Application Data\EA\EASW\GameFace\unrar64_nocrypt.dll
2010-01-02 20:23 . 2010-01-02 20:23 150528 ----a-w- c:\documents and settings\Andy Jones\Application Data\EA\EASW\GameFace\unrar_nocrypt.dll
2010-01-02 20:23 . 2010-01-02 20:23 30208 ----a-w- c:\documents and settings\Andy Jones\Application Data\EA\EASW\GameFace\FileDownloadConsole.exe
2010-01-01 22:44 . 2010-01-01 22:44 70624 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 10:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 1980-01-01 05:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 1980-01-01 05:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-03-08 00:42 . 2007-02-15 03:00 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2004-08-12 13:59 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\SYSTEM32\mfc40u.dll
[-] 2004-08-04 10:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-03-01_02.00.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-12 14:08 . 2004-08-12 14:08 18944 c:\windows\vmmreg32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\VMMREG32.DLL
+ 2004-08-12 14:07 . 2004-08-12 14:07 25600 c:\windows\twunk_32.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 25600 c:\windows\twunk_32.exe
+ 2004-08-12 14:07 . 2004-08-12 14:07 49680 c:\windows\twunk_16.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 49680 c:\windows\twunk_16.exe
+ 2004-08-12 14:07 . 2004-08-12 14:07 94784 c:\windows\twain.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 94784 c:\windows\TWAIN.DLL
+ 2010-03-05 03:31 . 2010-03-05 03:31 16384 c:\windows\temp\Perflib_Perfdata_81c.dat
- 2004-08-04 10:00 . 2004-08-04 10:00 32256 c:\windows\SYSTEM32\WUPDMGR.EXE
+ 2004-08-12 14:10 . 2004-08-12 14:10 32256 c:\windows\SYSTEM32\wupdmgr.exe
+ 2004-08-12 14:10 . 2004-08-12 14:10 11776 c:\windows\SYSTEM32\wshisn.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 11776 c:\windows\SYSTEM32\WSHISN.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 13824 c:\windows\SYSTEM32\WOWFAXUI.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 13824 c:\windows\SYSTEM32\wowfaxui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 10368 c:\windows\SYSTEM32\WOWEXEC.EXE
+ 2004-08-12 14:10 . 2004-08-12 14:10 10368 c:\windows\SYSTEM32\wowexec.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\SYSTEM32\WMIPROP.DLL
+ 2004-08-12 14:09 . 2004-08-12 14:09 18944 c:\windows\SYSTEM32\wmiprop.dll
+ 2004-08-12 14:09 . 2004-08-12 14:09 51200 c:\windows\SYSTEM32\wmerrenu.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 51200 c:\windows\SYSTEM32\WMERRENU.DLL
+ 2004-08-12 14:09 . 2004-08-12 14:09 18944 c:\windows\SYSTEM32\winstrm.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\SYSTEM32\WINSTRM.DLL
+ 2004-08-12 14:09 . 2004-08-12 14:09 11776 c:\windows\SYSTEM32\winmsd.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 11776 c:\windows\SYSTEM32\WINMSD.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 13312 c:\windows\SYSTEM32\WIN87EM.DLL
+ 2004-08-12 14:09 . 2004-08-12 14:09 13312 c:\windows\SYSTEM32\win87em.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18432 c:\windows\SYSTEM32\WIN.COM
+ 2004-08-12 14:09 . 2004-08-12 14:09 18432 c:\windows\SYSTEM32\win.com
+ 2004-08-12 14:09 . 2004-08-12 14:09 13600 c:\windows\SYSTEM32\wfwnet.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 13600 c:\windows\SYSTEM32\WFWNET.DRV
+ 2004-08-12 14:09 . 2004-08-12 14:09 40448 c:\windows\SYSTEM32\webhits.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 40448 c:\windows\SYSTEM32\WEBHITS.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 22016 c:\windows\SYSTEM32\W32TOPL.DLL
+ 2004-08-12 14:08 . 2004-08-12 14:08 22016 c:\windows\SYSTEM32\w32topl.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 49664 c:\windows\SYSTEM32\W32TM.EXE
+ 2004-08-12 14:08 . 2004-08-12 14:08 49664 c:\windows\SYSTEM32\w32tm.exe
+ 2004-08-12 14:08 . 2004-08-12 14:08 33792 c:\windows\SYSTEM32\vssadmin.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 33792 c:\windows\SYSTEM32\VSSADMIN.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\SYSTEM32\VSS_PS.DLL
+ 2004-08-12 14:08 . 2004-08-12 14:08 16896 c:\windows\SYSTEM32\vss_ps.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18176 c:\windows\SYSTEM32\VGA64K.DLL
+ 2004-08-12 14:08 . 2004-08-12 14:08 18176 c:\windows\SYSTEM32\vga64k.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 51456 c:\windows\SYSTEM32\VGA256.DLL
+ 2004-08-12 14:08 . 2004-08-12 14:08 51456 c:\windows\SYSTEM32\vga256.dll
+ 2004-08-12 14:08 . 2004-08-12 14:08 98304 c:\windows\SYSTEM32\verifier.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 98304 c:\windows\SYSTEM32\VERIFIER.EXE
+ 2004-08-12 14:08 . 2004-08-12 14:08 13312 c:\windows\SYSTEM32\verifier.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 25600 c:\windows\SYSTEM32\UTILDLL.DLL
+ 2004-08-12 14:08 . 2004-08-12 14:08 25600 c:\windows\SYSTEM32\utildll.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 49211 c:\windows\SYSTEM32\USRVPA.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 49211 c:\windows\SYSTEM32\usrvpa.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 45116 c:\windows\SYSTEM32\USRVOICA.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 45116 c:\windows\SYSTEM32\usrvoica.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 49209 c:\windows\SYSTEM32\USRV80A.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 49209 c:\windows\SYSTEM32\usrv80a.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 41019 c:\windows\SYSTEM32\USRSVPIA.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 41019 c:\windows\SYSTEM32\usrsvpia.dll
+ 2001-08-17 22:37 . 2004-08-12 13:57 69700 c:\windows\SYSTEM32\usrshuta.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 69700 c:\windows\SYSTEM32\USRSHUTA.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 49211 c:\windows\SYSTEM32\USRSDPIA.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 49211 c:\windows\SYSTEM32\usrsdpia.dll
+ 2001-08-17 22:36 . 2004-08-12 13:57 77883 c:\windows\SYSTEM32\usrrtosa.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 77883 c:\windows\SYSTEM32\USRRTOSA.DLL
+ 2001-08-17 22:37 . 2004-08-12 13:57 61508 c:\windows\SYSTEM32\usrprbda.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 61508 c:\windows\SYSTEM32\USRPRBDA.EXE
+ 2001-08-17 22:37 . 2004-08-12 13:57 77891 c:\windows\SYSTEM32\usrmlnka.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 77891 c:\windows\SYSTEM32\USRMLNKA.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 53305 c:\windows\SYSTEM32\USRLBVA.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 53305 c:\windows\SYSTEM32\usrlbva.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 86073 c:\windows\SYSTEM32\USRFAXA.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 86073 c:\windows\SYSTEM32\usrfaxa.dll
+ 2001-08-17 22:36 . 2004-08-12 13:57 77890 c:\windows\SYSTEM32\usrdpa.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 77890 c:\windows\SYSTEM32\USRDPA.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 69699 c:\windows\SYSTEM32\usrcoina.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 69699 c:\windows\SYSTEM32\USRCOINA.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 61500 c:\windows\SYSTEM32\USRCNTRA.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 61500 c:\windows\SYSTEM32\usrcntra.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 47872 c:\windows\SYSTEM32\USER.EXE
+ 2004-08-12 14:08 . 2004-08-12 14:08 47872 c:\windows\SYSTEM32\user.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 17920 c:\windows\SYSTEM32\UREG.DLL
+ 2004-08-12 14:08 . 2004-08-12 14:08 17920 c:\windows\SYSTEM32\ureg.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 13312 c:\windows\SYSTEM32\UMDMXFRM.DLL
+ 2004-08-12 14:07 . 2004-08-12 14:07 13312 c:\windows\SYSTEM32\umdmxfrm.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 82432 c:\windows\SYSTEM32\UFAT.DLL
+ 2004-08-12 14:07 . 2004-08-12 14:07 82432 c:\windows\SYSTEM32\ufat.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 15360 c:\windows\SYSTEM32\TSD32.DLL
+ 2004-08-12 14:07 . 2004-08-12 14:07 15360 c:\windows\SYSTEM32\tsd32.dll
+ 2004-08-12 14:07 . 2004-08-12 14:07 52224 c:\windows\SYSTEM32\tsappcmp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 52224 c:\windows\SYSTEM32\TSAPPCMP.DLL
+ 2004-08-12 14:07 . 2004-08-12 14:07 11264 c:\windows\SYSTEM32\tree.com
+ 2004-08-12 14:07 . 2004-08-12 14:07 31232 c:\windows\SYSTEM32\traffic.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 31232 c:\windows\SYSTEM32\TRAFFIC.DLL
+ 2004-08-12 14:07 . 2004-08-12 14:07 31744 c:\windows\SYSTEM32\tracert6.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 31744 c:\windows\SYSTEM32\TRACERT6.EXE
+ 2004-08-12 14:07 . 2004-08-12 14:07 13888 c:\windows\SYSTEM32\toolhelp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 13888 c:\windows\SYSTEM32\TOOLHELP.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\SYSTEM32\TFTP.EXE
+ 2004-08-12 14:07 . 2004-08-12 14:07 16896 c:\windows\SYSTEM32\tftp.exe
+ 2004-08-12 14:07 . 2004-08-12 14:07 19456 c:\windows\SYSTEM32\tcpsvcs.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 19456 c:\windows\SYSTEM32\TCPSVCS.EXE
+ 2004-08-12 14:07 . 2004-08-12 14:07 12288 c:\windows\SYSTEM32\tcmsetup.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 12288 c:\windows\SYSTEM32\TCMSETUP.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 15360 c:\windows\SYSTEM32\TASKMAN.EXE
+ 2004-08-12 14:07 . 2004-08-12 14:07 15360 c:\windows\SYSTEM32\taskman.exe
+ 2004-08-12 14:07 . 2004-08-12 14:07 78848 c:\windows\SYSTEM32\tapiui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 78848 c:\windows\SYSTEM32\TAPIUI.DLL
+ 2004-08-12 14:07 . 2004-08-12 14:07 19200 c:\windows\SYSTEM32\tapi.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 19200 c:\windows\SYSTEM32\TAPI.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 36864 c:\windows\SYSTEM32\SYSKEY.EXE
+ 2004-08-12 14:06 . 2004-08-12 14:06 36864 c:\windows\SYSTEM32\syskey.exe
+ 2004-08-12 14:06 . 2004-08-12 14:06 15872 c:\windows\SYSTEM32\sysinv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 15872 c:\windows\SYSTEM32\SYSINV.DLL
+ 2004-08-12 14:06 . 2004-08-12 14:06 18896 c:\windows\SYSTEM32\sysedit.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 18896 c:\windows\SYSTEM32\SYSEDIT.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 51200 c:\windows\SYSTEM32\SYNCAPP.EXE
+ 2004-08-12 14:06 . 2004-08-12 14:06 51200 c:\windows\SYSTEM32\syncapp.exe
+ 2004-08-12 14:06 . 2004-08-12 14:06 49179 c:\windows\SYSTEM32\sqlwoa.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 49179 c:\windows\SYSTEM32\SQLWOA.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 24603 c:\windows\SYSTEM32\SQLWID.DLL
+ 2004-08-12 14:06 . 2004-08-12 14:06 24603 c:\windows\SYSTEM32\sqlwid.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 72192 c:\windows\SYSTEM32\SPRIO800.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 72192 c:\windows\SYSTEM32\sprio800.dll
+ 2001-08-17 22:36 . 2004-08-12 13:57 70656 c:\windows\SYSTEM32\sprio600.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 70656 c:\windows\SYSTEM32\SPRIO600.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 69632 c:\windows\SYSTEM32\spnike.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 69632 c:\windows\SYSTEM32\SPNIKE.DLL
+ 2004-08-12 14:05 . 2004-08-12 14:05 23552 c:\windows\SYSTEM32\sort.exe
+ 2004-08-12 14:05 . 2004-08-12 14:05 14848 c:\windows\SYSTEM32\slbrccsp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14848 c:\windows\SYSTEM32\SLBRCCSP.DLL
+ 2004-08-12 14:05 . 2004-08-12 14:05 13824 c:\windows\SYSTEM32\sisbkup.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 13824 c:\windows\SYSTEM32\SISBKUP.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 23552 c:\windows\SYSTEM32\SFMAPI.DLL
+ 2004-08-12 14:05 . 2004-08-12 14:05 23552 c:\windows\SYSTEM32\sfmapi.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 11753 c:\windows\SYSTEM32\SETVER.EXE
+ 2004-08-12 14:05 . 2004-08-12 14:05 11753 c:\windows\SYSTEM32\setver.exe
+ 2004-08-12 14:00 . 2004-08-12 14:00 82432 c:\windows\SYSTEM32\Setup\msdtcstp.dll
+ 2004-08-12 14:05 . 2004-08-12 14:05 14848 c:\windows\SYSTEM32\serwvdrv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14848 c:\windows\SYSTEM32\SERWVDRV.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 14336 c:\windows\SYSTEM32\serialui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14336 c:\windows\SYSTEM32\SERIALUI.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 13824 c:\windows\SYSTEM32\SENSCFG.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 13824 c:\windows\SYSTEM32\senscfg.dll
+ 2004-08-12 14:04 . 2004-08-12 14:04 26624 c:\windows\SYSTEM32\scredir.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 26624 c:\windows\SYSTEM32\SCREDIR.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 31232 c:\windows\SYSTEM32\sc.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 16384 c:\windows\SYSTEM32\RUNAS.EXE
+ 2004-08-12 14:04 . 2004-08-12 14:04 16384 c:\windows\SYSTEM32\runas.exe
+ 2004-08-12 14:04 . 2004-08-12 14:04 98304 c:\windows\SYSTEM32\rtm.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 98304 c:\windows\SYSTEM32\RTM.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 90112 c:\windows\SYSTEM32\rsvpsp.dll
+ 2004-08-12 14:04 . 2004-08-12 14:04 23552 c:\windows\SYSTEM32\rsvpmsg.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 23552 c:\windows\SYSTEM32\RSVPMSG.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 49152 c:\windows\SYSTEM32\RSMUI.EXE
+ 2004-08-12 14:04 . 2004-08-12 14:04 49152 c:\windows\SYSTEM32\rsmui.exe
+ 2004-08-12 14:04 . 2004-08-12 14:04 24576 c:\windows\SYSTEM32\rsmsink.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 24576 c:\windows\SYSTEM32\RSMSINK.EXE
+ 2004-08-12 14:04 . 2004-08-12 14:04 49152 c:\windows\SYSTEM32\rsm.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 49152 c:\windows\SYSTEM32\RSM.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 22016 c:\windows\SYSTEM32\RPCNS4.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 22016 c:\windows\SYSTEM32\rpcns4.dll
+ 2004-08-12 14:04 . 2004-08-12 14:04 25600 c:\windows\SYSTEM32\routemon.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 25600 c:\windows\SYSTEM32\ROUTEMON.EXE
+ 2004-08-12 14:04 . 2004-08-12 14:04 19968 c:\windows\SYSTEM32\route.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 19968 c:\windows\SYSTEM32\ROUTE.EXE
+ 2004-08-12 14:04 . 2004-08-12 14:04 12800 c:\windows\SYSTEM32\replace.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 12800 c:\windows\SYSTEM32\REPLACE.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 12800 c:\windows\SYSTEM32\RASSER.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 12800 c:\windows\SYSTEM32\rasser.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 23552 c:\windows\SYSTEM32\RASRAD.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 23552 c:\windows\SYSTEM32\rasrad.dll
+ 2004-08-12 14:04 . 2004-08-12 14:04 22528 c:\windows\SYSTEM32\rasmxs.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 22528 c:\windows\SYSTEM32\RASMXS.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 11264 c:\windows\SYSTEM32\RASDIAL.EXE
+ 2004-08-12 14:04 . 2004-08-12 14:04 11264 c:\windows\SYSTEM32\rasdial.exe
+ 2004-08-12 14:04 . 2004-08-12 14:04 11776 c:\windows\SYSTEM32\rasctrs.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 11776 c:\windows\SYSTEM32\RASCTRS.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 11776 c:\windows\SYSTEM32\rasautou.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 11776 c:\windows\SYSTEM32\RASAUTOU.EXE
+ 2004-08-12 14:03 . 2004-08-12 14:03 10752 c:\windows\SYSTEM32\pschdprf.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 10752 c:\windows\SYSTEM32\PSCHDPRF.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 16384 c:\windows\SYSTEM32\PRFLBMSG.DLL
+ 2004-08-12 14:03 . 2004-08-12 14:03 16384 c:\windows\SYSTEM32\prflbmsg.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 46592 c:\windows\SYSTEM32\PMSPL.DLL
+ 2004-08-12 14:03 . 2004-08-12 14:03 46592 c:\windows\SYSTEM32\pmspl.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 30720 c:\windows\SYSTEM32\PLUSTAB.DLL
+ 2004-08-12 14:03 . 2004-08-12 14:03 30720 c:\windows\SYSTEM32\plustab.dll
+ 2004-08-12 14:03 . 2004-08-12 14:03 33280 c:\windows\SYSTEM32\ping6.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 33280 c:\windows\SYSTEM32\PING6.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 35328 c:\windows\SYSTEM32\PIFMGR.DLL
+ 2004-08-12 14:03 . 2004-08-12 14:03 35328 c:\windows\SYSTEM32\pifmgr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 12288 c:\windows\SYSTEM32\PERFTS.DLL
