help the idiot please

Hey pebro1955

Please rescan with Hijackthis and place a check next to the following entries:

O2 - BHO: banneradsgalore browser optimizer - {798dc614-e912-e4d7-e511-e1c349d859c3} - C:\WINDOWS\System32\{bba700a2-4cf8-9bf2-d082-ea5f163dc33c}.dll
O4 - HKLM\..\Run: [{11b2efcb-0a82-33fc-23d7-9d513127ee74}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\{bba700a2-4cf8-9bf2-d082-ea5f163dc33c}.dll" DllStart
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Peter Brown\winlogon.exe

Now click "Fix Checked" and close Hijackthis

Next


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

loophole thanks for your help. I sent the logs as a nrw posting sorry. combo log follows will send hijack log seperate. thanks

ComboFix 08-07-02.5 - Peter Brown 2008-07-05 10:36:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.651 [GMT 1:00]
Running from: C:\Documents and Settings\Peter Brown\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Peter Brown\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1188.exe.tmp
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bhtonx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nnnoPIaw.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qoMeBrsr.dll
C:\WINDOWS\system32\qrtnsgay.dll
C:\WINDOWS\system32\rsrBeMoq.ini
C:\WINDOWS\system32\rsrBeMoq.ini2
C:\WINDOWS\system32\vrvhdpdg.dll
C:\WINDOWS\system32\yagsntrq.ini
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-05 09:09 . 2008-07-05 09:09 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys.prepare
2008-07-05 00:03 . 2008-07-05 09:13 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-05 00:01 . 2008-07-05 00:01 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-05 00:01 . 2008-07-05 09:08 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-05 00:00 . 2008-07-05 00:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-05 00:00 . 2008-07-05 00:00 <DIR> d-------- C:\Program Files\AVG
2008-07-05 00:00 . 2008-07-05 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-05 00:00 . 2008-07-05 09:06 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 23:39 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-04 23:37 . 2008-07-04 23:37 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-04 23:35 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002293_.tmp
2008-07-04 23:33 . 2008-07-04 23:33 <DIR> d-------- C:\WINDOWS\EHome
2008-07-04 00:09 . 2008-07-04 00:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 22:50 . 2008-07-02 22:51 63,925 --a------ C:\WINDOWS\system32\{bba700a2-4cf8-9bf2-d082-ea5f163dc33c}.dll-uninst.exe
2008-07-02 22:46 . 2008-07-02 22:46 <DIR> d-------- C:\WINDOWS\system32\xp3
2008-07-02 22:24 . 2008-07-02 22:34 88 --a------ C:\WINDOWS\MVPSPADE.INI
2008-07-01 23:44 . 2008-07-01 23:45 <DIR> d-------- C:\Program Files\WhatsRunning
2008-07-01 20:30 . 2008-07-01 20:34 <DIR> d-------- C:\Program Files\Cosmi
2008-07-01 20:30 . 1993-06-30 13:02 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2008-07-01 20:30 . 1998-06-24 00:00 244,024 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX
2008-07-01 20:30 . 1996-05-07 19:59 47,104 --a------ C:\WINDOWS\system32\D2HTLS32.DLL
2008-07-01 20:30 . 1993-04-28 00:00 44,656 --a------ C:\WINDOWS\system32\GRID.VBX
2008-07-01 20:30 . 1994-08-10 03:56 44,464 --a------ C:\WINDOWS\system32\D2HTOOLS.DLL
2008-07-01 20:30 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5STKIT.DLL
2008-07-01 20:30 . 1993-04-28 00:00 18,688 --a------ C:\WINDOWS\system32\CMDIALOG.VBX
2008-07-01 20:29 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-01 20:28 . 2008-07-01 20:28 <DIR> d-------- C:\Documents and Settings\Peter Brown\WINDOWS
2008-07-01 09:57 . 2008-07-01 09:57 <DIR> d-------- C:\Program Files\Nero
2008-07-01 00:16 . 2008-07-01 00:35 <DIR> d-------- C:\Program Files\Motive
2008-07-01 00:16 . 2008-07-01 00:43 <DIR> d-------- C:\Program Files\BT Broadband Desktop Help
2008-07-01 00:14 . 2008-07-01 00:14 27 --a------ C:\MCCEmbInstall.ini
2008-06-30 22:45 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-30 22:45 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-30 22:26 . 2008-06-30 22:26 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-30 20:34 . 2008-06-27 18:38 53,248 ---hs---- C:\Documents and Settings\Peter Brown\winlogon.exe
2008-06-30 20:33 . 2008-07-05 09:13 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-06-30 20:33 . 2008-07-02 22:46 <DIR> d-------- C:\Temp\syschk3
2008-06-30 20:33 . 2008-07-03 23:31 <DIR> d-------- C:\Temp
2008-06-30 14:22 . 2008-06-30 14:22 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\Nero
2008-06-30 14:18 . 2008-07-01 10:06 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-30 14:18 . 2008-07-01 09:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-30 11:31 . 2008-06-30 11:31 305,152 --a------ C:\windiag.iso
2008-06-29 22:42 . 2008-07-03 09:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-29 22:41 . 2008-06-29 22:42 <DIR> d-------- C:\Program Files\Security Task Manager
2008-06-28 22:56 . 2008-06-28 22:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-28 00:28 . 2008-06-28 00:28 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-28 00:18 . 2008-06-28 00:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-27 15:36 . 2008-06-27 15:36 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\ATI
2008-06-27 11:39 . 2008-06-27 13:02 <DIR> d-------- C:\Program Files\Uniblue
2008-06-27 11:23 . 2008-06-27 13:22 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\Uniblue
2008-06-27 02:40 . 2008-06-27 02:40 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-06-27 02:32 . 2008-07-04 23:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-27 02:31 . 2008-06-27 02:32 <DIR> d-------- C:\Program Files\Winamp
2008-06-27 02:31 . 2008-06-27 02:36 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\Winamp
2008-06-27 00:57 . 2008-06-27 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-06-26 22:51 . 2008-06-27 15:30 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-26 22:51 . 2006-05-03 11:57 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-06-26 22:50 . 2008-06-26 22:50 <DIR> d-------- C:\ATI
2008-06-26 22:33 . 2004-08-04 00:56 1,057,760 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2008-06-26 22:33 . 2004-08-04 00:56 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-06-26 17:57 . 2008-07-05 00:37 <DIR> d-------- C:\Program Files\Common Files\SystemErrorFixer
2008-06-26 17:57 . 2008-06-26 17:57 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-06-25 22:03 . 2008-06-25 22:03 <DIR> d-------- C:\WINDOWS\Super Jigsaws
