Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AntiSpy Spider [RESOLVED]

Started by craig66 , May 03 2008 12:39 PM

  • This topic is locked This topic is locked

#1
craig66
Posted 03 May 2008 - 12:39 PM

craig66

    Member

  • Member
  • PipPip
  • 64 posts
Problems started last weekend.

I had no access to task manager or regedit and anytime I tried to get to any help forum or anti virus web site I was redirected. (Mostl redirected to Antispy Spider website trying to get me to purchase their product but sometimes to other websites too) I was getting lots of baloons and popups that were telling me I was infected and click to correct. Desktop was changed to a red screen saying something about being infected and click here to correct. Home page was changed.

I researched your website using another computer.

I attempted to do the steps on your site under "You must read this before posting a hijackthis log, Malware Cleaning Guide" but couldn't do them all.

I started in safe mode with networking enabled and still could not download atf cleaner. I was still getting continuous baloons opening. It allowed me to download and run Malwarebytes Anti-Malware still in safe mode. I let it remove everything and saved the log and it is posted below.

I then rebooted in normal mode ran Malwarebytes Anti-Malware program immediately again, let it remove everything and saved the log posted below.

Now it let me download and run ATF cleaner.

I neglected to ever create a restore pont. (oops)

I was then able to download superantispyware and run it. I saved the log and it is posted below

I then downloaded Panda Activescan and ran it. Did not remove anything but log is posted below.

I already had AVG though not sure it works properly. Did nothing with this.

On reboot I was able to change my desktop background and now have access to regedit but still have no access to Task Manager (ctrl-alt-del does not work, right clicking the task bar does not work, Start-Run-tskmngr does not work) Task manager has been disabled by your system administrator.

Already have SP2 and automatic updates are on but I had a message that updates were ready to install so I installed and now have IE v 7.

I would like to get access to task manager and clean up anything else that is here.

Sorry about the long post but trying to give you all the info.

Thanks in advance
Craig


Malwarebytes' Anti-Malware 1.11
Database version: 699

Scan type: Quick Scan
Objects scanned: 34169
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 37
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 5
Files Infected: 73

Memory Processes Infected:
c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\hgGARLCu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifcBsrp.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46e71883-3123-43df-b148-34494ac29226} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{46e71883-3123-43df-b148-34494ac29226} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5aa3ed8-803d-8cb1-1195-d18f7355729e} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5aa3ed8-803d-8cb1-1195-d18f7355729e} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcbsrp (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebProxy (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM9bc04e15 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\wmsdkns.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggarlcu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggarlcu -> Delete on reboot.

Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacki\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\chcqbloh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\holbqchc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGARLCu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uCLRAGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uCLRAGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sockins32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xeyfmgz.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\lfn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu72.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\winself.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\9D.tmp (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\A0.tmp (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacki\Local Settings\Temp\7run01.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacki\Local Settings\Temp\bbbnew.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacki\Local Settings\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacki\Local Settings\Temp\syswcc32.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacki\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacki\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\BSZIP.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\AB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\AC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dyaghacv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcBsrp.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacki\Local Settings\Temp\ie.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacki\Local Settings\Temp\ismtpa15.exe (Adware.ISM) -> Quarantined and deleted successfully.





Malwarebytes' Anti-Malware 1.11
Database version: 699

Scan type: Quick Scan
Objects scanned: 34821
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 10
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\hgGARLCu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifcBsrp.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60293fe1-efa6-4ea8-ac94-82cc4e07d765} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60293fe1-efa6-4ea8-ac94-82cc4e07d765} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{12da1bc4-5384-42fd-a119-3c99d2d146a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcbsrp (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Installer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\hgGARLCu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uCLRAGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uCLRAGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdosys.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\iifcBsrp.dll (Trojan.Vundo) -> Delete on reboot.





SUPERAntiSpyware Scan Log
Generated 04/30/2008 at 09:35 PM

Application Version : 3.6.1000

Core Rules Database Version : 3451
Trace Rules Database Version: 1443

Scan type : Complete Scan
Total Scan Time : 00:38:25

Memory items scanned : 439
Memory threats detected : 2
Registry items scanned : 5299
Registry threats detected : 2
File items scanned : 48985
File threats detected : 25

Adware.ClickSpring
C:\PROGRA~1\COMMON~1\DOBE~1\FAST.EXE
C:\PROGRA~1\COMMON~1\DOBE~1\FAST.EXE
[Sen] C:\PROGRA~1\COMMON~1\DOBE~1\FAST.EXE
C:\PROGRAM FILES\COMMON FILES\DOBE~1\FAST.EXE

Adware.ClickSpring/Resident
C:\WINDOWS\system32\PPPATC~1\WACLT~1.EXE
C:\WINDOWS\system32\PPPATC~1\WACLT~1.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Jacki\Cookies\jacki@apmebf[1].txt
C:\Documents and Settings\Jacki\Cookies\jacki@findwhat[1].txt
C:\Documents and Settings\Jacki\Cookies\jacki@atdmt[2].txt
C:\Documents and Settings\Jacki\Cookies\[email protected][1].txt
C:\Documents and Settings\Jacki\Cookies\jacki@doubleclick[2].txt
C:\Documents and Settings\Jacki\Cookies\[email protected][2].txt
C:\Documents and Settings\Jacki\Cookies\jacki@adbrite[1].txt
C:\Documents and Settings\Jacki\Cookies\[email protected][1].txt
C:\Documents and Settings\Jacki\Cookies\jacki@casalemedia[2].txt
C:\Documents and Settings\Jacki\Cookies\[email protected][2].txt
C:\Documents and Settings\Jacki\Cookies\jacki@advertising[1].txt
C:\Documents and Settings\Jacki\Cookies\[email protected][2].txt
C:\Documents and Settings\Jacki\Cookies\jacki@fastclick[1].txt