+ 2004-08-12 14:03 . 2004-08-12 14:03 12288 c:\windows\SYSTEM32\perfts.dll
+ 2004-08-12 14:03 . 2004-08-12 14:03 16896 c:\windows\SYSTEM32\perfnet.dll
+ 2004-08-12 14:03 . 2004-08-12 14:03 28626 c:\windows\SYSTEM32\perfd009.dat
- 2004-08-04 10:00 . 2004-08-04 10:00 28626 c:\windows\SYSTEM32\PERFD009.DAT
+ 2004-08-12 14:03 . 2004-08-12 14:03 15360 c:\windows\SYSTEM32\pentnt.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 15360 c:\windows\SYSTEM32\PENTNT.EXE
+ 2004-08-12 14:03 . 2004-08-12 14:03 21504 c:\windows\SYSTEM32\pathping.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 21504 c:\windows\SYSTEM32\PATHPING.EXE
+ 2004-08-12 14:03 . 2004-08-12 14:03 10240 c:\windows\SYSTEM32\panmap.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 10240 c:\windows\SYSTEM32\PANMAP.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 40448 c:\windows\SYSTEM32\OSUNINST.EXE
+ 2004-08-12 14:03 . 2004-08-12 14:03 40448 c:\windows\SYSTEM32\osuninst.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 69120 c:\windows\SYSTEM32\OLETHK32.DLL
+ 2004-08-12 14:03 . 2004-08-12 14:03 69120 c:\windows\SYSTEM32\olethk32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 22016 c:\windows\SYSTEM32\OLESVR32.DLL
+ 2004-08-12 14:03 . 2004-08-12 14:03 22016 c:\windows\SYSTEM32\olesvr32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 24064 c:\windows\SYSTEM32\OLESVR.DLL
+ 2004-08-12 14:03 . 2004-08-12 14:03 24064 c:\windows\SYSTEM32\olesvr.dll
+ 2004-08-12 14:02 . 2004-08-12 14:02 34304 c:\windows\SYSTEM32\olecnv32.dll
+ 2004-08-12 14:02 . 2004-08-12 14:02 68608 c:\windows\SYSTEM32\olecli32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 82944 c:\windows\SYSTEM32\OLECLI.DLL
+ 2004-08-12 14:02 . 2004-08-12 14:02 82944 c:\windows\SYSTEM32\olecli.dll
+ 2004-08-12 14:02 . 2004-08-12 14:02 16896 c:\windows\SYSTEM32\oleaccrc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 39744 c:\windows\SYSTEM32\OLE2.DLL
+ 2004-08-12 14:02 . 2004-08-12 14:02 39744 c:\windows\SYSTEM32\ole2.dll
+ 2004-08-12 14:02 . 2004-08-12 14:02 60928 c:\windows\SYSTEM32\ocmanage.dll
+ 2004-08-12 14:02 . 2004-08-12 14:02 13312 c:\windows\SYSTEM32\ntvdmd.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 36864 c:\windows\SYSTEM32\NTSDEXTS.DLL
+ 2004-08-12 14:02 . 2004-08-12 14:02 36864 c:\windows\SYSTEM32\ntsdexts.dll
+ 2004-08-12 14:02 . 2004-08-12 14:02 31744 c:\windows\SYSTEM32\ntsd.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 31744 c:\windows\SYSTEM32\NTSD.EXE
+ 2004-08-12 14:02 . 2004-08-12 14:02 36864 c:\windows\SYSTEM32\ntmsevt.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 36864 c:\windows\SYSTEM32\NTMSEVT.DLL
+ 2004-08-12 14:02 . 2004-08-12 14:02 14336 c:\windows\SYSTEM32\ntlanui2.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14336 c:\windows\SYSTEM32\NTLANUI2.DLL
+ 2004-08-12 14:02 . 2004-08-12 14:02 57856 c:\windows\SYSTEM32\ntlanui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 57856 c:\windows\SYSTEM32\NTLANUI.DLL
+ 2004-08-12 14:02 . 2004-08-12 14:02 29146 c:\windows\SYSTEM32\ntdos804.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 29146 c:\windows\SYSTEM32\NTDOS804.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 29274 c:\windows\SYSTEM32\NTDOS412.SYS
+ 2004-08-12 14:02 . 2004-08-12 14:02 29274 c:\windows\SYSTEM32\ntdos412.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 29370 c:\windows\SYSTEM32\NTDOS411.SYS
+ 2004-08-12 14:02 . 2004-08-12 14:02 29370 c:\windows\SYSTEM32\ntdos411.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 29146 c:\windows\SYSTEM32\NTDOS404.SYS
+ 2004-08-12 14:02 . 2004-08-12 14:02 29146 c:\windows\SYSTEM32\ntdos404.sys
+ 2004-08-12 14:02 . 2004-08-12 14:02 27866 c:\windows\SYSTEM32\ntdos.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 27866 c:\windows\SYSTEM32\NTDOS.SYS
+ 2004-08-12 14:01 . 2004-08-12 14:01 20480 c:\windows\SYSTEM32\nbtstat.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 20480 c:\windows\SYSTEM32\NBTSTAT.EXE
+ 2004-08-12 14:01 . 2004-08-12 14:01 35840 c:\windows\SYSTEM32\narrhook.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 35840 c:\windows\SYSTEM32\NARRHOOK.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 90112 c:\windows\SYSTEM32\MYCOMPUT.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 90112 c:\windows\SYSTEM32\mycomput.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 87552 c:\windows\SYSTEM32\MUI\0009\hhctrlui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 87552 c:\windows\SYSTEM32\MUI\0009\HHCTRLUI.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 26624 c:\windows\SYSTEM32\msxmlr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 26624 c:\windows\SYSTEM32\MSXMLR.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 44032 c:\windows\SYSTEM32\MSXML3R.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 44032 c:\windows\SYSTEM32\msxml3r.dll
+ 2004-08-12 14:01 . 2004-08-12 14:01 37916 c:\windows\SYSTEM32\msxml2r.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 37916 c:\windows\SYSTEM32\MSXML2R.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 25600 c:\windows\SYSTEM32\msvidc32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 13312 c:\windows\SYSTEM32\MSSWCH.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 13312 c:\windows\SYSTEM32\msswch.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 35840 c:\windows\SYSTEM32\MSSIGN32.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 35840 c:\windows\SYSTEM32\mssign32.dll
+ 2004-08-12 14:01 . 2004-08-12 14:01 28746 c:\windows\SYSTEM32\msrecr40.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 28746 c:\windows\SYSTEM32\MSRECR40.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 73802 c:\windows\SYSTEM32\msrclr40.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 73802 c:\windows\SYSTEM32\MSRCLR40.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 60416 c:\windows\SYSTEM32\MSRATELC.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 60416 c:\windows\SYSTEM32\msratelc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 69632 c:\windows\SYSTEM32\MSR2C.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 69632 c:\windows\SYSTEM32\msr2c.dll
+ 2004-08-12 14:01 . 2004-08-12 14:01 41984 c:\windows\SYSTEM32\msports.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 41984 c:\windows\SYSTEM32\MSPORTS.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 33280 c:\windows\SYSTEM32\MSOBJS.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 33280 c:\windows\SYSTEM32\msobjs.dll
+ 2004-08-12 14:00 . 2004-08-12 14:00 14848 c:\windows\SYSTEM32\msidntld.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14848 c:\windows\SYSTEM32\MSIDNTLD.DLL
+ 2004-08-12 14:00 . 2004-08-12 14:00 94282 c:\windows\SYSTEM32\msencode.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 94282 c:\windows\SYSTEM32\MSENCODE.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 65024 c:\windows\SYSTEM32\MSAUDITE.DLL
+ 2004-08-12 14:00 . 2004-08-12 14:00 65024 c:\windows\SYSTEM32\msaudite.dll
+ 2004-08-12 14:00 . 2004-08-12 14:00 20480 c:\windows\SYSTEM32\msacm32.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 20480 c:\windows\SYSTEM32\MSACM32.DRV
+ 2004-08-12 14:00 . 2004-08-12 14:00 61168 c:\windows\SYSTEM32\msacm.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 61168 c:\windows\SYSTEM32\MSACM.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 12800 c:\windows\SYSTEM32\MRINFO.EXE
+ 2004-08-12 14:00 . 2004-08-12 14:00 12800 c:\windows\SYSTEM32\mrinfo.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 47104 c:\windows\SYSTEM32\MPRUI.DLL
+ 2004-08-12 14:00 . 2004-08-12 14:00 47104 c:\windows\SYSTEM32\mprui.dll
+ 2004-08-12 14:00 . 2004-08-12 14:00 99840 c:\windows\SYSTEM32\mprmsg.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 99840 c:\windows\SYSTEM32\MPRMSG.DLL
+ 2004-08-12 14:00 . 2004-08-12 14:00 49152 c:\windows\SYSTEM32\mprdim.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 69120 c:\windows\SYSTEM32\MPRDDM.DLL
+ 2004-08-12 14:00 . 2004-08-12 14:00 69120 c:\windows\SYSTEM32\mprddm.dll
+ 2004-08-12 14:00 . 2004-08-12 14:00 22016 c:\windows\SYSTEM32\mpnotify.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 22016 c:\windows\SYSTEM32\MPNOTIFY.EXE
+ 2004-08-12 14:00 . 2004-08-12 14:00 15872 c:\windows\SYSTEM32\more.com
- 2004-08-04 10:00 . 2004-08-04 10:00 10112 c:\windows\SYSTEM32\MODEX.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 10112 c:\windows\SYSTEM32\modex.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 19456 c:\windows\SYSTEM32\MODE.COM
+ 2004-08-12 13:59 . 2004-08-12 13:59 19456 c:\windows\SYSTEM32\mode.com
- 2004-08-04 10:00 . 2004-08-04 10:00 12288 c:\windows\SYSTEM32\MMDRV.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 12288 c:\windows\SYSTEM32\mmdrv.dll
+ 2004-08-12 13:59 . 2004-08-12 13:59 18944 c:\windows\SYSTEM32\mimefilt.dll
+ 2004-08-12 13:59 . 2004-08-12 13:59 51712 c:\windows\SYSTEM32\migpwd.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 51712 c:\windows\SYSTEM32\MIGPWD.EXE
+ 2004-08-12 13:59 . 2004-08-12 13:59 34304 c:\windows\SYSTEM32\migisol.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 46258 c:\windows\SYSTEM32\MIB.BIN
+ 2004-08-12 13:59 . 2004-08-12 13:59 46258 c:\windows\SYSTEM32\mib.bin
- 2004-08-04 10:00 . 2004-08-04 10:00 39274 c:\windows\SYSTEM32\MEM.EXE
+ 2004-08-12 13:59 . 2004-08-12 13:59 39274 c:\windows\SYSTEM32\mem.exe
+ 2004-08-12 13:59 . 2004-08-12 13:59 50176 c:\windows\SYSTEM32\mdhcp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 50176 c:\windows\SYSTEM32\MDHCP.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 28160 c:\windows\SYSTEM32\mciwave.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 28160 c:\windows\SYSTEM32\MCIWAVE.DRV
- 2004-08-04 10:00 . 2004-08-04 10:00 25264 c:\windows\SYSTEM32\MCISEQ.DRV
+ 2004-08-12 13:59 . 2004-08-12 13:59 25264 c:\windows\SYSTEM32\mciseq.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 17408 c:\windows\SYSTEM32\MCICDA.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 17408 c:\windows\SYSTEM32\mcicda.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 73376 c:\windows\SYSTEM32\MCIAVI.DRV
+ 2004-08-12 13:59 . 2004-08-12 13:59 73376 c:\windows\SYSTEM32\mciavi.drv
+ 2004-08-12 13:59 . 2004-08-12 13:59 10496 c:\windows\SYSTEM32\mcdsrv32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 10496 c:\windows\SYSTEM32\MCDSRV32.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 10240 c:\windows\SYSTEM32\mcd32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 10240 c:\windows\SYSTEM32\MCD32.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 50176 c:\windows\SYSTEM32\loghours.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 50176 c:\windows\SYSTEM32\LOGHOURS.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 25088 c:\windows\SYSTEM32\LNKSTUB.EXE
+ 2004-08-12 13:59 . 2004-08-12 13:59 25088 c:\windows\SYSTEM32\lnkstub.exe
+ 2004-08-12 13:59 . 2004-08-12 13:59 29696 c:\windows\SYSTEM32\lights.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 29696 c:\windows\SYSTEM32\LIGHTS.EXE
+ 2004-08-12 13:58 . 2004-08-12 13:58 89600 c:\windows\SYSTEM32\langwrbk.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 89600 c:\windows\SYSTEM32\LANGWRBK.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 42809 c:\windows\SYSTEM32\key01.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 42809 c:\windows\SYSTEM32\KEY01.SYS
+ 2004-08-12 13:58 . 2004-08-12 13:58 14710 c:\windows\SYSTEM32\kb16.com
- 2004-08-04 10:00 . 2004-08-04 10:00 14710 c:\windows\SYSTEM32\KB16.COM
+ 2004-08-12 13:58 . 2004-08-12 13:58 47952 c:\windows\SYSTEM32\jobexec.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 47952 c:\windows\SYSTEM32\JOBEXEC.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 65536 c:\windows\SYSTEM32\jgsh400.dll
- 2004-08-04 10:00 . 2003-08-09 22:36 65536 c:\windows\SYSTEM32\JGSH400.DLL
- 2004-08-04 10:00 . 2003-08-09 22:36 45568 c:\windows\SYSTEM32\JGSD400.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 45568 c:\windows\SYSTEM32\jgsd400.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 42496 c:\windows\SYSTEM32\jgpl400.dll
- 2004-08-04 10:00 . 2003-08-09 22:36 35840 c:\windows\SYSTEM32\JGMD400.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 35840 c:\windows\SYSTEM32\jgmd400.dll
- 2004-08-04 10:00 . 2003-08-09 22:36 44544 c:\windows\SYSTEM32\JGAW400.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 44544 c:\windows\SYSTEM32\jgaw400.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 20992 c:\windows\SYSTEM32\ipxwan.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 66560 c:\windows\SYSTEM32\ipxsap.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 66560 c:\windows\SYSTEM32\IPXSAP.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 39936 c:\windows\SYSTEM32\IPXRTMGR.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 39936 c:\windows\SYSTEM32\ipxrtmgr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 21504 c:\windows\SYSTEM32\IPXRIP.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 21504 c:\windows\SYSTEM32\ipxrip.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 69120 c:\windows\SYSTEM32\ipxpromn.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 69120 c:\windows\SYSTEM32\IPXPROMN.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 83968 c:\windows\SYSTEM32\ipxmontr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 83968 c:\windows\SYSTEM32\IPXMONTR.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 44032 c:\windows\SYSTEM32\ipsec6.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 44032 c:\windows\SYSTEM32\IPSEC6.EXE
+ 2004-08-12 13:58 . 2004-08-12 13:58 30720 c:\windows\SYSTEM32\iologmsg.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 30720 c:\windows\SYSTEM32\IOLOGMSG.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 70656 c:\windows\SYSTEM32\ifsutil.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 70656 c:\windows\SYSTEM32\IFSUTIL.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 54784 c:\windows\SYSTEM32\icmui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 54784 c:\windows\SYSTEM32\ICMUI.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 59392 c:\windows\SYSTEM32\IASSVCS.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 59392 c:\windows\SYSTEM32\iassvcs.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 86528 c:\windows\SYSTEM32\IASSAM.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 86528 c:\windows\SYSTEM32\iassam.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 17920 c:\windows\SYSTEM32\IASPOLCY.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 17920 c:\windows\SYSTEM32\iaspolcy.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 62464 c:\windows\SYSTEM32\IASNAP.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 62464 c:\windows\SYSTEM32\iasnap.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 32256 c:\windows\SYSTEM32\iashlpr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 32256 c:\windows\SYSTEM32\IASHLPR.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 41472 c:\windows\SYSTEM32\IASADS.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 41472 c:\windows\SYSTEM32\iasads.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 23552 c:\windows\SYSTEM32\iasacct.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 23552 c:\windows\SYSTEM32\IASACCT.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 14848 c:\windows\SYSTEM32\hnetmon.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14848 c:\windows\SYSTEM32\HNETMON.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 77850 c:\windows\SYSTEM32\hlink.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 14848 c:\windows\SYSTEM32\help.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 19694 c:\windows\SYSTEM32\GRAPHICS.COM
+ 2004-08-12 13:57 . 2004-08-12 13:57 19694 c:\windows\SYSTEM32\graphics.com
- 2004-08-04 10:00 . 2004-08-04 10:00 26112 c:\windows\SYSTEM32\GRAFTABL.COM
+ 2004-08-12 13:57 . 2004-08-12 13:57 26112 c:\windows\SYSTEM32\graftabl.com
+ 2004-08-12 13:57 . 2004-08-12 13:57 24576 c:\windows\SYSTEM32\gdi.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 24576 c:\windows\SYSTEM32\GDI.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 76800 c:\windows\SYSTEM32\gcdef.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 76800 c:\windows\SYSTEM32\GCDEF.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 56320 c:\windows\SYSTEM32\FSUTIL.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 56320 c:\windows\SYSTEM32\fsutil.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 81408 c:\windows\SYSTEM32\FSUSD.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 81408 c:\windows\SYSTEM32\fsusd.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 25600 c:\windows\SYSTEM32\format.com