2008-06-25 22:03 . 2008-06-25 22:03 <DIR> d-------- C:\Program Files\Super Jigsaws
2008-06-25 07:06 . 2008-06-30 20:12 <DIR> d-------- C:\Program Files\GameHouse
2008-06-25 00:50 . 2003-02-28 18:26 404,752 --a------ C:\WINDOWS\system32\javart.dll
2008-06-25 00:50 . 2003-02-28 18:26 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2008-06-25 00:50 . 2003-02-28 18:26 172,304 --a------ C:\WINDOWS\system32\jview.exe
2008-06-25 00:50 . 2003-02-28 18:26 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2008-06-25 00:50 . 2003-02-28 18:26 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2008-06-25 00:50 . 2003-02-28 18:26 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2008-06-25 00:50 . 2003-02-28 18:26 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2008-06-25 00:14 . 2005-10-20 23:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-25 00:03 . 2008-07-05 10:18 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\OpenOffice.org2
2008-06-24 23:59 . 2008-06-24 23:59 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-24 23:58 . 2008-06-25 00:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-24 23:58 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-24 23:36 . 2004-08-04 00:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-24 23:36 . 2004-08-04 00:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-06-24 23:36 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-06-24 23:36 . 2004-08-04 00:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-06-24 23:25 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-06-24 23:25 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-06-24 23:25 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-06-24 23:25 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-06-24 23:25 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-06-24 23:25 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-06-24 23:25 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-06-24 21:19 . 2008-07-04 11:34 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-24 20:16 . 2008-07-04 11:26 <DIR> d-------- C:\WINDOWS\nview
2008-06-24 20:15 . 2008-06-24 20:15 <DIR> d-------- C:\NVIDIA
2008-06-24 19:59 . 2008-06-24 19:59 <DIR> d-------- C:\WINDOWS\Sun
2008-06-24 19:56 . 2008-06-24 19:56 <DIR> d-------- C:\WUTemp
2008-06-24 19:56 . 2008-06-24 19:56 <DIR> d-------- C:\Program Files\Ligos
2008-06-24 19:56 . 2004-08-04 00:56 848,384 --a------ C:\WINDOWS\system32\ir41_32.ax
2008-06-24 19:56 . 2002-10-23 16:56 746,496 --a------ C:\WINDOWS\system32\ir50_32.dll
2008-06-24 19:56 . 2000-06-23 14:06 192,000 --a------ C:\WINDOWS\system32\iac25_32.ax
2008-06-24 19:56 . 2004-08-03 14:04 185,624 --a------ C:\WINDOWS\system32\iuengine.dll
2008-06-24 19:56 . 2004-08-03 14:04 185,624 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-06-24 19:56 . 2000-06-22 18:11 145,408 --a------ C:\WINDOWS\system32\Ivfsrc.ax
2008-06-24 19:56 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2008-06-24 19:56 . 2000-06-22 13:09 56,320 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2008-06-24 19:55 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-24 19:50 . 2008-06-24 21:28 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-24 19:36 . 2008-06-24 19:37 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-06-24 19:36 . 2008-06-24 19:36 <DIR> d-------- C:\WINDOWS\Logs
2008-06-24 19:26 . 2008-06-24 19:26 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\Sierra
2008-06-24 19:26 . 2008-06-24 19:26 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-24 19:24 . 2008-07-04 11:42 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-24 19:00 . 2008-06-24 19:00 <DIR> d-------- C:\Program Files\Sierra
2008-06-24 19:00 . 2008-06-26 22:51 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 18:57 . 2008-06-26 22:52 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-24 02:15 . 2008-07-01 00:49 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\Motive
2008-06-24 01:33 . 2008-06-24 01:33 <DIR> d-------- C:\Program Files\uTorrent
2008-06-24 01:33 . 2008-07-02 22:58 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\uTorrent
2008-06-24 01:07 . 2008-06-24 01:07 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-24 01:01 . 2008-06-24 01:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-24 00:46 . 2008-07-02 22:58 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\LimeWire
2008-06-24 00:44 . 2008-06-24 01:07 <DIR> d-------- C:\Program Files\Java
2008-06-24 00:44 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-24 00:43 . 2008-06-24 00:43 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-24 00:42 . 2008-07-02 22:54 <DIR> d-------- C:\Program Files\LimeWire
2008-06-24 00:35 . 2008-06-24 00:35 <DIR> d-------- C:\Program Files\DNA
2008-06-24 00:35 . 2008-07-02 00:36 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\DNA
2008-06-24 00:18 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 23:08 --------- d-----w C:\Program Files\Common Files\Motive
2008-06-30 23:00 --------- d-----w C:\Program Files\BT Home Hub
2008-06-27 23:27 --------- d-----w C:\Program Files\Yahoo!
2008-06-26 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-24 23:59 --------- d-----w C:\Documents and Settings\Peter Brown\Application Data\Yahoo!
2008-06-23 23:33 --------- d-----w C:\Documents and Settings\Peter Brown\Application Data\ErrorSmart
2008-06-23 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-23 22:52 --------- d-----w C:\Program Files\Lavasoft
2008-06-23 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 22:32 --------- d-----w C:\Program Files\BT Broadband Talk Softphone
2008-06-23 22:30 --------- d-----w C:\Program Files\btbb_wcm
2008-06-23 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-06-23 22:07 558,142 ----a-w C:\WINDOWS\java\Packages\43LBVRRL.ZIP
2008-06-23 22:07 155,995 ----a-w C:\WINDOWS\java\Packages\1BXBBXJ7.ZIP
2008-06-23 22:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-30 13:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 13:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 13:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 13:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 13:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 13:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 13:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-26 12:24 365,056 ----a-w C:\WINDOWS\system32\{bba700a2-4cf8-9bf2-d082-ea5f163dc33c}.dll
2008-05-16 10:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-03 04:46 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
.