Adware.WebHancer
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#webHancer Agent [ C:\Program Files\webHancer\Programs\whagent.exe ]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP722\A0017039.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP722\A0017040.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP722\A0017042.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP722\A0017043.EXE

Adware.ClickSpring/Outer Info Network
C:\DOCUMENTS AND SETTINGS\JACKI\DESKTOP\OIUNINSTALLER.EXE

Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR

Adware.AdSponsor/ISM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0016609.EXE

Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP723\A0019065.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP723\A0019074.EXE




;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-30 22:16:11
PROTECTIONS: 1
MALWARE: 21
SUSPECTS: 10
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00041487 adware/webhancer Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}
00048239 adware/adlogix Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FA6752A-C4A0-4222-88C2-928AE5AB4966}
00096188 spyware/searchcentrix Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5B2F29-1F46-4639-A6B4-828942301D3E}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651C7C-E812-44A2-A9AC-B467A2233E7D}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{622CC208-B014-4FE0-801B-874A5E5E403A}
00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965A592F-8EFA-4250-8630-7960230792F1}
00217430 adware/surfassistant Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dafd089-24b1-4c5e-bd42-8ca72550717b}
00335980 Application/MyWay HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP722\A0017023.rbf
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Jacki\Desktop\Hosts\ComboFix.exe[nircmd.exe]
02372050 Trj/Downloader.PLQ Virus/Trojan No 0 Yes No C:\AA.tmp
02749309 Adware/PurityScan Adware No 0 No No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP726\A0019213.exe[WSu.exe]
02766669 Adware/PurityScan Adware No 0 No No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP726\A0019213.exe[UE.exe]
02888175 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP722\A0017045.dll
02891362 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP722\A0017044.exe
02913310 Trj/BHO.AT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP723\A0019064.dll
02913338 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP723\A0019075.exe
02913339 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0016611.exe
02913340 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0016607.exe
02913340 Adware/InternetSpeedMonitor Adware No 0 No No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP723\A0019075.exe[ism.exe]
02913341 Adware/InternetSpeedMonitor Adware No 0 No No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP723\A0019075.exe[QdrModule15.exe]
02915182 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP726\A0019211.exe
02936016 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP723\A0019067.exe
02936725 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\kwbjexym.dll
02936725 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\hhirdgnh.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\i386\clb.dll
No C:\i386\clbcatex.dll
No C:\i386\clbcatq.dll
No C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
No C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
No C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll
No C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll
No C:\WINDOWS\system32\clb.dll
No C:\WINDOWS\system32\clbcatex.dll
No C:\WINDOWS\system32\drivers\clbdriver.sys
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:44 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jacki\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {f67fa50d-a6c6-24f8-c714-0741eb3eead1} - {1daee3be-1470-417c-8f42-6c6ad05af76f} - C:\WINDOWS\system32\auxsnixl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKCU\..\Run: [Xoql] C:\WINDOWS\system32\?ppPatch\w?aclt.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: Dirabv32 - {00A768EF-9848-4CA3-AD52-62A3F3363FF0} - C:\WINDOWS\system32\macemdrv.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6188 bytes
  • 0

Advertisements

#2
greyknight17
Posted 03 May 2008 - 02:28 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
O2 - BHO: {f67fa50d-a6c6-24f8-c714-0741eb3eead1} - {1daee3be-1470-417c-8f42-6c6ad05af76f} - C:\WINDOWS\system32\auxsnixl.dll
O4 - HKCU\..\Run: [Xoql] C:\WINDOWS\system32\?ppPatch\w?aclt.exe
O21 - SSODL: Dirabv32 - {00A768EF-9848-4CA3-AD52-62A3F3363FF0} - C:\WINDOWS\system32\macemdrv.dll

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FA6752A-C4A0-4222-88C2-928AE5AB4966}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5B2F29-1F46-4639-A6B4-828942301D3E}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651C7C-E812-44A2-A9AC-B467A2233E7D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{622CC208-B014-4FE0-801B-874A5E5E403A}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965A592F-8EFA-4250-8630-7960230792F1}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dafd089-24b1-4c5e-bd42-8ca72550717b}
C:\AA.tmp
C:\WINDOWS\system32\kwbjexym.dll
C:\WINDOWS\system32\hhirdgnh.dll
c:\windows\homepage.html
C:\WINDOWS\system32\?ppPatch /u
C:\WINDOWS\system32\macemdrv.dll

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
craig66
Posted 04 May 2008 - 08:11 AM

craig66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Just so you know the first link to the combofix.exe downloaded a file that would not run.
You didn't say to post the hijackthis log here but I did just in case.
Task manager is back on the task bar and ctrl-alt-del works.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:26 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Jacki\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greenhills.or...?sectionid=8569
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {f67fa50d-a6c6-24f8-c714-0741eb3eead1} - {1daee3be-1470-417c-8f42-6c6ad05af76f} - C:\WINDOWS\system32\auxsnixl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKCU\..\Run: [Xoql] C:\WINDOWS\system32\?ppPatch\w?aclt.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: Dirabv32 - {00A768EF-9848-4CA3-AD52-62A3F3363FF0} - C:\WINDOWS\system32\macemdrv.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6350 bytes





< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FA6752A-C4A0-4222-88C2-928AE5AB4966} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FA6752A-C4A0-4222-88C2-928AE5AB4966}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5B2F29-1F46-4639-A6B4-828942301D3E} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5B2F29-1F46-4639-A6B4-828942301D3E}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651C7C-E812-44A2-A9AC-B467A2233E7D} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651C7C-E812-44A2-A9AC-B467A2233E7D}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{622CC208-B014-4FE0-801B-874A5E5E403A} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{622CC208-B014-4FE0-801B-874A5E5E403A}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965A592F-8EFA-4250-8630-7960230792F1} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965A592F-8EFA-4250-8630-7960230792F1}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dafd089-24b1-4c5e-bd42-8ca72550717b} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dafd089-24b1-4c5e-bd42-8ca72550717b}\\ deleted successfully.
C:\AA.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kwbjexym.dll
C:\WINDOWS\system32\kwbjexym.dll NOT unregistered.
C:\WINDOWS\system32\kwbjexym.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hhirdgnh.dll
C:\WINDOWS\system32\hhirdgnh.dll NOT unregistered.
C:\WINDOWS\system32\hhirdgnh.dll moved successfully.
File/Folder c:\windows\homepage.html not found.
< C:\WINDOWS\system32\?ppPatch /u >
C:\WINDOWS\system32\АppPatch moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\macemdrv.dll
C:\WINDOWS\system32\macemdrv.dll NOT unregistered.
C:\WINDOWS\system32\macemdrv.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05042008_094838





ComboFix 08-05-01.3 - Jacki 2008-05-04 9:54:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.683 [GMT -4:00]
Running from: C:\Documents and Settings\Jacki\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\dobe~1\?dobe\
C:\WINDOWS\default.htm
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dasuoida.ini
C:\WINDOWS\system32\oixavnin.ini
C:\WINDOWS\system32\xvriirut.dll
C:\WINDOWS\wintst32.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4


((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-04 09:48 . 2008-05-04 09:48 <DIR> d-------- C:\_OTMoveIt
2008-05-03 14:00 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-03 14:00 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-03 14:00 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-03 14:00 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-03 14:00 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-03 14:00 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-03 14:00 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-03 14:00 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-03 14:00 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-30 21:46 . 2008-04-30 21:46 <DIR> d-------- C:\Program Files\Panda Security
2008-04-30 20:53 . 2008-05-03 14:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 20:53 . 2008-04-30 20:53 <DIR> d-------- C:\Documents and Settings\Jacki\Application Data\SUPERAntiSpyware.com
2008-04-30 20:53 . 2008-04-30 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 20:52 . 2008-04-30 20:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:25 . 2008-04-29 21:25 <DIR> d-------- C:\Documents and Settings\Jacki\Application Data\Malwarebytes
2008-04-29 21:24 . 2008-05-04 09:50 <DIR> d-------- C:\Files
2008-04-29 21:15 . 2008-04-29 21:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-29 21:14 . 2008-04-29 21:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 21:14 . 2008-04-29 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-29 20:53 . 2008-04-29 20:53 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-29 20:53 . 2008-05-04 09:54 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-28 19:06 . 2008-04-29 19:27 109,738 --a------ C:\WINDOWS\BM9bc04e15.xml
2008-04-28 18:28 . 2008-04-28 18:28 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-28 18:20 . 2008-04-29 21:42 <DIR> d-------- C:\Documents and Settings\joe temp
2008-04-27 15:10 . 2008-04-27 15:10 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2008-04-27 12:12 . 2008-04-27 12:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-27 12:12 . 2008-04-27 12:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-04-27 12:12 . 2008-04-27 12:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-04-27 12:03 . 2008-04-27 12:03 57,546 --a------ C:\WINDOWS\promogif3.gif
2008-04-27 12:03 . 2008-04-27 12:03 24,351 --a------ C:\WINDOWS\promogif1.gif
2008-04-27 12:03 . 2008-04-27 12:03 24,066 --a------ C:\WINDOWS\promogif2.gif
2008-04-27 12:00 . 2008-04-27 12:00 578 --a------ C:\WINDOWS\index.html
2008-04-27 08:43 . 2004-08-04 07:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-11 14:53 . 2008-04-11 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 14:53 . 2008-04-11 14:53 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-28 22:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-28 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-14 20:07 --------- d--h--r C:\Documents and Settings\Jacki\Application Data\SecuROM
2008-03-14 19:48 --------- d-----w C:\Program Files\Electronic Arts
2007-08-25 16:39 56 --sh--r C:\WINDOWS\system32\8F3D588458.sys
2007-08-25 16:39 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2007-09-30_101855.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
+ 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
+ 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
+ 2007-10-11 05:57:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
+ 2007-10-11 05:57:30 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
+ 2007-10-11 05:57:30 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
+ 2007-10-10 10:48:23 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
+ 2007-10-11 05:57:31 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
+ 2007-10-11 05:57:31 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
+ 2007-10-11 05:57:31 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
+ 2007-10-30 09:55:21 3,065,856 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
+ 2007-10-11 05:57:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
+ 2007-10-11 05:57:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
+ 2007-10-11 05:57:37 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
+ 2007-10-11 05:57:37 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
+ 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
+ 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
+ 2007-10-11 05:57:40 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
+ 2007-10-11 05:57:41 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