+ 2004-08-12 13:57 . 2004-08-12 13:57 79360 c:\windows\SYSTEM32\fontsub.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 16384 c:\windows\SYSTEM32\fmifs.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 16384 c:\windows\SYSTEM32\FMIFS.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 14848 c:\windows\SYSTEM32\FC.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 14848 c:\windows\SYSTEM32\fc.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 15872 c:\windows\SYSTEM32\EXPAND.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 15872 c:\windows\SYSTEM32\expand.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 33280 c:\windows\SYSTEM32\EVENTCLS.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 33280 c:\windows\SYSTEM32\eventcls.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 39424 c:\windows\SYSTEM32\ESENTUTL.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 39424 c:\windows\SYSTEM32\esentutl.exe
+ 2004-08-12 13:57 . 2004-08-12 13:57 17408 c:\windows\SYSTEM32\esentprf.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 17408 c:\windows\SYSTEM32\ESENTPRF.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 12642 c:\windows\SYSTEM32\edlin.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 12642 c:\windows\SYSTEM32\EDLIN.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 69886 c:\windows\SYSTEM32\EDIT.COM
+ 2004-08-12 13:57 . 2004-08-12 13:57 69886 c:\windows\SYSTEM32\edit.com
+ 2001-08-17 22:36 . 2004-08-12 13:57 55296 c:\windows\SYSTEM32\dvdplay.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 55296 c:\windows\SYSTEM32\DVDPLAY.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 62976 c:\windows\SYSTEM32\DSAUTH.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 62976 c:\windows\SYSTEM32\dsauth.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 45568 c:\windows\SYSTEM32\DRWTSN32.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 45568 c:\windows\SYSTEM32\drwtsn32.exe
+ 2004-08-12 13:57 . 2004-08-12 13:57 28112 c:\windows\SYSTEM32\drwatson.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 28112 c:\windows\SYSTEM32\DRWATSON.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 12032 c:\windows\SYSTEM32\DRIVERS\WS2IFSL.SYS
+ 2004-08-12 14:10 . 2004-08-12 14:10 12032 c:\windows\SYSTEM32\DRIVERS\ws2ifsl.sys
+ 2001-08-17 14:02 . 2004-08-12 13:57 58112 c:\windows\SYSTEM32\DRIVERS\vdmindvd.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 58112 c:\windows\SYSTEM32\DRIVERS\VDMINDVD.SYS
+ 2001-08-17 14:03 . 2004-08-12 13:57 23936 c:\windows\SYSTEM32\DRIVERS\usbcamd2.sys
+ 2001-08-17 14:03 . 2004-08-12 13:57 23808 c:\windows\SYSTEM32\DRIVERS\usbcamd.sys
+ 2004-08-12 14:07 . 2004-08-12 14:07 36736 c:\windows\SYSTEM32\DRIVERS\ultra.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 36736 c:\windows\SYSTEM32\DRIVERS\ULTRA.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 21376 c:\windows\SYSTEM32\DRIVERS\TSBVCAP.SYS
+ 2001-08-17 14:06 . 2004-08-12 13:57 21376 c:\windows\SYSTEM32\DRIVERS\tsbvcap.sys
+ 2001-08-17 14:01 . 2004-08-12 13:57 51712 c:\windows\SYSTEM32\DRIVERS\tosdvd.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 51712 c:\windows\SYSTEM32\DRIVERS\TOSDVD.SYS
- 2001-08-17 19:07 . 2001-08-17 19:07 32640 c:\windows\SYSTEM32\DRIVERS\SYMC8XX.SYS
+ 2004-08-12 14:06 . 2004-08-12 14:06 32640 c:\windows\SYSTEM32\DRIVERS\symc8xx.sys
+ 2004-08-12 14:06 . 2004-08-12 14:06 16256 c:\windows\SYSTEM32\DRIVERS\symc810.sys
- 2001-08-17 19:07 . 2001-08-17 19:07 16256 c:\windows\SYSTEM32\DRIVERS\SYMC810.SYS
+ 2004-08-12 14:06 . 2004-08-12 14:06 30688 c:\windows\SYSTEM32\DRIVERS\sym_u3.sys
- 2001-08-17 19:07 . 2001-08-17 19:07 30688 c:\windows\SYSTEM32\DRIVERS\SYM_U3.SYS
- 2001-08-17 19:07 . 2001-08-17 19:07 28384 c:\windows\SYSTEM32\DRIVERS\SYM_HI.SYS
+ 2004-08-12 14:06 . 2004-08-12 14:06 28384 c:\windows\SYSTEM32\DRIVERS\sym_hi.sys
+ 2001-08-17 14:00 . 2004-08-12 13:57 54272 c:\windows\SYSTEM32\DRIVERS\swmidi.sys
+ 2004-08-12 14:06 . 2004-08-12 14:06 19072 c:\windows\SYSTEM32\DRIVERS\sparrow.sys
- 2001-08-17 19:07 . 2001-08-17 19:07 19072 c:\windows\SYSTEM32\DRIVERS\SPARROW.SYS
+ 2004-08-12 14:05 . 2004-08-12 14:05 14592 c:\windows\SYSTEM32\DRIVERS\smclib.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 14592 c:\windows\SYSTEM32\DRIVERS\SMCLIB.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 12032 c:\windows\SYSTEM32\DRIVERS\RIODRV.SYS
+ 2001-08-17 13:24 . 2004-08-12 13:57 12032 c:\windows\SYSTEM32\DRIVERS\riodrv.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 12032 c:\windows\SYSTEM32\DRIVERS\RIO8DRV.SYS
+ 2001-08-17 13:24 . 2004-08-12 13:57 12032 c:\windows\SYSTEM32\DRIVERS\rio8drv.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 34432 c:\windows\SYSTEM32\DRIVERS\RAWWAN.SYS
+ 2004-08-12 14:04 . 2004-08-12 14:04 34432 c:\windows\SYSTEM32\DRIVERS\rawwan.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 16512 c:\windows\SYSTEM32\DRIVERS\RASPTI.SYS
+ 2004-08-12 14:04 . 2004-08-12 14:04 16512 c:\windows\SYSTEM32\DRIVERS\raspti.sys
+ 2004-08-12 14:03 . 2004-08-12 14:03 49024 c:\windows\SYSTEM32\DRIVERS\ql1280.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 49024 c:\windows\SYSTEM32\DRIVERS\QL1280.SYS
- 2001-08-17 18:52 . 2001-08-17 18:52 40448 c:\windows\SYSTEM32\DRIVERS\QL1240.SYS
+ 2004-08-12 14:03 . 2004-08-12 14:03 40448 c:\windows\SYSTEM32\DRIVERS\ql1240.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 45312 c:\windows\SYSTEM32\DRIVERS\QL12160.SYS
+ 2004-08-12 14:03 . 2004-08-12 14:03 45312 c:\windows\SYSTEM32\DRIVERS\ql12160.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 33152 c:\windows\SYSTEM32\DRIVERS\QL10WNT.SYS
+ 2004-08-12 14:03 . 2004-08-12 14:03 33152 c:\windows\SYSTEM32\DRIVERS\ql10wnt.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 40320 c:\windows\SYSTEM32\DRIVERS\QL1080.SYS
+ 2004-08-12 14:03 . 2004-08-12 14:03 40320 c:\windows\SYSTEM32\DRIVERS\ql1080.sys
+ 2004-08-12 14:03 . 2004-08-12 14:03 17792 c:\windows\SYSTEM32\DRIVERS\ptilink.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 17792 c:\windows\SYSTEM32\DRIVERS\PTILINK.SYS
+ 2004-08-12 14:03 . 2004-08-12 14:03 27296 c:\windows\SYSTEM32\DRIVERS\perc2.sys
- 2001-08-17 19:07 . 2001-08-17 19:07 27296 c:\windows\SYSTEM32\DRIVERS\PERC2.SYS
+ 2004-08-12 14:03 . 2004-08-12 14:03 18688 c:\windows\SYSTEM32\DRIVERS\partmgr.sys
+ 2004-08-12 14:02 . 2004-08-12 14:02 55936 c:\windows\SYSTEM32\DRIVERS\nwlnkspx.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 55936 c:\windows\SYSTEM32\DRIVERS\NWLNKSPX.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 63232 c:\windows\SYSTEM32\DRIVERS\NWLNKNB.SYS
+ 2004-08-12 14:02 . 2004-08-12 14:02 63232 c:\windows\SYSTEM32\DRIVERS\nwlnknb.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 32512 c:\windows\SYSTEM32\DRIVERS\NWLNKFWD.SYS
+ 2004-08-12 14:02 . 2004-08-12 14:02 32512 c:\windows\SYSTEM32\DRIVERS\nwlnkfwd.sys
+ 2004-08-12 14:02 . 2004-08-12 14:02 12416 c:\windows\SYSTEM32\DRIVERS\nwlnkflt.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 12416 c:\windows\SYSTEM32\DRIVERS\NWLNKFLT.SYS
+ 2001-08-17 13:24 . 2004-08-12 13:57 12032 c:\windows\SYSTEM32\DRIVERS\nikedrv.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 12032 c:\windows\SYSTEM32\DRIVERS\NIKEDRV.SYS
+ 2004-08-12 14:01 . 2004-08-12 14:01 38016 c:\windows\SYSTEM32\DRIVERS\ndproxy.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 17280 c:\windows\SYSTEM32\DRIVERS\MRAID35X.SYS
+ 2004-08-12 14:00 . 2004-08-12 14:00 17280 c:\windows\SYSTEM32\DRIVERS\mraid35x.sys
- 2008-12-23 00:10 . 2001-08-17 18:48 12160 c:\windows\SYSTEM32\DRIVERS\mouhid.sys
+ 2001-08-17 13:48 . 2004-08-12 13:57 12160 c:\windows\SYSTEM32\DRIVERS\mouhid.sys
+ 2004-08-12 13:58 . 2004-08-12 13:58 35840 c:\windows\SYSTEM32\DRIVERS\isapnp.sys
+ 2004-08-12 13:58 . 2004-08-12 13:58 32896 c:\windows\SYSTEM32\DRIVERS\ipfltdrv.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 32896 c:\windows\SYSTEM32\DRIVERS\IPFLTDRV.SYS
+ 2004-08-12 13:58 . 2004-08-12 13:58 16000 c:\windows\SYSTEM32\DRIVERS\ini910u.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 16000 c:\windows\SYSTEM32\DRIVERS\INI910U.SYS
- 2001-08-17 19:07 . 2001-08-17 19:07 25952 c:\windows\SYSTEM32\DRIVERS\HPN.SYS
+ 2004-08-12 13:57 . 2004-08-12 13:57 25952 c:\windows\SYSTEM32\DRIVERS\hpn.sys
+ 2001-08-17 13:57 . 2004-08-12 13:57 12160 c:\windows\SYSTEM32\DRIVERS\fsvga.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 12160 c:\windows\SYSTEM32\DRIVERS\FSVGA.SYS
+ 2004-08-12 13:57 . 2004-08-12 13:57 34944 c:\windows\SYSTEM32\DRIVERS\fips.sys
+ 2004-08-12 13:57 . 2004-08-12 13:57 10496 c:\windows\SYSTEM32\DRIVERS\dxapi.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 10496 c:\windows\SYSTEM32\DRIVERS\DXAPI.SYS
- 2001-08-17 19:07 . 2001-08-17 19:07 20192 c:\windows\SYSTEM32\DRIVERS\DPTI2O.SYS
+ 2004-08-12 13:57 . 2004-08-12 13:57 20192 c:\windows\SYSTEM32\DRIVERS\dpti2o.sys
+ 2004-08-12 13:56 . 2004-08-12 13:56 14720 c:\windows\SYSTEM32\DRIVERS\dac960nt.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 14720 c:\windows\SYSTEM32\DRIVERS\DAC960NT.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 11776 c:\windows\SYSTEM32\DRIVERS\CPQDAP01.SYS
+ 2001-08-17 13:24 . 2004-08-12 13:57 11776 c:\windows\SYSTEM32\DRIVERS\cpqdap01.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 14976 c:\windows\SYSTEM32\DRIVERS\CPQARRAY.SYS
+ 2004-08-12 13:56 . 2004-08-12 13:56 14976 c:\windows\SYSTEM32\DRIVERS\cpqarray.sys
+ 2001-08-17 13:52 . 2004-08-12 13:57 18688 c:\windows\SYSTEM32\DRIVERS\cdaudio.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 18688 c:\windows\SYSTEM32\DRIVERS\CDAUDIO.SYS
- 2001-08-17 18:52 . 2001-08-17 18:52 13952 c:\windows\SYSTEM32\DRIVERS\CBIDF2K.SYS
+ 2004-08-12 13:56 . 2004-08-12 13:56 13952 c:\windows\SYSTEM32\DRIVERS\cbidf2k.sys
+ 2004-08-12 13:55 . 2004-08-12 13:55 31360 c:\windows\SYSTEM32\DRIVERS\atmepvc.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 31360 c:\windows\SYSTEM32\DRIVERS\ATMEPVC.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 14848 c:\windows\SYSTEM32\DRIVERS\asc3550.sys
- 2001-08-17 18:51 . 2001-08-17 18:51 14848 c:\windows\SYSTEM32\DRIVERS\ASC3550.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 22400 c:\windows\SYSTEM32\DRIVERS\asc3350p.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 22400 c:\windows\SYSTEM32\DRIVERS\ASC3350P.SYS
- 2001-08-17 18:52 . 2001-08-17 18:52 26496 c:\windows\SYSTEM32\DRIVERS\ASC.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 26496 c:\windows\SYSTEM32\DRIVERS\asc.sys
+ 2004-08-12 13:55 . 2004-08-12 13:55 12032 c:\windows\SYSTEM32\DRIVERS\amsint.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 12032 c:\windows\SYSTEM32\DRIVERS\AMSINT.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 56960 c:\windows\SYSTEM32\DRIVERS\aic78xx.sys
- 2001-08-17 19:07 . 2001-08-17 19:07 56960 c:\windows\SYSTEM32\DRIVERS\AIC78XX.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 55168 c:\windows\SYSTEM32\DRIVERS\aic78u2.sys
- 2001-08-17 19:07 . 2001-08-17 19:07 55168 c:\windows\SYSTEM32\DRIVERS\AIC78U2.SYS
- 2001-08-17 18:52 . 2001-08-17 18:52 12800 c:\windows\SYSTEM32\DRIVERS\AHA154X.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 12800 c:\windows\SYSTEM32\DRIVERS\aha154x.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 11648 c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 11648 c:\windows\SYSTEM32\DRIVERS\acpiec.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 23552 c:\windows\SYSTEM32\DRIVERS\ABP480N5.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 23552 c:\windows\SYSTEM32\DRIVERS\abp480n5.sys
+ 2004-08-12 13:57 . 2004-08-12 13:57 42768 c:\windows\SYSTEM32\dpwsock.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 42768 c:\windows\SYSTEM32\DPWSOCK.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 53520 c:\windows\SYSTEM32\dpserial.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 53520 c:\windows\SYSTEM32\DPSERIAL.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 61952 c:\windows\SYSTEM32\dpnwsock.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 61952 c:\windows\SYSTEM32\DPNWSOCK.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 62464 c:\windows\SYSTEM32\DPNMODEM.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 62464 c:\windows\SYSTEM32\dpnmodem.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 33040 c:\windows\SYSTEM32\DPLAY.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 33040 c:\windows\SYSTEM32\dplay.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 10752 c:\windows\SYSTEM32\DOSKEY.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 10752 c:\windows\SYSTEM32\doskey.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 46080 c:\windows\SYSTEM32\DOCPROP.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 46080 c:\windows\SYSTEM32\docprop.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 19456 c:\windows\SYSTEM32\dmocx.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 19456 c:\windows\SYSTEM32\DMOCX.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 18432 c:\windows\SYSTEM32\DMINTF.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 18432 c:\windows\SYSTEM32\dmintf.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 45083 c:\windows\SYSTEM32\dispex.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 17920 c:\windows\SYSTEM32\DISKPERF.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 17920 c:\windows\SYSTEM32\diskperf.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 44032 c:\windows\SYSTEM32\DIMAP.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 44032 c:\windows\SYSTEM32\dimap.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 74240 c:\windows\SYSTEM32\DHCPSAPI.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 74240 c:\windows\SYSTEM32\dhcpsapi.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 85020 c:\windows\SYSTEM32\dgsetup.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 85020 c:\windows\SYSTEM32\DGSETUP.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 51200 c:\windows\SYSTEM32\DFRGRES.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 51200 c:\windows\SYSTEM32\dfrgres.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 18432 c:\windows\SYSTEM32\deskperf.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18432 c:\windows\SYSTEM32\DESKPERF.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\SYSTEM32\DESKMON.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 16896 c:\windows\SYSTEM32\deskmon.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 16384 c:\windows\SYSTEM32\deskadp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 16384 c:\windows\SYSTEM32\DESKADP.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 20634 c:\windows\SYSTEM32\debug.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 20634 c:\windows\SYSTEM32\DEBUG.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 39424 c:\windows\SYSTEM32\ddeml.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 39424 c:\windows\SYSTEM32\DDEML.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 47616 c:\windows\SYSTEM32\d3dxof.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 47616 c:\windows\SYSTEM32\D3DXOF.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 34816 c:\windows\SYSTEM32\d3dpmesh.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 34816 c:\windows\SYSTEM32\D3DPMESH.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 27200 c:\windows\SYSTEM32\CTL3DV2.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 27200 c:\windows\SYSTEM32\ctl3dv2.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 27136 c:\windows\SYSTEM32\CTL3D32.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 27136 c:\windows\SYSTEM32\ctl3d32.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 73728 c:\windows\SYSTEM32\csseqchk.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 73728 c:\windows\SYSTEM32\CSSEQCHK.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 27097 c:\windows\SYSTEM32\COUNTRY.SYS
+ 2004-08-12 13:56 . 2004-08-12 13:56 27097 c:\windows\SYSTEM32\country.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 13824 c:\windows\SYSTEM32\CONVERT.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 13824 c:\windows\SYSTEM32\convert.exe