((((((((((((((((((((((((((((( snapshot_2008-07-04_22.46.49.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-08-29 12:00:00 489,984 -c----w C:\WINDOWS\$NtUninstallKB873339$\hypertrm.dll
- 2002-08-29 12:00:00 671,744 -c----w C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll
- 2002-08-29 12:00:00 87,040 -c----w C:\WINDOWS\$NtUninstallKB888302$\srvsvc.dll
- 2002-08-29 12:00:00 50,688 -c----w C:\WINDOWS\$NtUninstallKB890046$\agentdpv.dll
- 2002-08-29 12:00:00 51,200 -c----w C:\WINDOWS\$NtUninstallKB890859$\authz.dll
- 2002-08-29 12:00:00 1,947,904 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
- 2002-08-29 12:00:00 2,042,240 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
- 2002-08-29 12:00:00 560,128 -c----w C:\WINDOWS\$NtUninstallKB890859$\user32.dll
- 2002-08-29 12:00:00 1,813,632 -c----w C:\WINDOWS\$NtUninstallKB890859$\win32k.sys
- 2002-08-29 12:00:00 276,480 -c----w C:\WINDOWS\$NtUninstallKB890859$\winsrv.dll
- 2002-08-29 12:00:00 233,984 -c----w C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll
- 2002-08-29 12:00:00 10,752 -c----w C:\WINDOWS\$NtUninstallKB896358$\hh.exe
- 2002-08-29 12:00:00 37,888 -c----w C:\WINDOWS\$NtUninstallKB896358$\hhsetup.dll
- 2002-08-29 12:00:00 143,872 -c----w C:\WINDOWS\$NtUninstallKB896358$\itircl.dll
- 2002-08-29 12:00:00 122,368 -c----w C:\WINDOWS\$NtUninstallKB896358$\itss.dll
- 2002-08-29 12:00:00 51,200 -c----w C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
- 2005-03-02 01:34:32 1,797,120 -c----w C:\WINDOWS\$NtUninstallKB896424$\win32k.sys
- 2002-08-29 12:00:00 71,168 -c----w C:\WINDOWS\$NtUninstallKB896428$\telnet.exe
- 2002-08-29 12:00:00 272,896 -c----w C:\WINDOWS\$NtUninstallKB899587$\kerberos.dll
- 2002-08-29 12:00:00 115,976 -c----w C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys
- 2002-08-29 12:00:00 15,360 -c----w C:\WINDOWS\$NtUninstallKB900725$\linkinfo.dll
- 2005-08-31 17:49:30 409,088 -c----w C:\WINDOWS\$NtUninstallKB900725$\shlwapi.dll
- 2005-03-02 18:20:03 277,504 -c----w C:\WINDOWS\$NtUninstallKB900725$\winsrv.dll
- 2002-08-29 12:00:00 2,028,032 -c----w C:\WINDOWS\$NtUninstallKB901017$\cdosys.dll
- 2002-08-29 12:00:00 236,032 -c----w C:\WINDOWS\$NtUninstallKB901214$\icm32.dll
- 2002-08-29 12:00:00 68,096 -c----w C:\WINDOWS\$NtUninstallKB901214$\mscms.dll
- 2002-08-29 12:00:00 215,040 -c----w C:\WINDOWS\$NtUninstallKB902400$\catsrv.dll
- 2002-08-29 12:00:00 582,656 -c----w C:\WINDOWS\$NtUninstallKB902400$\catsrvut.dll
- 2002-08-29 12:00:00 100,864 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll
- 2002-08-29 12:00:00 468,480 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll
- 2002-08-29 12:00:00 56,832 -c----w C:\WINDOWS\$NtUninstallKB902400$\colbact.dll
- 2002-08-29 12:00:00 186,880 -c----w C:\WINDOWS\$NtUninstallKB902400$\comadmin.dll
- 2002-08-29 12:00:00 82,432 -c----w C:\WINDOWS\$NtUninstallKB902400$\comrepl.dll
- 2002-08-29 12:00:00 1,172,992 -c----w C:\WINDOWS\$NtUninstallKB902400$\comsvcs.dll
- 2002-08-29 12:00:00 495,616 -c----w C:\WINDOWS\$NtUninstallKB902400$\comuid.dll
- 2002-08-29 12:00:00 225,280 -c----w C:\WINDOWS\$NtUninstallKB902400$\es.dll
- 2002-08-29 12:00:00 1,169,920 -c----w C:\WINDOWS\$NtUninstallKB902400$\ole32.dll
- 2002-08-29 12:00:00 68,608 -c----w C:\WINDOWS\$NtUninstallKB902400$\olecli32.dll
- 2002-08-29 12:00:00 34,304 -c----w C:\WINDOWS\$NtUninstallKB902400$\olecnv32.dll
- 2002-08-29 12:00:00 260,608 -c----w C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
- 2002-08-29 12:00:00 90,624 -c----w C:\WINDOWS\$NtUninstallKB902400$\txflog.dll
- 2002-08-29 12:00:00 154,112 -c----w C:\WINDOWS\$NtUninstallKB905414$\netman.dll
- 2002-08-29 12:00:00 107,008 -c----w C:\WINDOWS\$NtUninstallKB905749$\umpnpmgr.dll
- 2002-08-29 12:00:00 79,360 -c----w C:\WINDOWS\$NtUninstallKB908519$\fontsub.dll
- 2002-08-29 12:00:00 198,656 -c----w C:\WINDOWS\$NtUninstallKB908519$\t2embed.dll
- 2002-08-29 12:00:00 8,336,384 -c----w C:\WINDOWS\$NtUninstallKB908531$\shell32.dll
- 2002-08-29 12:00:00 1,018,368 -c----w C:\WINDOWS\$NtUninstallKB910437$\esent.dll
- 2002-08-29 12:00:00 158,720 -c----w C:\WINDOWS\$NtUninstallKB911280$\rasmans.dll
- 2002-08-29 12:00:00 131,072 -c----w C:\WINDOWS\$NtUninstallKB911562$\msadco.dll
- 2002-08-29 12:00:00 61,952 -c----w C:\WINDOWS\$NtUninstallKB911927$\webclnt.dll
- 2002-08-29 12:00:00 250,368 -c----w C:\WINDOWS\$NtUninstallKB912919$\gdi32.dll
- 2002-08-29 12:00:00 359,936 -c----w C:\WINDOWS\$NtUninstallKB913580$\msdtcprx.dll
- 2002-08-29 12:00:00 869,376 -c----w C:\WINDOWS\$NtUninstallKB913580$\msdtctm.dll
- 2002-08-29 12:00:00 151,040 -c----w C:\WINDOWS\$NtUninstallKB913580$\msdtcuiu.dll
- 2002-08-29 12:00:00 61,440 -c----w C:\WINDOWS\$NtUninstallKB913580$\mtxclu.dll
- 2002-08-29 12:00:00 83,968 -c----w C:\WINDOWS\$NtUninstallKB913580$\mtxoci.dll
- 2002-08-29 12:00:00 9,728 -c----w C:\WINDOWS\$NtUninstallKB913580$\xolehlp.dll
- 2002-08-29 12:00:00 99,840 -c----w C:\WINDOWS\$NtUninstallKB914388$\dhcpcsvc.dll
- 2002-08-29 12:00:00 82,944 -c----w C:\WINDOWS\$NtUninstallKB914388$\iphlpapi.dll
- 2002-08-29 12:00:00 407,552 -c----w C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
- 2002-08-29 12:00:00 163,328 -c----w C:\WINDOWS\$NtUninstallKB914389$\rdbss.sys
- 2002-08-29 12:00:00 593,948 -c----w C:\WINDOWS\$NtUninstallKB917344$\jscript.dll
- 2002-08-29 12:00:00 930,304 -c----w C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
- 2002-08-29 12:00:00 332,928 -c----w C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
- 2002-08-29 12:00:00 200,064 -c----w C:\WINDOWS\$NtUninstallKB919007$\rmcast.sys
- 2002-08-29 12:00:00 77,850 -c----w C:\WINDOWS\$NtUninstallKB920670$\hlink.dll
- 2002-08-29 12:00:00 139,264 -c----w C:\WINDOWS\$NtUninstallKB920683$\dnsapi.dll
- 2002-08-29 12:00:00 6,144 -c----w C:\WINDOWS\$NtUninstallKB920683$\rasadhlp.dll
- 2002-08-29 12:00:00 64,512 -c----w C:\WINDOWS\$NtUninstallKB920685$\ciodm.dll
- 2002-08-29 12:00:00 1,349,120 -c----w C:\WINDOWS\$NtUninstallKB920685$\query.dll
- 2006-07-13 13:46:56 8,353,280 -c----w C:\WINDOWS\$NtUninstallKB921398$\shell32.dll
- 2002-08-29 12:00:00 309,248 -c----w C:\WINDOWS\$NtUninstallKB921883$\netapi32.dll
- 2006-05-19 12:15:32 95,232 -c----w C:\WINDOWS\$NtUninstallKB922819$\6to4svc.dll
- 2006-05-19 08:46:02 203,008 -c----w C:\WINDOWS\$NtUninstallKB922819$\tcpip6.sys
- 2002-08-29 12:00:00 557,056 -c----w C:\WINDOWS\$NtUninstallKB923191$\comctl32.dll
- 2002-08-29 12:00:00 330,368 -c----w C:\WINDOWS\$NtUninstallKB923414$\srv.sys
- 2002-08-29 12:00:00 1,122,304 -c----w C:\WINDOWS\$NtUninstallKB924191$\msxml3.dll
- 2006-05-26 14:40:58 1,339,904 -c----w C:\WINDOWS\$NtUninstallKB924496$\shdocvw.dll
- 2002-08-29 12:00:00 1,818,624 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2004-08-03 23:56:42 1,852,416 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2002-08-29 12:00:00 406,528 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2004-08-03 23:56:42 450,048 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2002-08-29 12:00:00 125,440 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2004-08-03 23:56:42 137,728 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2002-08-29 12:00:00 219,136 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2004-08-03 23:56:42 244,736 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2002-08-29 12:00:00 107,520 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2004-08-03 23:56:42 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2008-07-04 21:44:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 09:41:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-05-05 09:31:04 433,152 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
- 2005-03-02 00:36:43 1,900,032 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57:44 2,135,552 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 00:36:42 1,955,840 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:34:40 2,056,832 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:36:43 1,928,704 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34:42 2,015,232 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 01:33:36 2,040,832 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:59:53 2,179,328 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2002-08-29 12:00:00 1,004,032 ----a-w C:\WINDOWS\explorer.exe
+ 2004-08-03 23:56:50 1,032,192 ----a-w C:\WINDOWS\explorer.exe
- 2002-08-29 12:00:00 32,256 ----a-w C:\WINDOWS\Help\sniffpol.dll
+ 2004-08-03 23:56:46 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
- 2002-08-29 12:00:00 30,720 ----a-w C:\WINDOWS\Help\sstub.dll