+ 2007-10-10 10:34:35 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\updspapi.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2004-08-04 11:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-27 21:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-27 21:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2005-01-28 19:44:28 224,768 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-08-22 13:12:15 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB942615$\browseui.dll
+ 2007-08-22 13:12:15 151,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB942615$\danim.dll
+ 2007-08-22 13:12:16 357,888 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 -c----w C:\WINDOWS\$NtUninstallKB942615$\extmgr.dll
+ 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\iedw.exe
+ 2007-08-22 13:12:16 251,392 -c----w C:\WINDOWS\$NtUninstallKB942615$\iepeers.dll
+ 2007-08-22 13:12:16 96,256 -c----w C:\WINDOWS\$NtUninstallKB942615$\inseng.dll
+ 2007-08-22 13:12:16 16,384 -c----w C:\WINDOWS\$NtUninstallKB942615$\jsproxy.dll
+ 2007-08-22 13:12:17 3,058,176 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
+ 2007-08-22 13:12:17 449,024 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtmled.dll
+ 2007-08-22 13:12:17 146,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\msrating.dll
+ 2007-08-22 13:12:17 532,480 -c----w C:\WINDOWS\$NtUninstallKB942615$\mstime.dll
+ 2007-08-22 13:12:17 39,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB942615$\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\updspapi.dll
+ 2007-08-22 13:12:18 615,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll
+ 2007-08-22 13:12:18 658,944 -c----w C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-08-21 10:20:02 115,712 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2007-10-11 06:13:44 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-10-11 06:13:44 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-10-11 06:13:44 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-10-11 06:13:44 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
+ 2007-10-11 06:13:44 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
+ 2007-10-11 06:13:44 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
+ 2007-10-11 06:13:44 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
+ 2007-10-11 06:13:44 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
+ 2007-10-11 06:13:44 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
+ 2007-10-30 10:16:33 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
+ 2007-10-11 06:13:45 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
+ 2007-10-11 06:13:45 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
+ 2007-10-11 06:13:45 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
+ 2007-10-11 06:13:45 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
+ 2007-10-11 06:13:45 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-10-11 06:13:45 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-10-11 06:13:45 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
+ 2007-10-11 06:13:45 659,456 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
+ 2007-10-29 10:26:53 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2006-03-04 17:02:48 12,400 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2004-08-04 11:00:00 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\updspapi.dll
- 2005-12-26 18:12:37 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-03-14 19:47:12 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2005-12-26 18:12:37 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-03-14 19:47:12 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2005-12-26 18:12:37 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-03-14 19:47:12 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2005-12-26 18:12:34 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:10 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:34 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:35 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:35 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:35 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:36 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:36 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:37 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:12 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:12 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:38 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-03-14 19:47:12 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2005-12-26 18:12:38 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-03-14 19:47:12 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2005-12-26 18:12:38 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-03-14 19:47:12 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2005-12-26 18:12:38 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-03-14 19:47:12 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2005-12-26 18:12:37 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-03-14 19:47:12 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-05-04 13:55:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 22:13:04 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 17:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2007-03-13 14:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 12:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2004-08-04 11:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 11:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 11:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2004-09-15 18:28:08 28,672 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2008-02-16 08:59:35 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-02-16 08:59:35 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-02-16 08:59:35 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 11:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 11:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 11:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 11:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-04 11:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 11:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 11:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2008-02-16 08:59:35 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 11:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 11:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 11:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 11:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-02-16 08:59:35 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2008-02-16 08:59:35 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 11:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 11:00:00 29,184 -c--a-w C:\WINDOWS\ie7
  • 0