+ 2004-08-12 13:56 . 2004-08-12 13:56 66560 c:\windows\SYSTEM32\console.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 66560 c:\windows\SYSTEM32\CONSOLE.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 30160 c:\windows\SYSTEM32\COMPOBJ.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 30160 c:\windows\SYSTEM32\compobj.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 17408 c:\windows\SYSTEM32\compact.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 17408 c:\windows\SYSTEM32\COMPACT.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 15872 c:\windows\SYSTEM32\comp.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 15872 c:\windows\SYSTEM32\COMP.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 32816 c:\windows\SYSTEM32\commdlg.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 32816 c:\windows\SYSTEM32\COMMDLG.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 50620 c:\windows\SYSTEM32\command.com
- 2004-08-04 10:00 . 2004-08-04 10:00 50620 c:\windows\SYSTEM32\COMMAND.COM
+ 2004-08-12 13:56 . 2004-08-12 13:56 10544 c:\windows\SYSTEM32\comm.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 10544 c:\windows\SYSTEM32\COMM.DRV
- 2004-08-04 10:00 . 2004-08-04 10:00 26624 c:\windows\SYSTEM32\CNVFAT.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 26624 c:\windows\SYSTEM32\cnvfat.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 32768 c:\windows\SYSTEM32\cnetcfg.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 32768 c:\windows\SYSTEM32\CNETCFG.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 14336 c:\windows\SYSTEM32\cmpbk32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14336 c:\windows\SYSTEM32\CMPBK32.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 10752 c:\windows\SYSTEM32\clb.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 10752 c:\windows\SYSTEM32\CLB.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 11264 c:\windows\SYSTEM32\CHKNTFS.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 11264 c:\windows\SYSTEM32\chkntfs.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 11776 c:\windows\SYSTEM32\CHKDSK.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 11776 c:\windows\SYSTEM32\chkdsk.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 27648 c:\windows\SYSTEM32\CCFGNT.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 27648 c:\windows\SYSTEM32\ccfgnt.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 18432 c:\windows\SYSTEM32\cacls.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 12288 c:\windows\SYSTEM32\BOOTVID.DLL
+ 2004-08-12 13:55 . 2004-08-12 13:55 12288 c:\windows\SYSTEM32\bootvid.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 64000 c:\windows\SYSTEM32\AVICAP32.DLL
+ 2004-08-12 13:55 . 2004-08-12 13:55 64000 c:\windows\SYSTEM32\avicap32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 69584 c:\windows\SYSTEM32\AVICAP.DLL
+ 2004-08-12 13:55 . 2004-08-12 13:55 69584 c:\windows\SYSTEM32\avicap.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 80384 c:\windows\SYSTEM32\autodisc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 80384 c:\windows\SYSTEM32\AUTODISC.DLL
+ 2004-08-12 13:55 . 2004-08-12 13:55 11264 c:\windows\SYSTEM32\attrib.exe
+ 2004-08-12 13:55 . 2004-08-12 13:55 34816 c:\windows\SYSTEM32\atmpvcno.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 34816 c:\windows\SYSTEM32\ATMPVCNO.DLL
+ 2004-08-12 13:55 . 2004-08-12 13:55 13312 c:\windows\SYSTEM32\atkctrs.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 13312 c:\windows\SYSTEM32\ATKCTRS.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 19456 c:\windows\SYSTEM32\ARP.EXE
+ 2004-08-12 13:55 . 2004-08-12 13:55 19456 c:\windows\SYSTEM32\arp.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 12498 c:\windows\SYSTEM32\APPEND.EXE
+ 2004-08-12 13:55 . 2004-08-12 13:55 12498 c:\windows\SYSTEM32\append.exe
+ 2004-08-12 13:55 . 2004-08-12 13:55 26112 c:\windows\SYSTEM32\adptif.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 26112 c:\windows\SYSTEM32\ADPTIF.DLL
+ 2004-08-12 13:55 . 2004-08-12 13:55 25600 c:\windows\SYSTEM32\aaaamon.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 25600 c:\windows\SYSTEM32\AAAAMON.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 55632 c:\windows\SYSTEM32\1033\DWINTL.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 55632 c:\windows\SYSTEM32\1033\dwintl.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 20480 c:\windows\MSAGENT\INTL\agt0c0a.dll
- 2004-08-04 10:00 . 2007-04-02 18:26 20480 c:\windows\MSAGENT\INTL\agt0c0a.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 20992 c:\windows\MSAGENT\INTL\agt0816.dll
- 2004-08-04 10:00 . 2007-04-02 18:26 20992 c:\windows\MSAGENT\INTL\agt0816.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 19456 c:\windows\MSAGENT\INTL\agt041d.dll
- 2004-08-04 10:00 . 2007-04-02 18:26 19456 c:\windows\MSAGENT\INTL\agt041d.dll
- 2004-08-04 10:00 . 2007-04-02 18:26 20480 c:\windows\MSAGENT\INTL\agt0416.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 20480 c:\windows\MSAGENT\INTL\agt0416.dll
- 2004-08-04 10:00 . 2007-04-02 18:26 19456 c:\windows\MSAGENT\INTL\agt0414.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 19456 c:\windows\MSAGENT\INTL\agt0414.dll
- 2004-08-04 10:00 . 2007-04-02 18:26 20992 c:\windows\MSAGENT\INTL\agt0413.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 20992 c:\windows\MSAGENT\INTL\agt0413.dll
- 2004-08-04 10:00 . 2007-04-02 18:26 20992 c:\windows\MSAGENT\INTL\agt0410.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 20992 c:\windows\MSAGENT\INTL\agt0410.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 21504 c:\windows\MSAGENT\INTL\agt040c.dll
- 2004-08-04 10:00 . 2007-04-02 18:26 21504 c:\windows\MSAGENT\INTL\agt040c.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 19456 c:\windows\MSAGENT\INTL\agt040b.dll
- 2004-08-04 10:00 . 2007-04-02 18:26 19456 c:\windows\MSAGENT\INTL\agt040b.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 19456 c:\windows\MSAGENT\INTL\agt0409.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 21504 c:\windows\MSAGENT\INTL\agt0407.dll
- 2004-08-04 10:00 . 2007-04-02 18:26 21504 c:\windows\MSAGENT\INTL\agt0407.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 19456 c:\windows\MSAGENT\INTL\agt0406.dll
- 2004-08-04 10:00 . 2007-04-02 18:25 19456 c:\windows\MSAGENT\INTL\agt0406.dll
+ 2004-08-12 14:11 . 2004-08-12 14:11 23371 c:\windows\dell\aac\aaccin.dll
+ 2004-08-12 14:11 . 2004-08-12 14:11 48140 c:\windows\dell\aac\aac.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 7168 c:\windows\SYSTEM32\WSHNETBS.DLL
+ 2004-08-12 14:10 . 2004-08-12 14:10 7168 c:\windows\SYSTEM32\wshnetbs.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\SYSTEM32\WSHATM.DLL
+ 2004-08-12 14:10 . 2004-08-12 14:10 9216 c:\windows\SYSTEM32\wshatm.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 3200 c:\windows\SYSTEM32\WOWFAX.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 3200 c:\windows\SYSTEM32\wowfax.dll
+ 2004-08-12 14:10 . 2004-08-12 14:10 2736 c:\windows\SYSTEM32\wowdeb.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 2736 c:\windows\SYSTEM32\WOWDEB.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 2112 c:\windows\SYSTEM32\WINSPOOL.EXE
+ 2004-08-12 14:09 . 2004-08-12 14:09 2112 c:\windows\SYSTEM32\winspool.exe
+ 2004-08-12 14:09 . 2004-08-12 14:09 2864 c:\windows\SYSTEM32\winsock.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 2864 c:\windows\SYSTEM32\WINSOCK.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\SYSTEM32\WINHLP32.EXE
+ 2004-08-12 14:09 . 2004-08-12 14:09 8192 c:\windows\SYSTEM32\winhlp32.exe
+ 2004-08-12 14:09 . 2004-08-12 14:09 9216 c:\windows\SYSTEM32\winfax.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\SYSTEM32\WINFAX.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\SYSTEM32\WIFEMAN.DLL
+ 2004-08-12 14:09 . 2004-08-12 14:09 9216 c:\windows\SYSTEM32\wifeman.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 4608 c:\windows\SYSTEM32\VJOY.DLL
+ 2004-08-12 14:08 . 2004-08-12 14:08 4608 c:\windows\SYSTEM32\vjoy.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 2176 c:\windows\SYSTEM32\VGA.DRV
+ 2004-08-12 14:08 . 2004-08-12 14:08 2176 c:\windows\SYSTEM32\vga.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 9344 c:\windows\SYSTEM32\VGA.DLL
+ 2004-08-12 14:08 . 2004-08-12 14:08 9344 c:\windows\SYSTEM32\vga.dll
+ 2004-08-12 14:08 . 2004-08-12 14:08 9008 c:\windows\SYSTEM32\ver.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 9008 c:\windows\SYSTEM32\VER.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\SYSTEM32\VCDEX.DLL
+ 2004-08-12 14:08 . 2004-08-12 14:08 7680 c:\windows\SYSTEM32\vcdex.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 4096 c:\windows\SYSTEM32\UNLODCTR.EXE
+ 2004-08-12 14:07 . 2004-08-12 14:07 4096 c:\windows\SYSTEM32\unlodctr.exe
+ 2001-08-17 22:36 . 2004-08-12 13:57 8192 c:\windows\SYSTEM32\tsbyuv.dll
+ 2004-08-12 14:07 . 2004-08-12 14:07 4048 c:\windows\SYSTEM32\timer.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 4048 c:\windows\SYSTEM32\TIMER.DRV
+ 2004-08-12 14:07 . 2004-08-12 14:07 5632 c:\windows\SYSTEM32\tapiperf.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\TAPIPERF.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 3072 c:\windows\SYSTEM32\SYSTRAY.EXE
+ 2004-08-12 14:07 . 2004-08-12 14:07 3072 c:\windows\SYSTEM32\systray.exe
+ 2004-08-12 14:07 . 2004-08-12 14:07 3360 c:\windows\SYSTEM32\system.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 3360 c:\windows\SYSTEM32\SYSTEM.DRV
+ 2004-08-12 14:06 . 2004-08-12 14:06 6144 c:\windows\SYSTEM32\svcpack.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\SVCPACK.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\SYSTEM32\SUBST.EXE
+ 2004-08-12 14:06 . 2004-08-12 14:06 9216 c:\windows\SYSTEM32\subst.exe
- 2001-08-18 03:36 . 2001-08-18 03:36 8192 c:\windows\SYSTEM32\STREAMCI.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 8192 c:\windows\SYSTEM32\streamci.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 4208 c:\windows\SYSTEM32\STORAGE.DLL
+ 2004-08-12 14:06 . 2004-08-12 14:06 4208 c:\windows\SYSTEM32\storage.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 9728 c:\windows\SYSTEM32\SPRESTRT.EXE
+ 2004-08-12 14:06 . 2004-08-12 14:06 9728 c:\windows\SYSTEM32\sprestrt.exe
+ 2004-08-12 14:05 . 2004-08-12 14:05 1744 c:\windows\SYSTEM32\sound.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 1744 c:\windows\SYSTEM32\SOUND.DRV
+ 2004-08-12 14:05 . 2004-08-12 14:05 5632 c:\windows\SYSTEM32\softpub.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\SOFTPUB.DLL
+ 2004-08-12 14:05 . 2004-08-12 14:05 5632 c:\windows\SYSTEM32\skdll.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\SKDLL.DLL
+ 2004-08-12 14:05 . 2004-08-12 14:05 5120 c:\windows\SYSTEM32\shell.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5120 c:\windows\SYSTEM32\SHELL.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 9728 c:\windows\SYSTEM32\SFC.EXE
+ 2004-08-12 14:05 . 2004-08-12 14:05 9728 c:\windows\SYSTEM32\sfc.exe
+ 2004-08-12 14:11 . 2004-08-12 14:11 8261 c:\windows\SYSTEM32\Setup\zoneoc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 8261 c:\windows\SYSTEM32\Setup\ZONEOC.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 6144 c:\windows\SYSTEM32\Setup\fsconins.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\Setup\FSCONINS.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 9728 c:\windows\SYSTEM32\rsvpperf.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 9728 c:\windows\SYSTEM32\RSVPPERF.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\ROUTETAB.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 6656 c:\windows\SYSTEM32\routetab.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 3072 c:\windows\SYSTEM32\RNR20.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 3072 c:\windows\SYSTEM32\rnr20.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 3584 c:\windows\SYSTEM32\RICHED32.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 3584 c:\windows\SYSTEM32\riched32.dll
+ 2004-08-12 14:04 . 2004-08-12 14:04 4608 c:\windows\SYSTEM32\regwiz.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 4608 c:\windows\SYSTEM32\REGWIZ.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 3584 c:\windows\SYSTEM32\REGEDT32.EXE
+ 2004-08-12 14:04 . 2004-08-12 14:04 3584 c:\windows\SYSTEM32\regedt32.exe
+ 2004-08-12 14:04 . 2004-08-12 14:04 7168 c:\windows\SYSTEM32\recover.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 7168 c:\windows\SYSTEM32\RECOVER.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\SYSTEM32\QOSNAME.DLL
+ 2004-08-12 14:03 . 2004-08-12 14:03 8192 c:\windows\SYSTEM32\qosname.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 3708 c:\windows\SYSTEM32\PUBPRN.VBS
+ 2004-08-12 14:03 . 2004-08-12 14:03 3708 c:\windows\SYSTEM32\pubprn.vbs
+ 2004-08-12 14:03 . 2004-08-12 14:03 8192 c:\windows\SYSTEM32\psnppagn.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\SYSTEM32\PSNPPAGN.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\SYSTEM32\PRINT.EXE
+ 2004-08-12 14:03 . 2004-08-12 14:03 9216 c:\windows\SYSTEM32\print.exe
+ 2004-08-12 14:11 . 2004-08-12 14:11 4627 c:\windows\SYSTEM32\oembios.dat
- 2004-08-10 15:08 . 2004-08-10 15:08 4627 c:\windows\SYSTEM32\OEMBIOS.DAT
- 2004-08-04 10:00 . 2004-08-04 10:00 7052 c:\windows\SYSTEM32\NLSFUNC.EXE
+ 2004-08-12 14:02 . 2004-08-12 14:02 7052 c:\windows\SYSTEM32\nlsfunc.exe
+ 2004-08-12 14:01 . 2004-08-12 14:01 7680 c:\windows\SYSTEM32\ncxpnt.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\SYSTEM32\NCXPNT.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\MSSWCHX.EXE
+ 2004-08-12 14:01 . 2004-08-12 14:01 6656 c:\windows\SYSTEM32\msswchx.exe
+ 2004-08-12 14:01 . 2004-08-12 14:01 4608 c:\windows\SYSTEM32\mssip32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 4608 c:\windows\SYSTEM32\MSSIP32.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 7168 c:\windows\SYSTEM32\msr2cenu.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 7168 c:\windows\SYSTEM32\MSR2CENU.DLL
+ 2004-08-12 14:00 . 2004-08-12 14:00 7168 c:\windows\SYSTEM32\mscat32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 7168 c:\windows\SYSTEM32\MSCAT32.DLL
+ 2004-08-12 14:00 . 2004-08-12 14:00 2032 c:\windows\SYSTEM32\mouse.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 2032 c:\windows\SYSTEM32\MOUSE.DRV
+ 2004-08-12 14:00 . 2004-08-12 14:00 8192 c:\windows\SYSTEM32\mountvol.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\SYSTEM32\MOUNTVOL.EXE
+ 2004-08-12 13:59 . 2004-08-12 13:59 5632 c:\windows\SYSTEM32\mll_qic.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\MLL_QIC.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 7680 c:\windows\SYSTEM32\mll_mtf.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\SYSTEM32\MLL_MTF.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 3584 c:\windows\SYSTEM32\mll_hp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 3584 c:\windows\SYSTEM32\MLL_HP.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 7680 c:\windows\SYSTEM32\mciole32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\SYSTEM32\MCIOLE32.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 8192 c:\windows\SYSTEM32\mciole16.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\SYSTEM32\MCIOLE16.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 4608 c:\windows\SYSTEM32\MCHGRCOI.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 4608 c:\windows\SYSTEM32\mchgrcoi.dll
+ 2004-08-12 13:59 . 2004-08-12 13:59 8192 c:\windows\SYSTEM32\mag_hook.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\SYSTEM32\MAG_HOOK.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 9936 c:\windows\SYSTEM32\LZEXPAND.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 9936 c:\windows\SYSTEM32\lzexpand.dll
+ 2004-08-12 13:59 . 2004-08-12 13:59 2560 c:\windows\SYSTEM32\lz32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 2560 c:\windows\SYSTEM32\LZ32.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 9216 c:\windows\SYSTEM32\lprmonui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\SYSTEM32\LPRMONUI.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 8192 c:\windows\SYSTEM32\lpr.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\SYSTEM32\LPR.EXE
+ 2004-08-12 13:59 . 2004-08-12 13:59 6144 c:\windows\SYSTEM32\lpq.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\LPQ.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 5120 c:\windows\SYSTEM32\LODCTR.EXE
+ 2004-08-12 13:59 . 2004-08-12 13:59 5120 c:\windows\SYSTEM32\lodctr.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 9728 c:\windows\SYSTEM32\LABEL.EXE
+ 2004-08-12 13:58 . 2004-08-12 13:58 9728 c:\windows\SYSTEM32\label.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 2000 c:\windows\SYSTEM32\KEYBOARD.DRV