+ 2004-08-03 23:56:46 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
- 2002-08-29 12:00:00 262,656 ----a-w C:\WINDOWS\Help\tshoot.dll
+ 2004-08-03 23:56:48 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
- 2005-05-25 22:44:31 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
- 2002-08-29 12:00:00 203,776 ----a-w C:\WINDOWS\ime\mscandui.dll
+ 2004-08-03 23:56:44 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2002-08-29 12:00:00 121,344 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2004-08-03 23:56:46 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
- 2002-08-29 12:00:00 62,464 ----a-w C:\WINDOWS\ime\SPGRMR.dll
+ 2004-08-03 23:56:30 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
- 2002-08-29 12:00:00 235,520 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2004-08-03 23:56:46 250,880 ----a-w C:\WINDOWS\ime\sptip.dll
- 2002-08-29 12:00:00 249,856 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2004-08-03 23:56:58 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2002-08-29 12:00:00 22,016 ----a-w C:\WINDOWS\msagent\agentanm.dll
+ 2004-08-03 23:56:42 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
- 2002-08-29 12:00:00 204,288 ----a-w C:\WINDOWS\msagent\agentctl.dll
+ 2004-08-03 23:56:42 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
- 2002-08-29 12:00:00 35,840 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2004-08-03 23:56:42 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2005-04-22 05:20:24 51,712 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2005-04-22 05:06:42 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2002-08-29 12:00:00 44,032 ----a-w C:\WINDOWS\msagent\agentmpx.dll
+ 2004-08-03 23:56:42 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
- 2002-08-29 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\agentpsh.dll
+ 2004-08-03 23:56:42 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
- 2002-08-29 12:00:00 39,936 ----a-w C:\WINDOWS\msagent\agentsr.dll
+ 2004-08-03 23:56:42 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
- 2002-08-29 12:00:00 235,008 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2004-08-03 23:56:48 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2002-08-29 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\agtintl.dll
+ 2004-08-03 23:56:42 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
- 2002-08-29 12:00:00 36,352 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2004-08-03 23:56:44 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
- 2002-08-29 12:00:00 66,048 ----a-w C:\WINDOWS\NOTEPAD.EXE
+ 2004-08-03 23:56:56 69,120 ----a-w C:\WINDOWS\notepad.exe
- 2002-08-29 12:00:00 742,400 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
+ 2004-08-03 23:56:50 768,512 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
- 2002-08-29 12:00:00 703,488 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
+ 2004-08-03 23:56:52 743,936 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
- 2002-08-29 12:00:00 8,704 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HscUpd.exe
+ 2004-08-03 23:56:52 18,944 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
- 2002-08-29 12:00:00 145,408 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
+ 2004-08-03 23:56:54 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
- 2002-08-29 12:00:00 348,160 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll
+ 2004-08-03 23:56:44 376,320 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll
- 2002-08-29 12:00:00 97,792 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchshell.dll
+ 2004-08-03 23:56:46 102,400 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchshell.dll
- 2002-08-29 12:00:00 29,696 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
+ 2004-08-03 23:56:46 38,912 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
- 2008-06-23 22:07:16 8,738 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
+ 2008-07-04 22:40:30 8,972 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
- 2008-06-23 22:07:15 70,691 ----a-w C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat
+ 2008-07-04 22:41:30 76,487 ----a-w C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat
- 2008-06-24 18:40:48 2,370 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
+ 2008-07-04 22:41:30 2,676 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
- 2002-08-29 12:00:00 138,752 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\UploadM.exe
+ 2004-08-03 23:56:58 150,528 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
+ 2004-08-03 23:56:46 151,552 ------w C:\WINDOWS\peernet\sqldb20.dll
+ 2004-08-03 23:56:46 462,848 ------w C:\WINDOWS\peernet\sqlqp20.dll
+ 2004-08-03 23:56:46 110,592 ------w C:\WINDOWS\peernet\sqlse20.dll
- 2002-08-29 12:00:00 134,144 ----a-w C:\WINDOWS\regedit.exe
+ 2004-08-03 23:56:56 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2004-08-03 22:10:08 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2004-08-03 22:00:04 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2004-08-03 22:10:12 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2004-08-03 23:56:42 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2004-08-03 21:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-03 21:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2004-08-03 23:56:48 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2004-08-03 23:56:42 1,852,416 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2004-08-03 23:56:42 450,048 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2004-08-03 23:56:42 137,728 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2004-08-03 23:56:42 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2004-08-03 22:07:38 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2004-08-03 23:56:42 244,736 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2004-08-03 23:56:42 194,048 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2004-08-03 23:56:48 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2004-08-03 23:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2004-08-03 23:56:42 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2004-08-03 23:56:42 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2004-08-03 23:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2004-08-03 21:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2004-08-03 23:56:42 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2004-08-03 23:56:42 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2004-08-03 23:56:42 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2004-08-03 23:56:42 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2004-08-03 23:56:42 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2004-08-03 23:56:42 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2004-08-03 23:56:42 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2004-08-03 23:56:42 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2004-08-03 23:56:42 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2004-08-03 23:56:42 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2004-08-03 23:56:42 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2004-08-03 23:56:42 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2004-08-03 23:56:42 616,960 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2004-08-03 23:56:42 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2004-08-03 21:39:38 142,464 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2004-08-03 22:14:16 138,496 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2004-08-03 23:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2004-08-03 23:56:42 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2004-08-03 23:56:42 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2004-08-03 23:56:42 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2004-08-03 23:56:42 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2004-08-03 23:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2004-08-03 23:56:42 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2004-08-03 23:56:48 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2004-08-03 22:07:42 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2004-08-03 22:07:44 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2004-08-03 23:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2004-08-03 23:56:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2004-08-03 23:56:48 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2004-08-03 22:07:42 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2004-08-03 23:56:42 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2004-08-03 22:07:44 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2004-08-03 21:59:20 36,992 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2004-08-03 21:59:22 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2004-08-03 23:56:42 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2004-08-03 21:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2004-08-03 23:56:42 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2004-08-03 23:56:42 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2004-08-03 21:58:30 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2004-08-03 23:56:00 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\asferror.dll