#4
greyknight17
Posted 04 May 2008 - 12:33 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Attach your combofix log here instead. It's cut off and there's still more information at the bottom that I need.
  • 0

#5
craig66
Posted 04 May 2008 - 05:58 PM

craig66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Sorry, thought I had posted this last time.

Note that I have lost the use of my SpectorPro. I assume that one of the antispyware programs considered this spyware and removed it. I should be able to reload this but will wait until after we have fixed everything else.



ComboFix 08-05-01.3 - Jacki 2008-05-04 9:54:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.683 [GMT -4:00]
Running from: C:\Documents and Settings\Jacki\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\dobe~1\?dobe\
C:\WINDOWS\default.htm
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dasuoida.ini
C:\WINDOWS\system32\oixavnin.ini
C:\WINDOWS\system32\xvriirut.dll
C:\WINDOWS\wintst32.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4


((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-04 09:48 . 2008-05-04 09:48 <DIR> d-------- C:\_OTMoveIt
2008-05-03 14:00 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-03 14:00 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-03 14:00 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-03 14:00 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-03 14:00 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-03 14:00 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-03 14:00 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-03 14:00 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-03 14:00 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-30 21:46 . 2008-04-30 21:46 <DIR> d-------- C:\Program Files\Panda Security
2008-04-30 20:53 . 2008-05-03 14:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 20:53 . 2008-04-30 20:53 <DIR> d-------- C:\Documents and Settings\Jacki\Application Data\SUPERAntiSpyware.com
2008-04-30 20:53 . 2008-04-30 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 20:52 . 2008-04-30 20:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:25 . 2008-04-29 21:25 <DIR> d-------- C:\Documents and Settings\Jacki\Application Data\Malwarebytes
2008-04-29 21:24 . 2008-05-04 09:50 <DIR> d-------- C:\Files
2008-04-29 21:15 . 2008-04-29 21:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-29 21:14 . 2008-04-29 21:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 21:14 . 2008-04-29 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-29 20:53 . 2008-04-29 20:53 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-29 20:53 . 2008-05-04 09:54 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-28 19:06 . 2008-04-29 19:27 109,738 --a------ C:\WINDOWS\BM9bc04e15.xml
2008-04-28 18:28 . 2008-04-28 18:28 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-28 18:20 . 2008-04-29 21:42 <DIR> d-------- C:\Documents and Settings\joe temp
2008-04-27 15:10 . 2008-04-27 15:10 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2008-04-27 12:12 . 2008-04-27 12:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-27 12:12 . 2008-04-27 12:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-04-27 12:12 . 2008-04-27 12:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-04-27 12:03 . 2008-04-27 12:03 57,546 --a------ C:\WINDOWS\promogif3.gif
2008-04-27 12:03 . 2008-04-27 12:03 24,351 --a------ C:\WINDOWS\promogif1.gif
2008-04-27 12:03 . 2008-04-27 12:03 24,066 --a------ C:\WINDOWS\promogif2.gif
2008-04-27 12:00 . 2008-04-27 12:00 578 --a------ C:\WINDOWS\index.html
2008-04-27 08:43 . 2004-08-04 07:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-11 14:53 . 2008-04-11 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 14:53 . 2008-04-11 14:53 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-28 22:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-28 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-14 20:07 --------- d--h--r C:\Documents and Settings\Jacki\Application Data\SecuROM
2008-03-14 19:48 --------- d-----w C:\Program Files\Electronic Arts
2007-08-25 16:39 56 --sh--r C:\WINDOWS\system32\8F3D588458.sys
2007-08-25 16:39 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2007-09-30_101855.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
+ 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
+ 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
+ 2007-10-11 05:57:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
+ 2007-10-11 05:57:30 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
+ 2007-10-11 05:57:30 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
+ 2007-10-10 10:48:23 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
+ 2007-10-11 05:57:31 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
+ 2007-10-11 05:57:31 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
+ 2007-10-11 05:57:31 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
+ 2007-10-30 09:55:21 3,065,856 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
+ 2007-10-11 05:57:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
+ 2007-10-11 05:57:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
+ 2007-10-11 05:57:37 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
+ 2007-10-11 05:57:37 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
+ 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
+ 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
+ 2007-10-11 05:57:40 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
+ 2007-10-11 05:57:41 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
+ 2007-10-10 10:34:35 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\updspapi.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2004-08-04 11:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-27 21:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-27 21:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2005-01-28 19:44:28 224,768 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-08-22 13:12:15 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB942615$\browseui.dll
+ 2007-08-22 13:12:15 151,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB942615$\danim.dll
+ 2007-08-22 13:12:16 357,888 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 -c----w C:\WINDOWS\$NtUninstallKB942615$\extmgr.dll
+ 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\iedw.exe
+ 2007-08-22 13:12:16 251,392 -c----w C:\WINDOWS\$NtUninstallKB942615$\iepeers.dll
+ 2007-08-22 13:12:16 96,256 -c----w C:\WINDOWS\$NtUninstallKB942615$\inseng.dll
+ 2007-08-22 13:12:16 16,384 -c----w C:\WINDOWS\$NtUninstallKB942615$\jsproxy.dll
+ 2007-08-22 13:12:17 3,058,176 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
+ 2007-08-22 13:12:17 449,024 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtmled.dll
+ 2007-08-22 13:12:17 146,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\msrating.dll
+ 2007-08-22 13:12:17 532,480 -c----w C:\WINDOWS\$NtUninstallKB942615$\mstime.dll
+ 2007-08-22 13:12:17 39,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB942615$\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\updspapi.dll
+ 2007-08-22 13:12:18 615,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll
+ 2007-08-22 13:12:18 658,944 -c----w C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-08-21 10:20:02 115,712 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2007-10-11 06:13:44 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-10-11 06:13:44 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-10-11 06:13:44 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-10-11 06:13:44 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
+ 2007-10-11 06:13:44 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
+ 2007-10-11 06:13:44 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
+ 2007-10-11 06:13:44 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
+ 2007-10-11 06:13:44 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
+ 2007-10-11 06:13:44 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
+ 2007-10-30 10:16:33 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
+ 2007-10-11 06:13:45 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
+ 2007-10-11 06:13:45 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
+ 2007-10-11 06:13:45 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
+ 2007-10-11 06:13:45 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
+ 2007-10-11 06:13:45 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-10-11 06:13:45 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-10-11 06:13:45 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
+ 2007-10-11 06:13:45 659,456 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
+ 2007-10-29 10:26:53 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2006-03-04 17:02:48 12,400 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2004-08-04 11:00:00 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\updspapi.dll
- 2005-12-26 18:12:37 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-03-14 19:47:12 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2005-12-26 18:12:37 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-03-14 19:47:12 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2005-12-26 18:12:37 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-03-14 19:47:12 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2005-12-26 18:12:34 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:10 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:34 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:35 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:35 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:35 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:36 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:36 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:37 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:11 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:12 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-14 19:47:12 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2005-12-26 18:12:38 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-03-14 19:47:12 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2005-12-26 18:12:38 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-03-14 19:47:12 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2005-12-26 18:12:38 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-03-14 19:47:12 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2005-12-26 18:12:38 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-03-14 19:47:12 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2005-12-26 18:12:37 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-03-14 19:47:12 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-05-04 13:55:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 22:13:04 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 17:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2007-03-13 14:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 12:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2004-08-04 11:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 11:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 11:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2004-09-15 18:28:08 28,672 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2008-02-16 08:59:35 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-02-16 08:59:35 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-02-16 08:59:35 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 11:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 11:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 11:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 11:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-04 11:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 11:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 11:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2008-02-16 08:59:35 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 11:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 11:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 11:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 11:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-02-16 08:59:35 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2008-02-16 08:59:35 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 11:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 11:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-02-16 22:29:38 3,059,712 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-02-16 08:59:37 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 11:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-04 11:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2008-02-16 08:59:37 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-02-16 08:59:37 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 11:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-02-16 08:59:37 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 22:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 22:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 21:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 21:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 11:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-02-16 08:59:38 615,936 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 11:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-02-16 08:59:39 659,456 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-13 22:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-13 22:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-13 22:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-13 22:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-13 22:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-13 22:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-13 21:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-02-12 20:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-07-11 16:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-13 22:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-13 22:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-13 22:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-13 22:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-13 22:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-13 22:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-13 22:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-13 22:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-13 22:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-13 22:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-13 22:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-13 22:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-13 22:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-13 22:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-13 22:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-10-13 00:23:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
+ 2007-10-13 00:23:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-10-13 00:23:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-10-13 00:23:58 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-10-13 00:23:58 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-10-13 00:23:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
+ 2008-05-01 00:53:46 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-05-01 00:53:46 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-01 00:53:46 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396
  • 0