+ 2004-08-12 13:58 . 2004-08-12 13:58 2000 c:\windows\SYSTEM32\keyboard.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 7040 c:\windows\SYSTEM32\KDCOM.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 7040 c:\windows\SYSTEM32\kdcom.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDYCL.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdycl.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDYCC.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdycc.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbduzb.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDUZB.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdusx.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDUSX.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDUSR.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdusr.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdusl.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDUSL.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdus.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDUS.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdur.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDUR.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDUK.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbduk.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdtuq.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDTUQ.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDTUF.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdtuf.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDTAT.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdtat.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdsw.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDSW.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDSP.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdsp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDSL1.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdsl1.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDSL.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdsl.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDSG.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdsg.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdsf.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDSF.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdru1.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDRU1.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDRU.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdru.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdro.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDRO.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdpo.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDPO.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdpl1.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDPL1.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdpl.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDPL.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdno.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDNO.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 7680 c:\windows\SYSTEM32\kbdnecnt.dll
- 2005-04-29 02:32 . 2004-08-04 10:00 7680 c:\windows\SYSTEM32\kbdnecNT.dll
- 2005-04-29 02:32 . 2004-08-04 10:00 9216 c:\windows\SYSTEM32\kbdnecAT.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 9216 c:\windows\SYSTEM32\kbdnecat.dll
- 2005-04-29 02:32 . 2004-08-04 10:00 7168 c:\windows\SYSTEM32\kbdnec95.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 7168 c:\windows\SYSTEM32\kbdnec95.dll
- 2004-08-04 10:00 . 2008-04-14 00:09 7168 c:\windows\SYSTEM32\kbdnec.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 7168 c:\windows\SYSTEM32\kbdnec.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdne.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDNE.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdmon.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDMON.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdmac.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDMAC.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdlv1.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDLV1.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdlv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDLV.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdlt1.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDLT1.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDLT.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdlt.dll
- 2005-04-29 02:32 . 2008-04-14 00:09 6144 c:\windows\SYSTEM32\kbdlk41j.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdlk41j.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdlk41a.dll
- 2005-04-29 02:32 . 2008-04-14 00:09 6656 c:\windows\SYSTEM32\kbdlk41a.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdla.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDLA.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDKYR.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdkyr.dll
- 2005-04-29 02:31 . 2001-08-18 02:36 8192 c:\windows\SYSTEM32\kbdkor.dll
+ 2001-08-17 22:36 . 2004-08-12 13:57 8192 c:\windows\SYSTEM32\kbdkor.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDKAZ.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdkaz.dll
+ 2001-08-17 22:36 . 2004-08-12 13:57 8704 c:\windows\SYSTEM32\kbdjpn.dll
- 2005-04-29 02:31 . 2001-08-18 02:36 8704 c:\windows\SYSTEM32\kbdjpn.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDIT142.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdit142.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDIT.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdit.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDIR.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdir.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdic.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDIC.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 7168 c:\windows\SYSTEM32\kbdibm02.dll
- 2005-04-29 02:32 . 2008-04-14 00:09 7168 c:\windows\SYSTEM32\kbdibm02.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDHU1.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdhu1.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDHU.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdhu.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 8192 c:\windows\SYSTEM32\kbdhept.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\SYSTEM32\KBDHEPT.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDHELA3.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdhela3.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDHELA2.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdhela2.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdhe319.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDHE319.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDHE220.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdhe220.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDHE.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdhe.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDGR1.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdgr1.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdgr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDGR.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdgkl.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDGKL.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDGAE.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdgae.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDFR.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdfr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDFO.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdfo.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdfi.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDFI.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDFC.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdfc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDEST.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdest.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdes.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDES.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 5120 c:\windows\SYSTEM32\KBDDV.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5120 c:\windows\SYSTEM32\kbddv.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdda.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDDA.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDCZ2.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdcz2.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdcz1.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDCZ1.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 7168 c:\windows\SYSTEM32\kbdcz.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 7168 c:\windows\SYSTEM32\KBDCZ.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDCR.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdcr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\SYSTEM32\KBDCAN.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 7680 c:\windows\SYSTEM32\kbdcan.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDCA.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdca.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDBU.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdbu.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdbr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDBR.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdblr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDBLR.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDBENE.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdbene.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdbe.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\KBDBE.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdazel.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDAZEL.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\SYSTEM32\KBDAZE.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\SYSTEM32\kbdaze.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbdax2.dll
- 2005-04-29 02:32 . 2008-04-14 00:09 6144 c:\windows\SYSTEM32\kbdax2.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\SYSTEM32\kbdal.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 6656 c:\windows\SYSTEM32\KBDAL.DLL
- 2005-04-29 02:32 . 2008-04-14 00:09 6144 c:\windows\SYSTEM32\kbd106n.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbd106n.dll
+ 2001-08-17 14:55 . 2004-08-12 13:57 6144 c:\windows\SYSTEM32\kbd106.dll
- 2005-04-29 02:31 . 2008-04-14 00:09 6144 c:\windows\SYSTEM32\kbd106.dll
+ 2001-08-17 14:55 . 2004-08-12 13:57 5632 c:\windows\SYSTEM32\kbd103.dll
- 2005-01-16 21:36 . 2001-08-17 18:55 5632 c:\windows\SYSTEM32\kbd103.dll
- 2005-01-16 21:36 . 2001-08-17 18:55 6144 c:\windows\SYSTEM32\kbd101c.dll
+ 2001-08-17 14:55 . 2004-08-12 13:57 6144 c:\windows\SYSTEM32\kbd101c.dll
- 2005-01-16 21:36 . 2001-08-17 18:55 6144 c:\windows\SYSTEM32\kbd101b.dll
+ 2001-08-17 14:55 . 2004-08-12 13:57 6144 c:\windows\SYSTEM32\kbd101b.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbd101a.dll
- 2005-04-29 02:32 . 2004-08-04 10:00 6144 c:\windows\SYSTEM32\kbd101a.dll
- 2005-04-29 02:32 . 2008-04-14 00:09 6144 c:\windows\SYSTEM32\kbd101.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\SYSTEM32\kbd101.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 4096 c:\windows\SYSTEM32\iprtprio.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 4096 c:\windows\SYSTEM32\IPRTPRIO.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 3584 c:\windows\SYSTEM32\iprop.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 3584 c:\windows\SYSTEM32\IPROP.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 7680 c:\windows\SYSTEM32\hostname.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\SYSTEM32\HOSTNAME.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 4768 c:\windows\SYSTEM32\himem.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 4768 c:\windows\SYSTEM32\HIMEM.SYS
+ 2004-08-12 13:57 . 2004-08-12 13:57 7168 c:\windows\SYSTEM32\forcedos.exe
+ 2004-08-12 13:57 . 2004-08-12 13:57 3072 c:\windows\SYSTEM32\fixmapi.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 3072 c:\windows\SYSTEM32\FIXMAPI.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\SYSTEM32\FINGER.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 9216 c:\windows\SYSTEM32\finger.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\SYSTEM32\FIND.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 9216 c:\windows\SYSTEM32\find.exe
- 2005-04-29 02:32 . 2008-04-14 00:09 7168 c:\windows\SYSTEM32\f3ahvoas.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 7168 c:\windows\SYSTEM32\f3ahvoas.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 8424 c:\windows\SYSTEM32\EXE2BIN.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 8424 c:\windows\SYSTEM32\exe2bin.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 8704 c:\windows\SYSTEM32\EVENTVWR.EXE
+ 2004-08-12 13:57 . 2004-08-12 13:57 8704 c:\windows\SYSTEM32\eventvwr.exe
+ 2004-08-12 14:09 . 2004-08-12 14:09 4352 c:\windows\SYSTEM32\DRIVERS\wmilib.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 4352 c:\windows\SYSTEM32\DRIVERS\WMILIB.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 4736 c:\windows\SYSTEM32\DRIVERS\USBD.SYS
+ 2004-08-12 14:08 . 2004-08-12 14:08 4736 c:\windows\SYSTEM32\DRIVERS\usbd.sys
+ 2004-08-12 14:07 . 2004-08-12 14:07 4992 c:\windows\SYSTEM32\DRIVERS\toside.sys
- 2001-08-17 18:51 . 2001-08-17 18:51 4992 c:\windows\SYSTEM32\DRIVERS\TOSIDE.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 5888 c:\windows\SYSTEM32\DRIVERS\ROOTMDM.SYS
+ 2004-08-12 14:04 . 2004-08-12 14:04 5888 c:\windows\SYSTEM32\DRIVERS\rootmdm.sys
+ 2004-08-12 14:04 . 2004-08-12 14:04 4224 c:\windows\SYSTEM32\DRIVERS\rdpcdd.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 4224 c:\windows\SYSTEM32\DRIVERS\RDPCDD.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 8832 c:\windows\SYSTEM32\DRIVERS\RASACD.SYS
+ 2004-08-12 14:04 . 2004-08-12 14:04 8832 c:\windows\SYSTEM32\DRIVERS\rasacd.sys
- 2001-08-17 19:07 . 2001-08-17 19:07 5504 c:\windows\SYSTEM32\DRIVERS\PERC2HIB.SYS
+ 2004-08-12 14:03 . 2004-08-12 14:03 5504 c:\windows\SYSTEM32\DRIVERS\perc2hib.sys
+ 2004-08-12 14:03 . 2004-08-12 14:03 3328 c:\windows\SYSTEM32\DRIVERS\pciide.sys
- 1980-01-01 05:00 . 2001-08-17 18:51 3328 c:\windows\SYSTEM32\DRIVERS\pciide.sys
+ 2004-08-12 14:03 . 2004-08-12 14:03 6784 c:\windows\SYSTEM32\DRIVERS\parvdm.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 6784 c:\windows\SYSTEM32\DRIVERS\PARVDM.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 3456 c:\windows\SYSTEM32\DRIVERS\OPRGHDLR.SYS
+ 2004-08-12 14:03 . 2004-08-12 14:03 3456 c:\windows\SYSTEM32\DRIVERS\oprghdlr.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 2944 c:\windows\SYSTEM32\DRIVERS\NULL.SYS
+ 2004-08-12 14:02 . 2004-08-12 14:02 2944 c:\windows\SYSTEM32\DRIVERS\null.sys
+ 2004-08-12 14:01 . 2004-08-12 14:01 9600 c:\windows\SYSTEM32\DRIVERS\ndistapi.sys
+ 2004-08-12 13:59 . 2004-08-12 13:59 4224 c:\windows\SYSTEM32\DRIVERS\mnmdd.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 4224 c:\windows\SYSTEM32\DRIVERS\MNMDD.SYS
+ 2004-08-12 13:59 . 2004-08-12 13:59 7680 c:\windows\SYSTEM32\DRIVERS\mcd.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\SYSTEM32\DRIVERS\MCD.SYS
+ 2004-08-12 13:57 . 2004-08-12 13:57 9600 c:\windows\SYSTEM32\DRIVERS\hidusb.sys
+ 2004-08-12 13:57 . 2004-08-12 13:57 7936 c:\windows\SYSTEM32\DRIVERS\fs_rec.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 7936 c:\windows\SYSTEM32\DRIVERS\FS_REC.SYS
+ 2004-08-12 13:57 . 2004-08-12 13:57 3328 c:\windows\SYSTEM32\DRIVERS\dxgthk.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 3328 c:\windows\SYSTEM32\DRIVERS\DXGTHK.SYS
+ 2004-08-12 13:56 . 2004-08-12 13:56 5888 c:\windows\SYSTEM32\DRIVERS\dmload.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 5888 c:\windows\SYSTEM32\DRIVERS\DMLOAD.SYS
+ 2004-08-12 13:56 . 2004-08-12 13:56 6656 c:\windows\SYSTEM32\DRIVERS\cmdide.sys
- 2001-08-17 18:51 . 2001-08-17 18:51 6656 c:\windows\SYSTEM32\DRIVERS\CMDIDE.SYS
- 2001-08-17 18:52 . 2001-08-17 18:52 7680 c:\windows\SYSTEM32\DRIVERS\CD20XRNT.SYS
+ 2004-08-12 13:56 . 2004-08-12 13:56 7680 c:\windows\SYSTEM32\DRIVERS\cd20xrnt.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 4224 c:\windows\SYSTEM32\DRIVERS\BEEP.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 4224 c:\windows\SYSTEM32\DRIVERS\beep.sys
+ 2004-08-12 13:55 . 2004-08-12 13:55 5248 c:\windows\SYSTEM32\DRIVERS\aliide.sys