+ 2004-08-03 23:56:42 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2004-08-03 22:05:04 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2004-08-03 23:56:48 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2004-08-03 21:59:44 95,360 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2004-08-03 21:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-03 21:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-03 21:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-03 21:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-03 21:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-03 21:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-03 21:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-03 21:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-03 21:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-03 21:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2004-08-03 23:56:42 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2004-08-03 23:56:42 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2004-08-03 23:56:42 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-03 21:29:28 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-03 21:29:28 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2004-08-03 23:56:42 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2004-08-03 23:56:42 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2004-08-03 23:56:42 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-03 21:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-03 21:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-03 21:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-03 21:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-03 21:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-03 21:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-03 21:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-03 21:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-03 21:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-03 21:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2004-08-03 23:56:42 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2004-08-03 23:56:42 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2004-08-03 23:56:42 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2004-08-03 23:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2004-08-03 21:58:32 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2004-08-03 23:56:00 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2004-08-03 21:58:36 55,936 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2004-08-03 23:56:42 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2004-08-03 23:56:42 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2004-08-03 23:56:42 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2004-08-03 23:56:42 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2004-08-03 23:56:42 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2004-08-03 23:56:42 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2004-08-03 23:56:42 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2004-08-03 23:56:48 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2004-08-03 23:56:42 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2004-08-03 23:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2004-08-03 23:56:42 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2004-08-03 23:56:48 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2004-08-03 23:56:48 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2004-08-03 23:56:48 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2004-08-03 23:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2004-08-03 22:10:12 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2004-08-03 22:10:00 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2004-08-03 23:56:42 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2004-08-03 23:56:42 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2004-08-03 23:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2004-08-03 23:56:42 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2004-08-03 22:10:14 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2004-08-03 23:56:42 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2004-08-03 23:56:42 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2004-08-03 23:56:42 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2004-08-03 23:56:42 286,208 ------w C:\WINDOWS\ServicePackFiles\i386\blackbox.dll
+ 2004-08-03 23:56:48 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2004-08-03 21:59:58 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2004-08-03 23:56:00 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2004-08-03 23:56:42 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2004-08-03 23:56:42 1,016,832 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2004-08-03 23:56:42 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2004-08-03 23:56:42 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2004-08-03 22:10:40 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2004-08-03 22:10:40 38,016 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2004-08-03 21:58:40 100,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2004-08-03 22:10:38 274,304 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2004-08-03 22:10:38 35,456 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2004-08-03 23:56:42 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2004-08-03 22:10:36 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2004-08-03 23:56:42 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2004-08-03 23:56:42 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2004-08-03 23:56:42 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2004-08-03 23:56:42 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2004-08-03 23:56:42 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2004-08-03 23:56:42 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2004-08-03 23:56:42 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2004-08-03 23:56:42 628,224 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2004-08-03 22:10:18 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2004-08-03 22:14:12 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2004-08-03 23:56:42 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
+ 2004-08-03 23:56:42 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2004-08-03 23:56:42 2,067,968 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
+ 2004-08-03 21:59:54 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2004-08-03 23:56:42 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2004-08-03 23:56:42 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
+ 2004-08-03 23:56:42 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\cewmdm.dll
+ 2004-08-03 23:56:42 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2004-08-03 23:56:02 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
+ 2004-08-03 23:56:48 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2004-08-03 23:56:42 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
+ 2004-08-03 22:00:14 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
+ 2004-08-03 23:56:42 1,352,192 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2004-08-03 23:56:42 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2004-08-03 23:56:48 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
+ 2004-08-03 22:14:28 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2004-08-03 23:56:42 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
+ 2004-08-03 23:56:42 501,248 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
+ 2004-08-03 23:56:48 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2004-08-03 23:56:42 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