#6
craig66
Posted 04 May 2008 - 06:04 PM

craig66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Looks like it still didn't get the whole thing so I am sending the second half again. Probably some overlap on the two posts.

007-10-13 00:23:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
+ 2007-10-13 00:23:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-10-13 00:23:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-10-13 00:23:58 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-10-13 00:23:58 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-10-13 00:23:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
+ 2008-05-01 00:53:46 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-05-01 00:53:46 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-01 00:53:46 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 40,960 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2007-11-21 02:01:29 40,960 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-12-01 05:12:15 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-11-21 02:01:29 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2006-02-03 11:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 15:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2007-06-17 04:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2004-08-04 11:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-04 11:00:00 73,376 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2004-08-04 11:00:00 25,264 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2004-08-04 11:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2004-08-04 11:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-04 11:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2004-08-04 11:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2004-08-04 11:00:00 4,048 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2004-08-04 11:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2004-08-04 11:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-04 11:00:00 146,432 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
- 2004-08-04 11:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 22:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 11:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-03-14 20:07:22 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
+ 2004-08-04 11:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
- 2005-12-23 14:56:35 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-30 01:25:37 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2005-12-23 14:56:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-30 01:25:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-27 16:00:26 57,856 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XMB0DE3\1[1].exe
- 2005-12-23 14:56:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-30 01:25:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-04 11:00:00 35,328 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 22:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2006-02-03 12:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-03-31 16:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
+ 2006-09-28 20:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2004-08-04 11:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
+ 2004-12-06 07:05:00 2,239 ----a-w C:\WINDOWS\system32\dla\tfsndres.sys
+ 2007-08-13 22:39:20 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2004-08-04 11:00:00 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys
- 2007-06-14 18:09:18 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:09:18 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-13 22:42:54 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-09-15 18:28:08 28,672 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 22:54:10 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-06-14 18:09:18 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2004-08-04 05:07:58 2,944 ----a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
- 2007-06-14 18:09:18 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:09:19 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2007-08-13 22:18:02 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-06-14 14:07:24 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 22:44:02 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 22:45:18 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-06-14 18:09:19 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-13 22:39:12 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-02-29 08:55:46 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 22:36:06 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:09:19 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 22:38:04 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-06-14 18:09:19 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:44:18 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-12-18 09:51:35 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-08-13 22:32:30 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-06-14 18:09:20 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:09:19 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 22:01:12 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:54:10 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-06-14 18:09:19 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-14 18:09:20 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-06-14 18:09:20 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:43:03 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-07-09 13:09:42 584,192 ------w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ------w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-14 18:09:20 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-04-20 11:51:50 359,808 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-06-14 18:09:20 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 22:54:10 413,696 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 15:13:22 851,968 ------w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 ------w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-06-26 14:09:10 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 19:44:28 224,768 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 22:40:06 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 11:00:00 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
+ 2004-08-04 05:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2004-08-04 11:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2004-08-04 11:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2006-03-04 17:02:48 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:09:19 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-04-14 12:45:46 204,920 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-09 07:07:19 204,920 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 12:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-04 11:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-04 11:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-04 11:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-04 11:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-04 11:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-04 11:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 22:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 11:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-04 11:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 22:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 22:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-04 11:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 22:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-14 18:09:19 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 22:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-14 18:09:19 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2004-08-04 11:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2004-08-04 11:00:00 221,600 ----a-w C:\WINDOWS\system32\lanman.drv
- 2004-08-04 11:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 22:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-08-04 11:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2004-08-04 11:00:00 73,376 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2004-08-04 11:00:00 25,264 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2004-08-04 11:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
+ 2004-08-04 11:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2004-08-04 11:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 22:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
+ 2004-08-04 11:00:00 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-04 11:00:00 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2004-08-04 11:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 22:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 11:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 22:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-04 11:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 22:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-06-14 18:09:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 21:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 12:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-04 11:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2007-03-12 23:07:27 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-09 10:29:08 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-03-12 23:07:27 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-09 10:29:08 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 11:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-04-16 15:52:53 137,893 ----a-w C:\WINDOWS\system32\seripdel32.dll
+ 2007-04-16 15:52:53 137,917 ----a-w C:\WINDOWS\system32\seripdel32.dll
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2004-08-04 11:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
- 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 21:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2004-08-04 11:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2004-08-04 11:00:00 4,048 ----a-w C:\WINDOWS\system32\timer.drv
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2004-08-04 11:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 11:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 22:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2004-08-04 11:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2004-08-04 11:00:00 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
- 2004-08-04 11:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2004-08-04 11:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
- 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2007-08-13 22:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2004-08-04 11:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 11:00:00 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2004-08-04 11:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
- 2005-01-28 19:44:28 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 22:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2004-08-04 11:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2006-02-03 12:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2006-09-28 20:03:28 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2006-02-03 12:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 16:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2006-05-31 11:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 13:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-28 20:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-03-31 16:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 13:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2006-09-28 20:04:02 68,888 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
- 2007-06-14 13:39:54 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2000-08-31 12:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2005-09-23 03:49:12 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2005-09-23 03:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 03:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 03:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 05:16:02 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2005-09-23 05:16:06 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-23 05:16:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2005-09-23 05:16:10 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-23 04:58:06 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2005-09-23 04:58:06 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2005-09-23 04:58:06 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2005-09-23 04:58:06 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2005-09-23 04:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2005-09-23 04:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2005-09-23 04:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2005-09-23 04:58:06 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2005-09-23 04:58:06 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2005-09-23 05:35:10 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
+ 2000-08-31 12:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-03 14:50 1481968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-12-01 01:10 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-01 01:10 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 21:20 110592]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 21:05 1117184]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2005-12-23 11:20:00 221295]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36 806912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-03 14:50 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