- 2001-08-17 18:51 . 2001-08-17 18:51 5248 c:\windows\SYSTEM32\DRIVERS\ALIIDE.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 4608 c:\windows\SYSTEM32\DLLHST3G.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 4608 c:\windows\SYSTEM32\dllhst3g.exe
+ 2004-08-12 13:56 . 2004-08-12 13:56 7168 c:\windows\SYSTEM32\diskcopy.com
- 2004-08-04 10:00 . 2004-08-04 10:00 7168 c:\windows\SYSTEM32\DISKCOPY.COM
+ 2004-08-12 13:56 . 2004-08-12 13:56 9216 c:\windows\SYSTEM32\diskcomp.com
- 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\SYSTEM32\DISKCOMP.COM
+ 2004-08-12 13:56 . 2004-08-12 13:56 8192 c:\windows\SYSTEM32\control.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\SYSTEM32\CONTROL.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 3584 c:\windows\SYSTEM32\comcat.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 3584 c:\windows\SYSTEM32\COMCAT.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 7680 c:\windows\SYSTEM32\ckcnv.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\SYSTEM32\CKCNV.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 8192 c:\windows\SYSTEM32\cidaemon.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\SYSTEM32\CIDAEMON.EXE
+ 2004-08-12 13:56 . 2004-08-12 13:56 7680 c:\windows\SYSTEM32\chcp.com
- 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\SYSTEM32\CHCP.COM
+ 2004-08-12 13:55 . 2004-08-12 13:55 5120 c:\windows\SYSTEM32\bootvrfy.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 5120 c:\windows\SYSTEM32\BOOTVRFY.EXE
+ 2004-08-12 13:55 . 2004-08-12 13:55 4608 c:\windows\SYSTEM32\bootok.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 4608 c:\windows\SYSTEM32\BOOTOK.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 9029 c:\windows\SYSTEM32\ANSI.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 9029 c:\windows\SYSTEM32\ansi.sys
- 2004-08-10 18:13 . 2008-09-02 10:46 4896 c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2004-08-10 18:13 . 2010-03-05 01:39 4896 c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2004-08-12 14:09 . 2004-08-12 14:09 256192 c:\windows\winhelp.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 256192 c:\windows\WINHELP.EXE
- 2004-08-04 10:00 . 2004-08-04 10:00 145408 c:\windows\SYSTEM32\WIAVUSD.DLL
+ 2004-08-12 14:09 . 2004-08-12 14:09 145408 c:\windows\SYSTEM32\wiavusd.dll
+ 2004-08-12 14:08 . 2004-08-12 14:08 208896 c:\windows\SYSTEM32\wavemsp.dll
+ 2001-08-17 22:36 . 2004-08-12 13:57 102457 c:\windows\SYSTEM32\usrv42a.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 102457 c:\windows\SYSTEM32\USRV42A.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 323641 c:\windows\SYSTEM32\usrdtea.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 323641 c:\windows\SYSTEM32\USRDTEA.DLL
+ 2004-08-12 14:07 . 2004-08-12 14:07 177856 c:\windows\SYSTEM32\typelib.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 177856 c:\windows\SYSTEM32\TYPELIB.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 138752 c:\windows\SYSTEM32\SWPRV.DLL
+ 2004-08-12 14:06 . 2004-08-12 14:06 138752 c:\windows\SYSTEM32\swprv.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 435712 c:\windows\SYSTEM32\shellstyle.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 435712 c:\windows\SYSTEM32\shellstyle.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 414208 c:\windows\SYSTEM32\SETUPDLL.DLL
+ 2004-08-12 14:05 . 2004-08-12 14:05 414208 c:\windows\SYSTEM32\setupdll.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 115712 c:\windows\SYSTEM32\Setup\imsinsnt.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 259584 c:\windows\SYSTEM32\Setup\comsetup.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 130048 c:\windows\SYSTEM32\SDPBLB.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 130048 c:\windows\SYSTEM32\sdpblb.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 118784 c:\windows\SYSTEM32\SCARDSSP.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 118784 c:\windows\SYSTEM32\scardssp.dll
+ 2004-08-12 14:04 . 2004-08-12 14:04 132608 c:\windows\SYSTEM32\rsvp.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 132608 c:\windows\SYSTEM32\RSVP.EXE
+ 2004-08-12 14:04 . 2004-08-12 14:04 107520 c:\windows\SYSTEM32\rend.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 107520 c:\windows\SYSTEM32\REND.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 143360 c:\windows\SYSTEM32\RASMONTR.DLL
+ 2004-08-12 14:04 . 2004-08-12 14:04 143360 c:\windows\SYSTEM32\rasmontr.dll
+ 2004-08-12 14:03 . 2004-08-12 14:03 272128 c:\windows\SYSTEM32\perfi009.dat
- 2004-08-04 10:00 . 2004-08-04 10:00 272128 c:\windows\SYSTEM32\PERFI009.DAT
+ 2001-08-17 22:36 . 2004-08-12 13:57 157696 c:\windows\SYSTEM32\paqsp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 157696 c:\windows\SYSTEM32\PAQSP.DLL
+ 2004-08-12 14:03 . 2004-08-12 14:03 117760 c:\windows\SYSTEM32\oledlg.dll
+ 2004-08-12 14:02 . 2004-08-12 14:02 163328 c:\windows\SYSTEM32\oleacc.dll
+ 2004-08-12 14:02 . 2004-08-12 14:02 153008 c:\windows\SYSTEM32\ole2nls.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 153008 c:\windows\SYSTEM32\OLE2NLS.DLL
+ 2004-08-12 14:02 . 2004-08-12 14:02 169520 c:\windows\SYSTEM32\ole2disp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 169520 c:\windows\SYSTEM32\OLE2DISP.DLL
+ 2004-08-12 14:02 . 2004-08-12 14:02 308224 c:\windows\SYSTEM32\netui2.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 308224 c:\windows\SYSTEM32\NETUI2.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 171008 c:\windows\SYSTEM32\NETMSG.DLL
+ 2004-08-12 14:02 . 2004-08-12 14:02 171008 c:\windows\SYSTEM32\netmsg.dll
+ 2004-08-12 14:01 . 2004-08-12 14:01 253952 c:\windows\SYSTEM32\neth.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 253952 c:\windows\SYSTEM32\NETH.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 214016 c:\windows\SYSTEM32\netevent.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 214016 c:\windows\SYSTEM32\NETEVENT.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 108464 c:\windows\SYSTEM32\NETAPI.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 108464 c:\windows\SYSTEM32\netapi.dll
+ 2004-08-12 14:01 . 2004-08-12 14:01 111104 c:\windows\SYSTEM32\mtstocom.exe
+ 2004-08-12 14:01 . 2004-08-12 14:01 126912 c:\windows\SYSTEM32\msvideo.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 126912 c:\windows\SYSTEM32\MSVIDEO.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 253952 c:\windows\SYSTEM32\msvcrt20.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 253952 c:\windows\SYSTEM32\MSVCRT20.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 565760 c:\windows\SYSTEM32\msvcp50.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 565760 c:\windows\SYSTEM32\MSVCP50.DLL
+ 2004-08-12 14:00 . 2004-08-12 14:00 146432 c:\windows\SYSTEM32\msls31.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 102912 c:\windows\SYSTEM32\MSAATEXT.DLL
+ 2004-08-12 14:00 . 2004-08-12 14:00 102912 c:\windows\SYSTEM32\msaatext.dll
+ 2004-08-12 13:59 . 2004-08-12 13:59 119808 c:\windows\SYSTEM32\mmutilse.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 119808 c:\windows\SYSTEM32\MMUTILSE.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 673088 c:\windows\SYSTEM32\MLANG.DAT
+ 2004-08-12 13:59 . 2004-08-12 13:59 673088 c:\windows\SYSTEM32\mlang.dat
+ 2004-08-12 13:59 . 2004-08-12 13:59 924432 c:\windows\SYSTEM32\mfc40.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 924432 c:\windows\SYSTEM32\MFC40.DLL
+ 2001-08-17 22:36 . 2004-08-12 13:57 147968 c:\windows\SYSTEM32\mdwmdmsp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 147968 c:\windows\SYSTEM32\MDWMDMSP.DLL
+ 2004-08-12 13:59 . 2004-08-12 13:59 112128 c:\windows\SYSTEM32\mapistub.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 112128 c:\windows\SYSTEM32\MAPISTUB.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 221600 c:\windows\SYSTEM32\lanman.drv
- 2004-08-04 10:00 . 2004-08-04 10:00 221600 c:\windows\SYSTEM32\LANMAN.DRV
+ 2004-08-12 13:58 . 2004-08-12 13:58 144896 c:\windows\SYSTEM32\jgdw400.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 362496 c:\windows\SYSTEM32\jet500.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 362496 c:\windows\SYSTEM32\JET500.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 199168 c:\windows\SYSTEM32\IR32_32.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 199168 c:\windows\SYSTEM32\ir32_32.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 169984 c:\windows\SYSTEM32\iprtrmgr.dll
+ 2004-08-12 13:58 . 2004-08-12 13:58 154112 c:\windows\SYSTEM32\ipmontr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 450560 c:\windows\SYSTEM32\INFOSOFT.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 450560 c:\windows\SYSTEM32\infosoft.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 110592 c:\windows\SYSTEM32\INETCPLC.DLL
+ 2004-08-12 13:58 . 2004-08-12 13:58 110592 c:\windows\SYSTEM32\inetcplc.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 221184 c:\windows\SYSTEM32\ieakui.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 247808 c:\windows\SYSTEM32\iassdo.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 247808 c:\windows\SYSTEM32\IASSDO.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 141312 c:\windows\SYSTEM32\iasrecst.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 141312 c:\windows\SYSTEM32\IASRECST.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 285184 c:\windows\SYSTEM32\GLMF32.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 285184 c:\windows\SYSTEM32\glmf32.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 176128 c:\windows\SYSTEM32\ftsrch.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 176128 c:\windows\SYSTEM32\FTSRCH.DLL
+ 2004-11-07 01:13 . 2010-03-04 01:22 494224 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-11-07 01:13 . 2010-02-27 14:50 494224 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2004-08-12 13:57 . 2004-08-12 13:57 121856 c:\windows\SYSTEM32\exts.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 514587 c:\windows\SYSTEM32\edb500.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 218003 c:\windows\SYSTEM32\dssec.dat
- 2004-08-04 10:00 . 2004-08-04 10:00 218003 c:\windows\SYSTEM32\DSSEC.DAT
+ 2004-08-12 13:57 . 2004-08-12 13:57 144384 c:\windows\SYSTEM32\dskquoui.dll
+ 2004-08-12 14:04 . 2004-08-12 14:04 200064 c:\windows\SYSTEM32\DRIVERS\RMCast.sys
+ 2004-08-12 14:11 . 2004-08-12 14:11 467200 c:\windows\SYSTEM32\DRIVERS\iastor.sys
- 1980-01-01 05:00 . 2004-03-23 17:13 467200 c:\windows\SYSTEM32\DRIVERS\iaStor.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 125056 c:\windows\SYSTEM32\DRIVERS\FTDISK.SYS
+ 2004-08-12 13:57 . 2004-08-12 13:57 125056 c:\windows\SYSTEM32\DRIVERS\ftdisk.sys
+ 2004-08-12 13:56 . 2004-08-12 13:56 179584 c:\windows\SYSTEM32\DRIVERS\dac2w2k.sys
- 2001-08-17 18:52 . 2001-08-17 18:52 179584 c:\windows\SYSTEM32\DRIVERS\DAC2W2K.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 262528 c:\windows\SYSTEM32\DRIVERS\CINEMST2.SYS
+ 2001-08-17 14:02 . 2004-08-12 13:57 262528 c:\windows\SYSTEM32\DRIVERS\cinemst2.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 352256 c:\windows\SYSTEM32\DRIVERS\ATMUNI.SYS
+ 2004-08-12 13:55 . 2004-08-12 13:55 352256 c:\windows\SYSTEM32\DRIVERS\atmuni.sys
+ 2004-08-12 13:55 . 2004-08-12 13:55 101888 c:\windows\SYSTEM32\DRIVERS\adpu160m.sys
- 2001-08-17 19:07 . 2001-08-17 19:07 101888 c:\windows\SYSTEM32\DRIVERS\ADPU160M.SYS
- 2004-08-04 10:00 . 2004-08-04 10:00 118784 c:\windows\SYSTEM32\DMDSKRES.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 118784 c:\windows\SYSTEM32\dmdskres.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 273920 c:\windows\SYSTEM32\dmdlgs.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 330752 c:\windows\SYSTEM32\dmconfig.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 330752 c:\windows\SYSTEM32\DMCONFIG.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 394240 c:\windows\SYSTEM32\diactfrm.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 394240 c:\windows\SYSTEM32\DIACTFRM.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 370176 c:\windows\SYSTEM32\dhcpmon.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 847872 c:\windows\SYSTEM32\dbgeng.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 847872 c:\windows\SYSTEM32\DBGENG.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 152064 c:\windows\SYSTEM32\datime.dll
+ 2010-03-04 03:02 . 2003-02-20 22:44 293688 c:\windows\SYSTEM32\Data\CTP0243W.DAT
+ 2004-08-12 13:56 . 2004-08-12 13:56 350208 c:\windows\SYSTEM32\d3drm.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 350208 c:\windows\SYSTEM32\D3DRM.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 590336 c:\windows\SYSTEM32\d3dramp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 590336 c:\windows\SYSTEM32\D3DRAMP.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 436224 c:\windows\SYSTEM32\D3DIM.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 436224 c:\windows\SYSTEM32\d3dim.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 149019 c:\windows\SYSTEM32\CRTDLL.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 149019 c:\windows\SYSTEM32\crtdll.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 345600 c:\windows\SYSTEM32\confmsp.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 109568 c:\windows\SYSTEM32\cic.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 163328 c:\windows\SYSTEM32\CIADMIN.DLL
+ 2004-08-12 13:56 . 2004-08-12 13:56 163328 c:\windows\SYSTEM32\ciadmin.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 359936 c:\windows\SYSTEM32\cards.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 359936 c:\windows\SYSTEM32\CARDS.DLL
+ 2004-08-12 13:55 . 2004-08-12 13:55 142848 c:\windows\SYSTEM32\capesnpn.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 109456 c:\windows\SYSTEM32\avifile.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 109456 c:\windows\SYSTEM32\AVIFILE.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 102912 c:\windows\SYSTEM32\APCUPS.DLL
+ 2004-08-12 13:55 . 2004-08-12 13:55 102912 c:\windows\SYSTEM32\apcups.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 129536 c:\windows\SYSTEM32\ACLEDIT.DLL
+ 2004-08-12 13:55 . 2004-08-12 13:55 129536 c:\windows\SYSTEM32\acledit.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 361472 c:\windows\Resources\Themes\Luna\Shell\NormalColor\shellstyle.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 361472 c:\windows\Resources\Themes\Luna\Shell\NormalColor\shellstyle.dll
+ 2004-08-12 13:59 . 2004-08-12 13:59 362496 c:\windows\Resources\Themes\Luna\Shell\Metallic\shellstyle.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 362496 c:\windows\Resources\Themes\Luna\Shell\Metallic\shellstyle.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 362496 c:\windows\Resources\Themes\Luna\Shell\Homestead\shellstyle.dll
+ 2004-08-12 13:57 . 2004-08-12 13:57 362496 c:\windows\Resources\Themes\Luna\Shell\Homestead\shellstyle.dll
+ 2004-08-12 13:55 . 2004-08-12 13:55 152576 c:\windows\Help\bnts.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 152576 c:\windows\Help\BNTS.DLL
+ 2004-08-12 14:11 . 2004-08-12 14:11 467200 c:\windows\dell\iastor\iastor.sys
+ 2004-08-12 14:11 . 2004-08-12 14:11 241815 c:\windows\dell\aarich\aarich.sys
+ 2004-08-12 14:11 . 2004-08-12 14:11 167755 c:\windows\dell\aac\aacevt.exe
+ 2004-08-12 14:11 . 2004-08-12 14:11 251194 c:\windows\dell\a320raid\a320raid.sys
+ 2007-10-05 11:33 . 2010-03-05 02:19 6679188 c:\windows\SYSTEM32\Restore\rstrlog.dat
- 2004-08-04 10:00 . 2004-08-04 10:00 1355776 c:\windows\SYSTEM32\MSVBVM50.DLL
+ 2004-08-12 14:01 . 2004-08-12 14:01 1355776 c:\windows\SYSTEM32\msvbvm50.dll
+ 2001-09-06 03:00 . 2001-09-06 03:00 1700352 c:\windows\SYSTEM32\gdiplus.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 1114896 c:\windows\SYSTEM32\ESENT97.DLL
+ 2004-08-12 13:57 . 2004-08-12 13:57 1114896 c:\windows\SYSTEM32\esent97.dll
+ 2004-08-12 13:56 . 2004-08-12 13:56 1501696 c:\windows\SYSTEM32\diskcopy.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 3374640 c:\windows\Help\Tours\mmTour\TOUR.EXE
+ 2004-08-12 14:07 . 2004-08-12 14:07 3374640 c:\windows\Help\Tours\mmTour\tour.exe
- 2004-08-10 15:08 . 2004-08-10 15:08 13107200 c:\windows\SYSTEM32\OEMBIOS.BIN
+ 2004-08-12 14:11 . 2004-08-12 14:11 13107200 c:\windows\SYSTEM32\oembios.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-10-25 14:28 . 2004-08-25 17:52 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2006-01-12 20:40 . 2006-01-12 20:40 155648 c:\program files\Common Files\Ahead\Lib\bak\NeroCheck.exe