+ 2004-08-03 23:56:48 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
+ 2004-08-03 23:56:48 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2004-08-03 23:56:48 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
+ 2004-08-03 23:56:42 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2004-08-03 22:07:40 14,080 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2004-08-03 23:56:42 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll
+ 2004-08-03 23:56:50 388,608 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2004-08-03 23:56:42 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2004-08-03 23:56:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2004-08-03 23:56:50 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
+ 2004-08-03 23:56:42 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll
+ 2004-08-03 23:56:42 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll
+ 2004-08-03 23:56:50 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
+ 2004-08-03 23:56:42 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll
+ 2004-08-03 23:56:42 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll
+ 2004-08-03 23:56:42 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll
+ 2004-08-03 23:56:42 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll
+ 2004-08-03 23:56:42 195,584 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2004-08-03 23:56:42 611,328 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2004-08-03 23:56:42 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2004-08-03 23:56:42 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2004-08-03 23:56:42 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll
+ 2004-08-03 23:56:50 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
+ 2004-08-03 23:56:42 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll
+ 2004-08-03 23:56:42 1,251,840 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2004-08-03 23:56:42 540,160 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll
+ 2004-08-03 23:56:50 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2004-08-03 23:56:42 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll
+ 2004-08-03 23:56:50 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2004-08-03 23:56:42 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll
+ 2004-08-03 23:56:42 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2004-08-03 21:59:22 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2004-08-03 23:56:42 597,504 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2004-08-03 23:56:42 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2004-08-03 23:56:42 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll
+ 2004-08-03 23:56:42 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll
+ 2004-08-03 23:56:42 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll
+ 2004-08-03 23:56:42 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2004-08-03 23:56:42 512,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2004-08-03 23:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll
+ 2004-08-03 23:56:50 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
+ 2004-08-03 23:56:42 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2004-08-03 23:56:42 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2004-08-03 23:56:50 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe
+ 2004-08-03 23:56:50 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2004-08-03 23:56:42 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll
+ 2004-08-03 23:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll
+ 2004-08-03 21:32:26 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys
+ 2004-08-03 23:56:42 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2004-08-03 23:56:42 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll
+ 2004-08-03 23:56:42 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
+ 2004-08-03 23:56:42 825,344 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll
+ 2004-08-03 23:56:42 1,053,696 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2004-08-03 23:56:44 561,179 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll
+ 2004-08-03 23:56:44 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll
+ 2004-08-03 23:56:44 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll
+ 2004-08-03 23:56:44 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2004-08-03 23:56:44 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2004-08-03 23:56:44 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2004-08-03 23:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2004-08-04 00:07:22 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-03 23:56:44 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2004-08-03 23:56:44 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll
+ 2004-08-03 23:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
+ 2004-08-03 23:56:44 266,240 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2004-08-03 23:56:44 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll
+ 2004-08-03 23:56:50 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2004-08-03 23:56:44 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll
+ 2004-08-03 23:56:44 282,624 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2004-08-03 23:56:50 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2004-08-03 23:56:50 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2004-08-03 23:56:44 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll
+ 2004-08-03 23:56:44 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll
+ 2004-08-03 23:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll
+ 2004-08-03 23:56:44 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll
+ 2004-08-03 23:56:44 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
+ 2004-08-03 23:56:50 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe
+ 2004-08-03 23:56:50 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe
+ 2004-08-03 23:56:44 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll
+ 2004-08-03 23:56:44 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll
+ 2004-08-03 23:56:44 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll
+ 2004-08-03 23:56:44 81,408 ------w C:\WINDOWS\ServicePackFiles\i386\directdb.dll
+ 2004-08-03 21:59:56 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys
+ 2004-08-03 21:59:54 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys
+ 2004-08-03 23:56:50 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe
+ 2004-08-03 23:56:50 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe
+ 2004-08-03 23:56:50 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
+ 2004-08-03 22:00:06 8,320 ------w C:\WINDOWS\ServicePackFiles\i386\dlttape.sys
+ 2004-08-03 23:56:50 224,768 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
+ 2004-08-03 23:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll
+ 2004-08-03 22:07:18 799,744 ------w C:\WINDOWS\ServicePackFiles\i386\dmboot.sys
+ 2004-08-03 23:56:44 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll
+ 2004-08-03 23:56:44 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\dmdskmgr.dll
+ 2004-08-03 23:56:44 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll
+ 2004-08-03 22:07:18 153,344 ------w C:\WINDOWS\ServicePackFiles\i386\dmio.sys
+ 2004-08-03 23:56:44 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll
+ 2004-08-03 23:56:50 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe
+ 2004-08-03 23:56:44 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll
+ 2004-08-03 23:56:44 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dmserver.dll
+ 2004-08-03 23:56:44 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll
+ 2004-08-03 23:56:44 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dmsynth.dll
+ 2004-08-03 23:56:44 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll
+ 2004-08-03 22:07:40 52,864 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.sys
+ 2004-08-03 23:56:44 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\dmutil.dll
+ 2004-08-03 23:56:44 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll
+ 2004-08-03 23:56:44 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
+ 2004-08-03 23:56:44 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll
+ 2004-08-03 21:51:22 53,840 ------w C:\WINDOWS\ServicePackFiles\i386\dosx.exe
+ 2004-08-03 21:58:30 207,360 ------w C:\WINDOWS\ServicePackFiles\i386\dot4.sys
+ 2004-08-03 22:13:54 97,280 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll
+ 2004-08-03 23:56:50 30,208 ------w C:\WI

hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:42:41, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\IoctlSvc.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [b8961c9c] rundll32.exe "C:\WINDOWS\System32\qrtnsgay.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {535AC98D-C942-4C87-9275-09C9C43EF2C1} (xpreload.xpreloader) - ms-its:mhtml:file://c:\\nores.mht!http://adxbnet.net/c...::/xpreload.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse...zylomplayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\System32\IoctlSvc.exe

--
End of file - 5426 bytes
You will notice that I have changed anti virus prog
pete

Hi pete

Your como fix was cut off, The ((((((((((((((((((((((((((((( snapshot_2008-07-04_22.46.49.35 ))))))))))))))))))))))))))))))))))))))))) section was really long, no big deal but you will need to post it in 2 post if it is that long again

Open notepad and copy/paste the text in RED below into it:



File::
C:\WINDOWS\002293_.tmp
C:\WINDOWS\system32\{bba700a2-4cf8-9bf2-d082-ea5f163dc33c}.dll-uninst.exe
C:\Documents and Settings\Peter Brown\winlogon.exe
C:\WINDOWS\system32\modtrux18
Folder::
C:\Temp



Save this as CFScript.txt, in the same location as ComboFix.exe (desktop)




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

File::
C:\WINDOWS\002293_.tmp
C:\WINDOWS\system32\{bba700a2-4cf8-9bf2-d082-ea5f163dc33c}.dll-uninst.exe
C:\Documents and Settings\Peter Brown\winlogon.exe
C:\WINDOWS\system32\modtrux18
Folder::
C:\Temp

part 1

ComboFix 08-07-02.5 - Peter Brown 2008-07-06 23:19:02.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.620 [GMT 1:00]
Running from: C:\Documents and Settings\Peter Brown\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Peter Brown\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Peter Brown\winlogon.exe
C:\WINDOWS\002293_.tmp
C:\WINDOWS\system32\{bba700a2-4cf8-9bf2-d082-ea5f163dc33c}.dll-uninst.exe
C:\WINDOWS\system32\modtrux18
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Peter Brown\winlogon.exe
C:\Temp
C:\Temp\syschk3\tdirp5.log
C:\WINDOWS\002293_.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-06 11:24 . 2008-07-06 11:24 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-06 11:22 . 2008-06-13 14:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-06 11:21 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-05 00:03 . 2008-07-06 21:35 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-05 00:01 . 2008-07-06 10:45 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-05 00:01 . 2008-07-06 10:44 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-05 00:00 . 2008-07-06 10:50 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-05 00:00 . 2008-07-05 00:00 <DIR> d-------- C:\Program Files\AVG
2008-07-05 00:00 . 2008-07-05 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-05 00:00 . 2008-07-06 10:44 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 23:39 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-04 23:37 . 2008-07-04 23:37 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-04 23:33 . 2008-07-04 23:33 <DIR> d-------- C:\WINDOWS\EHome
2008-07-04 00:09 . 2008-07-04 00:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 22:46 . 2008-07-02 22:46 <DIR> d-------- C:\WINDOWS\system32\xp3
2008-07-02 22:24 . 2008-07-02 22:34 88 --a------ C:\WINDOWS\MVPSPADE.INI
2008-07-01 23:44 . 2008-07-01 23:45 <DIR> d-------- C:\Program Files\WhatsRunning
2008-07-01 20:30 . 2008-07-01 20:34 <DIR> d-------- C:\Program Files\Cosmi
2008-07-01 20:30 . 1993-06-30 13:02 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2008-07-01 20:30 . 1998-06-24 00:00 244,024 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX
2008-07-01 20:30 . 1996-05-07 19:59 47,104 --a------ C:\WINDOWS\system32\D2HTLS32.DLL
2008-07-01 20:30 . 1993-04-28 00:00 44,656 --a------ C:\WINDOWS\system32\GRID.VBX
2008-07-01 20:30 . 1994-08-10 03:56 44,464 --a------ C:\WINDOWS\system32\D2HTOOLS.DLL
2008-07-01 20:30 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5STKIT.DLL
2008-07-01 20:30 . 1993-04-28 00:00 18,688 --a------ C:\WINDOWS\system32\CMDIALOG.VBX
2008-07-01 20:29 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-01 20:28 . 2008-07-01 20:28 <DIR> d-------- C:\Documents and Settings\Peter Brown\WINDOWS
2008-07-01 09:57 . 2008-07-01 09:57 <DIR> d-------- C:\Program Files\Nero
2008-07-01 00:16 . 2008-07-01 00:35 <DIR> d-------- C:\Program Files\Motive
2008-07-01 00:16 . 2008-07-01 00:43 <DIR> d-------- C:\Program Files\BT Broadband Desktop Help
2008-07-01 00:14 . 2008-07-01 00:14 27 --a------ C:\MCCEmbInstall.ini
2008-06-30 22:45 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-30 22:45 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-30 22:26 . 2008-06-30 22:26 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-30 20:33 . 2008-07-05 09:13 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-06-30 14:22 . 2008-06-30 14:22 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\Nero
2008-06-30 14:18 . 2008-07-01 10:06 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-30 14:18 . 2008-07-01 09:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-30 11:31 . 2008-06-30 11:31 305,152 --a------ C:\windiag.iso
2008-06-29 22:42 . 2008-07-03 09:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-29 22:41 . 2008-06-29 22:42 <DIR> d-------- C:\Program Files\Security Task Manager
2008-06-28 22:56 . 2008-06-28 22:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-28 00:18 . 2008-06-28 00:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-27 15:36 . 2008-06-27 15:36 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\ATI
2008-06-27 11:39 . 2008-06-27 13:02 <DIR> d-------- C:\Program Files\Uniblue
2008-06-27 11:23 . 2008-06-27 13:22 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\Uniblue
2008-06-27 02:40 . 2008-06-27 02:40 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-06-27 02:32 . 2008-07-04 23:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-27 02:31 . 2008-06-27 02:32 <DIR> d-------- C:\Program Files\Winamp
2008-06-27 02:31 . 2008-06-27 02:36 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\Winamp
2008-06-27 00:57 . 2008-06-27 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-06-26 22:51 . 2008-06-27 15:30 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-26 22:51 . 2006-05-03 11:57 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-06-26 22:50 . 2008-06-26 22:50 <DIR> d-------- C:\ATI
2008-06-26 22:33 . 2004-08-04 00:56 1,057,760 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2008-06-26 22:33 . 2004-08-04 00:56 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-06-26 17:57 . 2008-06-26 17:57 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-06-25 22:03 . 2008-06-25 22:03 <DIR> d-------- C:\WINDOWS\Super Jigsaws
2008-06-25 22:03 . 2008-06-25 22:03 <DIR> d-------- C:\Program Files\Super Jigsaws
2008-06-25 07:06 . 2008-06-30 20:12 <DIR> d-------- C:\Program Files\GameHouse
2008-06-25 00:50 . 2003-02-28 18:26 404,752 --a------ C:\WINDOWS\system32\javart.dll
2008-06-25 00:50 . 2003-02-28 18:26 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2008-06-25 00:50 . 2003-02-28 18:26 172,304 --a------ C:\WINDOWS\system32\jview.exe
2008-06-25 00:50 . 2003-02-28 18:26 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2008-06-25 00:50 . 2003-02-28 18:26 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2008-06-25 00:50 . 2003-02-28 18:26 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2008-06-25 00:50 . 2003-02-28 18:26 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2008-06-25 00:14 . 2005-10-20 23:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-25 00:03 . 2008-07-05 10:18 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\OpenOffice.org2
2008-06-24 23:59 . 2008-06-24 23:59 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-24 23:58 . 2008-07-06 11:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-24 23:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-24 23:36 . 2004-08-04 00:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-24 23:36 . 2004-08-04 00:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-06-24 23:36 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-06-24 23:36 . 2004-08-04 00:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-06-24 23:25 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-06-24 23:25 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-06-24 23:25 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-06-24 23:25 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-06-24 23:25 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-06-24 23:25 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-06-24 23:25 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-06-24 21:19 . 2008-07-04 11:34 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-24 20:16 . 2008-07-04 11:26 <DIR> d-------- C:\WINDOWS\nview
2008-06-24 20:15 . 2008-06-24 20:15 <DIR> d-------- C:\NVIDIA
2008-06-24 19:59 . 2008-06-24 19:59 <DIR> d-------- C:\WINDOWS\Sun
2008-06-24 19:56 . 2008-06-24 19:56 <DIR> d-------- C:\WUTemp
2008-06-24 19:56 . 2008-06-24 19:56 <DIR> d-------- C:\Program Files\Ligos
2008-06-24 19:56 . 2004-08-04 00:56 848,384 --a------ C:\WINDOWS\system32\ir41_32.ax
2008-06-24 19:56 . 2002-10-23 16:56 746,496 --a------ C:\WINDOWS\system32\ir50_32.dll
2008-06-24 19:56 . 2000-06-23 14:06 192,000 --a------ C:\WINDOWS\system32\iac25_32.ax
2008-06-24 19:56 . 2004-08-03 14:04 185,624 --a------ C:\WINDOWS\system32\iuengine.dll
2008-06-24 19:56 . 2004-08-03 14:04 185,624 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-06-24 19:56 . 2000-06-22 18:11 145,408 --a------ C:\WINDOWS\system32\Ivfsrc.ax
2008-06-24 19:56 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2008-06-24 19:56 . 2000-06-22 13:09 56,320 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2008-06-24 19:55 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-24 19:50 . 2008-06-24 21:28 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-24 19:36 . 2008-06-24 19:37 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-06-24 19:36 . 2008-06-24 19:36 <DIR> d-------- C:\WINDOWS\Logs
2008-06-24 19:26 . 2008-06-24 19:26 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\Sierra
2008-06-24 19:26 . 2008-06-24 19:26 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-24 19:24 . 2008-07-04 11:42 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-24 19:00 . 2008-06-24 19:00 <DIR> d-------- C:\Program Files\Sierra
2008-06-24 19:00 . 2008-06-26 22:51 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 18:57 . 2008-06-26 22:52 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-24 02:15 . 2008-07-01 00:49 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\Motive
2008-06-24 01:33 . 2008-06-24 01:33 <DIR> d-------- C:\Program Files\uTorrent
2008-06-24 01:33 . 2008-07-06 23:19 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\uTorrent
2008-06-24 01:07 . 2008-06-24 01:07 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-24 01:01 . 2008-06-24 01:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-24 00:46 . 2008-07-02 22:58 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\LimeWire
2008-06-24 00:44 . 2008-06-24 01:07 <DIR> d-------- C:\Program Files\Java
2008-06-24 00:44 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-24 00:43 . 2008-06-24 00:43 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-24 00:42 . 2008-07-02 22:54 <DIR> d-------- C:\Program Files\LimeWire
2008-06-24 00:35 . 2008-06-24 00:35 <DIR> d-------- C:\Program Files\DNA
2008-06-24 00:35 . 2008-07-02 00:36 <DIR> d-------- C:\Documents and Settings\Peter Brown\Application Data\DNA
2008-06-24 00:18 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2008-06-24 00:18 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2008-06-24 00:18 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2008-06-24 00:01 . 2008-06-28 00:34 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-24 00:01 . 2008-06-28 00:34 <DIR> d-------- C:\Docu