S3 naecd;naecd;C:\DOCUME~1\Jacki\LOCALS~1\Temp\naecd.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 22:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JACKIE-Jacki).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 09:56:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\drivers\clbdriver.sys 6656 bytes executable
C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\clbcfg.dat 1695 bytes

scan completed successfully
hidden files: 5

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]
"imagepath"="\??\globalroot\systemroot\system32\drivers\clbdriver.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2008-05-04 9:57:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 13:57:37
ComboFix2.txt 2007-09-30 14:19:07

Pre-Run: 136,245,166,080 bytes free
Post-Run: 136,240,566,272 bytes free

983 --- E O F --- 2008-05-03 18:47:00
  • 0

#7
greyknight17
Posted 04 May 2008 - 08:18 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Driver::
naecd
clbdriver
File::
C:\WINDOWS\BM9bc04e15.xml
C:\WINDOWS\msoffice.ini
C:\WINDOWS\system32\everybodybets.32x32.4.ico
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
C:\WINDOWS\system32\ZoneAlarmIconUK.ico
C:\WINDOWS\system32\ZoneAlarmIconFR.ico
C:\WINDOWS\promogif3.gif
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\index.html
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\clbcfg.dat
Folder::
C:\Documents and Settings\joe temp
C:\Program Files\WinAble\
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#8
craig66
Posted 05 May 2008 - 08:03 PM

craig66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
ComboFix 08-05-01.3 - Jacki 2008-05-05 21:43:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.696 [GMT -4:00]
Running from: C:\Documents and Settings\Jacki\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jacki\Desktop\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM9bc04e15.xml
C:\WINDOWS\index.html
C:\WINDOWS\msoffice.ini
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\system32\clbcfg.dat
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\everybodybets.32x32.4.ico
C:\WINDOWS\system32\ZoneAlarmIconFR.ico
C:\WINDOWS\system32\ZoneAlarmIconUK.ico
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
C:\Documents and Settings\joe temp :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM9bc04e15.xml
C:\WINDOWS\index.html
C:\WINDOWS\msoffice.ini
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\everybodybets.32x32.4.ico
C:\WINDOWS\system32\ZoneAlarmIconFR.ico
C:\WINDOWS\system32\ZoneAlarmIconUK.ico
C:\WINDOWS\system32\ZoneAlarmIconUS.ico

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_NAECD
-------\Service_naecd


((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-04 09:48 . 2008-05-04 09:48 <DIR> d-------- C:\_OTMoveIt
2008-05-03 14:00 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-03 14:00 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-03 14:00 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-03 14:00 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-03 14:00 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-03 14:00 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-03 14:00 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-03 14:00 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-03 14:00 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-30 21:46 . 2008-04-30 21:46 <DIR> d-------- C:\Program Files\Panda Security
2008-04-30 20:53 . 2008-05-03 14:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 20:53 . 2008-04-30 20:53 <DIR> d-------- C:\Documents and Settings\Jacki\Application Data\SUPERAntiSpyware.com
2008-04-30 20:53 . 2008-04-30 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 20:52 . 2008-04-30 20:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:25 . 2008-04-29 21:25 <DIR> d-------- C:\Documents and Settings\Jacki\Application Data\Malwarebytes
2008-04-29 21:24 . 2008-05-04 10:00 <DIR> d-------- C:\Files
2008-04-29 21:15 . 2008-04-29 21:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-29 21:14 . 2008-04-29 21:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 21:14 . 2008-04-29 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-29 20:53 . 2008-04-29 20:53 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-29 20:53 . 2008-05-05 17:13 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-28 18:20 . 2008-04-29 21:42 <DIR> d-------- C:\Documents and Settings\joe temp
2008-04-27 08:43 . 2004-08-04 07:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-11 14:53 . 2008-04-11 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 14:53 . 2008-04-11 14:53 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-28 22:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-28 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-14 20:07 --------- d--h--r C:\Documents and Settings\Jacki\Application Data\SecuROM
2008-03-14 19:48 --------- d-----w C:\Program Files\Electronic Arts
2007-08-25 16:39 56 --sh--r C:\WINDOWS\system32\8F3D588458.sys
2007-08-25 16:39 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-04_ 9.57.28.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 13:55:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-06 01:45:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-03 14:50 1481968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-12-01 01:10 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-01 01:10 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 21:20 110592]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 21:05 1117184]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2005-12-23 11:20:00 221295]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36 806912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-03 14:50 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001