2004-11-27 14:49 . 2004-11-27 14:49 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2008-07-16 10:17 . 2008-07-16 10:17 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

2004-01-07 06:01 . 2004-01-07 06:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

2004-10-25 14:29 . 2002-09-30 06:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\bak\CTDVDDet.EXE
2009-01-17 14:30 . 2003-06-18 06:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

2004-10-25 14:29 . 2002-10-29 14:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\bak\CTSysVol.exe

2004-10-25 14:32 . 2004-08-23 23:19 57344 c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe

2004-10-25 14:32 . 2004-04-12 01:15 290816 c:\program files\Dell\Media Experience\bak\PCMService.exe

2005-04-12 15:27 . 2005-04-12 15:27 45056 c:\program files\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe

2007-07-28 02:07 . 2007-07-28 02:07 68856 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

2005-02-17 03:11 . 2005-02-17 03:11 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2007-05-08 20:24 . 2007-05-08 20:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2004-10-25 14:27 . 2004-03-23 17:16 135168 c:\program files\Intel\Intel Application Accelerator\bak\iaanotif.exe

2004-10-25 14:28 . 2003-09-04 01:12 221184 c:\program files\Intel\Modem Event Monitor\bak\IntelMEM.exe

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe
2009-09-09 01:09 . 2009-09-09 01:09 305440 c:\program files\iTunes\iTunesHelper.exe

2007-07-25 23:02 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe
2009-09-05 05:54 . 2009-09-05 05:54 417792 c:\program files\QuickTime\QTTask.exe

2005-05-19 13:47 . 2005-05-19 13:47 57344 c:\program files\SlySoft\CloneCD\bak\CloneCDTray.exe

2004-02-06 16:29 . 2004-02-06 16:29 0 c:\program files two\321Studios\Platinum\bak\makedir

2004-10-25 14:29 . 2000-05-11 06:00 90112 c:\windows\bak\UpdReg.EXE

2007-02-01 02:52 . 2003-11-10 21:06 406016 c:\windows\SYSTEM32\bak\PSDrvCheck.exe

2004-10-25 14:43 . 2004-08-13 06:05 122939 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe
2009-05-29 01:23 . 2004-08-13 05:05 122939 c:\windows\SYSTEM32\dla\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"tunebite.exe"="c:\program files two\tunebite\tunebite.exe" [N/A]
"Aim6"="" [N/A]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [N/A]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [N/A]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [N/A]
"UpdReg"="c:\windows\UpdReg.EXE" [N/A]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [N/A]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [N/A]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-16 185896]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"CTHelper"="CTHELPER.EXE" [2008-06-27 19456]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-18 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2008-6-29 1462272]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Printkey2000.lnk - c:\program files two\PrintKey2000\Printkey2000.exe [2005-10-22 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\ANDYJO~1\LOCALS~1\Temp\gdwvn.tmp 2yADJIIHEP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files Two\\FlexiSIGN-PRO 7\\Program\\App.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [11/30/2009 6:06 PM 64288]
R0 vburner;vburner;c:\windows\SYSTEM32\DRIVERS\vburner.sys [12/20/2008 2:28 PM 15872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/10/2009 7:47 PM 24652]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/27/2008 7:21 PM 99352]
S3 COMMONFX;COMMONFX;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/27/2008 7:21 PM 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/27/2008 7:21 PM 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/27/2008 7:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/27/2008 7:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/27/2008 7:21 PM 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/27/2008 7:21 PM 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/27/2008 7:21 PM 566296]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [11/6/2007 3:22 PM 34064]
S3 NUVision;NUVision II Video Service;c:\windows\SYSTEM32\DRIVERS\nuvvid2.sys [1/21/2007 4:11 PM 153760]
S4 Transbase;Transbase;c:\bmwgroup\ETKLokal\transbase\tbmux32.exe --> c:\bmwgroup\ETKLokal\transbase\tbmux32.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{B8DF4450-6212-4BBF-8EB8-9B61E398EF8A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: motorola.com\idenupdate
Trusted Zone: movietickets.com\www
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\Andy Jones\Application Data\Mozilla\Firefox\Profiles\g67nmsn0.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 22:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(332)
c:\windows\system32\WININET.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-04 22:46:16
ComboFix-quarantined-files.txt 2010-03-05 03:46
ComboFix2.txt 2010-03-01 02:10
ComboFix3.txt 2010-02-21 03:32
ComboFix4.txt 2009-01-13 12:34

Pre-Run: 100,351,406,080 bytes free
Post-Run: 100,353,769,472 bytes free

- - End Of File - - C28EB167AE346365C715867142346E35


#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 06 March 2010 - 05:19 PM

Hello. Sorry for the delay, I was out of town.

Please give me an update on the situation. Is the computer still stable at this point?

Just want to make sure before proceeding with anything.

With Regards,
The Panda

#13 aj02719

aj02719
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 07 March 2010 - 07:54 PM

Panda, I'm still having problems. As it stands, Windows loads and runs for the most part with no problems. I've got some issues such as having no sound, printer errors and such, but overall Windows run okay. I still have browser hijackings, so I know there's still something wrong.

Thanks!

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 07 March 2010 - 08:21 PM

Hello.

Let's try this.

Download and Run Kaspersky TDSSKiller
  • Go to Kaspersky and Download TDSSKiller.zip.
  • Extract the contents of TDSSKiller.zip to your Desktop.
  • Click Start >> Run then copy and paste the following bold command line into the Run box and click OK.
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • Follow the instructions to type in "delete" when it asks you what to do when if finds something.
  • When done, a log file should be created on your C: drive called TDSSKiller.txt please post this log in your next reply.

With Regards,
The Panda

#15 aj02719

aj02719
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 07 March 2010 - 09:02 PM

As requested. Thanks.

20:58:35:484 1160 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
20:58:35:484 1160 ================================================================================
20:58:35:484 1160 SystemInfo:

20:58:35:484 1160 OS Version: 5.1.2600 ServicePack: 3.0
20:58:35:484 1160 Product type: Workstation
20:58:35:484 1160 ComputerName: JONESY
20:58:35:484 1160 UserName: Andy Jones
20:58:35:484 1160 Windows directory: C:\WINDOWS
20:58:35:484 1160 Processor architecture: Intel x86
20:58:35:484 1160 Number of processors: 2
20:58:35:484 1160 Page size: 0x1000
20:58:35:484 1160 Boot type: Normal boot
20:58:35:484 1160 ================================================================================
20:58:35:500 1160 UnloadDriverW: NtUnloadDriver error 2
20:58:35:500 1160 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:58:35:500 1160 Initialize success
20:58:35:500 1160
20:58:35:500 1160 Scanning Services ...
20:58:35:500 1160 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
20:58:35:500 1160 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:58:35:500 1160 wfopen_ex: Trying to KLMD file open
20:58:35:500 1160 wfopen_ex: File opened ok (Flags 2)
20:58:35:500 1160 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
20:58:35:500 1160 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:58:35:500 1160 wfopen_ex: Trying to KLMD file open
20:58:35:500 1160 wfopen_ex: File opened ok (Flags 2)
20:58:35:578 1160 GetAdvancedServicesInfo: Raw services enum returned 429 services
20:58:35:593 1160 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
20:58:35:593 1160 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
20:58:35:593 1160
20:58:35:593 1160 Scanning Kernel memory ...
20:58:35:593 1160 Devices to scan: 8
20:58:35:593 1160
20:58:35:593 1160 Driver Name: Disk
20:58:35:593 1160 IRP_MJ_CREATE : F75EABB0
20:58:35:593 1160 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
20:58:35:593 1160 IRP_MJ_CLOSE : F75EABB0
20:58:35:593 1160 IRP_MJ_READ : F75E4D1F
20:58:35:593 1160 IRP_MJ_WRITE : F75E4D1F
20:58:35:593 1160 IRP_MJ_QUERY_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_SET_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_EA : 804F9759
20:58:35:593 1160 IRP_MJ_SET_EA : 804F9759
20:58:35:593 1160 IRP_MJ_FLUSH_BUFFERS : F75E52E2
20:58:35:593 1160 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_DIRECTORY_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_DEVICE_CONTROL : F75E53BB
20:58:35:593 1160 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75E8F28
20:58:35:593 1160 IRP_MJ_SHUTDOWN : F75E52E2
20:58:35:593 1160 IRP_MJ_LOCK_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_CLEANUP : 804F9759
20:58:35:593 1160 IRP_MJ_CREATE_MAILSLOT : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_SECURITY : 804F9759
20:58:35:593 1160 IRP_MJ_SET_SECURITY : 804F9759
20:58:35:593 1160 IRP_MJ_POWER : F75E6C82
20:58:35:593 1160 IRP_MJ_SYSTEM_CONTROL : F75EB99E
20:58:35:593 1160 IRP_MJ_DEVICE_CHANGE : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_QUOTA : 804F9759
20:58:35:593 1160 IRP_MJ_SET_QUOTA : 804F9759
20:58:35:593 1160 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:58:35:593 1160 sion
20:58:35:593 1160 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:58:35:593 1160
20:58:35:593 1160 Driver Name: USBSTOR
20:58:35:593 1160 IRP_MJ_CREATE : B6B9B218
20:58:35:593 1160 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
20:58:35:593 1160 IRP_MJ_CLOSE : B6B9B218
20:58:35:593 1160 IRP_MJ_READ : B6B9B23C
20:58:35:593 1160 IRP_MJ_WRITE : B6B9B23C
20:58:35:593 1160 IRP_MJ_QUERY_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_SET_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_EA : 804F9759
20:58:35:593 1160 IRP_MJ_SET_EA : 804F9759
20:58:35:593 1160 IRP_MJ_FLUSH_BUFFERS : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_DIRECTORY_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_DEVICE_CONTROL : B6B9B180
20:58:35:593 1160 IRP_MJ_INTERNAL_DEVICE_CONTROL : B6B969E6
20:58:35:593 1160 IRP_MJ_SHUTDOWN : 804F9759
20:58:35:593 1160 IRP_MJ_LOCK_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_CLEANUP : 804F9759
20:58:35:593 1160 IRP_MJ_CREATE_MAILSLOT : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_SECURITY : 804F9759
20:58:35:593 1160 IRP_MJ_SET_SECURITY : 804F9759
20:58:35:593 1160 IRP_MJ_POWER : B6B9A5F0
20:58:35:593 1160 IRP_MJ_SYSTEM_CONTROL : B6B98A6E
20:58:35:593 1160 IRP_MJ_DEVICE_CHANGE : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_QUOTA : 804F9759
20:58:35:593 1160 IRP_MJ_SET_QUOTA : 804F9759
20:58:35:593 1160 siohd: 0
20:58:35:593 1160 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
20:58:35:593 1160
20:58:35:593 1160 Driver Name: Disk
20:58:35:593 1160 IRP_MJ_CREATE : F75EABB0
20:58:35:593 1160 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
20:58:35:593 1160 IRP_MJ_CLOSE : F75EABB0
20:58:35:593 1160 IRP_MJ_READ : F75E4D1F
20:58:35:593 1160 IRP_MJ_WRITE : F75E4D1F
20:58:35:593 1160 IRP_MJ_QUERY_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_SET_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_EA : 804F9759
20:58:35:593 1160 IRP_MJ_SET_EA : 804F9759
20:58:35:593 1160 IRP_MJ_FLUSH_BUFFERS : F75E52E2
20:58:35:593 1160 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_DIRECTORY_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_DEVICE_CONTROL : F75E53BB
20:58:35:593 1160 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75E8F28
20:58:35:593 1160 IRP_MJ_SHUTDOWN : F75E52E2
20:58:35:593 1160 IRP_MJ_LOCK_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_CLEANUP : 804F9759
20:58:35:593 1160 IRP_MJ_CREATE_MAILSLOT : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_SECURITY : 804F9759
20:58:35:593 1160 IRP_MJ_SET_SECURITY : 804F9759
20:58:35:593 1160 IRP_MJ_POWER : F75E6C82
20:58:35:593 1160 IRP_MJ_SYSTEM_CONTROL : F75EB99E
20:58:35:593 1160 IRP_MJ_DEVICE_CHANGE : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_QUOTA : 804F9759
20:58:35:593 1160 IRP_MJ_SET_QUOTA : 804F9759
20:58:35:593 1160 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:58:35:593 1160 sion
20:58:35:593 1160 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:58:35:593 1160
20:58:35:593 1160 Driver Name: Disk
20:58:35:593 1160 IRP_MJ_CREATE : F75EABB0
20:58:35:593 1160 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
20:58:35:593 1160 IRP_MJ_CLOSE : F75EABB0
20:58:35:593 1160 IRP_MJ_READ : F75E4D1F
20:58:35:593 1160 IRP_MJ_WRITE : F75E4D1F
20:58:35:593 1160 IRP_MJ_QUERY_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_SET_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_QUERY_EA : 804F9759
20:58:35:593 1160 IRP_MJ_SET_EA : 804F9759
20:58:35:593 1160 IRP_MJ_FLUSH_BUFFERS : F75E52E2
20:58:35:593 1160 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
20:58:35:593 1160 IRP_MJ_DIRECTORY_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
20:58:35:593 1160 IRP_MJ_DEVICE_CONTROL : F75E53BB
20:58:35:609 1160 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75E8F28
20:58:35:609 1160 IRP_MJ_SHUTDOWN : F75E52E2
20:58:35:609 1160 IRP_MJ_LOCK_CONTROL : 804F9759
20:58:35:609 1160 IRP_MJ_CLEANUP : 804F9759
20:58:35:609 1160 IRP_MJ_CREATE_MAILSLOT : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_SECURITY : 804F9759
20:58:35:609 1160 IRP_MJ_SET_SECURITY : 804F9759
20:58:35:609 1160 IRP_MJ_POWER : F75E6C82
20:58:35:609 1160 IRP_MJ_SYSTEM_CONTROL : F75EB99E
20:58:35:609 1160 IRP_MJ_DEVICE_CHANGE : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_QUOTA : 804F9759
20:58:35:609 1160 IRP_MJ_SET_QUOTA : 804F9759
20:58:35:609 1160 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:58:35:609 1160 sion
20:58:35:609 1160 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:58:35:609 1160
20:58:35:609 1160 Driver Name: Disk
20:58:35:609 1160 IRP_MJ_CREATE : F75EABB0
20:58:35:609 1160 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
20:58:35:609 1160 IRP_MJ_CLOSE : F75EABB0
20:58:35:609 1160 IRP_MJ_READ : F75E4D1F
20:58:35:609 1160 IRP_MJ_WRITE : F75E4D1F
20:58:35:609 1160 IRP_MJ_QUERY_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_SET_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_EA : 804F9759
20:58:35:609 1160 IRP_MJ_SET_EA : 804F9759
20:58:35:609 1160 IRP_MJ_FLUSH_BUFFERS : F75E52E2
20:58:35:609 1160 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_DIRECTORY_CONTROL : 804F9759
20:58:35:609 1160 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
20:58:35:609 1160 IRP_MJ_DEVICE_CONTROL : F75E53BB
20:58:35:609 1160 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75E8F28
20:58:35:609 1160 IRP_MJ_SHUTDOWN : F75E52E2
20:58:35:609 1160 IRP_MJ_LOCK_CONTROL : 804F9759
20:58:35:609 1160 IRP_MJ_CLEANUP : 804F9759
20:58:35:609 1160 IRP_MJ_CREATE_MAILSLOT : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_SECURITY : 804F9759
20:58:35:609 1160 IRP_MJ_SET_SECURITY : 804F9759
20:58:35:609 1160 IRP_MJ_POWER : F75E6C82
20:58:35:609 1160 IRP_MJ_SYSTEM_CONTROL : F75EB99E
20:58:35:609 1160 IRP_MJ_DEVICE_CHANGE : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_QUOTA : 804F9759
20:58:35:609 1160 IRP_MJ_SET_QUOTA : 804F9759
20:58:35:609 1160 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:58:35:609 1160 sion
20:58:35:609 1160 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:58:35:609 1160
20:58:35:609 1160 Driver Name: Disk
20:58:35:609 1160 IRP_MJ_CREATE : F75EABB0
20:58:35:609 1160 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
20:58:35:609 1160 IRP_MJ_CLOSE : F75EABB0
20:58:35:609 1160 IRP_MJ_READ : F75E4D1F
20:58:35:609 1160 IRP_MJ_WRITE : F75E4D1F
20:58:35:609 1160 IRP_MJ_QUERY_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_SET_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_EA : 804F9759
20:58:35:609 1160 IRP_MJ_SET_EA : 804F9759
20:58:35:609 1160 IRP_MJ_FLUSH_BUFFERS : F75E52E2
20:58:35:609 1160 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_DIRECTORY_CONTROL : 804F9759
20:58:35:609 1160 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
20:58:35:609 1160 IRP_MJ_DEVICE_CONTROL : F75E53BB
20:58:35:609 1160 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75E8F28
20:58:35:609 1160 IRP_MJ_SHUTDOWN : F75E52E2
20:58:35:609 1160 IRP_MJ_LOCK_CONTROL : 804F9759
20:58:35:609 1160 IRP_MJ_CLEANUP : 804F9759
20:58:35:609 1160 IRP_MJ_CREATE_MAILSLOT : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_SECURITY : 804F9759
20:58:35:609 1160 IRP_MJ_SET_SECURITY : 804F9759
20:58:35:609 1160 IRP_MJ_POWER : F75E6C82
20:58:35:609 1160 IRP_MJ_SYSTEM_CONTROL : F75EB99E
20:58:35:609 1160 IRP_MJ_DEVICE_CHANGE : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_QUOTA : 804F9759
20:58:35:609 1160 IRP_MJ_SET_QUOTA : 804F9759
20:58:35:609 1160 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:58:35:609 1160 sion
20:58:35:609 1160 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:58:35:609 1160
20:58:35:609 1160 Driver Name: iaStor
20:58:35:609 1160 IRP_MJ_CREATE : F7428D1E
20:58:35:609 1160 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
20:58:35:609 1160 IRP_MJ_CLOSE : F7428D1E
20:58:35:609 1160 IRP_MJ_READ : 804F9759
20:58:35:609 1160 IRP_MJ_WRITE : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_SET_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_EA : 804F9759
20:58:35:609 1160 IRP_MJ_SET_EA : 804F9759
20:58:35:609 1160 IRP_MJ_FLUSH_BUFFERS : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
20:58:35:609 1160 IRP_MJ_DIRECTORY_CONTROL : 804F9759
20:58:35:609 1160 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
20:58:35:609 1160 IRP_MJ_DEVICE_CONTROL : F742B056
20:58:35:609 1160 IRP_MJ_INTERNAL_DEVICE_CONTROL : F742B316
20:58:35:609 1160 IRP_MJ_SHUTDOWN : 804F9759
20:58:35:609 1160 IRP_MJ_LOCK_CONTROL : 804F9759
20:58:35:609 1160 IRP_MJ_CLEANUP : 804F9759
20:58:35:609 1160 IRP_MJ_CREATE_MAILSLOT : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_SECURITY : 804F9759
20:58:35:609 1160 IRP_MJ_SET_SECURITY : 804F9759
20:58:35:609 1160 IRP_MJ_POWER : F742F2B0
20:58:35:609 1160 IRP_MJ_SYSTEM_CONTROL : F742F33C
20:58:35:609 1160 IRP_MJ_DEVICE_CHANGE : 804F9759
20:58:35:609 1160 IRP_MJ_QUERY_QUOTA : 804F9759
20:58:35:609 1160 IRP_MJ_SET_QUOTA : 804F9759
20:58:35:625 1160 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:58:35:625 1160 sion
20:58:35:640 1160 C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: Clean
20:58:35:640 1160
20:58:35:640 1160 Driver Name: iaStor
20:58:35:640 1160 IRP_MJ_CREATE : F7428D1E
20:58:35:640 1160 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
20:58:35:640 1160 IRP_MJ_CLOSE : F7428D1E
20:58:35:640 1160 IRP_MJ_READ : 804F9759
20:58:35:640 1160 IRP_MJ_WRITE : 804F9759
20:58:35:640 1160 IRP_MJ_QUERY_INFORMATION : 804F9759
20:58:35:640 1160 IRP_MJ_SET_INFORMATION : 804F9759
20:58:35:640 1160 IRP_MJ_QUERY_EA : 804F9759
20:58:35:640 1160 IRP_MJ_SET_EA : 804F9759
20:58:35:640 1160 IRP_MJ_FLUSH_BUFFERS : 804F9759
20:58:35:640 1160 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
20:58:35:640 1160 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
20:58:35:640 1160 IRP_MJ_DIRECTORY_CONTROL : 804F9759
20:58:35:640 1160 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
20:58:35:640 1160 IRP_MJ_DEVICE_CONTROL : F742B056
20:58:35:640 1160 IRP_MJ_INTERNAL_DEVICE_CONTROL : F742B316
20:58:35:640 1160 IRP_MJ_SHUTDOWN : 804F9759
20:58:35:640 1160 IRP_MJ_LOCK_CONTROL : 804F9759
20:58:35:640 1160 IRP_MJ_CLEANUP : 804F9759
20:58:35:640 1160 IRP_MJ_CREATE_MAILSLOT : 804F9759
20:58:35:640 1160 IRP_MJ_QUERY_SECURITY : 804F9759
20:58:35:640 1160 IRP_MJ_SET_SECURITY : 804F9759
20:58:35:640 1160 IRP_MJ_POWER : F742F2B0
20:58:35:640 1160 IRP_MJ_SYSTEM_CONTROL : F742F33C
20:58:35:640 1160 IRP_MJ_DEVICE_CHANGE : 804F9759
20:58:35:640 1160 IRP_MJ_QUERY_QUOTA : 804F9759
20:58:35:640 1160 IRP_MJ_SET_QUOTA : 804F9759
20:58:35:656 1160 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:58:35:656 1160 sion
20:58:35:687 1160 C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: Clean
20:58:35:687 1160
20:58:35:687 1160 Completed
20:58:35:687 1160
20:58:35:687 1160 Results:
20:58:35:687 1160 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
20:58:35:687 1160 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:58:35:687 1160 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:58:35:687 1160
20:58:35:703 1160 KLMD(ARK) unloaded successfully





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users