part 2 inc last line of previous

2008-06-24 00:01 . 2008-06-28 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 23:08 --------- d-----w C:\Program Files\Common Files\Motive
2008-06-30 23:00 --------- d-----w C:\Program Files\BT Home Hub
2008-06-27 23:27 --------- d-----w C:\Program Files\Yahoo!
2008-06-26 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-24 23:59 --------- d-----w C:\Documents and Settings\Peter Brown\Application Data\Yahoo!
2008-06-23 23:33 --------- d-----w C:\Documents and Settings\Peter Brown\Application Data\ErrorSmart
2008-06-23 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-23 22:52 --------- d-----w C:\Program Files\Lavasoft
2008-06-23 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 22:32 --------- d-----w C:\Program Files\BT Broadband Talk Softphone
2008-06-23 22:30 --------- d-----w C:\Program Files\btbb_wcm
2008-06-23 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-06-23 22:07 558,142 ----a-w C:\WINDOWS\java\Packages\43LBVRRL.ZIP
2008-06-23 22:07 155,995 ----a-w C:\WINDOWS\java\Packages\1BXBBXJ7.ZIP
2008-06-23 22:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 13:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 13:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 13:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 13:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 13:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 13:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 13:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-16 10:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 04:46 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-12-07 07:59 935936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"b8961c9c"="C:\WINDOWS\System32\qrtnsgay.dll" [BU]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 10:45 1232152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-06 10:44]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 10:44]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 10:45]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 10:45]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-06 02:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-06-27 10:39:11 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-27 10:23:39 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-27 12:25:40 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 23:20:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-06 23:20:53
ComboFix-quarantined-files.txt 2008-07-06 22:20:44
ComboFix2.txt 2008-07-06 20:53:29
ComboFix3.txt 2008-07-06 20:39:47
ComboFix4.txt 2008-07-05 09:44:20
ComboFix5.txt 2008-07-04 21:47:29

Pre-Run: 230,168,481,792 bytes free
Post-Run: 230,160,408,576 bytes free

234 --- E O F --- 2008-07-06 11:08:00