*Newly Created Service* - CLBDRIVER
.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 22:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JACKIE-Jacki).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 21:46:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\drivers\clbdriver.sys 6656 bytes executable
C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\clbcfg.dat 1695 bytes

scan completed successfully
hidden files: 5

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]
"imagepath"="\??\globalroot\systemroot\system32\drivers\clbdriver.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2008-05-05 21:47:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-06 01:47:21
ComboFix2.txt 2008-05-04 13:57:41
ComboFix3.txt 2007-09-30 14:19:07

Pre-Run: 136,191,868,928 bytes free
Post-Run: 136,211,173,376 bytes free

170 --- E O F --- 2008-05-03 18:47:00
  • 0

#9
greyknight17
Posted 08 May 2008 - 08:12 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\clbcfg.dat 
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Driver::
clbdriver
File::
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\clbcfg.dat
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#10
craig66
Posted 09 May 2008 - 06:53 PM

craig66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
The computer is running great! No problems except for the loss of my SpectorPro. I can deal with that later though. Just let me know when you think we are done and I will contact Spector Soft to help me get it running again.

Thanks for all your help Greyknight!

Logs are as follows.



File move failed. C:\WINDOWS\system32\drivers\clbdriver.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\clbcfg.dat scheduled to be moved on reboot.
< HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver >
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05092008_202954

ComboFix 08-05-01.3 - Jacki 2008-05-09 20:39:27.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.719 [GMT -4:00]
Running from: C:\Documents and Settings\Jacki\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jacki\Desktop\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\clbcfg.dat
C:\WINDOWS\system32\drivers\clbdriver.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
  • 0

#11
craig66
Posted 09 May 2008 - 07:51 PM

craig66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Sorry, looks like I did not get the whole thing again. Here they are again.

File move failed. C:\WINDOWS\system32\drivers\clbdriver.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\clbcfg.dat scheduled to be moved on reboot.
< HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver >
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05092008_202954




ComboFix 08-05-01.3 - Jacki 2008-05-09 20:39:27.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.719 [GMT -4:00]
Running from: C:\Documents and Settings\Jacki\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jacki\Desktop\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\clbcfg.dat
C:\WINDOWS\system32\drivers\clbdriver.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER


((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-04 09:48 . 2008-05-04 09:48 <DIR> d-------- C:\_OTMoveIt
2008-05-03 14:00 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-03 14:00 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-03 14:00 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-03 14:00 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-03 14:00 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-03 14:00 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-03 14:00 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-03 14:00 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-03 14:00 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-30 21:46 . 2008-04-30 21:46 <DIR> d-------- C:\Program Files\Panda Security
2008-04-30 20:53 . 2008-05-03 14:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 20:53 . 2008-04-30 20:53 <DIR> d-------- C:\Documents and Settings\Jacki\Application Data\SUPERAntiSpyware.com
2008-04-30 20:53 . 2008-04-30 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 20:52 . 2008-04-30 20:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:25 . 2008-04-29 21:25 <DIR> d-------- C:\Documents and Settings\Jacki\Application Data\Malwarebytes
2008-04-29 21:24 . 2008-05-09 20:31 <DIR> d-------- C:\Files
2008-04-29 21:15 . 2008-04-29 21:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-29 21:14 . 2008-04-29 21:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 21:14 . 2008-04-29 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-29 20:53 . 2008-04-29 20:53 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-29 20:53 . 2008-05-09 16:01 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-28 18:20 . 2008-04-29 21:42 <DIR> d-------- C:\Documents and Settings\joe temp
2008-04-27 08:43 . 2004-08-04 07:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-11 14:53 . 2008-04-11 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 14:53 . 2008-04-11 14:53 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-28 22:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-28 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-14 20:07 --------- d--h--r C:\Documents and Settings\Jacki\Application Data\SecuROM
2008-03-14 19:48 --------- d-----w C:\Program Files\Electronic Arts
2007-08-25 16:39 56 --sh--r C:\WINDOWS\system32\8F3D588458.sys
2007-08-25 16:39 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-04_ 9.57.28.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-07-26 04:20:23 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
+ 2005-07-26 04:20:24 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
+ 2004-08-04 11:00:00 110,080 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll
+ 2004-08-04 11:00:00 501,248 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll
- 2008-05-04 13:55:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 00:41:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-04 11:00:00 10,752 ----a-w C:\WINDOWS\system32\clb.dll
+ 2005-07-26 04:39:43 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-03 14:50 1481968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-12-01 01:10 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-01 01:10 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 21:20 110592]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 21:05 1117184]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2005-12-23 11:20:00 221295]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36 806912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-03 14:50 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001


.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 22:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JACKIE-Jacki).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 20:42:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2008-05-09 20:43:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 00:43:27
ComboFix2.txt 2008-05-06 01:47:25
ComboFix3.txt 2008-05-04 13:57:41
ComboFix4.txt 2007-09-30 14:19:07

Pre-Run: 136,065,409,024 bytes free
Post-Run: 136,134,512,640 bytes free

148 --- E O F --- 2008-05-03 18:47:00
  • 0

#12
greyknight17
Posted 10 May 2008 - 02:53 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

Edited by greyknight17, 10 May 2008 - 02:53 PM.

  • 0

#13
greyknight17
Posted 15 May 2008 - 06:30 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP